MediaWiki 1.30.2

[autoinstallsdev/mediawiki.git] / includes / auth / ResetPasswordSecondaryAuthenticationProvider.php

<?php
/**
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * http://www.gnu.org/copyleft/gpl.html
 *
 * @file
 * @ingroup Auth
 */

namespace MediaWiki\Auth;

/**
 * Reset the local password, if signalled via $this->manager->setAuthenticationSessionData()
 *
 * The authentication data key is 'reset-pass'; the data is an object with the
 * following properties:
 * - msg: Message object to display to the user
 * - hard: Boolean, if true the reset cannot be skipped.
 * - req: Optional PasswordAuthenticationRequest to use to actually reset the
 *   password. Won't be displayed to the user.
 *
 * @ingroup Auth
 * @since 1.27
 */
class ResetPasswordSecondaryAuthenticationProvider extends AbstractSecondaryAuthenticationProvider {

        public function getAuthenticationRequests( $action, array $options ) {
                return [];
        }

        public function beginSecondaryAuthentication( $user, array $reqs ) {
                return $this->tryReset( $user, $reqs );
        }

        public function continueSecondaryAuthentication( $user, array $reqs ) {
                return $this->tryReset( $user, $reqs );
        }

        public function beginSecondaryAccountCreation( $user, $creator, array $reqs ) {
                return $this->tryReset( $user, $reqs );
        }

        public function continueSecondaryAccountCreation( $user, $creator, array $reqs ) {
                return $this->tryReset( $user, $reqs );
        }

        /**
         * Try to reset the password
         * @param \User $user
         * @param AuthenticationRequest[] $reqs
         * @return AuthenticationResponse
         */
        protected function tryReset( \User $user, array $reqs ) {
                $data = $this->manager->getAuthenticationSessionData( 'reset-pass' );
                if ( !$data ) {
                        return AuthenticationResponse::newAbstain();
                }

                if ( is_array( $data ) ) {
                        $data = (object)$data;
                }
                if ( !is_object( $data ) ) {
                        throw new \UnexpectedValueException( 'reset-pass is not valid' );
                }

                if ( !isset( $data->msg ) ) {
                        throw new \UnexpectedValueException( 'reset-pass msg is missing' );
                } elseif ( !$data->msg instanceof \Message ) {
                        throw new \UnexpectedValueException( 'reset-pass msg is not valid' );
                } elseif ( !isset( $data->hard ) ) {
                        throw new \UnexpectedValueException( 'reset-pass hard is missing' );
                } elseif ( isset( $data->req ) && (
                        !$data->req instanceof PasswordAuthenticationRequest ||
                        !array_key_exists( 'retype', $data->req->getFieldInfo() )
                ) ) {
                        throw new \UnexpectedValueException( 'reset-pass req is not valid' );
                }

                if ( !$data->hard ) {
                        $req = ButtonAuthenticationRequest::getRequestByName( $reqs, 'skipReset' );
                        if ( $req ) {
                                $this->manager->removeAuthenticationSessionData( 'reset-pass' );
                                return AuthenticationResponse::newPass();
                        }
                }

                $needReq = isset( $data->req ) ? $data->req : new PasswordAuthenticationRequest();
                if ( !$needReq->action ) {
                        $needReq->action = AuthManager::ACTION_CHANGE;
                }
                $needReq->required = $data->hard ? AuthenticationRequest::REQUIRED
                        : AuthenticationRequest::OPTIONAL;
                $needReqs = [ $needReq ];
                if ( !$data->hard ) {
                        $needReqs[] = new ButtonAuthenticationRequest(
                                'skipReset',
                                wfMessage( 'authprovider-resetpass-skip-label' ),
                                wfMessage( 'authprovider-resetpass-skip-help' )
                        );
                }

                $req = AuthenticationRequest::getRequestByClass( $reqs, get_class( $needReq ) );
                if ( !$req || !array_key_exists( 'retype', $req->getFieldInfo() ) ) {
                        return AuthenticationResponse::newUI( $needReqs, $data->msg, 'warning' );
                }

                if ( $req->password !== $req->retype ) {
                        return AuthenticationResponse::newUI( $needReqs, new \Message( 'badretype' ), 'error' );
                }

                $req->username = $user->getName();
                $status = $this->manager->allowsAuthenticationDataChange( $req );
                if ( !$status->isGood() ) {
                        return AuthenticationResponse::newUI( $needReqs, $status->getMessage(), 'error' );
                }
                $this->manager->changeAuthenticationData( $req );

                $this->manager->removeAuthenticationSessionData( 'reset-pass' );
                return AuthenticationResponse::newPass();
        }
}