includes/api/ApiRemoveAuthenticationData.php

   1 <?php
   2 /**
   3  * Copyright © 2016 Wikimedia Foundation and contributors
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 2 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along
  16  * with this program; if not, write to the Free Software Foundation, Inc.,
  17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18  * http://www.gnu.org/copyleft/gpl.html
  19  *
  20  * @file
  21  */
  22
  23 namespace MediaWiki\Api;
  24
  25 use MediaWiki\Auth\AuthenticationRequest;
  26 use MediaWiki\Auth\AuthManager;
  27 use MediaWiki\MainConfigNames;
  28
  29 /**
  30  * Remove authentication data from AuthManager
  31  *
  32  * @ingroup API
  33  */
  34 class ApiRemoveAuthenticationData extends ApiBase {
  35
  36         /** @var string */
  37         private $authAction;
  38         /** @var string */
  39         private $operation;
  40
  41         private AuthManager $authManager;
  42
  43         public function __construct(
  44                 ApiMain $main,
  45                 string $action,
  46                 AuthManager $authManager
  47         ) {
  48                 parent::__construct( $main, $action );
  49
  50                 $this->authAction = $action === 'unlinkaccount'
  51                         ? AuthManager::ACTION_UNLINK
  52                         : AuthManager::ACTION_REMOVE;
  53                 $this->operation = $action === 'unlinkaccount'
  54                         ? 'UnlinkAccount'
  55                         : 'RemoveCredentials';
  56
  57                 $this->authManager = $authManager;
  58         }
  59
  60         public function execute() {
  61                 if ( !$this->getUser()->isNamed() ) {
  62                         $this->dieWithError( 'apierror-mustbeloggedin-removeauth', 'notloggedin' );
  63                 }
  64
  65                 $params = $this->extractRequestParams();
  66
  67                 // Check security-sensitive operation status
  68                 ApiAuthManagerHelper::newForModule( $this, $this->authManager )
  69                         ->securitySensitiveOperation( $this->operation );
  70
  71                 // Fetch the request. No need to load from the request, so don't use
  72                 // ApiAuthManagerHelper's method.
  73                 $remove = $this->authAction === AuthManager::ACTION_REMOVE
  74                         ? array_fill_keys( $this->getConfig()->get(
  75                                 MainConfigNames::RemoveCredentialsBlacklist ), true )
  76                         : [];
  77                 $reqs = array_filter(
  78                         $this->authManager->getAuthenticationRequests( $this->authAction, $this->getUser() ),
  79                         static function ( AuthenticationRequest $req ) use ( $params, $remove ) {
  80                                 return $req->getUniqueId() === $params['request'] &&
  81                                         !isset( $remove[get_class( $req )] );
  82                         }
  83                 );
  84                 if ( count( $reqs ) !== 1 ) {
  85                         $this->dieWithError( 'apierror-changeauth-norequest', 'badrequest' );
  86                 }
  87                 $req = reset( $reqs );
  88
  89                 // Perform the removal
  90                 $status = $this->authManager->allowsAuthenticationDataChange( $req, true );
  91                 $this->getHookRunner()->onChangeAuthenticationDataAudit( $req, $status );
  92                 if ( !$status->isGood() ) {
  93                         $this->dieStatus( $status );
  94                 }
  95                 $this->authManager->changeAuthenticationData( $req );
  96
  97                 $this->getResult()->addValue( null, $this->getModuleName(), [ 'status' => 'success' ] );
  98         }
  99
 100         public function isWriteMode() {
 101                 return true;
 102         }
 103
 104         public function needsToken() {
 105                 return 'csrf';
 106         }
 107
 108         public function getAllowedParams() {
 109                 return ApiAuthManagerHelper::getStandardParams( $this->authAction,
 110                         'request'
 111                 );
 112         }
 113
 114         protected function getExamplesMessages() {
 115                 $path = $this->getModulePath();
 116                 $action = $this->getModuleName();
 117                 return [
 118                         "action={$action}&request=FooAuthenticationRequest&token=123ABC"
 119                                 => "apihelp-{$path}-example-simple",
 120                 ];
 121         }
 122
 123         public function getHelpUrls() {
 124                 return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Manage_authentication_data';
 125         }
 126 }
 127
 128 /** @deprecated class alias since 1.43 */
 129 class_alias( ApiRemoveAuthenticationData::class, 'ApiRemoveAuthenticationData' );