includes/api/ApiQueryAuthManagerInfo.php

   1 <?php
   2 /**
   3  * Copyright © 2016 Wikimedia Foundation and contributors
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 2 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along
  16  * with this program; if not, write to the Free Software Foundation, Inc.,
  17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18  * http://www.gnu.org/copyleft/gpl.html
  19  *
  20  * @file
  21  * @since 1.27
  22  */
  23
  24 namespace MediaWiki\Api;
  25
  26 use MediaWiki\Auth\AuthManager;
  27 use MediaWiki\MainConfigNames;
  28 use Wikimedia\ParamValidator\ParamValidator;
  29
  30 /**
  31  * A query action to return meta information about AuthManager state.
  32  *
  33  * @ingroup API
  34  */
  35 class ApiQueryAuthManagerInfo extends ApiQueryBase {
  36
  37         private AuthManager $authManager;
  38
  39         public function __construct(
  40                 ApiQuery $query,
  41                 string $moduleName,
  42                 AuthManager $authManager
  43         ) {
  44                 parent::__construct( $query, $moduleName, 'ami' );
  45                 $this->authManager = $authManager;
  46         }
  47
  48         public function execute() {
  49                 $params = $this->extractRequestParams();
  50                 $helper = new ApiAuthManagerHelper( $this, $this->authManager );
  51                 $ret = [
  52                         'canauthenticatenow' => $this->authManager->canAuthenticateNow(),
  53                         'cancreateaccounts' => $this->authManager->canCreateAccounts(),
  54                         'canlinkaccounts' => $this->authManager->canLinkAccounts(),
  55                 ];
  56
  57                 if ( $params['securitysensitiveoperation'] !== null ) {
  58                         $ret['securitysensitiveoperationstatus'] = $this->authManager->securitySensitiveOperationStatus(
  59                                 $params['securitysensitiveoperation']
  60                         );
  61                 }
  62
  63                 if ( $params['requestsfor'] ) {
  64                         $action = $params['requestsfor'];
  65
  66                         $preservedReq = $helper->getPreservedRequest();
  67                         if ( $preservedReq ) {
  68                                 $ret += [
  69                                         'haspreservedstate' => $preservedReq->hasStateForAction( $action ),
  70                                         'hasprimarypreservedstate' => $preservedReq->hasPrimaryStateForAction( $action ),
  71                                         'preservedusername' => (string)$preservedReq->username,
  72                                 ];
  73                         } else {
  74                                 $ret += [
  75                                         'haspreservedstate' => false,
  76                                         'hasprimarypreservedstate' => false,
  77                                         'preservedusername' => '',
  78                                 ];
  79                         }
  80
  81                         $reqs = $this->authManager->getAuthenticationRequests( $action, $this->getUser() );
  82
  83                         // Filter out blacklisted requests, depending on the action
  84                         switch ( $action ) {
  85                                 case AuthManager::ACTION_CHANGE:
  86                                         $reqs = ApiAuthManagerHelper::blacklistAuthenticationRequests( $reqs,
  87                                                 $this->getConfig()->get( MainConfigNames::ChangeCredentialsBlacklist )
  88                                         );
  89                                         break;
  90                                 case AuthManager::ACTION_REMOVE:
  91                                         $reqs = ApiAuthManagerHelper::blacklistAuthenticationRequests( $reqs,
  92                                                 $this->getConfig()->get( MainConfigNames::RemoveCredentialsBlacklist )
  93                                         );
  94                                         break;
  95                         }
  96
  97                         $ret += $helper->formatRequests( $reqs );
  98                 }
  99
 100                 $this->getResult()->addValue( [ 'query' ], $this->getModuleName(), $ret );
 101         }
 102
 103         public function isReadMode() {
 104                 return false;
 105         }
 106
 107         public function getAllowedParams() {
 108                 return [
 109                         'securitysensitiveoperation' => null,
 110                         'requestsfor' => [
 111                                 ParamValidator::PARAM_TYPE => [
 112                                         AuthManager::ACTION_LOGIN,
 113                                         AuthManager::ACTION_LOGIN_CONTINUE,
 114                                         AuthManager::ACTION_CREATE,
 115                                         AuthManager::ACTION_CREATE_CONTINUE,
 116                                         AuthManager::ACTION_LINK,
 117                                         AuthManager::ACTION_LINK_CONTINUE,
 118                                         AuthManager::ACTION_CHANGE,
 119                                         AuthManager::ACTION_REMOVE,
 120                                         AuthManager::ACTION_UNLINK,
 121                                 ],
 122                         ],
 123                 ] + ApiAuthManagerHelper::getStandardParams( '', 'mergerequestfields', 'messageformat' );
 124         }
 125
 126         protected function getExamplesMessages() {
 127                 return [
 128                         'action=query&meta=authmanagerinfo&amirequestsfor=' . urlencode( AuthManager::ACTION_LOGIN )
 129                                 => 'apihelp-query+authmanagerinfo-example-login',
 130                         'action=query&meta=authmanagerinfo&amirequestsfor=' . urlencode( AuthManager::ACTION_LOGIN ) .
 131                                 '&amimergerequestfields=1'
 132                                 => 'apihelp-query+authmanagerinfo-example-login-merged',
 133                         'action=query&meta=authmanagerinfo&amisecuritysensitiveoperation=foo'
 134                                 => 'apihelp-query+authmanagerinfo-example-securitysensitiveoperation',
 135                 ];
 136         }
 137
 138         public function getHelpUrls() {
 139                 return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Authmanagerinfo';
 140         }
 141 }
 142
 143 /** @deprecated class alias since 1.43 */
 144 class_alias( ApiQueryAuthManagerInfo::class, 'ApiQueryAuthManagerInfo' );