3 * Created on August 7, 2012
5 * Copyright © 2012 Tyler Romeo <tylerromeo@gmail.com>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 * http://www.gnu.org/copyleft/gpl.html
24 use MediaWiki\Logger\LoggerFactory
;
27 * Unit to authenticate account registration attempts to the current wiki.
30 * @deprecated since 1.27, only used when $wgDisableAuthManager is true
32 class ApiCreateAccount
extends ApiBase
{
33 public function execute() {
34 // If we're in a mode that breaks the same-origin policy, no tokens can
36 if ( $this->lacksSameOriginSecurity() ) {
38 'Cannot create account when the same-origin policy is not applied', 'aborted'
42 // $loginForm->addNewaccountInternal will throw exceptions
43 // if wiki is read only (already handled by api), user is blocked or does not have rights.
44 // Use userCan in order to hit GlobalBlock checks (according to Special:userlogin)
45 $loginTitle = SpecialPage
::getTitleFor( 'Userlogin' );
46 if ( !$loginTitle->userCan( 'createaccount', $this->getUser() ) ) {
48 'You do not have the right to create a new account',
49 'permdenied-createaccount'
52 if ( $this->getUser()->isBlockedFromCreateAccount() ) {
54 'You cannot create a new account because you are blocked',
57 [ 'blockinfo' => ApiQueryUserInfo
::getBlockInfo( $this->getUser()->getBlock() ) ]
61 $params = $this->extractRequestParams();
63 // Make sure session is persisted
64 MediaWiki\Session\SessionManager
::getGlobalSession()->persist();
66 if ( $params['mailpassword'] && !$params['email'] ) {
67 $this->dieUsageMsg( 'noemail' );
70 if ( $params['language'] && !Language
::isSupportedLanguage( $params['language'] ) ) {
71 $this->dieUsage( 'Invalid language parameter', 'langinvalid' );
74 $context = new DerivativeContext( $this->getContext() );
75 $context->setRequest( new DerivativeRequest(
76 $this->getContext()->getRequest(),
79 'uselang' => $params['language'],
80 'wpName' => $params['name'],
81 'wpPassword' => $params['password'],
82 'wpRetype' => $params['password'],
83 'wpDomain' => $params['domain'],
84 'wpEmail' => $params['email'],
85 'wpRealName' => $params['realname'],
86 'wpCreateaccountToken' => $params['token'],
87 'wpCreateaccount' => $params['mailpassword'] ?
null : '1',
88 'wpCreateaccountMail' => $params['mailpassword'] ?
'1' : null
92 $loginForm = new LoginForm();
93 $loginForm->setContext( $context );
94 Hooks
::run( 'AddNewAccountApiForm', [ $this, $loginForm ] );
97 $status = $loginForm->addNewAccountInternal();
98 LoggerFactory
::getInstance( 'authmanager' )->info( 'Account creation attempt via API', [
99 'event' => 'accountcreation',
103 if ( $status->isGood() ) {
105 $user = $status->getValue();
107 if ( $params['language'] ) {
108 $user->setOption( 'language', $params['language'] );
111 if ( $params['mailpassword'] ) {
112 // If mailpassword was set, disable the password and send an email.
113 $user->setPassword( null );
114 $status->merge( $loginForm->mailPasswordInternal(
117 'createaccount-title',
120 } elseif ( $this->getConfig()->get( 'EmailAuthentication' ) &&
121 Sanitizer
::validateEmail( $user->getEmail() )
123 // Send out an email authentication message if needed
124 $status->merge( $user->sendConfirmationMail() );
127 // Save settings (including confirmation token)
128 $user->saveSettings();
130 Hooks
::run( 'AddNewAccount', [ $user, $params['mailpassword'] ] );
132 if ( $params['mailpassword'] ) {
133 $logAction = 'byemail';
134 } elseif ( $this->getUser()->isLoggedIn() ) {
135 $logAction = 'create2';
137 $logAction = 'create';
139 $user->addNewUserLogEntry( $logAction, (string)$params['reason'] );
141 // Add username, id, and token to result.
142 $result['username'] = $user->getName();
143 $result['userid'] = $user->getId();
144 $result['token'] = $user->getToken();
147 $apiResult = $this->getResult();
149 if ( $status->hasMessage( 'sessionfailure' ) ||
$status->hasMessage( 'nocookiesfornew' ) ) {
150 // Token was incorrect, so add it to result, but don't throw an exception
151 // since not having the correct token is part of the normal
153 $result['token'] = LoginForm
::getCreateaccountToken()->toString();
154 $result['result'] = 'NeedToken';
155 $this->setWarning( 'Fetching a token via action=createaccount is deprecated. ' .
156 'Use action=query&meta=tokens&type=createaccount instead.' );
157 $this->logFeatureUsage( 'action=createaccount&!token' );
158 } elseif ( !$status->isOK() ) {
159 // There was an error. Die now.
160 $this->dieStatus( $status );
161 } elseif ( !$status->isGood() ) {
162 // Status is not good, but OK. This means warnings.
163 $result['result'] = 'Warning';
165 // Add any warnings to the result
166 $warnings = $status->getErrorsByType( 'warning' );
168 foreach ( $warnings as &$warning ) {
169 ApiResult
::setIndexedTagName( $warning['params'], 'param' );
171 ApiResult
::setIndexedTagName( $warnings, 'warning' );
172 $result['warnings'] = $warnings;
175 // Everything was fine.
176 $result['result'] = 'Success';
179 // Give extensions a chance to modify the API result data
180 Hooks
::run( 'AddNewAccountApiResult', [ $this, $loginForm, &$result ] );
182 $apiResult->addValue( null, 'createaccount', $result );
185 public function mustBePosted() {
189 public function isReadMode() {
193 public function isWriteMode() {
197 public function getAllowedParams() {
200 ApiBase
::PARAM_TYPE
=> 'user',
201 ApiBase
::PARAM_REQUIRED
=> true
204 ApiBase
::PARAM_TYPE
=> 'password',
208 ApiBase
::PARAM_TYPE
=> 'string',
209 ApiBase
::PARAM_REQUIRED
=> false, // for BC
210 ApiBase
::PARAM_HELP_MSG
=> [ 'api-help-param-token', 'createaccount' ],
213 ApiBase
::PARAM_TYPE
=> 'string',
214 ApiBase
::PARAM_REQUIRED
=> $this->getConfig()->get( 'EmailConfirmToEdit' ),
218 ApiBase
::PARAM_TYPE
=> 'boolean',
219 ApiBase
::PARAM_DFLT
=> false
226 protected function getExamplesMessages() {
228 'action=createaccount&name=testuser&password=test123'
229 => 'apihelp-createaccount-example-pass',
230 'action=createaccount&name=testmailuser&mailpassword=true&reason=MyReason'
231 => 'apihelp-createaccount-example-mail',
235 public function getHelpUrls() {
236 return 'https://www.mediawiki.org/wiki/API:Account_creation';