2012-08-08 13:58:47 +00:00
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* Created on August 7, 2012
|
|
|
|
|
*
|
|
|
|
|
* Copyright © 2012 Tyler Romeo <tylerromeo@gmail.com>
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License along
|
|
|
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
|
* http://www.gnu.org/copyleft/gpl.html
|
|
|
|
|
*
|
|
|
|
|
* @file
|
|
|
|
|
*/
|
2015-04-21 08:33:40 +00:00
|
|
|
use MediaWiki\Logger\LoggerFactory;
|
2012-08-08 13:58:47 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Unit to authenticate account registration attempts to the current wiki.
|
|
|
|
|
*
|
|
|
|
|
* @ingroup API
|
|
|
|
|
*/
|
|
|
|
|
class ApiCreateAccount extends ApiBase {
|
|
|
|
|
public function execute() {
|
2014-12-17 11:09:04 +00:00
|
|
|
// If we're in a mode that breaks the same-origin policy, no tokens can
|
|
|
|
|
// be obtained
|
|
|
|
|
if ( $this->lacksSameOriginSecurity() ) {
|
|
|
|
|
$this->dieUsage(
|
|
|
|
|
'Cannot create account when the same-origin policy is not applied', 'aborted'
|
|
|
|
|
);
|
2013-08-29 16:45:30 +00:00
|
|
|
}
|
2013-03-09 10:40:13 +00:00
|
|
|
|
|
|
|
|
// $loginForm->addNewaccountInternal will throw exceptions
|
|
|
|
|
// if wiki is read only (already handled by api), user is blocked or does not have rights.
|
|
|
|
|
// Use userCan in order to hit GlobalBlock checks (according to Special:userlogin)
|
|
|
|
|
$loginTitle = SpecialPage::getTitleFor( 'Userlogin' );
|
|
|
|
|
if ( !$loginTitle->userCan( 'createaccount', $this->getUser() ) ) {
|
2013-11-16 19:09:17 +00:00
|
|
|
$this->dieUsage(
|
|
|
|
|
'You do not have the right to create a new account',
|
|
|
|
|
'permdenied-createaccount'
|
|
|
|
|
);
|
2013-03-09 10:40:13 +00:00
|
|
|
}
|
|
|
|
|
if ( $this->getUser()->isBlockedFromCreateAccount() ) {
|
2015-05-10 14:05:03 +00:00
|
|
|
$this->dieUsage(
|
|
|
|
|
'You cannot create a new account because you are blocked',
|
|
|
|
|
'blocked',
|
|
|
|
|
0,
|
2016-02-17 09:09:32 +00:00
|
|
|
[ 'blockinfo' => ApiQueryUserInfo::getBlockInfo( $this->getUser()->getBlock() ) ]
|
2015-05-10 14:05:03 +00:00
|
|
|
);
|
2013-03-09 10:40:13 +00:00
|
|
|
}
|
|
|
|
|
|
2012-08-08 13:58:47 +00:00
|
|
|
$params = $this->extractRequestParams();
|
|
|
|
|
|
2016-02-01 20:44:03 +00:00
|
|
|
// Make sure session is persisted
|
|
|
|
|
MediaWiki\Session\SessionManager::getGlobalSession()->persist();
|
2012-08-08 13:58:47 +00:00
|
|
|
|
2013-04-19 18:03:05 +00:00
|
|
|
if ( $params['mailpassword'] && !$params['email'] ) {
|
2012-08-08 13:58:47 +00:00
|
|
|
$this->dieUsageMsg( 'noemail' );
|
|
|
|
|
}
|
|
|
|
|
|
2013-03-09 10:57:07 +00:00
|
|
|
if ( $params['language'] && !Language::isSupportedLanguage( $params['language'] ) ) {
|
|
|
|
|
$this->dieUsage( 'Invalid language parameter', 'langinvalid' );
|
|
|
|
|
}
|
|
|
|
|
|
2012-08-08 13:58:47 +00:00
|
|
|
$context = new DerivativeContext( $this->getContext() );
|
|
|
|
|
$context->setRequest( new DerivativeRequest(
|
|
|
|
|
$this->getContext()->getRequest(),
|
2016-02-17 09:09:32 +00:00
|
|
|
[
|
2012-08-08 13:58:47 +00:00
|
|
|
'type' => 'signup',
|
|
|
|
|
'uselang' => $params['language'],
|
|
|
|
|
'wpName' => $params['name'],
|
|
|
|
|
'wpPassword' => $params['password'],
|
|
|
|
|
'wpRetype' => $params['password'],
|
|
|
|
|
