3 use MediaWiki\Auth\AuthenticationRequest
;
4 use MediaWiki\Auth\AuthenticationResponse
;
5 use MediaWiki\Auth\AuthManager
;
6 use MediaWiki\Session\SessionManager
;
9 * Special change to change credentials (such as the password).
11 * Also does most of the work for SpecialRemoveCredentials.
13 class SpecialChangeCredentials
extends AuthManagerSpecialPage
{
14 protected static $allowedActions = [ AuthManager
::ACTION_CHANGE
];
16 protected static $messagePrefix = 'changecredentials';
18 /** Change action needs user data; remove action does not */
19 protected static $loadUserData = true;
21 public function __construct( $name = 'ChangeCredentials' ) {
22 parent
::__construct( $name, 'editmyprivateinfo' );
25 protected function getGroupName() {
29 public function isListed() {
30 $this->loadAuth( '' );
31 return (bool)$this->authRequests
;
34 public function doesWrites() {
38 protected function getDefaultAction( $subPage ) {
39 return AuthManager
::ACTION_CHANGE
;
42 protected function getPreservedParams( $withToken = false ) {
43 $request = $this->getRequest();
44 $params = parent
::getPreservedParams( $withToken );
46 'returnto' => $request->getVal( 'returnto' ),
47 'returntoquery' => $request->getVal( 'returntoquery' ),
52 public function onAuthChangeFormFields(
53 array $requests, array $fieldInfo, array &$formDescriptor, $action
55 // This method is never called for remove actions.
58 Hooks
::run( 'ChangePasswordForm', [ &$extraFields ], '1.27' );
59 foreach ( $extraFields as $extra ) {
60 list( $name, $label, $type, $default ) = $extra;
61 $formDescriptor[$name] = [
64 'label-message' => $label,
65 'default' => $default,
70 return parent
::onAuthChangeFormFields( $requests, $fieldInfo, $formDescriptor, $action );
73 public function execute( $subPage ) {
75 $this->outputHeader();
77 $this->loadAuth( $subPage );
80 $this->showSubpageList();
84 if ( !$this->authRequests
) {
85 // messages used: changecredentials-invalidsubpage, removecredentials-invalidsubpage
86 $this->showSubpageList( $this->msg( static::$messagePrefix . '-invalidsubpage', $subPage ) );
90 $this->getOutput()->addBacklinkSubtitle( $this->getPageTitle() );
92 $status = $this->trySubmit();
94 if ( $status === false ||
!$status->isOK() ) {
95 $this->displayForm( $status );
99 $response = $status->getValue();
101 switch ( $response->status
) {
102 case AuthenticationResponse
::PASS
:
105 case AuthenticationResponse
::FAIL
:
106 $this->displayForm( Status
::newFatal( $response->message
) );
109 throw new LogicException( 'invalid AuthenticationResponse' );
113 protected function loadAuth( $subPage, $authAction = null, $reset = false ) {
114 parent
::loadAuth( $subPage, $authAction );
116 $this->authRequests
= array_filter( $this->authRequests
, function ( $req ) use ( $subPage ) {
117 return $req->getUniqueId() === $subPage;
119 if ( count( $this->authRequests
) > 1 ) {
120 throw new LogicException( 'Multiple AuthenticationRequest objects with same ID!' );
125 protected function getAuthFormDescriptor( $requests, $action ) {
126 if ( !static::$loadUserData ) {
129 $descriptor = parent
::getAuthFormDescriptor( $requests, $action );
132 foreach ( $descriptor as &$field ) {
133 if ( $field['type'] === 'password' && $field['name'] !== 'retype' ) {
135 if ( isset( $field['cssclass'] ) ) {
136 $field['cssclass'] .= ' mw-changecredentials-validate-password';
138 $field['cssclass'] = 'mw-changecredentials-validate-password';
144 $this->getOutput()->addModules( [
145 'mediawiki.special.changecredentials.js'
153 protected function getAuthForm( array $requests, $action ) {
154 $form = parent
::getAuthForm( $requests, $action );
155 $req = reset( $requests );
156 $info = $req->describeCredentials();
159 Html
::openElement( 'dl' )
160 . Html
::element( 'dt', [], wfMessage( 'credentialsform-provider' )->text() )
161 . Html
::element( 'dd', [], $info['provider'] )
162 . Html
::element( 'dt', [], wfMessage( 'credentialsform-account' )->text() )
163 . Html
::element( 'dd', [], $info['account'] )
164 . Html
::closeElement( 'dl' )
167 // messages used: changecredentials-submit removecredentials-submit
168 $form->setSubmitTextMsg( static::$messagePrefix . '-submit' );
169 $form->showCancel()->setCancelTarget( $this->getReturnUrl() ?
: Title
::newMainPage() );
174 protected function needsSubmitButton( array $requests ) {
175 // Change/remove forms show are built from a single AuthenticationRequest and do not allow
176 // for redirect flow; they always need a submit button.
180 public function handleFormSubmit( $data ) {
181 // remove requests do not accept user input
182 $requests = $this->authRequests
;
183 if ( static::$loadUserData ) {
184 $requests = AuthenticationRequest
::loadRequestsFromSubmission( $this->authRequests
, $data );
187 $response = $this->performAuthenticationStep( $this->authAction
, $requests );
189 // we can't handle FAIL or similar as failure here since it might require changing the form
190 return Status
::newGood( $response );
194 * @param Message|null $error
196 protected function showSubpageList( $error = null ) {
197 $out = $this->getOutput();
200 $out->addHTML( $error->parse() );
203 $groupedRequests = [];
204 foreach ( $this->authRequests
as $req ) {
205 $info = $req->describeCredentials();
206 $groupedRequests[(string)$info['provider']][] = $req;
209 $linkRenderer = $this->getLinkRenderer();
210 $out->addHTML( Html
::openElement( 'dl' ) );
211 foreach ( $groupedRequests as $group => $members ) {
212 $out->addHTML( Html
::element( 'dt', [], $group ) );
213 foreach ( $members as $req ) {
214 /** @var AuthenticationRequest $req */
215 $info = $req->describeCredentials();
216 $out->addHTML( Html
::rawElement( 'dd', [],
217 $linkRenderer->makeLink(
218 $this->getPageTitle( $req->getUniqueId() ),
224 $out->addHTML( Html
::closeElement( 'dl' ) );
227 protected function success() {
228 $session = $this->getRequest()->getSession();
229 $user = $this->getUser();
230 $out = $this->getOutput();
231 $returnUrl = $this->getReturnUrl();
233 // change user token and update the session
234 SessionManager
::singleton()->invalidateSessionsForUser( $user );
235 $session->setUser( $user );
239 $out->redirect( $returnUrl );
241 // messages used: changecredentials-success removecredentials-success
242 $out->wrapWikiMsg( "<div class=\"successbox\">\n$1\n</div>", static::$messagePrefix
244 $out->returnToMain();
249 * @return string|null
251 protected function getReturnUrl() {
252 $request = $this->getRequest();
253 $returnTo = $request->getText( 'returnto' );
254 $returnToQuery = $request->getText( 'returntoquery', '' );
260 $title = Title
::newFromText( $returnTo );
261 return $title->getFullUrlForRedirect( $returnToQuery );
264 protected function getRequestBlacklist() {
265 return $this->getConfig()->get( 'ChangeCredentialsBlacklist' );
