use MediaWiki\Auth\AuthManager;
use MediaWiki\Auth\TemporaryPasswordAuthenticationRequest;
+use MediaWiki\Config\ServiceOptions;
+use MediaWiki\Logger\LoggerFactory;
+use MediaWiki\MediaWikiServices;
+use MediaWiki\Permissions\PermissionManager;
use Psr\Log\LoggerAwareInterface;
+use Psr\Log\LoggerAwareTrait;
use Psr\Log\LoggerInterface;
-use MediaWiki\Logger\LoggerFactory;
+use Wikimedia\Rdbms\ILoadBalancer;
/**
* Helper class for the password reset functionality shared by the web UI and the API.
* functionality) to be enabled.
*/
class PasswordReset implements LoggerAwareInterface {
- /** @var Config */
+ use LoggerAwareTrait;
+
+ /** @var ServiceOptions|Config */
protected $config;
/** @var AuthManager */
protected $authManager;
- /** @var LoggerInterface */
- protected $logger;
+ /** @var PermissionManager */
+ protected $permissionManager;
+
+ /** @var ILoadBalancer */
+ protected $loadBalancer;
/**
* In-process cache for isAllowed lookups, by username.
*/
private $permissionCache;
- public function __construct( Config $config, AuthManager $authManager ) {
- $this->config = $config;
- $this->authManager = $authManager;
- $this->permissionCache = new MapCacheLRU( 1 );
- $this->logger = LoggerFactory::getInstance( 'authentication' );
- }
+ public static $constructorOptions = [
+ 'EnableEmail',
+ 'PasswordResetRoutes',
+ ];
/**
- * Set the logger instance to use.
+ * This class is managed by MediaWikiServices, don't instantiate directly.
*
- * @param LoggerInterface $logger
- * @since 1.29
+ * @param ServiceOptions|Config $config
+ * @param AuthManager $authManager
+ * @param PermissionManager $permissionManager
+ * @param ILoadBalancer|null $loadBalancer
+ * @param LoggerInterface|null $logger
*/
- public function setLogger( LoggerInterface $logger ) {
+ public function __construct(
+ $config,
+ AuthManager $authManager,
+ PermissionManager $permissionManager,
+ ILoadBalancer $loadBalancer = null,
+ LoggerInterface $logger = null
+ ) {
+ $this->config = $config;
+ $this->authManager = $authManager;
+ $this->permissionManager = $permissionManager;
+
+ if ( !$loadBalancer ) {
+ wfDeprecated( 'Not passing LoadBalancer to ' . __METHOD__, '1.34' );
+ $loadBalancer = MediaWikiServices::getInstance()->getDBLoadBalancer();
+ }
+ $this->loadBalancer = $loadBalancer;
+
+ if ( !$logger ) {
+ wfDeprecated( 'Not passing LoggerInterface to ' . __METHOD__, '1.34' );
+ $logger = LoggerFactory::getInstance( 'authentication' );
+ }
$this->logger = $logger;
+
+ $this->permissionCache = new MapCacheLRU( 1 );
}
/**
* Check if a given user has permission to use this functionality.
* @param User $user
- * @param bool $displayPassword If set, also check whether the user is allowed to reset the
- * password of another user and see the temporary password.
* @since 1.29 Second argument for displayPassword removed.
* @return StatusValue
*/
} elseif ( !$this->config->get( 'EnableEmail' ) ) {
// Maybe email features have been disabled
$status = StatusValue::newFatal( 'passwordreset-emaildisabled' );
- } elseif ( !$user->isAllowed( 'editmyprivateinfo' ) ) {
+ } elseif ( !$this->permissionManager->userHasRight( $user, 'editmyprivateinfo' ) ) {
// Maybe not all users have permission to change private data
$status = StatusValue::newFatal( 'badaccess' );
} elseif ( $this->isBlocked( $user ) ) {
*/
protected function getUsersByEmail( $email ) {
$userQuery = User::getQueryInfo();
- $res = wfGetDB( DB_REPLICA )->select(
+ $res = $this->loadBalancer->getConnectionRef( DB_REPLICA )->select(
$userQuery['tables'],
$userQuery['fields'],
[ 'user_email' => $email ],