--- /dev/null
+<?php
+/**
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
+ * @file
+ * @ingroup Auth
+ */
+
+namespace MediaWiki\Auth;
+
+/**
+ * Reset the local password, if signalled via $this->manager->setAuthenticationSessionData()
+ *
+ * The authentication data key is 'reset-pass'; the data is an object with the
+ * following properties:
+ * - msg: Message object to display to the user
+ * - hard: Boolean, if true the reset cannot be skipped.
+ * - req: Optional PasswordAuthenticationRequest to use to actually reset the
+ * password. Won't be displayed to the user.
+ *
+ * @ingroup Auth
+ * @since 1.27
+ */
+class ResetPasswordSecondaryAuthenticationProvider extends AbstractSecondaryAuthenticationProvider {
+
+ public function getAuthenticationRequests( $action, array $options ) {
+ return [];
+ }
+
+ public function beginSecondaryAuthentication( $user, array $reqs ) {
+ return $this->tryReset( $user, $reqs );
+ }
+
+ public function continueSecondaryAuthentication( $user, array $reqs ) {
+ return $this->tryReset( $user, $reqs );
+ }
+
+ public function beginSecondaryAccountCreation( $user, $creator, array $reqs ) {
+ return $this->tryReset( $user, $reqs );
+ }
+
+ public function continueSecondaryAccountCreation( $user, $creator, array $reqs ) {
+ return $this->tryReset( $user, $reqs );
+ }
+
+ /**
+ * Try to reset the password
+ * @param \User $user
+ * @param AuthenticationRequest[] $reqs
+ * @return AuthenticationResponse
+ */
+ protected function tryReset( \User $user, array $reqs ) {
+ $data = $this->manager->getAuthenticationSessionData( 'reset-pass' );
+ if ( !$data ) {
+ return AuthenticationResponse::newAbstain();
+ }
+
+ if ( is_array( $data ) ) {
+ $data = (object)$data;
+ }
+ if ( !is_object( $data ) ) {
+ throw new \UnexpectedValueException( 'reset-pass is not valid' );
+ }
+
+ if ( !isset( $data->msg ) ) {
+ throw new \UnexpectedValueException( 'reset-pass msg is missing' );
+ } elseif ( !$data->msg instanceof \Message ) {
+ throw new \UnexpectedValueException( 'reset-pass msg is not valid' );
+ } elseif ( !isset( $data->hard ) ) {
+ throw new \UnexpectedValueException( 'reset-pass hard is missing' );
+ } elseif ( isset( $data->req ) && (
+ !$data->req instanceof PasswordAuthenticationRequest ||
+ !array_key_exists( 'retype', $data->req->getFieldInfo() )
+ ) ) {
+ throw new \UnexpectedValueException( 'reset-pass req is not valid' );
+ }
+
+ if ( !$data->hard ) {
+ $req = ButtonAuthenticationRequest::getRequestByName( $reqs, 'skipReset' );
+ if ( $req ) {
+ $this->manager->removeAuthenticationSessionData( 'reset-pass' );
+ return AuthenticationResponse::newPass();
+ }
+ }
+
+ $needReq = isset( $data->req ) ? $data->req : new PasswordAuthenticationRequest();
+ if ( !$needReq->action ) {
+ $needReq->action = AuthManager::ACTION_CHANGE;
+ }
+ $needReq->required = $data->hard ? AuthenticationRequest::REQUIRED
+ : AuthenticationRequest::OPTIONAL;
+ $needReqs = [ $needReq ];
+ if ( !$data->hard ) {
+ $needReqs[] = new ButtonAuthenticationRequest(
+ 'skipReset',
+ wfMessage( 'authprovider-resetpass-skip-label' ),
+ wfMessage( 'authprovider-resetpass-skip-help' )
+ );
+ }
+
+ $req = AuthenticationRequest::getRequestByClass( $reqs, get_class( $needReq ) );
+ if ( !$req || !array_key_exists( 'retype', $req->getFieldInfo() ) ) {
+ return AuthenticationResponse::newUI( $needReqs, $data->msg, 'warning' );
+ }
+
+ if ( $req->password !== $req->retype ) {
+ return AuthenticationResponse::newUI( $needReqs, new \Message( 'badretype' ), 'error' );
+ }
+
+ $req->username = $user->getName();
+ $status = $this->manager->allowsAuthenticationDataChange( $req );
+ if ( !$status->isGood() ) {
+ return AuthenticationResponse::newUI( $needReqs, $status->getMessage(), 'error' );
+ }
+ $this->manager->changeAuthenticationData( $req );
+
+ $this->manager->removeAuthenticationSessionData( 'reset-pass' );
+ return AuthenticationResponse::newPass();
+ }
+}
scripts.mit.edu / autoinstallsdev / mediawiki.git / blobdiff