3 namespace MediaWiki\Specials
;
6 use MediaWiki\Auth\AuthenticationRequest
;
7 use MediaWiki\Auth\AuthenticationResponse
;
8 use MediaWiki\Auth\AuthManager
;
9 use MediaWiki\Auth\PasswordAuthenticationRequest
;
10 use MediaWiki\Html\Html
;
11 use MediaWiki\MainConfigNames
;
12 use MediaWiki\Message\Message
;
13 use MediaWiki\Session\SessionManager
;
14 use MediaWiki\SpecialPage\AuthManagerSpecialPage
;
15 use MediaWiki\Status\Status
;
16 use MediaWiki\Title\Title
;
19 * Change user credentials, such as the password.
21 * This is also powers most of the SpecialRemoveCredentials subclass.
23 * @see SpecialChangePassword
24 * @ingroup SpecialPage
27 class SpecialChangeCredentials
extends AuthManagerSpecialPage
{
29 protected static $allowedActions = [ AuthManager
::ACTION_CHANGE
];
32 protected static $messagePrefix = 'changecredentials';
34 /** @var bool Change action needs user data; remove action does not */
35 protected static $loadUserData = true;
38 * @param AuthManager $authManager
40 public function __construct( AuthManager
$authManager ) {
41 parent
::__construct( 'ChangeCredentials', 'editmyprivateinfo' );
42 $this->setAuthManager( $authManager );
45 protected function getGroupName() {
49 public function isListed() {
50 $this->loadAuth( '' );
51 return (bool)$this->authRequests
;
54 public function doesWrites() {
58 protected function getDefaultAction( $subPage ) {
59 return AuthManager
::ACTION_CHANGE
;
62 public function execute( $subPage ) {
64 $this->outputHeader();
66 $this->loadAuth( $subPage );
69 $this->showSubpageList();
73 if ( !$this->authRequests
) {
74 // messages used: changecredentials-invalidsubpage, removecredentials-invalidsubpage
75 $this->showSubpageList( $this->msg( static::$messagePrefix . '-invalidsubpage', $subPage ) );
79 $out = $this->getOutput();
80 $out->addModules( 'mediawiki.special.changecredentials' );
81 $out->addBacklinkSubtitle( $this->getPageTitle() );
82 $status = $this->trySubmit();
84 if ( $status === false ||
!$status->isOK() ) {
85 $this->displayForm( $status );
89 $response = $status->getValue();
91 switch ( $response->status
) {
92 case AuthenticationResponse
::PASS
:
95 case AuthenticationResponse
::FAIL
:
96 $this->displayForm( Status
::newFatal( $response->message
) );
99 throw new LogicException( 'invalid AuthenticationResponse' );
103 protected function loadAuth( $subPage, $authAction = null, $reset = false ) {
104 parent
::loadAuth( $subPage, $authAction );
107 foreach ( $this->authRequests
as $req ) {
108 if ( $req->getUniqueId() === $subPage ) {
112 if ( count( $foundReqs ) > 1 ) {
113 throw new LogicException( 'Multiple AuthenticationRequest objects with same ID!' );
115 $this->authRequests
= $foundReqs;
120 public function onAuthChangeFormFields(
121 array $requests, array $fieldInfo, array &$formDescriptor, $action
123 parent
::onAuthChangeFormFields( $requests, $fieldInfo, $formDescriptor, $action );
125 // Add some UI flair for password changes, the most common use case for this page.
