includes/specials/SpecialLinkAccounts.php

   1 <?php
   2
   3 use MediaWiki\Auth\AuthenticationRequest;
   4 use MediaWiki\Auth\AuthenticationResponse;
   5 use MediaWiki\Auth\AuthManager;
   6
   7 /**
   8  * Links/unlinks external accounts to the current user.
   9  *
  10  * To interact with this page, account providers need to register themselves with AuthManager.
  11  */
  12 class SpecialLinkAccounts extends AuthManagerSpecialPage {
  13         protected static $allowedActions = [
  14                 AuthManager::ACTION_LINK, AuthManager::ACTION_LINK_CONTINUE,
  15         ];
  16
  17         public function __construct() {
  18                 parent::__construct( 'LinkAccounts' );
  19         }
  20
  21         protected function getGroupName() {
  22                 return 'users';
  23         }
  24
  25         public function isListed() {
  26                 return AuthManager::singleton()->canLinkAccounts();
  27         }
  28
  29         protected function getRequestBlacklist() {
  30                 return $this->getConfig()->get( 'ChangeCredentialsBlacklist' );
  31         }
  32
  33         /**
  34          * @param null|string $subPage
  35          * @throws MWException
  36          * @throws PermissionsError
  37          */
  38         public function execute( $subPage ) {
  39                 $this->setHeaders();
  40                 $this->loadAuth( $subPage );
  41
  42                 if ( !$this->isActionAllowed( $this->authAction ) ) {
  43                         if ( $this->authAction === AuthManager::ACTION_LINK ) {
  44                                 // looks like no linking provider is installed or willing to take this user
  45                                 $titleMessage = wfMessage( 'cannotlink-no-provider-title' );
  46                                 $errorMessage = wfMessage( 'cannotlink-no-provider' );
  47                                 throw new ErrorPageError( $titleMessage, $errorMessage );
  48                         } else {
  49                                 // user probably back-button-navigated into an auth session that no longer exists
  50                                 // FIXME would be nice to show a message
  51                                 $this->getOutput()->redirect( $this->getPageTitle()->getFullURL( '', false,
  52                                         PROTO_HTTPS ) );
  53                                 return;
  54                         }
  55                 }
  56
  57                 $this->outputHeader();
  58
  59                 $status = $this->trySubmit();
  60
  61                 if ( $status === false || !$status->isOK() ) {
  62                         $this->displayForm( $status );
  63                         return;
  64                 }
  65
  66                 $response = $status->getValue();
  67
  68                 switch ( $response->status ) {
  69                         case AuthenticationResponse::PASS:
  70                                 $this->success();
  71                                 break;
  72                         case AuthenticationResponse::FAIL:
  73                                 $this->loadAuth( '', AuthManager::ACTION_LINK, true );
  74                                 $this->displayForm( StatusValue::newFatal( $response->message ) );
  75                                 break;
  76                         case AuthenticationResponse::REDIRECT:
  77                                 $this->getOutput()->redirect( $response->redirectTarget );
  78                                 break;
  79                         case AuthenticationResponse::UI:
  80                                 $this->authAction = AuthManager::ACTION_LINK_CONTINUE;
  81                                 $this->authRequests = $response->neededRequests;
  82                                 $this->displayForm( StatusValue::newFatal( $response->message ) );
  83                                 break;
  84                         default:
  85                                 throw new LogicException( 'invalid AuthenticationResponse' );
  86                 }
  87         }
  88
  89         protected function getDefaultAction( $subPage ) {
  90                 return AuthManager::ACTION_LINK;
  91         }
  92
  93         /**
  94          * @param AuthenticationRequest[] $requests
  95          * @param string $action AuthManager action name, should be ACTION_LINK or ACTION_LINK_CONTINUE
  96          * @return HTMLForm
  97          */
  98         protected function getAuthForm( array $requests, $action ) {
  99                 $form = parent::getAuthForm( $requests, $action );
 100                 $form->setSubmitTextMsg( 'linkaccounts-submit' );
 101                 return $form;
 102         }
 103
 104         /**
 105          * Show a success message.
 106          */
 107         protected function success() {
 108                 $this->loadAuth( '', AuthManager::ACTION_LINK, true );
 109                 $this->displayForm( StatusValue::newFatal( $this->msg( 'linkaccounts-success-text' ) ) );
 110         }
 111 }