'wpDomain' => $params['domain'],
|
|
|
|
|
'wpEmail' => $params['email'],
|
|
|
|
|
'wpRealName' => $params['realname'],
|
|
|
|
|
'wpCreateaccountToken' => $params['token'],
|
|
|
|
|
'wpCreateaccount' => $params['mailpassword'] ? null : '1',
|
|
|
|
|
'wpCreateaccountMail' => $params['mailpassword'] ? '1' : null
|
2016-02-17 09:09:32 +00:00
|
|
|
]
|
2012-08-08 13:58:47 +00:00
|
|
|
) );
|
|
|
|
|
|
|
|
|
|
$loginForm = new LoginForm();
|
|
|
|
|
$loginForm->setContext( $context );
|
2016-02-17 09:09:32 +00:00
|
|
|
Hooks::run( 'AddNewAccountApiForm', [ $this, $loginForm ] );
|
2012-08-08 13:58:47 +00:00
|
|
|
$loginForm->load();
|
|
|
|
|
|
2015-11-07 21:10:23 +00:00
|
|
|
$status = $loginForm->addNewAccountInternal();
|
2016-02-17 09:09:32 +00:00
|
|
|
LoggerFactory::getInstance( 'authmanager' )->info( 'Account creation attempt via API', [
|
2015-04-21 08:33:40 +00:00
|
|
|
'event' => 'accountcreation',
|
|
|
|
|
'status' => $status,
|
2016-02-17 09:09:32 +00:00
|
|
|
] );
|
|
|
|
|
$result = [];
|
2013-04-19 18:03:05 +00:00
|
|
|
if ( $status->isGood() ) {
|
2012-08-08 13:58:47 +00:00
|
|
|
// Success!
|
|
|
|
|
$user = $status->getValue();
|
|
|
|
|
|
2013-04-19 18:03:05 +00:00
|
|
|
if ( $params['language'] ) {
|
2012-08-08 13:58:47 +00:00
|
|
|
$user->setOption( 'language', $params['language'] );
|
|
|
|
|
}
|
|
|
|
|
|
2013-04-19 18:03:05 +00:00
|
|
|
if ( $params['mailpassword'] ) {
|
2012-08-08 13:58:47 +00:00
|
|
|
// If mailpassword was set, disable the password and send an email.
|
|
|
|
|
$user->setPassword( null );
|
2013-11-16 19:09:17 +00:00
|
|
|
$status->merge( $loginForm->mailPasswordInternal(
|
|
|
|
|
$user,
|
|
|
|
|
false,
|
|
|
|
|
'createaccount-title',
|
|
|
|
|
'createaccount-text'
|
|
|
|
|
) );
|
2015-09-28 11:15:17 +00:00
|
|
|
} elseif ( $this->getConfig()->get( 'EmailAuthentication' ) &&
|
|
|
|
|
Sanitizer::validateEmail( $user->getEmail() )
|
|
|
|
|
) {
|
2012-08-08 13:58:47 +00:00
|
|
|
// Send out an email authentication message if needed
|
|
|
|
|
$status->merge( $user->sendConfirmationMail() );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Save settings (including confirmation token)
|
|
|
|
|
$user->saveSettings();
|
|
|
|
|
|
2016-02-17 09:09:32 +00:00
|
|
|
Hooks::run( 'AddNewAccount', [ $user, $params['mailpassword'] ] );
|
2013-01-21 11:03:46 +00:00
|
|
|
|
|
|
|
|
if ( $params['mailpassword'] ) {
|
|
|
|
|
$logAction = 'byemail';
|
|
|
|
|
} elseif ( $this->getUser()->isLoggedIn() ) {
|
|
|
|
|
$logAction = 'create2';
|
|
|
|
|
} else {
|
|
|
|
|
$logAction = 'create';
|
|
|
|
|
}
|
|
|
|
|
$user->addNewUserLogEntry( $logAction, (string)$params['reason'] );
|
2012-08-08 13:58:47 +00:00
|
|
|
|
|
|
|
|
// Add username, id, and token to result.
|
|
|
|
|
$result['username'] = $user->getName();
|
|
|
|
|
$result['userid'] = $user->getId();
|
|
|
|
|
$result['token'] = $user->getToken();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$apiResult = $this->getResult();
|
|
|
|
|
|
2013-04-19 18:03:05 +00:00
|
|
|
if ( $status->hasMessage( 'sessionfailure' ) || $status->hasMessage( 'nocookiesfornew' ) ) {
|
2013-03-09 08:38:02 +00:00
|
|
|
// Token was incorrect, so add it to result, but don't throw an exception
|
|
|
|
|
// since not having the correct token is part of the normal
|
|
|
|
|
// flow of events.
