includes/api/ApiQueryAuthManagerInfo.php

   1 <?php
   2 /**
   3  * Copyright © 2016 Brad Jorsch <bjorsch@wikimedia.org>
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 2 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along
  16  * with this program; if not, write to the Free Software Foundation, Inc.,
  17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18  * http://www.gnu.org/copyleft/gpl.html
  19  *
  20  * @file
  21  * @since 1.27
  22  */
  23
  24 use MediaWiki\Auth\AuthManager;
  25
  26 /**
  27  * A query action to return meta information about AuthManager state.
  28  *
  29  * @ingroup API
  30  */
  31 class ApiQueryAuthManagerInfo extends ApiQueryBase {
  32
  33         public function __construct( ApiQuery $query, $moduleName ) {
  34                 parent::__construct( $query, $moduleName, 'ami' );
  35         }
  36
  37         public function execute() {
  38                 $params = $this->extractRequestParams();
  39                 $helper = new ApiAuthManagerHelper( $this );
  40
  41                 $manager = AuthManager::singleton();
  42                 $ret = [
  43                         'canauthenticatenow' => $manager->canAuthenticateNow(),
  44                         'cancreateaccounts' => $manager->canCreateAccounts(),
  45                         'canlinkaccounts' => $manager->canLinkAccounts(),
  46                         'haspreservedstate' => $helper->getPreservedRequest() !== null,
  47                 ];
  48
  49                 if ( $params['securitysensitiveoperation'] !== null ) {
  50                         $ret['securitysensitiveoperationstatus'] = $manager->securitySensitiveOperationStatus(
  51                                 $params['securitysensitiveoperation']
  52                         );
  53                 }
  54
  55                 if ( $params['requestsfor'] ) {
  56                         $reqs = $manager->getAuthenticationRequests( $params['requestsfor'], $this->getUser() );
  57
  58                         // Filter out blacklisted requests, depending on the action
  59                         switch ( $params['requestsfor'] ) {
  60                                 case AuthManager::ACTION_CHANGE:
  61                                         $reqs = ApiAuthManagerHelper::blacklistAuthenticationRequests(
  62                                                 $reqs, $this->getConfig()->get( 'ChangeCredentialsBlacklist' )
  63                                         );
  64                                         break;
  65                                 case AuthManager::ACTION_REMOVE:
  66                                         $reqs = ApiAuthManagerHelper::blacklistAuthenticationRequests(
  67                                                 $reqs, $this->getConfig()->get( 'RemoveCredentialsBlacklist' )
  68                                         );
  69                                         break;
  70                         }
  71
  72                         $ret += $helper->formatRequests( $reqs );
  73                 }
  74
  75                 $this->getResult()->addValue( [ 'query' ], $this->getModuleName(), $ret );
  76         }
  77
  78         public function isReadMode() {
  79                 return false;
  80         }
  81
  82         public function getAllowedParams() {
  83                 return [
  84                         'securitysensitiveoperation' => null,
  85                         'requestsfor' => [
  86                                 ApiBase::PARAM_TYPE => [
  87                                         AuthManager::ACTION_LOGIN,
  88                                         AuthManager::ACTION_LOGIN_CONTINUE,
  89                                         AuthManager::ACTION_CREATE,
  90                                         AuthManager::ACTION_CREATE_CONTINUE,
  91                                         AuthManager::ACTION_LINK,
  92                                         AuthManager::ACTION_LINK_CONTINUE,
  93                                         AuthManager::ACTION_CHANGE,
  94                                         AuthManager::ACTION_REMOVE,
  95                                         AuthManager::ACTION_UNLINK,
  96                                 ],
  97                         ],
  98                 ] + ApiAuthManagerHelper::getStandardParams( '', 'mergerequestfields', 'messageformat' );
  99         }
 100
 101         protected function getExamplesMessages() {
 102                 return [
 103                         'action=query&meta=authmanagerinfo&amirequestsfor=' . urlencode( AuthManager::ACTION_LOGIN )
 104                                 => 'apihelp-query+filerepoinfo-example-login',
 105                         'action=query&meta=authmanagerinfo&amirequestsfor=' . urlencode( AuthManager::ACTION_LOGIN ) .
 106                                 '&amimergerequestfields=1'
 107                                 => 'apihelp-query+filerepoinfo-example-login-merged',
 108                         'action=query&meta=authmanagerinfo&amisecuritysensitiveoperation=foo'
 109                                 => 'apihelp-query+filerepoinfo-example-securitysensitiveoperation',
 110                 ];
 111         }
 112
 113         public function getHelpUrls() {
 114                 return 'https://www.mediawiki.org/wiki/API:Authmanagerinfo';
 115         }
 116 }