dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix SpecialPasswordResetOnSubmit parameter handling
[lhc/web/wiklou.git] / includes / user / PasswordReset.php
1 <?php
2 /**
3 * User password reset helper for MediaWiki.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 use MediaWiki\Auth\AuthManager;
24 use MediaWiki\Auth\TemporaryPasswordAuthenticationRequest;
25
26 /**
27 * Helper class for the password reset functionality shared by the web UI and the API.
28 *
29 * Requires the TemporaryPasswordPrimaryAuthenticationProvider and the
30 * EmailNotificationSecondaryAuthenticationProvider (or something providing equivalent
31 * functionality) to be enabled.
32 */
33 class PasswordReset {
34 /** @var Config */
35 protected $config;
36
37 /** @var AuthManager */
38 protected $authManager;
39
40 /**
41 * In-process cache for isAllowed lookups, by username. Contains pairs of StatusValue objects
42 * (for false and true value of $displayPassword, respectively).
43 * @var HashBagOStuff
44 */
45 private $permissionCache;
46
47 public function __construct( Config $config, AuthManager $authManager ) {
48 $this->config = $config;
49 $this->authManager = $authManager;
50 $this->permissionCache = new HashBagOStuff( [ 'maxKeys' => 1 ] );
51 }
52
53 /**
54 * Check if a given user has permission to use this functionality.
55 * @param User $user
56 * @param bool $displayPassword If set, also check whether the user is allowed to reset the
57 * password of another user and see the temporary password.
58 * @return StatusValue
59 */
60 public function isAllowed( User $user, $displayPassword = false ) {
61 $statuses = $this->permissionCache->get( $user->getName() );
62 if ( $statuses ) {
63 list ( $status, $status2 ) = $statuses;
64 } else {
65 $resetRoutes = $this->config->get( 'PasswordResetRoutes' );
66 $status = StatusValue::newGood();
67
68 if ( !is_array( $resetRoutes ) ||
69 !in_array( true, array_values( $resetRoutes ), true )
70 ) {
71 // Maybe password resets are disabled, or there are no allowable routes
72 $status = StatusValue::newFatal( 'passwordreset-disabled' );
73 } elseif (
74 ( $providerStatus = $this->authManager->allowsAuthenticationDataChange(
75 new TemporaryPasswordAuthenticationRequest(), false ) )
76 && !$providerStatus->isGood()
77 ) {
78 // Maybe the external auth plugin won't allow local password changes
79 $status = StatusValue::newFatal( 'resetpass_forbidden-reason',
80 $providerStatus->getMessage() );
81 } elseif ( !$this->config->get( 'EnableEmail' ) ) {
82 // Maybe email features have been disabled
83 $status = StatusValue::newFatal( 'passwordreset-emaildisabled' );
84 } elseif ( !$user->isAllowed( 'editmyprivateinfo' ) ) {
85 // Maybe not all users have permission to change private data
86 $status = StatusValue::newFatal( 'badaccess' );
87 } elseif ( $user->isBlocked() ) {
88 // Maybe the user is blocked (check this here rather than relying on the parent
89 // method as we have a more specific error message to use here
90 $status = StatusValue::newFatal( 'blocked-mailpassword' );
91 }
92
93 $status2 = StatusValue::newGood();
94 if ( !$user->isAllowed( 'passwordreset' ) ) {
95 $status2 = StatusValue::newFatal( 'badaccess' );
96 }
97
98 $this->permissionCache->set( $user->getName(), [ $status, $status2 ] );
99 }
100
101 if ( !$displayPassword || !$status->isGood() ) {
102 return $status;
103 } else {
104 return $status2;
105 }
106 }
107
108 /**
109 * Do a password reset. Authorization is the caller's responsibility.
110 *
111 * Process the form. At this point we know that the user passes all the criteria in
112 * userCanExecute(), and if the data array contains 'Username', etc, then Username
113 * resets are allowed.
