Merge "Add "mVersion" sanity check to User::loadFromCache()"
[lhc/web/wiklou.git] / includes / auth / LegacyHookPreAuthenticationProvider.php
1 <?php
2 /**
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License as published by
5 * the Free Software Foundation; either version 2 of the License, or
6 * (at your option) any later version.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License along
14 * with this program; if not, write to the Free Software Foundation, Inc.,
15 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 * http://www.gnu.org/copyleft/gpl.html
17 *
18 * @file
19 * @ingroup Auth
20 */
21
22 namespace MediaWiki\Auth;
23
24 use LoginForm;
25 use StatusValue;
26 use User;
27
28 /**
29 * A pre-authentication provider to call some legacy hooks.
30 * @ingroup Auth
31 * @since 1.27
32 * @deprecated since 1.27
33 */
34 class LegacyHookPreAuthenticationProvider extends AbstractPreAuthenticationProvider {
35
36 public function testForAuthentication( array $reqs ) {
37 $req = AuthenticationRequest::getRequestByClass( $reqs, PasswordAuthenticationRequest::class );
38 if ( $req ) {
39 $user = User::newFromName( $req->username );
40 $password = $req->password;
41 } else {
42 $user = null;
43 foreach ( $reqs as $req ) {
44 if ( $req->username !== null ) {
45 $user = User::newFromName( $req->username );
46 break;
47 }
48 }
49 if ( !$user ) {
50 $this->logger->debug( __METHOD__ . ': No username in $reqs, skipping hooks' );
51 return StatusValue::newGood();
52 }
53
54 // Something random for the 'AbortLogin' hook.
55 $password = wfRandomString( 32 );
56 }
57
58 $msg = null;
59 if ( !\Hooks::run( 'LoginUserMigrated', [ $user, &$msg ] ) ) {
60 return $this->makeFailResponse(
61 $user, null, LoginForm::USER_MIGRATED, $msg, 'LoginUserMigrated'
62 );
63 }
64
65 $abort = LoginForm::ABORTED;
66 $msg = null;
67 if ( !\Hooks::run( 'AbortLogin', [ $user, $password, &$abort, &$msg ] ) ) {
68 return $this->makeFailResponse( $user, null, $abort, $msg, 'AbortLogin' );
69 }
70
71 return StatusValue::newGood();
72 }
73
74 public function testForAccountCreation( $user, $creator, array $reqs ) {
75 $abortError = '';
76 $abortStatus = null;
77 if ( !\Hooks::run( 'AbortNewAccount', [ $user, &$abortError, &$abortStatus ] ) ) {
78 // Hook point to add extra creation throttles and blocks
79 $this->logger->debug( __METHOD__ . ': a hook blocked creation' );
80 if ( $abortStatus === null ) {
81 // Report back the old string as a raw message status.
82 // This will report the error back as 'createaccount-hook-aborted'
83 // with the given string as the message.
84 // To return a different error code, return a StatusValue object.
85 $msg = wfMessage( 'createaccount-hook-aborted' )->rawParams( $abortError );
86 return StatusValue::newFatal( $msg );
87 } else {
88 // For MediaWiki 1.23+ and updated hooks, return the Status object
89 // returned from the hook.
90 $ret = StatusValue::newGood();
91 $ret->merge( $abortStatus );
92 return $ret;
93 }
94 }
95
96 return StatusValue::newGood();
97 }
98
99 public function testUserForCreation( $user, $autocreate ) {
100 if ( $autocreate !== false ) {
101 $abortError = '';
102 if ( !\Hooks::run( 'AbortAutoAccount', [ $user, &$abortError ] ) ) {
103 // Hook point to add extra creation throttles and blocks
104 $this->logger->debug( __METHOD__ . ": a hook blocked auto-creation: $abortError\n" );
105 return $this->makeFailResponse(
106 $user, $user, LoginForm::ABORTED, $abortError, 'AbortAutoAccount'
107 );
108 }
109 } else {
110 $abortError = '';
111 $abortStatus = null;
112 if ( !\Hooks::run( 'AbortNewAccount', [ $user, &$abortError, &$abortStatus ] ) ) {
113 // Hook point to add extra creation throttles and blocks
114 $this->logger->debug( __METHOD__ . ': a hook blocked creation' );
115 if ( $abortStatus === null ) {
116 // Report back the old string as a raw message status.
117 // This will report the error back as 'createaccount-hook-aborted'
118 // with the given string as the message.
119 // To return a different error code, return a StatusValue object.
120 $msg = wfMessage( 'createaccount-hook-aborted' )->rawParams( $abortError );
121 return StatusValue::newFatal( $msg );
122 } else {
123 // For MediaWiki 1.23+ and updated hooks, return the Status object
124 // returned from the hook.
125 $ret = StatusValue::newGood();
126 $ret->merge( $abortStatus );
127 return $ret;
128 }
129 }
130 }
131
132 return StatusValue::newGood();
133 }
134
135 /**
136 * Construct an appropriate failure response
137 * @param User $user
138 * @param User|null $creator
139 * @param int $constant LoginForm constant
140 * @param string|null $msg Message
141 * @param string $hook Hook
142 * @return StatusValue
143 */
144 protected function makeFailResponse( $user, $creator, $constant, $msg, $hook ) {
145 switch ( $constant ) {
146 case LoginForm::SUCCESS:
147 // WTF?
148 $this->logger->debug( "$hook is SUCCESS?!" );
149 return StatusValue::newGood();
150
151 case LoginForm::NEED_TOKEN:
152 return StatusValue::newFatal( $msg ?: 'nocookiesforlogin' );
153
154 case LoginForm::WRONG_TOKEN:
155 return StatusValue::newFatal( $msg ?: 'sessionfailure' );
156
157 case LoginForm::NO_NAME:
158 case LoginForm::ILLEGAL:
159 return StatusValue::newFatal( $msg ?: 'noname' );
160
161 case LoginForm::WRONG_PLUGIN_PASS:
162 case LoginForm::WRONG_PASS:
163 return StatusValue::newFatal( $msg ?: 'wrongpassword' );
164
165 case LoginForm::NOT_EXISTS:
166 return StatusValue::newFatal( $msg ?: 'nosuchusershort', wfEscapeWikiText( $user->getName() ) );
167
168 case LoginForm::EMPTY_PASS:
169 return StatusValue::newFatal( $msg ?: 'wrongpasswordempty' );
170
171 case LoginForm::RESET_PASS:
172 return StatusValue::newFatal( $msg ?: 'resetpass_announce' );
173
174 case LoginForm::THROTTLED:
175 $throttle = $this->config->get( 'PasswordAttemptThrottle' );
176 return StatusValue::newFatal(
177 $msg ?: 'login-throttled',
178 \Message::durationParam( $throttle['seconds'] )
179 );
180
181 case LoginForm::USER_BLOCKED:
182 return StatusValue::newFatal(
183 $msg ?: 'login-userblocked', wfEscapeWikiText( $user->getName() )
184 );
185
186 case LoginForm::ABORTED:
187 return StatusValue::newFatal(
188 $msg ?: 'login-abort-generic', wfEscapeWikiText( $user->getName() )
189 );
190
191 case LoginForm::USER_MIGRATED:
192 $error = $msg ?: 'login-migrated-generic';
193 return call_user_func_array( 'StatusValue::newFatal', (array)$error );
194
195 // @codeCoverageIgnoreStart
196 case LoginForm::CREATE_BLOCKED: // Can never happen
197 default:
198 throw new \DomainException( __METHOD__ . ": Unhandled case value from $hook" );
199 }
200 // @codeCoverageIgnoreEnd
201 }
202 }