126 if ( AuthenticationRequest
::getRequestByClass( $this->authRequests
,
127 PasswordAuthenticationRequest
::class )
129 $formDescriptor = self
::mergeDefaultFormDescriptor( $fieldInfo, $formDescriptor, [
131 'autocomplete' => 'new-password',
132 'placeholder-message' => 'createacct-yourpassword-ph',
133 'help-message' => 'createacct-useuniquepass',
136 'autocomplete' => 'new-password',
137 'placeholder-message' => 'createacct-yourpasswordagain-ph',
139 // T263927 - the Chromium password form guide recommends always having a username field
142 'baseField' => 'password',
143 'autocomplete' => 'username',
146 'cssclass' => 'mw-htmlform-hidden-field',
147 'label-message' => 'userlogin-yourname',
148 'placeholder-message' => 'userlogin-yourname-ph',
154 protected function getAuthFormDescriptor( $requests, $action ) {
155 if ( !static::$loadUserData ) {
159 $descriptor = parent
::getAuthFormDescriptor( $requests, $action );
162 foreach ( $descriptor as &$field ) {
163 if ( $field['type'] === 'password' && $field['name'] !== 'retype' ) {
165 if ( isset( $field['cssclass'] ) ) {
166 $field['cssclass'] .= ' mw-changecredentials-validate-password';
168 $field['cssclass'] = 'mw-changecredentials-validate-password';
175 $this->getOutput()->addModules( 'mediawiki.misc-authed-ooui' );
181 protected function getAuthForm( array $requests, $action ) {
182 $form = parent
::getAuthForm( $requests, $action );
183 $req = reset( $requests );
184 $info = $req->describeCredentials();
187 Html
::openElement( 'dl' )
188 . Html
::element( 'dt', [], $this->msg( 'credentialsform-provider' )->text() )
189 . Html
::element( 'dd', [], $info['provider']->text() )
190 . Html
::element( 'dt', [], $this->msg( 'credentialsform-account' )->text() )
191 . Html
::element( 'dd', [], $info['account']->text() )
192 . Html
::closeElement( 'dl' )
195 // messages used: changecredentials-submit removecredentials-submit
196 $form->setSubmitTextMsg( static::$messagePrefix . '-submit' );
197 $form->showCancel()->setCancelTarget( $this->getReturnUrl() ?
: Title
::newMainPage() );
198 $form->setSubmitID( 'change_credentials_submit' );
202 protected function needsSubmitButton( array $requests ) {
203 // Change/remove forms show are built from a single AuthenticationRequest and do not allow
204 // for redirect flow; they always need a submit button.
208 public function handleFormSubmit( $data ) {
209 // remove requests do not accept user input
210 $requests = $this->authRequests
;
211 if ( static::$loadUserData ) {
212 $requests = AuthenticationRequest
::loadRequestsFromSubmission( $this->authRequests
, $data );
215 $response = $this->performAuthenticationStep( $this->authAction
, $requests );
217 // we can't handle FAIL or similar as failure here since it might require changing the form
218 return Status
::newGood( $response );
222 * @param Message|null $error
224 protected function showSubpageList( $error = null ) {
225 $out = $this->getOutput();
228 $out->addHTML( $error->parse() );
231 $groupedRequests = [];
232 foreach ( $this->authRequests
as $req ) {
233 $info = $req->describeCredentials();
234 $groupedRequests[$info['provider']->text()][] = $req;
237 $linkRenderer = $this->getLinkRenderer();
238 $out->addHTML( Html
::openElement( 'dl' ) );
239 foreach ( $groupedRequests as $group => $members ) {
240 $out->addHTML( Html
::element( 'dt', [], $group ) );
241 foreach ( $members as $req ) {
242 /** @var AuthenticationRequest $req */
243 $info = $req->describeCredentials();
244 $out->addHTML( Html
::rawElement( 'dd', [],
245 $linkRenderer->makeLink(
246 $this->getPageTitle( $req->getUniqueId() ),
247 $info['account']->text()
252 $out->addHTML( Html
::closeElement( 'dl' ) );
255 protected function success() {
256 $session = $this->getRequest()->getSession();
257 $user = $this->getUser();
258 $out = $this->getOutput();
259 $returnUrl = $this->getReturnUrl();
261 // change user token and update the session
262 SessionManager
::singleton()->invalidateSessionsForUser( $user );
263 $session->setUser( $user );
267 $out->redirect( $returnUrl );
269 // messages used: changecredentials-success removecredentials-success
272 $out->msg( static::$messagePrefix . '-success' )->parse()
275 $out->returnToMain();
280 * @return string|null
282 protected function getReturnUrl() {
283 $request = $this->getRequest();
284 $returnTo = $request->getText( 'returnto' );
285 $returnToQuery = $request->getText( 'returntoquery', '' );
291 return Title
::newFromText( $returnTo )->getFullUrlForRedirect( $returnToQuery );
294 protected function getRequestBlacklist() {
295 return $this->getConfig()->get( MainConfigNames
::ChangeCredentialsBlacklist
);
299 /** @deprecated class alias since 1.41 */
300 class_alias( SpecialChangeCredentials
::class, 'SpecialChangeCredentials' );