114 * @param User $performingUser The user that does the password reset
115 * @param string $username The user whose password is reset
116 * @param string $email Alternative way to specify the user
117 * @param bool $displayPassword Whether to display the password
118 * @return StatusValue Will contain the passwords as a username => password array if the
119 * $displayPassword flag was set
120 * @throws LogicException When the user is not allowed to perform the action
121 * @throws MWException On unexpected DB errors
122 */
123 public function execute(
124 User $performingUser, $username = null, $email = null, $displayPassword = false
125 ) {
126 if ( !$this->isAllowed( $performingUser, $displayPassword )->isGood() ) {
127 $action = $this->isAllowed( $performingUser )->isGood() ? 'display' : 'reset';
128 throw new LogicException( 'User ' . $performingUser->getName()
129 . ' is not allowed to ' . $action . ' passwords' );
130 }
131
132 $resetRoutes = $this->config->get( 'PasswordResetRoutes' )
133 + [ 'username' => false, 'email' => false ];
134 if ( $resetRoutes['username'] && $username ) {
135 $method = 'username';
136 $users = [ User::newFromName( $username ) ];
137 $email = null;
138 } elseif ( $resetRoutes['email'] && $email ) {
139 if ( !Sanitizer::validateEmail( $email ) ) {
140 return StatusValue::newFatal( 'passwordreset-invalidemail' );
141 }
142 $method = 'email';
143 $users = $this->getUsersByEmail( $email );
144 $username = null;
145 } else {
146 // The user didn't supply any data
147 return StatusValue::newFatal( 'passwordreset-nodata' );
148 }
149
150 // Check for hooks (captcha etc), and allow them to modify the users list
151 $error = [];
152 $data = [
153 'Username' => $username,
154 'Email' => $email,
155 'Capture' => $displayPassword ? '1' : null,
156 ];
157 if ( !Hooks::run( 'SpecialPasswordResetOnSubmit', [ &$users, $data, &$error ] ) ) {
158 return StatusValue::newFatal( Message::newFromSpecifier( $error ) );
159 }
160
161 if ( !$users ) {
162 if ( $method === 'email' ) {
163 // Don't reveal whether or not an email address is in use
164 return StatusValue::newGood( [] );
165 } else {
166 return StatusValue::newFatal( 'noname' );
167 }
168 }
169
170 $firstUser = $users[0];
171
172 if ( !$firstUser instanceof User || !$firstUser->getId() ) {
173 // Don't parse username as wikitext (bug 65501)
174 return StatusValue::newFatal( wfMessage( 'nosuchuser', wfEscapeWikiText( $username ) ) );
175 }
176
177 // Check against the rate limiter
178 if ( $performingUser->pingLimiter( 'mailpassword' ) ) {
179 return StatusValue::newFatal( 'actionthrottledtext' );
180 }
181
182 // All the users will have the same email address
183 if ( !$firstUser->getEmail() ) {
184 // This won't be reachable from the email route, so safe to expose the username
185 return StatusValue::newFatal( wfMessage( 'noemail',
186 wfEscapeWikiText( $firstUser->getName() ) ) );
187 }
188
189 // We need to have a valid IP address for the hook, but per bug 18347, we should
190 // send the user's name if they're logged in.
191 $ip = $performingUser->getRequest()->getIP();
192 if ( !$ip ) {
193 return StatusValue::newFatal( 'badipaddress' );
194 }
195
196 Hooks::run( 'User::mailPasswordInternal', [ &$performingUser, &$ip, &$firstUser ] );
197
198 $result = StatusValue::newGood();
199 $reqs = [];
200 foreach ( $users as $user ) {
201 $req = TemporaryPasswordAuthenticationRequest::newRandom();
202 $req->username = $user->getName();
203 $req->mailpassword = true;
204 $req->hasBackchannel = $displayPassword;
205 $req->caller = $performingUser->getName();
206 $status = $this->authManager->allowsAuthenticationDataChange( $req, true );
207 if ( $status->isGood() && $status->getValue() !== 'ignored' ) {
208 $reqs[] = $req;
209 } elseif ( $result->isGood() ) {
210 // only record the first error, to avoid exposing the number of users having the
211 // same email address
212 if ( $status->getValue() === 'ignored' ) {
213 $status = StatusValue::newFatal( 'passwordreset-ignored' );
214 }
215 $result->merge( $status );
216 }
217 }
218
219 if ( !$result->isGood() ) {
220 return $result;
221 }
222
223 $passwords = [];
224 foreach ( $reqs as $req ) {
225 $this->authManager->changeAuthenticationData( $req );
226 // TODO record mail sending errors
227 if ( $displayPassword ) {
228 $passwords[$req->username] = $req->password;
229 }
230 }
231
232 return StatusValue::newGood( $passwords );
233 }
234
235 /**
236 * @param string $email
237 * @return User[]
238 * @throws MWException On unexpected database errors
239 */
240 protected function getUsersByEmail( $email ) {
241 $res = wfGetDB( DB_REPLICA )->select(
242 'user',
243 User::selectFields(),
244 [ 'user_email' => $email ],
245 __METHOD__
246 );
247
248 if ( !$res ) {
249 // Some sort of database error, probably unreachable
250 throw new MWException( 'Unknown database error in ' . __METHOD__ );
251 }
252
253 $users = [];
254 foreach ( $res as $row ) {
255 $users[] = User::newFromRow( $row );
256 }
257 return $users;
258 }
259 }
Wiklou, le Wiki du Wiklou