includes/specials/SpecialPasswordReset.php

   1 <?php
   2 /**
   3  * Implements Special:PasswordReset
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 2 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along
  16  * with this program; if not, write to the Free Software Foundation, Inc.,
  17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18  * http://www.gnu.org/copyleft/gpl.html
  19  *
  20  * @file
  21  * @ingroup SpecialPage
  22  */
  23
  24 use MediaWiki\Auth\AuthManager;
  25
  26 /**
  27  * Special page for requesting a password reset email.
  28  *
  29  * Requires the TemporaryPasswordPrimaryAuthenticationProvider and the
  30  * EmailNotificationSecondaryAuthenticationProvider (or something providing equivalent
  31  * functionality) to be enabled.
  32  *
  33  * @ingroup SpecialPage
  34  */
  35 class SpecialPasswordReset extends FormSpecialPage {
  36         /** @var PasswordReset */
  37         private $passwordReset = null;
  38
  39         /**
  40          * @var Status
  41          */
  42         private $result;
  43
  44         /**
  45          * @var string $method Identifies which password reset field was specified by the user.
  46          */
  47         private $method;
  48
  49         public function __construct() {
  50                 parent::__construct( 'PasswordReset', 'editmyprivateinfo' );
  51         }
  52
  53         private function getPasswordReset() {
  54                 if ( $this->passwordReset === null ) {
  55                         $this->passwordReset = new PasswordReset( $this->getConfig(), AuthManager::singleton() );
  56                 }
  57                 return $this->passwordReset;
  58         }
  59
  60         public function doesWrites() {
  61                 return true;
  62         }
  63
  64         public function userCanExecute( User $user ) {
  65                 return $this->getPasswordReset()->isAllowed( $user )->isGood();
  66         }
  67
  68         public function checkExecutePermissions( User $user ) {
  69                 $status = Status::wrap( $this->getPasswordReset()->isAllowed( $user ) );
  70                 if ( !$status->isGood() ) {
  71                         throw new ErrorPageError( 'internalerror', $status->getMessage() );
  72                 }
  73
  74                 parent::checkExecutePermissions( $user );
  75         }
  76
  77         /**
  78          * @param string $par
  79          */
  80         public function execute( $par ) {
  81                 $out = $this->getOutput();
  82                 $out->disallowUserJs();
  83                 parent::execute( $par );
  84         }
  85
  86         protected function getFormFields() {
  87                 $resetRoutes = $this->getConfig()->get( 'PasswordResetRoutes' );
  88                 $a = [];
  89                 if ( isset( $resetRoutes['username'] ) && $resetRoutes['username'] ) {
  90                         $a['Username'] = [
  91                                 'type' => 'text',
  92                                 'label-message' => 'passwordreset-username',
  93                         ];
  94
  95                         if ( $this->getUser()->isLoggedIn() ) {
  96                                 $a['Username']['default'] = $this->getUser()->getName();
  97                         }
  98                 }
  99
 100                 if ( isset( $resetRoutes['email'] ) && $resetRoutes['email'] ) {
 101                         $a['Email'] = [
 102                                 'type' => 'email',
 103                                 'label-message' => 'passwordreset-email',
 104                         ];
 105                 }
 106
 107                 return $a;
 108         }
 109
 110         protected function getDisplayFormat() {
 111                 return 'ooui';
 112         }
 113
 114         public function alterForm( HTMLForm $form ) {
 115                 $resetRoutes = $this->getConfig()->get( 'PasswordResetRoutes' );
 116
 117                 $form->addHiddenFields( $this->getRequest()->getValues( 'returnto', 'returntoquery' ) );
 118
 119                 $i = 0;
 120                 if ( isset( $resetRoutes['username'] ) && $resetRoutes['username'] ) {
 121                         $i++;
 122                 }
 123                 if ( isset( $resetRoutes['email'] ) && $resetRoutes['email'] ) {
 124                         $i++;
 125                 }
 126
 127                 $message = ( $i > 1 ) ? 'passwordreset-text-many' : 'passwordreset-text-one';
 128
 129                 $form->setHeaderText( $this->msg( $message, $i )->parseAsBlock() );
 130                 $form->setSubmitTextMsg( 'mailmypassword' );
 131         }
 132
 133         /**
 134          * Process the form.  At this point we know that the user passes all the criteria in
 135          * userCanExecute(), and if the data array contains 'Username', etc, then Username
 136          * resets are allowed.
 137          * @param array $data
 138          * @throws MWException
 139          * @throws ThrottledError|PermissionsError
 140          * @return Status
 141          */
 142         public function onSubmit( array $data ) {
 143                 $username = isset( $data['Username'] ) ? $data['Username'] : null;
 144                 $email = isset( $data['Email'] ) ? $data['Email'] : null;
 145
 146                 $this->method = $username ? 'username' : 'email';
 147                 $this->result = Status::wrap(
 148                         $this->getPasswordReset()->execute( $this->getUser(), $username, $email ) );
 149
 150                 if ( $this->result->hasMessage( 'actionthrottledtext' ) ) {
 151                         throw new ThrottledError;
 152                 }
 153
 154                 return $this->result;
 155         }
 156
 157         public function onSuccess() {
 158                 if ( $this->method === 'email' ) {
 159                         $this->getOutput()->addWikiMsg( 'passwordreset-emailsentemail' );
 160                 } else {
 161                         $this->getOutput()->addWikiMsg( 'passwordreset-emailsentusername' );
 162                 }
 163
 164                 $this->getOutput()->returnToMain();
 165         }
 166
 167         /**
 168          * Hide the password reset page if resets are disabled.
 169          * @return bool
 170          */
 171         public function isListed() {
 172                 if ( $this->getPasswordReset()->isAllowed( $this->getUser() )->isGood() ) {
 173                         return parent::isListed();
 174                 }
 175
 176                 return false;
 177         }
 178
 179         protected function getGroupName() {
 180                 return 'users';
 181         }
 182 }