search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Localisation updates from https://translatewiki.net.
[mediawiki.git] / includes / auth / ResetPasswordSecondaryAuthenticationProvider.php
blobce73fddd69973a814e3984f29483cd7fd0581f11
1 <?php
2 /**
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License as published by
5 * the Free Software Foundation; either version 2 of the License, or
6 * (at your option) any later version.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License along
14 * with this program; if not, write to the Free Software Foundation, Inc.,
15 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 * http://www.gnu.org/copyleft/gpl.html
17 *
18 * @file
19 * @ingroup Auth
20 */
21
22 namespace MediaWiki\Auth;
23
24 use MediaWiki\Message\Message;
25 use MediaWiki\User\User;
26
27 /**
28 * Reset the local password, if signalled via $this->manager->setAuthenticationSessionData()
29 *
30 * The authentication data key is 'reset-pass'; the data is an object with the
31 * following properties:
32 * - msg: Message object to display to the user
33 * - hard: Boolean, if true the reset cannot be skipped.
34 * - req: Optional PasswordAuthenticationRequest to use to actually reset the
35 * password. Won't be displayed to the user.
36 *
37 * @ingroup Auth
38 * @since 1.27
39 */
40 class ResetPasswordSecondaryAuthenticationProvider extends AbstractSecondaryAuthenticationProvider {
41
42 public function getAuthenticationRequests( $action, array $options ) {
43 return [];
44 }
45
46 public function beginSecondaryAuthentication( $user, array $reqs ) {
47 return $this->tryReset( $user, $reqs );
48 }
49
50 public function continueSecondaryAuthentication( $user, array $reqs ) {
51 return $this->tryReset( $user, $reqs );
52 }
53
54 public function beginSecondaryAccountCreation( $user, $creator, array $reqs ) {
55 return $this->tryReset( $user, $reqs );
56 }
57
58 public function continueSecondaryAccountCreation( $user, $creator, array $reqs ) {
59 return $this->tryReset( $user, $reqs );
60 }
61
62 /**
63 * Try to reset the password
64 * @param User $user
65 * @param AuthenticationRequest[] $reqs
66 * @return AuthenticationResponse
67 */
68 protected function tryReset( User $user, array $reqs ) {
69 $data = $this->manager->getAuthenticationSessionData( 'reset-pass' );
70 if ( !$data ) {
71 return AuthenticationResponse::newAbstain();
72 }
73
74 if ( is_array( $data ) ) {
75 $data = (object)$data;
76 }
77 if ( !is_object( $data ) ) {
78 throw new \UnexpectedValueException( 'reset-pass is not valid' );
79 }
80
81 if ( !isset( $data->msg ) ) {
82 throw new \UnexpectedValueException( 'reset-pass msg is missing' );
83 } elseif ( !$data->msg instanceof Message ) {
84 throw new \UnexpectedValueException( 'reset-pass msg is not valid' );
85 } elseif ( !isset( $data->hard ) ) {
86 throw new \UnexpectedValueException( 'reset-pass hard is missing' );
87 } elseif ( isset( $data->req ) && (
88 !$data->req instanceof PasswordAuthenticationRequest ||
89 !array_key_exists( 'retype', $data->req->getFieldInfo() )
90 ) ) {
91 throw new \UnexpectedValueException( 'reset-pass req is not valid' );
92 }
93
94 if ( !$data->hard ) {
95 $req = ButtonAuthenticationRequest::getRequestByName( $reqs, 'skipReset' );
96 if ( $req ) {
97 $this->manager->removeAuthenticationSessionData( 'reset-pass' );
98 return AuthenticationResponse::newPass();
99 }
100 }
101
102 /** @var PasswordAuthenticationRequest $needReq */
103 $needReq = $data->req ?? new PasswordAuthenticationRequest();
104 '@phan-var PasswordAuthenticationRequest $needReq';
105 if ( !$needReq->action ) {
106 $needReq->action = AuthManager::ACTION_CHANGE;
107 }
108 $needReq->required = $data->hard ? AuthenticationRequest::REQUIRED
109 : AuthenticationRequest::OPTIONAL;
110 $needReqs = [ $needReq ];
111 if ( !$data->hard ) {
112 $needReqs[] = new ButtonAuthenticationRequest(
113 'skipReset',
114 wfMessage( 'authprovider-resetpass-skip-label' ),
115 wfMessage( 'authprovider-resetpass-skip-help' )
116 );
117 }
118
119 /** @var PasswordAuthenticationRequest $req */
120 $req = AuthenticationRequest::getRequestByClass( $reqs, get_class( $needReq ) );
121 '@phan-var PasswordAuthenticationRequest $req';
122 if ( !$req || !array_key_exists( 'retype', $req->getFieldInfo() ) ) {
123 return AuthenticationResponse::newUI( $needReqs, $data->msg, 'warning' );
124 }
125
126 if ( $req->password !== $req->retype ) {
127 return AuthenticationResponse::newUI( $needReqs, new Message( 'badretype' ), 'error' );
128 }
129
130 $req->username = $user->getName();
131 $status = $this->manager->allowsAuthenticationDataChange( $req );
132 if ( !$status->isGood() ) {
133 return AuthenticationResponse::newUI( $needReqs, $status->getMessage(), 'error' );
134 }
135 $this->manager->changeAuthenticationData( $req );
136
137 $this->manager->removeAuthenticationSessionData( 'reset-pass' );
138 return AuthenticationResponse::newPass();
139 }
140 }
MediaWiki Core