includes/specials/SpecialCreateAccount.php

   1 <?php
   2 /**
   3  * This program is free software; you can redistribute it and/or modify
   4  * it under the terms of the GNU General Public License as published by
   5  * the Free Software Foundation; either version 2 of the License, or
   6  * (at your option) any later version.
   7  *
   8  * This program is distributed in the hope that it will be useful,
   9  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  11  * GNU General Public License for more details.
  12  *
  13  * You should have received a copy of the GNU General Public License along
  14  * with this program; if not, write to the Free Software Foundation, Inc.,
  15  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  16  * http://www.gnu.org/copyleft/gpl.html
  17  *
  18  * @file
  19  */
  20
  21 namespace MediaWiki\Specials;
  22
  23 use ErrorPageError;
  24 use MediaWiki\Auth\AuthManager;
  25 use MediaWiki\Language\FormatterFactory;
  26 use MediaWiki\Logger\LoggerFactory;
  27 use MediaWiki\SpecialPage\LoginSignupSpecialPage;
  28 use MediaWiki\Title\Title;
  29 use MediaWiki\User\UserIdentity;
  30 use MediaWiki\User\UserIdentityUtils;
  31 use StatusValue;
  32
  33 /**
  34  * Implements Special:CreateAccount
  35  *
  36  * @ingroup SpecialPage
  37  * @ingroup Auth
  38  */
  39 class SpecialCreateAccount extends LoginSignupSpecialPage {
  40         /** @inheritDoc */
  41         protected static $allowedActions = [
  42                 AuthManager::ACTION_CREATE,
  43                 AuthManager::ACTION_CREATE_CONTINUE
  44         ];
  45
  46         /** @inheritDoc */
  47         protected static $messages = [
  48                 'authform-newtoken' => 'nocookiesfornew',
  49                 'authform-notoken' => 'sessionfailure',
  50                 'authform-wrongtoken' => 'sessionfailure',
  51         ];
  52
  53         private FormatterFactory $formatterFactory;
  54
  55         private UserIdentityUtils $identityUtils;
  56
  57         /**
  58          * @param AuthManager $authManager
  59          * @param FormatterFactory $formatterFactory
  60          * @param UserIdentityUtils $identityUtils
  61          */
  62         public function __construct(
  63                 AuthManager $authManager,
  64                 FormatterFactory $formatterFactory,
  65                 UserIdentityUtils $identityUtils
  66         ) {
  67                 parent::__construct( 'CreateAccount', 'createaccount' );
  68
  69                 $this->setAuthManager( $authManager );
  70                 $this->formatterFactory = $formatterFactory;
  71                 $this->identityUtils = $identityUtils;
  72         }
  73
  74         public function doesWrites() {
  75                 return true;
  76         }
  77
  78         public function checkPermissions() {
  79                 parent::checkPermissions();
  80
  81                 $performer = $this->getAuthority();
  82                 $authManager = $this->getAuthManager();
  83
  84                 $status = $this->mPosted ?
  85                         $authManager->authorizeCreateAccount( $performer ) :
  86                         $authManager->probablyCanCreateAccount( $performer );
  87
  88                 if ( !$status->isGood() ) {
  89                         $formatter = $this->formatterFactory->getStatusFormatter( $this->getContext() );
  90                         throw new ErrorPageError(
  91                                 'createacct-error',
  92                                 $formatter->getMessage( $status )
  93                         );
  94                 }
  95         }
  96
  97         protected function getLoginSecurityLevel() {
  98                 return false;
  99         }
 100
 101         protected function getDefaultAction( $subPage ) {
 102                 return AuthManager::ACTION_CREATE;
 103         }
 104
 105         public function getDescription() {
 106                 return $this->msg( 'createaccount' );
 107         }
 108
 109         protected function isSignup() {
 110                 return true;
 111         }
 112
 113         /**
 114          * Run any hooks registered for logins, then display a message welcoming
 115          * the user.
