Expose $wgMaxArticleSize in siteinfo query api
[mediawiki.git] / includes / specials / SpecialChangeCredentials.php
blob4da8049f04535aebdc80f117f97fe8957780bde4
1 <?php
3 use MediaWiki\Auth\AuthenticationRequest;
4 use MediaWiki\Auth\AuthenticationResponse;
5 use MediaWiki\Auth\AuthManager;
6 use MediaWiki\Session\SessionManager;
8 /**
9 * Special change to change credentials (such as the password).
11 * Also does most of the work for SpecialRemoveCredentials.
13 class SpecialChangeCredentials extends AuthManagerSpecialPage {
14 protected static $allowedActions = [ AuthManager::ACTION_CHANGE ];
16 protected static $messagePrefix = 'changecredentials';
18 /** Change action needs user data; remove action does not */
19 protected static $loadUserData = true;
21 public function __construct( $name = 'ChangeCredentials' ) {
22 parent::__construct( $name, 'editmyprivateinfo' );
25 protected function getGroupName() {
26 return 'users';
29 public function isListed() {
30 $this->loadAuth( '' );
31 return (bool)$this->authRequests;
34 public function doesWrites() {
35 return true;
38 protected function getDefaultAction( $subPage ) {
39 return AuthManager::ACTION_CHANGE;
42 protected function getPreservedParams( $withToken = false ) {
43 $request = $this->getRequest();
44 $params = parent::getPreservedParams( $withToken );
45 $params += [
46 'returnto' => $request->getVal( 'returnto' ),
47 'returntoquery' => $request->getVal( 'returntoquery' ),
49 return $params;
52 public function onAuthChangeFormFields(
53 array $requests, array $fieldInfo, array &$formDescriptor, $action
54 ) {
55 // This method is never called for remove actions.
57 $extraFields = [];
58 Hooks::run( 'ChangePasswordForm', [ &$extraFields ], '1.27' );
59 foreach ( $extraFields as $extra ) {
60 list( $name, $label, $type, $default ) = $extra;
61 $formDescriptor[$name] = [
62 'type' => $type,
63 'name' => $name,
64 'label-message' => $label,
65 'default' => $default,
70 return parent::onAuthChangeFormFields( $requests, $fieldInfo, $formDescriptor, $action );
73 public function execute( $subPage ) {
74 $this->setHeaders();
75 $this->outputHeader();
77 $this->loadAuth( $subPage );
79 if ( !$subPage ) {
80 $this->showSubpageList();
81 return;
84 if ( !$this->authRequests ) {
85 // messages used: changecredentials-invalidsubpage, removecredentials-invalidsubpage
86 $this->showSubpageList( $this->msg( static::$messagePrefix . '-invalidsubpage', $subPage ) );
87 return;
90 $status = $this->trySubmit();
92 if ( $status === false || !$status->isOK() ) {
93 $this->displayForm( $status );
94 return;
97 $response = $status->getValue();
99 switch ( $response->status ) {
100 case AuthenticationResponse::PASS:
101 $this->success();
102 break;
103 case AuthenticationResponse::FAIL:
104 $this->displayForm( Status::newFatal( $response->message ) );
105 break;
106 default:
107 throw new LogicException( 'invalid AuthenticationResponse' );
111 protected function loadAuth( $subPage, $authAction = null, $reset = false ) {
112 parent::loadAuth( $subPage, $authAction );
113 if ( $subPage ) {
114 $this->authRequests = array_filter( $this->authRequests, function ( $req ) use ( $subPage ) {
115 return $req->getUniqueId() === $subPage;
116 } );
117 if ( count( $this->authRequests ) > 1 ) {
118 throw new LogicException( 'Multiple AuthenticationRequest objects with same ID!' );
123 protected function getAuthFormDescriptor( $requests, $action ) {
124 if ( !static::$loadUserData ) {
125 return [];
126 } else {
127 return parent::getAuthFormDescriptor( $requests, $action );
131 protected function getAuthForm( array $requests, $action ) {
132 $form = parent::getAuthForm( $requests, $action );
133 $req = reset( $requests );
134 $info = $req->describeCredentials();
136 $form->addPreText(
137 Html::openElement( 'dl' )
138 . Html::element( 'dt', [], wfMessage( 'credentialsform-provider' ) )
139 . Html::element( 'dd', [], $info['provider'] )
140 . Html::element( 'dt', [], wfMessage( 'credentialsform-account' ) )
141 . Html::element( 'dd', [], $info['account'] )
142 . Html::closeElement( 'dl' )
145 // messages used: changecredentials-submit removecredentials-submit
146 $form->setSubmitTextMsg( static::$messagePrefix . '-submit' );
147 $form->showCancel()->setCancelTarget( $this->getReturnUrl() ?: Title::newMainPage() );
149 return $form;
152 protected function needsSubmitButton( $formDescriptor ) {
153 // Change/remove forms show are built from a single AuthenticationRequest and do not allow
154 // for redirect flow; they always need a submit button.
155 return true;
158 public function handleFormSubmit( $data ) {
159 // remove requests do not accept user input
160 $requests = $this->authRequests;
161 if ( static::$loadUserData ) {
162 $requests = AuthenticationRequest::loadRequestsFromSubmission( $this->authRequests, $data );
165 $response = $this->performAuthenticationStep( $this->authAction, $requests );
167 // we can't handle FAIL or similar as failure here since it might require changing the form
168 return Status::newGood( $response );
172 * @param Message|null $error
174 protected function showSubpageList( $error = null ) {
175 $out = $this->getOutput();
177 if ( $error ) {
178 $out->addHTML( $error->parse() );
181 $groupedRequests = [];
182 foreach ( $this->authRequests as $req ) {
183 $info = $req->describeCredentials();
184 $groupedRequests[(string)$info['provider']][] = $req;
187 $out->addHTML( Html::openElement( 'dl' ) );
188 foreach ( $groupedRequests as $group => $members ) {
189 $out->addHTML( Html::element( 'dt', [], $group ) );
190 foreach ( $members as $req ) {
191 /** @var AuthenticationRequest $req */
192 $info = $req->describeCredentials();
193 $out->addHTML( Html::rawElement( 'dd', [],
194 Linker::link( $this->getPageTitle( $req->getUniqueId() ),
195 htmlspecialchars( $info['account'], ENT_QUOTES ) )
196 ) );
199 $out->addHTML( Html::closeElement( 'dl' ) );
202 protected function success() {
203 $session = $this->getRequest()->getSession();
204 $user = $this->getUser();
205 $out = $this->getOutput();
206 $returnUrl = $this->getReturnUrl();
208 // change user token and update the session
209 SessionManager::singleton()->invalidateSessionsForUser( $user );
210 $session->setUser( $user );
211 $session->resetId();
213 if ( $returnUrl ) {
214 $out->redirect( $returnUrl );
215 } else {
216 // messages used: changecredentials-success removecredentials-success
217 $out->wrapWikiMsg( "<div class=\"successbox\">\n$1\n</div>", static::$messagePrefix
218 . '-success' );
219 $out->returnToMain();
224 * @return string|null
226 protected function getReturnUrl() {
227 $request = $this->getRequest();
228 $returnTo = $request->getText( 'returnto' );
229 $returnToQuery = $request->getText( 'returntoquery', '' );
231 if ( !$returnTo ) {
232 return null;
235 $title = Title::newFromText( $returnTo );
236 return $title->getFullURL( $returnToQuery );
239 protected function getRequestBlacklist() {
240 return $this->getConfig()->get( 'ChangeCredentialsBlacklist' );