includes/auth/LegacyHookPreAuthenticationProvider.php

   1 <?php
   2 /**
   3  * This program is free software; you can redistribute it and/or modify
   4  * it under the terms of the GNU General Public License as published by
   5  * the Free Software Foundation; either version 2 of the License, or
   6  * (at your option) any later version.
   7  *
   8  * This program is distributed in the hope that it will be useful,
   9  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  11  * GNU General Public License for more details.
  12  *
  13  * You should have received a copy of the GNU General Public License along
  14  * with this program; if not, write to the Free Software Foundation, Inc.,
  15  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  16  * http://www.gnu.org/copyleft/gpl.html
  17  *
  18  * @file
  19  * @ingroup Auth
  20  */
  21
  22 namespace MediaWiki\Auth;
  23
  24 use LoginForm;
  25 use StatusValue;
  26 use User;
  27
  28 /**
  29  * A pre-authentication provider to call some legacy hooks.
  30  * @ingroup Auth
  31  * @since 1.27
  32  * @deprecated since 1.27
  33  */
  34 class LegacyHookPreAuthenticationProvider extends AbstractPreAuthenticationProvider {
  35
  36         public function testForAuthentication( array $reqs ) {
  37                 $req = AuthenticationRequest::getRequestByClass( $reqs, PasswordAuthenticationRequest::class );
  38                 if ( $req ) {
  39                         $user = User::newFromName( $req->username );
  40                         $password = $req->password;
  41                 } else {
  42                         $user = null;
  43                         foreach ( $reqs as $req ) {
  44                                 if ( $req->username !== null ) {
  45                                         $user = User::newFromName( $req->username );
  46                                         break;
  47                                 }
  48                         }
  49                         if ( !$user ) {
  50                                 $this->logger->debug( __METHOD__ . ': No username in $reqs, skipping hooks' );
  51                                 return StatusValue::newGood();
  52                         }
  53
  54                         // Something random for the 'AbortLogin' hook.
  55                         $password = wfRandomString( 32 );
  56                 }
  57
  58                 $msg = null;
  59                 if ( !\Hooks::run( 'LoginUserMigrated', [ $user, &$msg ] ) ) {
  60                         return $this->makeFailResponse(
  61                                 $user, null, LoginForm::USER_MIGRATED, $msg, 'LoginUserMigrated'
  62                         );
  63                 }
  64
  65                 $abort = LoginForm::ABORTED;
  66                 $msg = null;
  67                 if ( !\Hooks::run( 'AbortLogin', [ $user, $password, &$abort, &$msg ] ) ) {
  68                         return $this->makeFailResponse( $user, null, $abort, $msg, 'AbortLogin' );
  69                 }
  70
  71                 return StatusValue::newGood();
  72         }
  73
  74         public function testForAccountCreation( $user, $creator, array $reqs ) {
  75                 $abortError = '';
  76                 $abortStatus = null;
  77                 if ( !\Hooks::run( 'AbortNewAccount', [ $user, &$abortError, &$abortStatus ] ) ) {
  78                         // Hook point to add extra creation throttles and blocks
  79                         $this->logger->debug( __METHOD__ . ': a hook blocked creation' );
  80                         if ( $abortStatus === null ) {
  81                                 // Report back the old string as a raw message status.
  82                                 // This will report the error back as 'createaccount-hook-aborted'
  83                                 // with the given string as the message.
  84                                 // To return a different error code, return a StatusValue object.
  85                                 $msg = wfMessage( 'createaccount-hook-aborted' )->rawParams( $abortError );
  86                                 return StatusValue::newFatal( $msg );
  87                         } else {
  88                                 // For MediaWiki 1.23+ and updated hooks, return the Status object
  89                                 // returned from the hook.
