includes/api/ApiResetPassword.php

   1 <?php
   2 /**
   3  * Copyright © 2016 Brad Jorsch <bjorsch@wikimedia.org>
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 2 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along
  16  * with this program; if not, write to the Free Software Foundation, Inc.,
  17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18  * http://www.gnu.org/copyleft/gpl.html
  19  *
  20  * @file
  21  */
  22
  23 use MediaWiki\Auth\AuthManager;
  24
  25 /**
  26  * Reset password, with AuthManager
  27  *
  28  * @ingroup API
  29  */
  30 class ApiResetPassword extends ApiBase {
  31
  32         private $hasAnyRoutes = null;
  33
  34         /**
  35          * Determine whether any reset routes are available.
  36          * @return bool
  37          */
  38         private function hasAnyRoutes() {
  39                 if ( $this->hasAnyRoutes === null ) {
  40                         $resetRoutes = $this->getConfig()->get( 'PasswordResetRoutes' );
  41                         $this->hasAnyRoutes = !empty( $resetRoutes['username'] ) || !empty( $resetRoutes['email'] );
  42                 }
  43                 return $this->hasAnyRoutes;
  44         }
  45
  46         protected function getDescriptionMessage() {
  47                 if ( !$this->hasAnyRoutes() ) {
  48                         return 'apihelp-resetpassword-description-noroutes';
  49                 }
  50                 return parent::getDescriptionMessage();
  51         }
  52
  53         public function execute() {
  54                 if ( !$this->hasAnyRoutes() ) {
  55                         $this->dieUsage( 'No password reset routes are available.', 'moduledisabled' );
  56                 }
  57
  58                 $params = $this->extractRequestParams() + [
  59                         // Make sure the keys exist even if getAllowedParams didn't define them
  60                         'user' => null,
  61                         'email' => null,
  62                 ];
  63
  64                 $this->requireOnlyOneParameter( $params, 'user', 'email' );
  65
  66                 $passwordReset = new PasswordReset( $this->getConfig(), AuthManager::singleton() );
  67
  68                 $status = $passwordReset->isAllowed( $this->getUser(), $params['capture'] );
  69                 if ( !$status->isOK() ) {
  70                         $this->dieStatus( Status::wrap( $status ) );
  71                 }
  72
  73                 $status = $passwordReset->execute(
  74                         $this->getUser(), $params['user'], $params['email'], $params['capture']
  75                 );
  76                 if ( !$status->isOK() ) {
  77                         $status->value = null;
  78                         $this->dieStatus( Status::wrap( $status ) );
  79                 }
  80
  81                 $result = $this->getResult();
  82                 $result->addValue( [ 'resetpassword' ], 'status', 'success' );
  83                 if ( $params['capture'] ) {
  84                         $passwords = $status->getValue() ?: [];
  85                         ApiResult::setArrayType( $passwords, 'kvp', 'user' );
  86                         ApiResult::setIndexedTagName( $passwords, 'p' );
  87                         $result->addValue( [ 'resetpassword' ], 'passwords', $passwords );
  88                 }
  89         }
  90
  91         public function isWriteMode() {
  92                 return $this->hasAnyRoutes();
  93         }
  94
  95         public function needsToken() {
  96                 if ( !$this->hasAnyRoutes() ) {
  97                         return false;
  98                 }
  99                 return 'csrf';
 100         }
 101
 102         public function getAllowedParams() {
 103                 if ( !$this->hasAnyRoutes() ) {
 104                         return [];
 105                 }
 106
 107                 $ret = [
 108                         'user' => [
 109                                 ApiBase::PARAM_TYPE => 'user',
 110                         ],
 111                         'email' => [
 112                                 ApiBase::PARAM_TYPE => 'string',
 113                         ],
 114                         'capture' => false,
 115                 ];
 116
 117                 $resetRoutes = $this->getConfig()->get( 'PasswordResetRoutes' );
 118                 if ( empty( $resetRoutes['username'] ) ) {
 119                         unset( $ret['user'] );
 120                 }
 121                 if ( empty( $resetRoutes['email'] ) ) {
 122                         unset( $ret['email'] );
 123                 }
 124
 125                 return $ret;
 126         }
 127
 128         protected function getExamplesMessages() {
 129                 $ret = [];
 130                 $resetRoutes = $this->getConfig()->get( 'PasswordResetRoutes' );
 131
 132                 if ( !empty( $resetRoutes['username'] ) ) {
 133                         $ret['action=resetpassword&user=Example&token=123ABC'] = 'apihelp-resetpassword-example-user';
 134                 }
 135                 if ( !empty( $resetRoutes['email'] ) ) {
 136                         $ret['action=resetpassword&user=user@example.com&token=123ABC'] =
 137                                 'apihelp-resetpassword-example-email';
 138                 }
 139
 140                 return $ret;
 141         }
 142
 143         public function getHelpUrls() {
 144                 return 'https://www.mediawiki.org/wiki/API:Manage_authentication_data';
 145         }
 146 }