includes/api/ApiRemoveAuthenticationData.php

   1 <?php
   2 /**
   3  * Copyright © 2016 Wikimedia Foundation and contributors
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 2 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along
  16  * with this program; if not, write to the Free Software Foundation, Inc.,
  17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18  * http://www.gnu.org/copyleft/gpl.html
  19  *
  20  * @file
  21  */
  22
  23 use MediaWiki\Auth\AuthManager;
  24
  25 /**
  26  * Remove authentication data from AuthManager
  27  *
  28  * @ingroup API
  29  */
  30 class ApiRemoveAuthenticationData extends ApiBase {
  31
  32         private $authAction;
  33         private $operation;
  34
  35         public function __construct( ApiMain $main, $action ) {
  36                 parent::__construct( $main, $action );
  37
  38                 $this->authAction = $action === 'unlinkaccount'
  39                         ? AuthManager::ACTION_UNLINK
  40                         : AuthManager::ACTION_REMOVE;
  41                 $this->operation = $action === 'unlinkaccount'
  42                         ? 'UnlinkAccount'
  43                         : 'RemoveCredentials';
  44         }
  45
  46         public function execute() {
  47                 if ( !$this->getUser()->isLoggedIn() ) {
  48                         $this->dieWithError( 'apierror-mustbeloggedin-removeauth', 'notloggedin' );
  49                 }
  50
  51                 $params = $this->extractRequestParams();
  52                 $manager = AuthManager::singleton();
  53
  54                 // Check security-sensitive operation status
  55                 ApiAuthManagerHelper::newForModule( $this )->securitySensitiveOperation( $this->operation );
  56
  57                 // Fetch the request. No need to load from the request, so don't use
  58                 // ApiAuthManagerHelper's method.
  59                 $blacklist = $this->authAction === AuthManager::ACTION_REMOVE
  60                         ? array_flip( $this->getConfig()->get( 'RemoveCredentialsBlacklist' ) )
  61                         : [];
  62                 $reqs = array_filter(
  63                         $manager->getAuthenticationRequests( $this->authAction, $this->getUser() ),
  64                         function ( $req ) use ( $params, $blacklist ) {
  65                                 return $req->getUniqueId() === $params['request'] &&
  66                                         !isset( $blacklist[get_class( $req )] );
  67                         }
  68                 );
  69                 if ( count( $reqs ) !== 1 ) {
  70                         $this->dieWithError( 'apierror-changeauth-norequest', 'badrequest' );
  71                 }
  72                 $req = reset( $reqs );
  73
  74                 // Perform the removal
  75                 $status = $manager->allowsAuthenticationDataChange( $req, true );
  76                 Hooks::run( 'ChangeAuthenticationDataAudit', [ $req, $status ] );
  77                 if ( !$status->isGood() ) {
  78                         $this->dieStatus( $status );
  79                 }
  80                 $manager->changeAuthenticationData( $req );
  81
  82                 $this->getResult()->addValue( null, $this->getModuleName(), [ 'status' => 'success' ] );
  83         }
  84
  85         public function isWriteMode() {
  86                 return true;
  87         }
  88
  89         public function needsToken() {
  90                 return 'csrf';
  91         }
  92
  93         public function getAllowedParams() {
  94                 return ApiAuthManagerHelper::getStandardParams( $this->authAction,
  95                         'request'
  96                 );
  97         }
  98
  99         protected function getExamplesMessages() {
 100                 $path = $this->getModulePath();
 101                 $action = $this->getModuleName();
 102                 return [
 103                         "action={$action}&request=FooAuthenticationRequest&token=123ABC"
 104                                 => "apihelp-{$path}-example-simple",
 105                 ];
 106         }
 107
 108         public function getHelpUrls() {
 109                 return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Manage_authentication_data';
 110         }
 111 }