|
2016-02-01 20:44:03 +00:00
|
|
|
$result['token'] = LoginForm::getCreateaccountToken()->toString();
|
2014-02-20 15:06:59 +00:00
|
|
|
$result['result'] = 'NeedToken';
|
2016-02-01 20:44:03 +00:00
|
|
|
$this->setWarning( 'Fetching a token via action=createaccount is deprecated. ' .
|
|
|
|
|
'Use action=query&meta=tokens&type=createaccount instead.' );
|
|
|
|
|
$this->logFeatureUsage( 'action=createaccount&!token' );
|
2013-04-19 18:03:05 +00:00
|
|
|
} elseif ( !$status->isOK() ) {
|
2012-08-08 13:58:47 +00:00
|
|
|
// There was an error. Die now.
|
2013-06-13 17:56:29 +00:00
|
|
|
$this->dieStatus( $status );
|
2013-04-19 18:03:05 +00:00
|
|
|
} elseif ( !$status->isGood() ) {
|
2012-08-08 13:58:47 +00:00
|
|
|
// Status is not good, but OK. This means warnings.
|
2014-02-20 15:06:59 +00:00
|
|
|
$result['result'] = 'Warning';
|
2012-08-08 13:58:47 +00:00
|
|
|
|
|
|
|
|
// Add any warnings to the result
|
|
|
|
|
$warnings = $status->getErrorsByType( 'warning' );
|
2013-04-19 18:03:05 +00:00
|
|
|
if ( $warnings ) {
|
|
|
|
|
foreach ( $warnings as &$warning ) {
|
API: Overhaul ApiResult, make format=xml not throw, and add json formatversion
ApiResult was a mess: some methods could only be used with an array
reference instead of manipulating the stored data, methods that had both
array-ref and internal-data versions had names that didn't at all
correspond, some methods that worked on an array reference were
annoyingly non-static, and then the whole mess with setIndexedTagName.
ApiFormatXml is also entirely annoying to deal with, as it liked to
throw exceptions if certain metadata wasn't provided that no other
formatter required. Its legacy also means we have this silly convention
of using empty-string rather than boolean true, annoying restrictions on
keys (leading to things that should be hashes being arrays of key-value
object instead), '*' used as a key all over the place, and so on.
So, changes here:
* ApiResult is no longer an ApiBase or a ContextSource.
* Wherever sensible, ApiResult provides a static method working on an
arrayref and a non-static method working on internal data.
* Metadata is now always added to ApiResult's internal data structure.
Formatters are responsible for stripping it if necessary. "raw mode"
is deprecated.
* New metadata to replace the '*' key, solve the array() => '[]' vs '{}'
question, and so on.
* New class for formatting warnings and errors using i18n messages, and
support for multiple errors and a more machine-readable format for
warnings. For the moment, though, the actual output will not be changing
yet (see T47843 for future plans).
* New formatversion parameter for format=json and format=php, to select
between BC mode and the modern output.
* In BC mode, booleans will be converted to empty-string presence style;
modules currently returning booleans will need to use
ApiResult::META_BC_BOOLS to preserve their current output.
Actual changes to the API modules' output (e.g. actually returning
booleans for the new formatversion) beyond the use of
ApiResult::setContentValue() are left for a future change.
Bug: T76728
Bug: T57371
Bug: T33629
Change-Id: I7b37295e8862b188d1f3b0cd07f66ac34629678f
2014-12-03 22:14:22 +00:00
|
|
|
ApiResult::setIndexedTagName( $warning['params'], 'param' );
|
2012-08-08 13:58:47 +00:00
|
|
|
}
|
API: Overhaul ApiResult, make format=xml not throw, and add json formatversion
ApiResult was a mess: some methods could only be used with an array
reference instead of manipulating the stored data, methods that had both
array-ref and internal-data versions had names that didn't at all
correspond, some methods that worked on an array reference were
annoyingly non-static, and then the whole mess with setIndexedTagName.
ApiFormatXml is also entirely annoying to deal with, as it liked to
throw exceptions if certain metadata wasn't provided that no other
formatter required. Its legacy also means we have this silly convention
of using empty-string rather than boolean true, annoying restrictions on
keys (leading to things that should be hashes being arrays of key-value
object instead), '*' used as a key all over the place, and so on.
So, changes here:
* ApiResult is no longer an ApiBase or a ContextSource.
* Wherever sensible, ApiResult provides a static method working on an
arrayref and a non-static method working on internal data.
* Metadata is now always added to ApiResult's internal data structure.
Formatters are responsible for stripping it if necessary. "raw mode"
is deprecated.
* New metadata to replace the '*' key, solve the array() => '[]' vs '{}'
question, and so on.
* New class for formatting warnings and errors using i18n messages, and
support for multiple errors and a more machine-readable format for
warnings. For the moment, though, the actual output will not be changing
yet (see T47843 for future plans).
* New formatversion parameter for format=json and format=php, to select
between BC mode and the modern output.
