3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License as published by
5 * the Free Software Foundation; either version 2 of the License, or
6 * (at your option) any later version.
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
13 * You should have received a copy of the GNU General Public License along
14 * with this program; if not, write to the Free Software Foundation, Inc.,
15 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 * http://www.gnu.org/copyleft/gpl.html
22 namespace MediaWiki\Auth
;
25 * Reset the local password, if signalled via $this->manager->setAuthenticationSessionData()
27 * The authentication data key is 'reset-pass'; the data is an object with the
28 * following properties:
29 * - msg: Message object to display to the user
30 * - hard: Boolean, if true the reset cannot be skipped.
31 * - req: Optional PasswordAuthenticationRequest to use to actually reset the
32 * password. Won't be displayed to the user.
37 class ResetPasswordSecondaryAuthenticationProvider
extends AbstractSecondaryAuthenticationProvider
{
39 public function getAuthenticationRequests( $action, array $options ) {
43 public function beginSecondaryAuthentication( $user, array $reqs ) {
44 return $this->tryReset( $user, $reqs );
47 public function continueSecondaryAuthentication( $user, array $reqs ) {
48 return $this->tryReset( $user, $reqs );
51 public function beginSecondaryAccountCreation( $user, $creator, array $reqs ) {
52 return $this->tryReset( $user, $reqs );
55 public function continueSecondaryAccountCreation( $user, $creator, array $reqs ) {
56 return $this->tryReset( $user, $reqs );
60 * Try to reset the password
62 * @param AuthenticationRequest[] $reqs
63 * @return AuthenticationResponse
65 protected function tryReset( \User
$user, array $reqs ) {
66 $data = $this->manager
->getAuthenticationSessionData( 'reset-pass' );
68 return AuthenticationResponse
::newAbstain();
71 if ( is_array( $data ) ) {
72 $data = (object)$data;
74 if ( !is_object( $data ) ) {
75 throw new \
UnexpectedValueException( 'reset-pass is not valid' );
78 if ( !isset( $data->msg
) ) {
79 throw new \
UnexpectedValueException( 'reset-pass msg is missing' );
80 } elseif ( !$data->msg
instanceof \Message
) {
81 throw new \
UnexpectedValueException( 'reset-pass msg is not valid' );
82 } elseif ( !isset( $data->hard
) ) {
83 throw new \
UnexpectedValueException( 'reset-pass hard is missing' );
84 } elseif ( isset( $data->req
) && (
85 !$data->req
instanceof PasswordAuthenticationRequest ||
86 !array_key_exists( 'retype', $data->req
->getFieldInfo() )
88 throw new \
UnexpectedValueException( 'reset-pass req is not valid' );
92 $req = ButtonAuthenticationRequest
::getRequestByName( $reqs, 'skipReset' );
94 $this->manager
->removeAuthenticationSessionData( 'reset-pass' );
95 return AuthenticationResponse
::newPass();
99 /** @var PasswordAuthenticationRequest $needReq */
100 $needReq = $data->req ??
new PasswordAuthenticationRequest();
101 '@phan-var PasswordAuthenticationRequest $needReq';
102 if ( !$needReq->action
) {
103 $needReq->action
= AuthManager
::ACTION_CHANGE
;
105 $needReq->required
= $data->hard ? AuthenticationRequest
::REQUIRED
106 : AuthenticationRequest
::OPTIONAL
;
107 $needReqs = [ $needReq ];
108 if ( !$data->hard
) {
109 $needReqs[] = new ButtonAuthenticationRequest(
111 wfMessage( 'authprovider-resetpass-skip-label' ),
112 wfMessage( 'authprovider-resetpass-skip-help' )
116 $req = AuthenticationRequest
::getRequestByClass( $reqs, get_class( $needReq ) );
117 if ( !$req ||
!array_key_exists( 'retype', $req->getFieldInfo() ) ) {
118 return AuthenticationResponse
::newUI( $needReqs, $data->msg
, 'warning' );
121 if ( $req->password
!== $req->retype
) {
122 return AuthenticationResponse
::newUI( $needReqs, new \
Message( 'badretype' ), 'error' );
125 $req->username
= $user->getName();
126 $status = $this->manager
->allowsAuthenticationDataChange( $req );
127 if ( !$status->isGood() ) {
128 return AuthenticationResponse
::newUI( $needReqs, $status->getMessage(), 'error' );
130 $this->manager
->changeAuthenticationData( $req );
132 $this->manager
->removeAuthenticationSessionData( 'reset-pass' );
133 return AuthenticationResponse
::newPass();