dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge "maintenance: Script to rename titles for Unicode uppercasing changes"
[lhc/web/wiklou.git] / includes / specials / SpecialChangeCredentials.php
1 <?php
2
3 use MediaWiki\Auth\AuthenticationRequest;
4 use MediaWiki\Auth\AuthenticationResponse;
5 use MediaWiki\Auth\AuthManager;
6 use MediaWiki\Session\SessionManager;
7
8 /**
9 * Special change to change credentials (such as the password).
10 *
11 * Also does most of the work for SpecialRemoveCredentials.
12 */
13 class SpecialChangeCredentials extends AuthManagerSpecialPage {
14 protected static $allowedActions = [ AuthManager::ACTION_CHANGE ];
15
16 protected static $messagePrefix = 'changecredentials';
17
18 /** Change action needs user data; remove action does not */
19 protected static $loadUserData = true;
20
21 public function __construct( $name = 'ChangeCredentials' ) {
22 parent::__construct( $name, 'editmyprivateinfo' );
23 }
24
25 protected function getGroupName() {
26 return 'users';
27 }
28
29 public function isListed() {
30 $this->loadAuth( '' );
31 return (bool)$this->authRequests;
32 }
33
34 public function doesWrites() {
35 return true;
36 }
37
38 protected function getDefaultAction( $subPage ) {
39 return AuthManager::ACTION_CHANGE;
40 }
41
42 protected function getPreservedParams( $withToken = false ) {
43 $request = $this->getRequest();
44 $params = parent::getPreservedParams( $withToken );
45 $params += [
46 'returnto' => $request->getVal( 'returnto' ),
47 'returntoquery' => $request->getVal( 'returntoquery' ),
48 ];
49 return $params;
50 }
51
52 public function onAuthChangeFormFields(
53 array $requests, array $fieldInfo, array &$formDescriptor, $action
54 ) {
55 // This method is never called for remove actions.
56
57 $extraFields = [];
58 Hooks::run( 'ChangePasswordForm', [ &$extraFields ], '1.27' );
59 foreach ( $extraFields as $extra ) {
60 list( $name, $label, $type, $default ) = $extra;
61 $formDescriptor[$name] = [
62 'type' => $type,
63 'name' => $name,
64 'label-message' => $label,
65 'default' => $default,
66 ];
67
68 }
69
70 return parent::onAuthChangeFormFields( $requests, $fieldInfo, $formDescriptor, $action );
71 }
72
73 public function execute( $subPage ) {
74 $this->setHeaders();
75 $this->outputHeader();
76
77 $this->loadAuth( $subPage );
78
79 if ( !$subPage ) {
80 $this->showSubpageList();
81 return;
82 }
83
84 if ( !$this->authRequests ) {
85 // messages used: changecredentials-invalidsubpage, removecredentials-invalidsubpage
86 $this->showSubpageList( $this->msg( static::$messagePrefix . '-invalidsubpage', $subPage ) );
87 return;
88 }
89
90 $this->getOutput()->addBacklinkSubtitle( $this->getPageTitle() );
91
92 $status = $this->trySubmit();
93
94 if ( $status === false || !$status->isOK() ) {
95 $this->displayForm( $status );
96 return;
97 }
98
99 $response = $status->getValue();
100
101 switch ( $response->status ) {
102 case AuthenticationResponse::PASS:
103 $this->success();
104 break;
105 case AuthenticationResponse::FAIL:
106 $this->displayForm( Status::newFatal( $response->message ) );
107 break;
108 default:
109 throw new LogicException( 'invalid AuthenticationResponse' );
110 }
111 }
112
113 protected function loadAuth( $subPage, $authAction = null, $reset = false ) {
114 parent::loadAuth( $subPage, $authAction );
115 if ( $subPage ) {
116 $this->authRequests = array_filter( $this->authRequests, function ( $req ) use ( $subPage ) {
117 return $req->getUniqueId() === $subPage;
118 } );
119 if ( count( $this->authRequests ) > 1 ) {
120 throw new LogicException( 'Multiple AuthenticationRequest objects with same ID!' );
121 }
122 }
123 }
124
125 protected function getAuthFormDescriptor( $requests, $action ) {
126 if ( !static::$loadUserData ) {
127 return [];
128 } else {
129 $descriptor = parent::getAuthFormDescriptor( $requests, $action );
130
131 $any = false;
132 foreach ( $descriptor as &$field ) {
133 if ( $field['type'] === 'password' && $field['name'] !== 'retype' ) {
134 $any = true;
135 if ( isset( $field['cssclass'] ) ) {
