search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge "Special:Upload should not crash on failing previews"
[mediawiki.git] / includes / specials / SpecialPasswordReset.php
bloba4f16bd7c97649cd6eb19d75b37f1ae28eaf2dbc
1 <?php
2 /**
3 * Implements Special:PasswordReset
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 * @ingroup SpecialPage
22 */
23
24 use MediaWiki\Auth\AuthManager;
25
26 /**
27 * Special page for requesting a password reset email.
28 *
29 * Requires the TemporaryPasswordPrimaryAuthenticationProvider and the
30 * EmailNotificationSecondaryAuthenticationProvider (or something providing equivalent
31 * functionality) to be enabled.
32 *
33 * @ingroup SpecialPage
34 */
35 class SpecialPasswordReset extends FormSpecialPage {
36 /** @var PasswordReset */
37 private $passwordReset = null;
38
39 /**
40 * @var string[] Temporary storage for the passwords which have been sent out, keyed by username.
41 */
42 private $passwords = [];
43
44 /**
45 * @var Status
46 */
47 private $result;
48
49 /**
50 * @var string $method Identifies which password reset field was specified by the user.
51 */
52 private $method;
53
54 public function __construct() {
55 parent::__construct( 'PasswordReset', 'editmyprivateinfo' );
56 }
57
58 private function getPasswordReset() {
59 if ( $this->passwordReset === null ) {
60 $this->passwordReset = new PasswordReset( $this->getConfig(), AuthManager::singleton() );
61 }
62 return $this->passwordReset;
63 }
64
65 public function doesWrites() {
66 return true;
67 }
68
69 public function userCanExecute( User $user ) {
70 return $this->getPasswordReset()->isAllowed( $user )->isGood();
71 }
72
73 public function checkExecutePermissions( User $user ) {
74 $status = Status::wrap( $this->getPasswordReset()->isAllowed( $user ) );
75 if ( !$status->isGood() ) {
76 throw new ErrorPageError( 'internalerror', $status->getMessage() );
77 }
78
79 parent::checkExecutePermissions( $user );
80 }
81
82 protected function getFormFields() {
83 $resetRoutes = $this->getConfig()->get( 'PasswordResetRoutes' );
84 $a = [];
85 if ( isset( $resetRoutes['username'] ) && $resetRoutes['username'] ) {
86 $a['Username'] = [
87 'type' => 'text',
88 'label-message' => 'passwordreset-username',
89 ];
90
91 if ( $this->getUser()->isLoggedIn() ) {
92 $a['Username']['default'] = $this->getUser()->getName();
93 }
94 }
95
96 if ( isset( $resetRoutes['email'] ) && $resetRoutes['email'] ) {
97 $a['Email'] = [
98 'type' => 'email',
99 'label-message' => 'passwordreset-email',
100 ];
101 }
102
103 return $a;
104 }
105
106 protected function getDisplayFormat() {
107 return 'ooui';
108 }
109
110 public function alterForm( HTMLForm $form ) {
111 $resetRoutes = $this->getConfig()->get( 'PasswordResetRoutes' );
112
113 $form->addHiddenFields( $this->getRequest()->getValues( 'returnto', 'returntoquery' ) );
114
115 $i = 0;
116 if ( isset( $resetRoutes['username'] ) && $resetRoutes['username'] ) {
117 $i++;
118 }
119 if ( isset( $resetRoutes['email'] ) && $resetRoutes['email'] ) {
120 $i++;
121 }
122
123 $message = ( $i > 1 ) ? 'passwordreset-text-many' : 'passwordreset-text-one';
124
125 $form->setHeaderText( $this->msg( $message, $i )->parseAsBlock() );
126 $form->setSubmitTextMsg( 'mailmypassword' );
127 }
128
129 /**
130 * Process the form. At this point we know that the user passes all the criteria in
131 * userCanExecute(), and if the data array contains 'Username', etc, then Username
132 * resets are allowed.
133 * @param array $data
134 * @throws MWException
135 * @throws ThrottledError|PermissionsError
136 * @return Status
137 */
138 public function onSubmit( array $data ) {
139 $username = isset( $data['Username'] ) ? $data['Username'] : null;
140 $email = isset( $data['Email'] ) ? $data['Email'] : null;
141
142 $this->method = $username ? 'username' : 'email';
143 $this->result = Status::wrap(
144 $this->getPasswordReset()->execute( $this->getUser(), $username, $email ) );
145
146 if ( $this->result->hasMessage( 'actionthrottledtext' ) ) {
147 throw new ThrottledError;
148 }
149
150 return $this->result;
151 }
152
153 public function onSuccess() {
154 if ( $this->method === 'email' ) {
155 $this->getOutput()->addWikiMsg( 'passwordreset-emailsentemail' );
156 } else {
157 $this->getOutput()->addWikiMsg( 'passwordreset-emailsentusername' );
158 }
159
160 $this->getOutput()->returnToMain();
161 }
162
163 /**
164 * Hide the password reset page if resets are disabled.
165 * @return bool
166 */
167 public function isListed() {
168 if ( $this->getPasswordReset()->isAllowed( $this->getUser() )->isGood() ) {
169 return parent::isListed();
170 }
171
172 return false;
173 }
174
175 protected function getGroupName() {
176 return 'users';
177 }
178 }
MediaWiki Core