3 use MediaWiki\Auth\AuthenticationRequest
;
4 use MediaWiki\Auth\AuthenticationResponse
;
5 use MediaWiki\Auth\AuthManager
;
6 use MediaWiki\Session\SessionManager
;
9 * Special change to change credentials (such as the password).
11 * Also does most of the work for SpecialRemoveCredentials.
13 class SpecialChangeCredentials
extends AuthManagerSpecialPage
{
14 protected static $allowedActions = [ AuthManager
::ACTION_CHANGE
];
16 protected static $messagePrefix = 'changecredentials';
18 /** Change action needs user data; remove action does not */
19 protected static $loadUserData = true;
21 public function __construct( $name = 'ChangeCredentials' ) {
22 parent
::__construct( $name, 'editmyprivateinfo' );
25 protected function getGroupName() {
29 public function isListed() {
30 $this->loadAuth( '' );
31 return (bool)$this->authRequests
;
34 public function doesWrites() {
38 protected function getDefaultAction( $subPage ) {
39 return AuthManager
::ACTION_CHANGE
;
42 protected function getPreservedParams( $withToken = false ) {
43 $request = $this->getRequest();
44 $params = parent
::getPreservedParams( $withToken );
46 'returnto' => $request->getVal( 'returnto' ),
47 'returntoquery' => $request->getVal( 'returntoquery' ),
52 public function execute( $subPage ) {
54 $this->outputHeader();
56 $this->loadAuth( $subPage );
59 $this->showSubpageList();
63 if ( !$this->authRequests
) {
64 // messages used: changecredentials-invalidsubpage, removecredentials-invalidsubpage
65 $this->showSubpageList( $this->msg( static::$messagePrefix . '-invalidsubpage', $subPage ) );
69 $this->getOutput()->addBacklinkSubtitle( $this->getPageTitle() );
71 $status = $this->trySubmit();
73 if ( $status === false ||
!$status->isOK() ) {
74 $this->displayForm( $status );
78 $response = $status->getValue();
80 switch ( $response->status
) {
81 case AuthenticationResponse
::PASS
:
84 case AuthenticationResponse
::FAIL
:
85 $this->displayForm( Status
::newFatal( $response->message
) );
88 throw new LogicException( 'invalid AuthenticationResponse' );
92 protected function loadAuth( $subPage, $authAction = null, $reset = false ) {
93 parent
::loadAuth( $subPage, $authAction );
95 $this->authRequests
= array_filter( $this->authRequests
, function ( $req ) use ( $subPage ) {
96 return $req->getUniqueId() === $subPage;
98 if ( count( $this->authRequests
) > 1 ) {
99 throw new LogicException( 'Multiple AuthenticationRequest objects with same ID!' );
104 protected function getAuthFormDescriptor( $requests, $action ) {
105 if ( !static::$loadUserData ) {
108 $descriptor = parent
::getAuthFormDescriptor( $requests, $action );
111 foreach ( $descriptor as &$field ) {
112 if ( $field['type'] === 'password' && $field['name'] !== 'retype' ) {
114 if ( isset( $field['cssclass'] ) ) {
115 $field['cssclass'] .= ' mw-changecredentials-validate-password';
117 $field['cssclass'] = 'mw-changecredentials-validate-password';
123 $this->getOutput()->addModules( 'mediawiki.misc-authed-ooui' );
130 protected function getAuthForm( array $requests, $action ) {
131 $form = parent
::getAuthForm( $requests, $action );
132 $req = reset( $requests );
133 $info = $req->describeCredentials();
136 Html
::openElement( 'dl' )
137 . Html
::element( 'dt', [], $this->msg( 'credentialsform-provider' )->text() )
138 . Html
::element( 'dd', [], $info['provider'] )
139 . Html
::element( 'dt', [], $this->msg( 'credentialsform-account' )->text() )
140 . Html
::element( 'dd', [], $info['account'] )
141 . Html
::closeElement( 'dl' )
144 // messages used: changecredentials-submit removecredentials-submit
145 $form->setSubmitTextMsg( static::$messagePrefix . '-submit' );
146 $form->showCancel()->setCancelTarget( $this->getReturnUrl() ?
: Title
::newMainPage() );
151 protected function needsSubmitButton( array $requests ) {
152 // Change/remove forms show are built from a single AuthenticationRequest and do not allow
153 // for redirect flow; they always need a submit button.
157 public function handleFormSubmit( $data ) {
158 // remove requests do not accept user input
159 $requests = $this->authRequests
;
160 if ( static::$loadUserData ) {
161 $requests = AuthenticationRequest
::loadRequestsFromSubmission( $this->authRequests
, $data );
164 $response = $this->performAuthenticationStep( $this->authAction
, $requests );
166 // we can't handle FAIL or similar as failure here since it might require changing the form
167 return Status
::newGood( $response );
171 * @param Message|null $error
173 protected function showSubpageList( $error = null ) {
174 $out = $this->getOutput();
177 $out->addHTML( $error->parse() );
180 $groupedRequests = [];
181 foreach ( $this->authRequests
as $req ) {
182 $info = $req->describeCredentials();
183 $groupedRequests[(string)$info['provider']][] = $req;
186 $linkRenderer = $this->getLinkRenderer();
187 $out->addHTML( Html
::openElement( 'dl' ) );
188 foreach ( $groupedRequests as $group => $members ) {
189 $out->addHTML( Html
::element( 'dt', [], $group ) );
190 foreach ( $members as $req ) {
191 /** @var AuthenticationRequest $req */
192 $info = $req->describeCredentials();
193 $out->addHTML( Html
::rawElement( 'dd', [],
194 $linkRenderer->makeLink(
195 $this->getPageTitle( $req->getUniqueId() ),
201 $out->addHTML( Html
::closeElement( 'dl' ) );
204 protected function success() {
205 $session = $this->getRequest()->getSession();
206 $user = $this->getUser();
207 $out = $this->getOutput();
208 $returnUrl = $this->getReturnUrl();
210 // change user token and update the session
211 SessionManager
::singleton()->invalidateSessionsForUser( $user );
212 $session->setUser( $user );
216 $out->redirect( $returnUrl );
218 // messages used: changecredentials-success removecredentials-success
219 $out->wrapWikiMsg( "<div class=\"successbox\">\n$1\n</div>", static::$messagePrefix
221 $out->returnToMain();
226 * @return string|null
228 protected function getReturnUrl() {
229 $request = $this->getRequest();
230 $returnTo = $request->getText( 'returnto' );
231 $returnToQuery = $request->getText( 'returntoquery', '' );
237 $title = Title
::newFromText( $returnTo );
238 return $title->getFullUrlForRedirect( $returnToQuery );
241 protected function getRequestBlacklist() {
242 return $this->getConfig()->get( 'ChangeCredentialsBlacklist' );