3 use MediaWiki\Auth\AuthenticationResponse
;
4 use MediaWiki\Auth\AuthManager
;
5 use MediaWiki\Session\SessionManager
;
7 class SpecialUnlinkAccounts
extends AuthManagerSpecialPage
{
8 protected static $allowedActions = [ AuthManager
::ACTION_UNLINK
];
10 public function __construct() {
11 parent
::__construct( 'UnlinkAccounts' );
14 protected function getLoginSecurityLevel() {
15 return 'UnlinkAccount';
18 protected function getDefaultAction( $subPage ) {
19 return AuthManager
::ACTION_UNLINK
;
23 * Under which header this special page is listed in Special:SpecialPages.
26 protected function getGroupName() {
30 public function isListed() {
31 return AuthManager
::singleton()->canLinkAccounts();
34 protected function getRequestBlacklist() {
35 return $this->getConfig()->get( 'RemoveCredentialsBlacklist' );
38 public function execute( $subPage ) {
40 $this->loadAuth( $subPage );
42 if ( !$this->isActionAllowed( $this->authAction
) ) {
43 if ( $this->authAction
=== AuthManager
::ACTION_UNLINK
) {
44 // Looks like there are no linked accounts to unlink
45 $titleMessage = $this->msg( 'cannotunlink-no-provider-title' );
46 $errorMessage = $this->msg( 'cannotunlink-no-provider' );
47 throw new ErrorPageError( $titleMessage, $errorMessage );
49 // user probably back-button-navigated into an auth session that no longer exists
50 // FIXME would be nice to show a message
51 $this->getOutput()->redirect( $this->getPageTitle()->getFullURL( '', false, PROTO_HTTPS
) );
56 $this->outputHeader();
58 $status = $this->trySubmit();
60 if ( $status === false ||
!$status->isOK() ) {
61 $this->displayForm( $status );
65 /** @var AuthenticationResponse $response */
66 $response = $status->getValue();
68 if ( $response->status
=== AuthenticationResponse
::FAIL
) {
69 $this->displayForm( StatusValue
::newFatal( $response->message
) );
73 $status = StatusValue
::newGood();
74 $status->warning( $this->msg( 'unlinkaccounts-success' ) );
75 $this->loadAuth( $subPage, null, true ); // update requests so the unlinked one doesn't show up
77 // Reset sessions - if the user unlinked an account because it was compromised,
78 // log attackers out from sessions obtained via that account.
79 $session = $this->getRequest()->getSession();
80 $user = $this->getUser();
81 SessionManager
::singleton()->invalidateSessionsForUser( $user );
82 $session->setUser( $user );
85 $this->displayForm( $status );
88 public function handleFormSubmit( $data ) {
89 // unlink requests do not accept user input so repeat parent code but skip call to
90 // AuthenticationRequest::loadRequestsFromSubmission
91 $response = $this->performAuthenticationStep( $this->authAction
, $this->authRequests
);
92 return Status
::newGood( $response );