includes/specials/SpecialPasswordReset.php

   1 <?php
   2 /**
   3  * Implements Special:PasswordReset
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 2 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along
  16  * with this program; if not, write to the Free Software Foundation, Inc.,
  17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18  * http://www.gnu.org/copyleft/gpl.html
  19  *
  20  * @file
  21  * @ingroup SpecialPage
  22  */
  23
  24 use MediaWiki\Auth\AuthManager;
  25 use MediaWiki\MediaWikiServices;
  26
  27 /**
  28  * Special page for requesting a password reset email.
  29  *
  30  * Requires the TemporaryPasswordPrimaryAuthenticationProvider and the
  31  * EmailNotificationSecondaryAuthenticationProvider (or something providing equivalent
  32  * functionality) to be enabled.
  33  *
  34  * @ingroup SpecialPage
  35  */
  36 class SpecialPasswordReset extends FormSpecialPage {
  37         /** @var PasswordReset */
  38         private $passwordReset = null;
  39
  40         /**
  41          * @var Status
  42          */
  43         private $result;
  44
  45         /**
  46          * @var string $method Identifies which password reset field was specified by the user.
  47          */
  48         private $method;
  49
  50         public function __construct() {
  51                 parent::__construct( 'PasswordReset', 'editmyprivateinfo' );
  52         }
  53
  54         private function getPasswordReset() {
  55                 if ( $this->passwordReset === null ) {
  56                         $this->passwordReset = new PasswordReset(
  57                                 $this->getConfig(),
  58                                 AuthManager::singleton(),
  59                                 MediaWikiServices::getInstance()->getPermissionManager()
  60                         );
  61                 }
  62                 return $this->passwordReset;
  63         }
  64
  65         public function doesWrites() {
  66                 return true;
  67         }
  68
  69         public function userCanExecute( User $user ) {
  70                 return $this->getPasswordReset()->isAllowed( $user )->isGood();
  71         }
  72
  73         public function checkExecutePermissions( User $user ) {
  74                 $status = Status::wrap( $this->getPasswordReset()->isAllowed( $user ) );
  75                 if ( !$status->isGood() ) {
  76                         throw new ErrorPageError( 'internalerror', $status->getMessage() );
  77                 }
  78
  79                 parent::checkExecutePermissions( $user );
  80         }
  81
  82         protected function getFormFields() {
  83                 $resetRoutes = $this->getConfig()->get( 'PasswordResetRoutes' );
  84                 $a = [];
  85                 if ( isset( $resetRoutes['username'] ) && $resetRoutes['username'] ) {
  86                         $a['Username'] = [
  87                                 'type' => 'text',
  88                                 'default' => $this->getRequest()->getSession()->suggestLoginUsername(),
  89                                 'label-message' => 'passwordreset-username',
  90                         ];
  91
  92                         if ( $this->getUser()->isLoggedIn() ) {
  93                                 $a['Username']['default'] = $this->getUser()->getName();
  94                         }
  95                 }
  96
  97                 if ( isset( $resetRoutes['email'] ) && $resetRoutes['email'] ) {
  98                         $a['Email'] = [
  99                                 'type' => 'email',
 100                                 'label-message' => 'passwordreset-email',
 101                         ];
 102                 }
 103
 104                 return $a;
 105         }
 106
 107         protected function getDisplayFormat() {
 108                 return 'ooui';
 109         }
 110
 111         public function alterForm( HTMLForm $form ) {
 112                 $resetRoutes = $this->getConfig()->get( 'PasswordResetRoutes' );
 113
 114                 $form->setSubmitDestructive();
 115
 116                 $form->addHiddenFields( $this->getRequest()->getValues( 'returnto', 'returntoquery' ) );
 117
 118                 $i = 0;
 119                 if ( isset( $resetRoutes['username'] ) && $resetRoutes['username'] ) {
 120                         $i++;
 121                 }
 122                 if ( isset( $resetRoutes['email'] ) && $resetRoutes['email'] ) {
 123                         $i++;
 124                 }
 125
 126                 $message = ( $i > 1 ) ? 'passwordreset-text-many' : 'passwordreset-text-one';
 127
 128                 $form->setHeaderText( $this->msg( $message, $i )->parseAsBlock() );
 129                 $form->setSubmitTextMsg( 'mailmypassword' );
 130         }
 131
 132         /**
 133          * Process the form.  At this point we know that the user passes all the criteria in
 134          * userCanExecute(), and if the data array contains 'Username', etc, then Username
 135          * resets are allowed.
 136          * @param array $data
 137          * @throws MWException
 138          * @throws ThrottledError|PermissionsError
 139          * @return Status
 140          */
 141         public function onSubmit( array $data ) {
 142                 $username = $data['Username'] ?? null;
 143                 $email = $data['Email'] ?? null;
 144
 145                 $this->method = $username ? 'username' : 'email';
 146                 $this->result = Status::wrap(
 147                         $this->getPasswordReset()->execute( $this->getUser(), $username, $email ) );
 148
 149                 if ( $this->result->hasMessage( 'actionthrottledtext' ) ) {
 150                         throw new ThrottledError;
 151                 }
 152
 153                 return $this->result;
 154         }
 155
 156         public function onSuccess() {
 157                 if ( $this->method === 'email' ) {
 158                         $this->getOutput()->addWikiMsg( 'passwordreset-emailsentemail' );
 159                 } else {
 160                         $this->getOutput()->addWikiMsg( 'passwordreset-emailsentusername' );
 161                 }
 162
 163                 $this->getOutput()->returnToMain();
 164         }
 165
 166         /**
 167          * Hide the password reset page if resets are disabled.
 168          * @return bool
 169          */
 170         public function isListed() {
 171                 if ( $this->getPasswordReset()->isAllowed( $this->getUser() )->isGood() ) {
 172                         return parent::isListed();
 173                 }
 174
 175                 return false;
 176         }
 177
 178         protected function getGroupName() {
 179                 return 'users';
 180         }
 181 }