136 $field['cssclass'] .= ' mw-changecredentials-validate-password';
137 } else {
138 $field['cssclass'] = 'mw-changecredentials-validate-password';
139 }
140 }
141 }
142
143 if ( $any ) {
144 $this->getOutput()->addModules( 'mediawiki.misc-authed-ooui' );
145 }
146
147 return $descriptor;
148 }
149 }
150
151 protected function getAuthForm( array $requests, $action ) {
152 $form = parent::getAuthForm( $requests, $action );
153 $req = reset( $requests );
154 $info = $req->describeCredentials();
155
156 $form->addPreText(
157 Html::openElement( 'dl' )
158 . Html::element( 'dt', [], $this->msg( 'credentialsform-provider' )->text() )
159 . Html::element( 'dd', [], $info['provider'] )
160 . Html::element( 'dt', [], $this->msg( 'credentialsform-account' )->text() )
161 . Html::element( 'dd', [], $info['account'] )
162 . Html::closeElement( 'dl' )
163 );
164
165 // messages used: changecredentials-submit removecredentials-submit
166 $form->setSubmitTextMsg( static::$messagePrefix . '-submit' );
167 $form->showCancel()->setCancelTarget( $this->getReturnUrl() ?: Title::newMainPage() );
168
169 return $form;
170 }
171
172 protected function needsSubmitButton( array $requests ) {
173 // Change/remove forms show are built from a single AuthenticationRequest and do not allow
174 // for redirect flow; they always need a submit button.
175 return true;
176 }
177
178 public function handleFormSubmit( $data ) {
179 // remove requests do not accept user input
180 $requests = $this->authRequests;
181 if ( static::$loadUserData ) {
182 $requests = AuthenticationRequest::loadRequestsFromSubmission( $this->authRequests, $data );
183 }
184
185 $response = $this->performAuthenticationStep( $this->authAction, $requests );
186
187 // we can't handle FAIL or similar as failure here since it might require changing the form
188 return Status::newGood( $response );
189 }
190
191 /**
192 * @param Message|null $error
193 */
194 protected function showSubpageList( $error = null ) {
195 $out = $this->getOutput();
196
197 if ( $error ) {
198 $out->addHTML( $error->parse() );
199 }
200
201 $groupedRequests = [];
202 foreach ( $this->authRequests as $req ) {
203 $info = $req->describeCredentials();
204 $groupedRequests[(string)$info['provider']][] = $req;
205 }
206
207 $linkRenderer = $this->getLinkRenderer();
208 $out->addHTML( Html::openElement( 'dl' ) );
209 foreach ( $groupedRequests as $group => $members ) {
210 $out->addHTML( Html::element( 'dt', [], $group ) );
211 foreach ( $members as $req ) {
212 /** @var AuthenticationRequest $req */
213 $info = $req->describeCredentials();
214 $out->addHTML( Html::rawElement( 'dd', [],
215 $linkRenderer->makeLink(
216 $this->getPageTitle( $req->getUniqueId() ),
217 $info['account']
218 )
219 ) );
220 }
221 }
222 $out->addHTML( Html::closeElement( 'dl' ) );
223 }
224
225 protected function success() {
226 $session = $this->getRequest()->getSession();
227 $user = $this->getUser();
228 $out = $this->getOutput();
229 $returnUrl = $this->getReturnUrl();
230
231 // change user token and update the session
232 SessionManager::singleton()->invalidateSessionsForUser( $user );
233 $session->setUser( $user );
234 $session->resetId();
235
236 if ( $returnUrl ) {
237 $out->redirect( $returnUrl );
238 } else {
239 // messages used: changecredentials-success removecredentials-success
240 $out->wrapWikiMsg( "<div class=\"successbox\">\n$1\n</div>", static::$messagePrefix
241 . '-success' );
242 $out->returnToMain();
243 }
244 }
245
246 /**
247 * @return string|null
248 */
249 protected function getReturnUrl() {
250 $request = $this->getRequest();
251 $returnTo = $request->getText( 'returnto' );
252 $returnToQuery = $request->getText( 'returntoquery', '' );
253
254 if ( !$returnTo ) {
255 return null;
256 }
257
258 $title = Title::newFromText( $returnTo );
259 return $title->getFullUrlForRedirect( $returnToQuery );
260 }
261
262 protected function getRequestBlacklist() {
263 return $this->getConfig()->get( 'ChangeCredentialsBlacklist' );
264 }
265 }
Wiklou, le Wiki du Wiklou