* In BC mode, booleans will be converted to empty-string presence style;
modules currently returning booleans will need to use
ApiResult::META_BC_BOOLS to preserve their current output.
Actual changes to the API modules' output (e.g. actually returning
booleans for the new formatversion) beyond the use of
ApiResult::setContentValue() are left for a future change.
Bug: T76728
Bug: T57371
Bug: T33629
Change-Id: I7b37295e8862b188d1f3b0cd07f66ac34629678f
2014-12-03 22:14:22 +00:00
|
|
|
ApiResult::setIndexedTagName( $warnings, 'warning' );
|
2012-08-08 13:58:47 +00:00
|
|
|
$result['warnings'] = $warnings;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
// Everything was fine.
|
2014-02-20 15:06:59 +00:00
|
|
|
$result['result'] = 'Success';
|
2012-08-08 13:58:47 +00:00
|
|
|
}
|
|
|
|
|
|
2014-01-10 23:16:40 +00:00
|
|
|
// Give extensions a chance to modify the API result data
|
2016-02-17 09:09:32 +00:00
|
|
|
Hooks::run( 'AddNewAccountApiResult', [ $this, $loginForm, &$result ] );
|
2014-01-10 23:16:40 +00:00
|
|
|
|
2012-08-08 13:58:47 +00:00
|
|
|
$apiResult->addValue( null, 'createaccount', $result );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function mustBePosted() {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function isReadMode() {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function isWriteMode() {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getAllowedParams() {
|
2016-02-17 09:09:32 +00:00
|
|
|
return [
|
|
|
|
|
'name' => [
|
2012-08-08 13:58:47 +00:00
|
|
|
ApiBase::PARAM_TYPE => 'user',
|
|
|
|
|
ApiBase::PARAM_REQUIRED => true
|
2016-02-17 09:09:32 +00:00
|
|
|
],
|
|
|
|
|
'password' => [
|
2015-05-07 16:39:55 +00:00
|
|
|
ApiBase::PARAM_TYPE => 'password',
|
2016-02-17 09:09:32 +00:00
|
|
|
],
|
2012-08-08 13:58:47 +00:00
|
|
|
'domain' => null,
|
2016-02-17 09:09:32 +00:00
|
|
|
'token' => [
|
2016-02-01 20:44:03 +00:00
|
|
|
ApiBase::PARAM_TYPE => 'string',
|
|
|
|
|
ApiBase::PARAM_REQUIRED => false, // for BC
|
2016-02-17 09:09:32 +00:00
|
|
|
ApiBase::PARAM_HELP_MSG => [ 'api-help-param-token', 'createaccount' ],
|
|
|
|
|
],
|
|
|
|
|
'email' => [
|
2012-08-08 13:58:47 +00:00
|
|
|
ApiBase::PARAM_TYPE => 'string',
|
2014-01-24 02:51:11 +00:00
|
|
|
ApiBase::PARAM_REQUIRED => $this->getConfig()->get( 'EmailConfirmToEdit' ),
|
2016-02-17 09:09:32 +00:00
|
|
|
],
|
2012-08-08 13:58:47 +00:00
|
|
|
'realname' => null,
|
2016-02-17 09:09:32 +00:00
|
|
|
'mailpassword' => [
|
2012-08-08 13:58:47 +00:00
|
|
|
ApiBase::PARAM_TYPE => 'boolean',
|
|
|
|
|
ApiBase::PARAM_DFLT => false
|
2016-02-17 09:09:32 +00:00
|
|
|
],
|
2012-08-08 13:58:47 +00:00
|
|
|
'reason' => null,
|
|
|
|
|
'language' => null
|
2016-02-17 09:09:32 +00:00
|
|
|
];
|
2012-08-08 13:58:47 +00:00
|
|
|
}
|
|
|
|
|
|
2014-10-28 17:17:02 +00:00
|
|
|
protected function getExamplesMessages() {
|
2016-02-17 09:09:32 +00:00
|
|
|
return [
|
2014-09-18 17:38:23 +00:00
|
|
|
'action=createaccount&name=testuser&password=test123'
|
|
|
|
|
=> 'apihelp-createaccount-example-pass',
|
|
|
|
|
'action=createaccount&name=testmailuser&mailpassword=true&reason=MyReason'
|
|
|
|
|
=> 'apihelp-createaccount-example-mail',
|
2016-02-17 09:09:32 +00:00
|
|
|
];
|
2012-08-08 13:58:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getHelpUrls() {
|
2013-02-13 22:42:09 +00:00
|
|
|
return 'https://www.mediawiki.org/wiki/API:Account_creation';
|
2012-08-08 13:58:47 +00:00
|
|
|
}
|
|
|
|
|
}
|