 116          * @param bool $direct True if the action was successful just now; false if that happened
 117          *    pre-redirection (so this handler was called already)
 118          * @param StatusValue|null $extraMessages
 119          */
 120         protected function successfulAction( $direct = false, $extraMessages = null ) {
 121                 $session = $this->getRequest()->getSession();
 122                 $user = $this->targetUser ?: $this->getUser();
 123
 124                 $injected_html = '';
 125                 if ( $direct ) {
 126                         # Only save preferences if the user is not creating an account for someone else.
 127                         if ( !$this->proxyAccountCreation ) {
 128                                 $this->getHookRunner()->onAddNewAccount( $user, false );
 129
 130                                 // If the user does not have a session cookie at this point, they probably need to
 131                                 // do something to their browser.
 132                                 if ( !$this->hasSessionCookie() ) {
 133                                         $this->mainLoginForm( [ /*?*/ ], $session->getProvider()->whyNoSession() );
 134                                         // TODO something more specific? This used to use nocookiesnew
 135                                         // FIXME should redirect to login page instead?
 136                                         return;
 137                                 }
 138                         } else {
 139                                 $byEmail = false; // FIXME no way to set this
 140
 141                                 $this->getHookRunner()->onAddNewAccount( $user, $byEmail );
 142
 143                                 $out = $this->getOutput();
 144                                 // @phan-suppress-next-line PhanImpossibleCondition
 145                                 $out->setPageTitleMsg( $this->msg( $byEmail ? 'accmailtitle' : 'accountcreated' ) );
 146                                 // @phan-suppress-next-line PhanImpossibleCondition
 147                                 if ( $byEmail ) {
 148                                         $out->addWikiMsg( 'accmailtext', $user->getName(), $user->getEmail() );
 149                                 } else {
 150                                         $out->addWikiMsg( 'accountcreatedtext', $user->getName() );
 151                                 }
 152
 153                                 $rt = Title::newFromText( $this->mReturnTo );
 154                                 $out->addReturnTo(
 155                                         ( $rt && !$rt->isExternal() ) ? $rt : $this->getPageTitle(),
 156                                         wfCgiToArray( $this->mReturnToQuery )
 157                                 );
 158                                 return;
 159                         }
 160                         $this->getHookRunner()->onUserLoginComplete( $user, $injected_html, $direct );
 161                 }
 162
 163                 $this->clearToken();
 164
 165                 # Run any hooks; display injected HTML
 166                 $welcome_creation_msg = 'welcomecreation-msg';
 167                 /**
 168                  * Let any extensions change what message is shown.
 169                  * @see https://www.mediawiki.org/wiki/Manual:Hooks/BeforeWelcomeCreation
 170                  * @since 1.18
 171                  */
 172                 $this->getHookRunner()->onBeforeWelcomeCreation( $welcome_creation_msg, $injected_html );
 173
 174                 $this->showSuccessPage( 'signup',
 175                         // T308471: ensure username is plaintext (aka escaped)
 176                         $this->msg( 'welcomeuser' )->plaintextParams( $this->getUser()->getName() ),
 177                         $welcome_creation_msg, $injected_html, $extraMessages );
 178         }
 179
 180         protected function getToken() {
 181                 return $this->getRequest()->getSession()->getToken( '', 'createaccount' );
 182         }
 183
 184         protected function clearToken() {
 185                 $this->getRequest()->getSession()->resetToken( 'createaccount' );
 186         }
 187
 188         protected function getTokenName() {
 189                 return 'wpCreateaccountToken';
 190         }
 191
 192         protected function getGroupName() {
 193                 return 'users';
 194         }
 195
 196         protected function logAuthResult( $success, UserIdentity $performer, $status = null ) {
 197                 LoggerFactory::getInstance( 'authevents' )->info( 'Account creation attempt', [
 198                         'event' => 'accountcreation',
 199                         'successful' => $success,
 200                         'accountType' => $this->identityUtils->getShortUserTypeInternal( $performer ),
 201                         'status' => strval( $status ),
 202                 ] );
 203         }
 204 }
 205
 206 /** @deprecated class alias since 1.41 */
 207 class_alias( SpecialCreateAccount::class, 'SpecialCreateAccount' );