3617c982c9
Rewrite authentication-related special pages to use AuthManager. All the changes mentioned below only take effect when $wgDisableAuthManager is false. LoginForm is rewritten to use HTMLForm and split into UserLogin and CreateAccount; ChangePassword and PasswordReset are rewritten; ChangeEmail and Preferences are updated. Four new special pages are added to handle the new capabilities of AuthManager (linked accounts, secondary authentication providers): LinkAccounts, UnlinkAccounts, ChangeCredentials, RemoveCredentials. The old form-based hooks (ChangePasswordForm, UserCreateForm, UserLoginForm) are deprecated. A new, more generic hook is available to alter the forms (AuthChangeFormFields); form changes that involve new fields should be done via $wgAuthManagerConfig. UserLoginComplete is limited to web-based login; for more generic functionality UserLoggedIn can be used instead. Hooks that assume password-based login (PrefsPasswordAudit, AbortChangePassword) are removed; the first functionality is replaced by ChangeAuthenticationDataAudit, the second is handled by AuthManager. LoginPasswordResetMessage is removed, the functionality can be recreated via authentication providers. There are several smaller backwards incompatible changes: * Adding fields to the login/signup forms by manipulating the template via the extraInput/extrafields parameters is not supported anymore. Depending on the authn configuration the login/signup process might be multistep and it would be complicated to ensure that extensions can access the data at the right moment. Instead, you can create an AuthenticationProvider which can define its own fields and process them when the authentication is over. (There is B/C support for a transitional period that works with the default login form, but might break with configurations that require multiple steps or redirects.) * Removed cookie redirect check. This was added in 2003 in9ead07fe9for the benefit of bots, but with MediaWiki having an API these days there is little reason to keep it. Same for the wpSkipCookieCheck flag (added in 2008 in29c73e8265). * Instead of embedding a password field on sensitive special pages such as ChangeEmail, such pages rely on AuthManager for elevated security (which typically involves requiring the user to log in again unless their last login was more than a few minutes ago). Accordingly, wgRequirePasswordforEmailChange is removed. * Special:ChangePassword requires login now. * Special:ResetPassword now sends a separate email to each user when called with a shared email address. * the Reason field had a message with 'prefsectiontip' class which was sorta broken but used in extensions for formatting. HTMLForm does not support that, so this commit turns it into a help message which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884 Bug: T110277 Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
111 lines
3.1 KiB
PHP
111 lines
3.1 KiB
PHP
<?php
|
|
|
|
use MediaWiki\Auth\AuthenticationRequest;
|
|
use MediaWiki\Auth\AuthenticationResponse;
|
|
use MediaWiki\Auth\AuthManager;
|
|
|
|
/**
|
|
* Links/unlinks external accounts to the current user.
|
|
*
|
|
* To interact with this page, account providers need to register themselves with AuthManager.
|
|
*/
|
|
class SpecialLinkAccounts extends AuthManagerSpecialPage {
|
|
protected static $allowedActions = [
|
|
AuthManager::ACTION_LINK, AuthManager::ACTION_LINK_CONTINUE,
|
|
];
|
|
|
|
public function __construct() {
|
|
parent::__construct( 'LinkAccounts' );
|
|
}
|
|
|
|
protected function getGroupName() {
|
|
return 'users';
|
|
}
|
|
|
|
public function isListed() {
|
|
return AuthManager::singleton()->canLinkAccounts();
|
|
}
|
|
|
|
protected function getRequestBlacklist() {
|
|
return $this->getConfig()->get( 'ChangeCredentialsBlacklist' );
|
|
}
|
|
|
|
/**
|
|
* @param null|string $subPage
|
|
* @throws MWException
|
|
* @throws PermissionsError
|
|
*/
|
|
public function execute( $subPage ) {
|
|
$this->setHeaders();
|
|
$this->loadAuth( $subPage );
|
|
|
|
if ( !$this->isActionAllowed( $this->authAction ) ) {
|
|
if ( $this->authAction === AuthManager::ACTION_LINK ) {
|
|
// looks like no linking provider is installed or willing to take this user
|
|
$titleMessage = wfMessage( 'cannotlink-no-provider-title' );
|
|
$errorMessage = wfMessage( 'cannotlink-no-provider' );
|
|
throw new ErrorPageError( $titleMessage, $errorMessage );
|
|
} else {
|
|
// user probably back-button-navigated into an auth session that no longer exists
|
|
// FIXME would be nice to show a message
|
|
$this->getOutput()->redirect( $this->getPageTitle()->getFullURL( '', false,
|
|
PROTO_HTTPS ) );
|
|
return;
|
|
}
|
|
}
|
|
|
|
$this->outputHeader();
|
|
|
|
$status = $this->trySubmit();
|
|
|
|
if ( $status === false || !$status->isOK() ) {
|
|
$this->displayForm( $status );
|
|
return;
|
|
}
|
|
|
|
$response = $status->getValue();
|
|
|
|
switch ( $response->status ) {
|
|
case AuthenticationResponse::PASS:
|
|
$this->success();
|
|
break;
|
|
case AuthenticationResponse::FAIL:
|
|
$this->loadAuth( '', AuthManager::ACTION_LINK, true );
|
|
$this->displayForm( StatusValue::newFatal( $response->message ) );
|
|
break;
|
|
case AuthenticationResponse::REDIRECT:
|
|
$this->getOutput()->redirect( $response->redirectTarget );
|
|
break;
|
|
case AuthenticationResponse::UI:
|
|
$this->authAction = AuthManager::ACTION_LINK_CONTINUE;
|
|
$this->authRequests = $response->neededRequests;
|
|
$this->displayForm( StatusValue::newFatal( $response->message ) );
|
|
break;
|
|
default:
|
|
throw new LogicException( 'invalid AuthenticationResponse' );
|
|
}
|
|
}
|
|
|
|
protected function getDefaultAction( $subPage ) {
|
|
return AuthManager::ACTION_LINK;
|
|
}
|
|
|
|
/**
|
|
* @param AuthenticationRequest[] $requests
|
|
* @param string $action AuthManager action name, should be ACTION_LINK or ACTION_LINK_CONTINUE
|
|
* @return HTMLForm
|
|
*/
|
|
protected function getAuthForm( array $requests, $action ) {
|
|
$form = parent::getAuthForm( $requests, $action );
|
|
$form->setSubmitTextMsg( 'linkaccounts-submit' );
|
|
return $form;
|
|
}
|
|
|
|
/**
|
|
* Show a success message.
|
|
*/
|
|
protected function success() {
|
|
$this->loadAuth( '', AuthManager::ACTION_LINK, true );
|
|
$this->displayForm( StatusValue::newFatal( $this->msg( 'linkaccounts-success-text' ) ) );
|
|
}
|
|
}
|