search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update git submodules
[mediawiki.git] / includes / api / ApiChangeAuthenticationData.php
blobbcc51edfa7a3f0fc4ed2040ef743b8f1b62b0da9
1 <?php
2 /**
3 * Copyright © 2016 Wikimedia Foundation and contributors
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 use MediaWiki\Auth\AuthManager;
24 use MediaWiki\MainConfigNames;
25
26 /**
27 * Change authentication data with AuthManager
28 *
29 * @ingroup API
30 */
31 class ApiChangeAuthenticationData extends ApiBase {
32 private AuthManager $authManager;
33
34 /**
35 * @param ApiMain $main
36 * @param string $action
37 * @param AuthManager $authManager
38 */
39 public function __construct(
40 ApiMain $main,
41 $action,
42 AuthManager $authManager
43 ) {
44 parent::__construct( $main, $action, 'changeauth' );
45 $this->authManager = $authManager;
46 }
47
48 public function execute() {
49 if ( !$this->getUser()->isNamed() ) {
50 $this->dieWithError( 'apierror-mustbeloggedin-changeauthenticationdata', 'notloggedin' );
51 }
52
53 $helper = new ApiAuthManagerHelper( $this, $this->authManager );
54
55 // Check security-sensitive operation status
56 $helper->securitySensitiveOperation( 'ChangeCredentials' );
57
58 // Fetch the request
59 $reqs = ApiAuthManagerHelper::blacklistAuthenticationRequests(
60 $helper->loadAuthenticationRequests( AuthManager::ACTION_CHANGE ),
61 $this->getConfig()->get( MainConfigNames::ChangeCredentialsBlacklist )
62 );
63 if ( count( $reqs ) !== 1 ) {
64 $this->dieWithError( 'apierror-changeauth-norequest', 'badrequest' );
65 }
66 $req = reset( $reqs );
67
68 // Make the change
69 $status = $this->authManager->allowsAuthenticationDataChange( $req, true );
70 $this->getHookRunner()->onChangeAuthenticationDataAudit( $req, $status );
71 if ( !$status->isGood() ) {
72 $this->dieStatus( $status );
73 }
74 $this->authManager->changeAuthenticationData( $req );
75
76 $this->getResult()->addValue( null, 'changeauthenticationdata', [ 'status' => 'success' ] );
77 }
78
79 public function isWriteMode() {
80 return true;
81 }
82
83 public function needsToken() {
84 return 'csrf';
85 }
86
87 public function getAllowedParams() {
88 return ApiAuthManagerHelper::getStandardParams( AuthManager::ACTION_CHANGE,
89 'request'
90 );
91 }
92
93 public function dynamicParameterDocumentation() {
94 return [ 'api-help-authmanagerhelper-additional-params', AuthManager::ACTION_CHANGE ];
95 }
96
97 protected function getExamplesMessages() {
98 return [
99 'action=changeauthenticationdata' .
100 '&changeauthrequest=MediaWiki%5CAuth%5CPasswordAuthenticationRequest' .
101 '&password=ExamplePassword&retype=ExamplePassword&changeauthtoken=123ABC'
102 => 'apihelp-changeauthenticationdata-example-password',
103 ];
104 }
105
106 public function getHelpUrls() {
107 return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Manage_authentication_data';
108 }
109 }
MediaWiki Core