  90                                 $ret = StatusValue::newGood();
  91                                 $ret->merge( $abortStatus );
  92                                 return $ret;
  93                         }
  94                 }
  95
  96                 return StatusValue::newGood();
  97         }
  98
  99         public function testUserForCreation( $user, $autocreate, array $options = [] ) {
 100                 if ( $autocreate !== false ) {
 101                         $abortError = '';
 102                         if ( !\Hooks::run( 'AbortAutoAccount', [ $user, &$abortError ] ) ) {
 103                                 // Hook point to add extra creation throttles and blocks
 104                                 $this->logger->debug( __METHOD__ . ": a hook blocked auto-creation: $abortError\n" );
 105                                 return $this->makeFailResponse(
 106                                         $user, $user, LoginForm::ABORTED, $abortError, 'AbortAutoAccount'
 107                                 );
 108                         }
 109                 }
 110
 111                 return StatusValue::newGood();
 112         }
 113
 114         /**
 115          * Construct an appropriate failure response
 116          * @param User $user
 117          * @param User|null $creator
 118          * @param int $constant LoginForm constant
 119          * @param string|null $msg Message
 120          * @param string $hook Hook
 121          * @return StatusValue
 122          */
 123         protected function makeFailResponse( $user, $creator, $constant, $msg, $hook ) {
 124                 switch ( $constant ) {
 125                         case LoginForm::SUCCESS:
 126                                 // WTF?
 127                                 $this->logger->debug( "$hook is SUCCESS?!" );
 128                                 return StatusValue::newGood();
 129
 130                         case LoginForm::NEED_TOKEN:
 131                                 return StatusValue::newFatal( $msg ?: 'nocookiesforlogin' );
 132
 133                         case LoginForm::WRONG_TOKEN:
 134                                 return StatusValue::newFatal( $msg ?: 'sessionfailure' );
 135
 136                         case LoginForm::NO_NAME:
 137                         case LoginForm::ILLEGAL:
 138                                 return StatusValue::newFatal( $msg ?: 'noname' );
 139
 140                         case LoginForm::WRONG_PLUGIN_PASS:
 141                         case LoginForm::WRONG_PASS:
 142                                 return StatusValue::newFatal( $msg ?: 'wrongpassword' );
 143
 144                         case LoginForm::NOT_EXISTS:
 145                                 return StatusValue::newFatal( $msg ?: 'nosuchusershort', wfEscapeWikiText( $user->getName() ) );
 146
 147                         case LoginForm::EMPTY_PASS:
 148                                 return StatusValue::newFatal( $msg ?: 'wrongpasswordempty' );
 149
 150                         case LoginForm::RESET_PASS:
 151                                 return StatusValue::newFatal( $msg ?: 'resetpass_announce' );
 152
 153                         case LoginForm::THROTTLED:
 154                                 $throttle = $this->config->get( 'PasswordAttemptThrottle' );
 155                                 return StatusValue::newFatal(
 156                                         $msg ?: 'login-throttled',
 157                                         \Message::durationParam( $throttle['seconds'] )
 158                                 );
 159
 160                         case LoginForm::USER_BLOCKED:
 161                                 return StatusValue::newFatal(
 162                                         $msg ?: 'login-userblocked', wfEscapeWikiText( $user->getName() )
 163                                 );
 164
 165                         case LoginForm::ABORTED:
 166                                 return StatusValue::newFatal(
 167                                         $msg ?: 'login-abort-generic', wfEscapeWikiText( $user->getName() )
 168                                 );
 169
 170                         case LoginForm::USER_MIGRATED:
 171                                 $error = $msg ?: 'login-migrated-generic';
 172                                 return call_user_func_array( 'StatusValue::newFatal', (array)$error );
 173
 174                         // @codeCoverageIgnoreStart
 175                         case LoginForm::CREATE_BLOCKED: // Can never happen
 176                         default:
 177                                 throw new \DomainException( __METHOD__ . ": Unhandled case value from $hook" );
 178                 }
 179                         // @codeCoverageIgnoreEnd
 180         }
 181 }