MediaWiki  master
SpecialUnlinkAccounts.php
Go to the documentation of this file.
1 <?php
2 
3 namespace MediaWiki\Specials;
4 
12 use StatusValue;
13 
16 
20  public function __construct( AuthManager $authManager ) {
21  parent::__construct( 'UnlinkAccounts' );
22  $this->setAuthManager( $authManager );
23  }
24 
25  protected function getLoginSecurityLevel() {
26  return 'UnlinkAccount';
27  }
28 
29  protected function getDefaultAction( $subPage ) {
31  }
32 
37  protected function getGroupName() {
38  return 'login';
39  }
40 
41  public function isListed() {
42  return $this->getAuthManager()->canLinkAccounts();
43  }
44 
45  protected function getRequestBlacklist() {
47  }
48 
49  public function execute( $subPage ) {
50  $this->setHeaders();
51  $this->loadAuth( $subPage );
52 
53  if ( !$this->isActionAllowed( $this->authAction ) ) {
54  if ( $this->authAction === AuthManager::ACTION_UNLINK ) {
55  // Looks like there are no linked accounts to unlink
56  $titleMessage = $this->msg( 'cannotunlink-no-provider-title' );
57  $errorMessage = $this->msg( 'cannotunlink-no-provider' );
58  throw new ErrorPageError( $titleMessage, $errorMessage );
59  } else {
60  // user probably back-button-navigated into an auth session that no longer exists
61  // FIXME would be nice to show a message
62  $this->getOutput()->redirect( $this->getPageTitle()->getFullURL( '', false, PROTO_HTTPS ) );
63  return;
64  }
65  }
66 
67  $this->outputHeader();
68 
69  $status = $this->trySubmit();
70 
71  if ( $status === false || !$status->isOK() ) {
72  $this->displayForm( $status );
73  return;
74  }
75 
77  $response = $status->getValue();
78 
79  if ( $response->status === AuthenticationResponse::FAIL ) {
80  $this->displayForm( StatusValue::newFatal( $response->message ) );
81  return;
82  }
83 
84  $status = StatusValue::newGood();
85  $status->warning( $this->msg( 'unlinkaccounts-success' ) );
86  $this->loadAuth( $subPage, null, true ); // update requests so the unlinked one doesn't show up
87 
88  // Reset sessions - if the user unlinked an account because it was compromised,
89  // log attackers out from sessions obtained via that account.
90  $session = $this->getRequest()->getSession();
91  $user = $this->getUser();
92  SessionManager::singleton()->invalidateSessionsForUser( $user );
93  $session->setUser( $user );
94  $session->resetId();
95 
96  $this->displayForm( $status );
97  }
98 
99  public function handleFormSubmit( $data ) {
100  // unlink requests do not accept user input so repeat parent code but skip call to
101  // AuthenticationRequest::loadRequestsFromSubmission
102  $response = $this->performAuthenticationStep( $this->authAction, $this->authRequests );
103  return Status::newGood( $response );
104  }
105 }
106 
111 class_alias( SpecialUnlinkAccounts::class, 'SpecialUnlinkAccounts' );
const PROTO_HTTPS
Definition: Defines.php:192
An error page which can definitely be safely rendered using the OutputPage.
This serves as the entry point to the authentication system.
const ACTION_UNLINK
Like ACTION_REMOVE but for linking providers only.
This is a value object to hold authentication response data.
const FAIL
Indicates that the authentication failed.
A class containing constants representing the names of configuration variables.
const RemoveCredentialsBlacklist
Name constant for the RemoveCredentialsBlacklist setting, for use with Config::get()
This serves as the entry point to the MediaWiki session handling system.
static singleton()
Get the global SessionManager.
A special page subclass for authentication-related special pages.
string $subPage
Subpage of the special page.
isActionAllowed( $action)
Checks whether AuthManager is ready to perform the action.
trySubmit()
Attempts to do an authentication step with the submitted data.
loadAuth( $subPage, $authAction=null, $reset=false)
Load or initialize $authAction, $authRequests and $subPage.
getRequest()
Get the WebRequest being used for this instance.
setHeaders()
Sets headers - this should be called from the execute() method of all derived classes!
getUser()
Shortcut to get the User executing this instance.
setAuthManager(AuthManager $authManager)
Set the injected AuthManager from the special page constructor.
getPageTitle( $subpage=false)
Get a self-referential title object.
getConfig()
Shortcut to get main config object.
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
getOutput()
Get the OutputPage being used for this instance.
outputHeader( $summaryMessageKey='')
Outputs a summary message on top of special pages Per default the message key is the canonical name o...
getDefaultAction( $subPage)
Get the default action for this special page, if none is given via URL/POST data.
execute( $subPage)
Default execute method Checks user permissions.
getRequestBlacklist()
Allows blacklisting certain request types.
isListed()
Whether this special page is listed in Special:SpecialPages.
handleFormSubmit( $data)
Submit handler callback for HTMLForm.
getGroupName()
Under which header this special page is listed in Special:SpecialPages.
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition: Status.php:58
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition: StatusValue.php:46
static newFatal( $message,... $parameters)
Factory function for fatal errors.
Definition: StatusValue.php:73
static newGood( $value=null)
Factory function for good results.
Definition: StatusValue.php:85