includes/specials/SpecialUnlinkAccounts.php

   1 <?php
   2
   3 use MediaWiki\Auth\AuthenticationResponse;
   4 use MediaWiki\Auth\AuthManager;
   5 use MediaWiki\Session\SessionManager;
   6
   7 class SpecialUnlinkAccounts extends AuthManagerSpecialPage {
   8         protected static $allowedActions = [ AuthManager::ACTION_UNLINK ];
   9
  10         public function __construct() {
  11                 parent::__construct( 'UnlinkAccounts' );
  12         }
  13
  14         protected function getLoginSecurityLevel() {
  15                 return 'UnlinkAccount';
  16         }
  17
  18         protected function getDefaultAction( $subPage ) {
  19                 return AuthManager::ACTION_UNLINK;
  20         }
  21
  22         /**
  23          * Under which header this special page is listed in Special:SpecialPages.
  24          * @return string
  25          */
  26         protected function getGroupName() {
  27                 return 'users';
  28         }
  29
  30         public function isListed() {
  31                 return AuthManager::singleton()->canLinkAccounts();
  32         }
  33
  34         protected function getRequestBlacklist() {
  35                 return $this->getConfig()->get( 'RemoveCredentialsBlacklist' );
  36         }
  37
  38         public function execute( $subPage ) {
  39                 $this->setHeaders();
  40                 $this->loadAuth( $subPage );
  41                 $this->outputHeader();
  42
  43                 $status = $this->trySubmit();
  44
  45                 if ( $status === false || !$status->isOK() ) {
  46                         $this->displayForm( $status );
  47                         return;
  48                 }
  49
  50                 /** @var AuthenticationResponse $response */
  51                 $response = $status->getValue();
  52
  53                 if ( $response->status === AuthenticationResponse::FAIL ) {
  54                         $this->displayForm( StatusValue::newFatal( $response->message ) );
  55                         return;
  56                 }
  57
  58                 $status = StatusValue::newGood();
  59                 $status->warning( $this->msg( 'unlinkaccounts-success' ) );
  60                 $this->loadAuth( $subPage, null, true ); // update requests so the unlinked one doesn't show up
  61
  62                 // Reset sessions - if the user unlinked an account because it was compromised,
  63                 // log attackers out from sessions obtained via that account.
  64                 $session = $this->getRequest()->getSession();
  65                 $user = $this->getUser();
  66                 SessionManager::singleton()->invalidateSessionsForUser( $user );
  67                 $session->setUser( $user );
  68                 $session->resetId();
  69
  70                 $this->displayForm( $status );
  71         }
  72
  73         public function handleFormSubmit( $data ) {
  74                 // unlink requests do not accept user input so repeat parent code but skip call to
  75                 // AuthenticationRequest::loadRequestsFromSubmission
  76                 $response = $this->performAuthenticationStep( $this->authAction, $this->authRequests );
  77                 return Status::newGood( $response );
  78         }
  79 }