includes/specials/SpecialUnlinkAccounts.php

   1 <?php
   2
   3 use MediaWiki\Auth\AuthenticationResponse;
   4 use MediaWiki\Auth\AuthManager;
   5 use MediaWiki\Session\SessionManager;
   6
   7 class SpecialUnlinkAccounts extends AuthManagerSpecialPage {
   8         protected static $allowedActions = [ AuthManager::ACTION_UNLINK ];
   9
  10         public function __construct() {
  11                 parent::__construct( 'UnlinkAccounts' );
  12         }
  13
  14         protected function getLoginSecurityLevel() {
  15                 return 'UnlinkAccount';
  16         }
  17
  18         protected function getDefaultAction( $subPage ) {
  19                 return AuthManager::ACTION_UNLINK;
  20         }
  21
  22         /**
  23          * Under which header this special page is listed in Special:SpecialPages.
  24          */
  25         protected function getGroupName() {
  26                 return 'users';
  27         }
  28
  29         public function isListed() {
  30                 return AuthManager::singleton()->canLinkAccounts();
  31         }
  32
  33         protected function getRequestBlacklist() {
  34                 return $this->getConfig()->get( 'RemoveCredentialsBlacklist' );
  35         }
  36
  37         public function execute( $subPage ) {
  38                 $this->setHeaders();
  39                 $this->loadAuth( $subPage );
  40                 $this->outputHeader();
  41
  42                 $status = $this->trySubmit();
  43
  44                 if ( $status === false || !$status->isOK() ) {
  45                         $this->displayForm( $status );
  46                         return;
  47                 }
  48
  49                 /** @var AuthenticationResponse $response */
  50                 $response = $status->getValue();
  51
  52                 if ( $response->status === AuthenticationResponse::FAIL ) {
  53                         $this->displayForm( StatusValue::newFatal( $response->message ) );
  54                         return;
  55                 }
  56
  57                 $status = StatusValue::newGood();
  58                 $status->warning( wfMessage( 'unlinkaccounts-success' ) );
  59                 $this->loadAuth( $subPage, null, true ); // update requests so the unlinked one doesn't show up
  60
  61                 // Reset sessions - if the user unlinked an account because it was compromised,
  62                 // log attackers out from sessions obtained via that account.
  63                 $session = $this->getRequest()->getSession();
  64                 $user = $this->getUser();
  65                 SessionManager::singleton()->invalidateSessionsForUser( $user );
  66                 $session->setUser( $user );
  67                 $session->resetId();
  68
  69                 $this->displayForm( $status );
  70         }
  71
  72         public function handleFormSubmit( $data ) {
  73                 // unlink requests do not accept user input so repeat parent code but skip call to
  74                 // AuthenticationRequest::loadRequestsFromSubmission
  75                 $response = $this->performAuthenticationStep( $this->authAction, $this->authRequests );
  76                 return Status::newGood( $response );
  77         }
  78 }