/**
* Format the rows (generated by SpecialRecentchanges or SpecialRecentchangeslinked)
* as an RSS/Atom feed.
*/
public function execute()
{
$config = $this->getConfig();
$this->params = $this->extractRequestParams();
if (!$config->get('Feed')) {
$this->dieUsage('Syndication feeds are not available', 'feed-unavailable');
}
$feedClasses = $config->get('FeedClasses');
if (!isset($feedClasses[$this->params['feedformat']])) {
$this->dieUsage('Invalid subscription feed type', 'feed-invalid');
}
$this->getMain()->setCacheMode('public');
if (!$this->getMain()->getParameter('smaxage')) {
// bug 63249: This page gets hit a lot, cache at least 15 seconds.
$this->getMain()->setCacheMaxAge(15);
}
$feedFormat = $this->params['feedformat'];
$specialClass = $this->params['target'] !== null ? 'SpecialRecentchangeslinked' : 'SpecialRecentchanges';
$formatter = $this->getFeedObject($feedFormat, $specialClass);
// Parameters are passed via the request in the context… :(
$context = new DerivativeContext($this);
$context->setRequest(new DerivativeRequest($this->getRequest(), $this->params, $this->getRequest()->wasPosted()));
// The row-getting functionality should be factored out of ChangesListSpecialPage too…
$rc = new $specialClass();
$rc->setContext($context);
$rows = $rc->getRows();
$feedItems = $rows ? ChangesFeed::buildItems($rows) : array();
ApiFormatFeedWrapper::setResult($this->getResult(), $formatter, $feedItems);
}
private static function getManager($continue, $allModules, $generatedModules)
{
$context = new DerivativeContext(RequestContext::getMain());
$context->setRequest(new FauxRequest(array('continue' => $continue)));
$main = new ApiMain($context);
return new ApiContinuationManager($main, $allModules, $generatedModules);
}
/**
* @dataProvider provideValidate
*/
public function testForm($text, $value)
{
$form = HTMLForm::factory('ooui', ['restrictions' => ['class' => HTMLRestrictionsField::class]]);
$request = new FauxRequest(['wprestrictions' => $text], true);
$context = new DerivativeContext(RequestContext::getMain());
$context->setRequest($request);
$form->setContext($context);
$form->setTitle(Title::newFromText('Main Page'))->setSubmitCallback(function () {
return true;
})->prepareForm();
$status = $form->trySubmit();
if ($status instanceof StatusValue) {
$this->assertEquals($value !== false, $status->isGood());
} elseif ($value === false) {
$this->assertNotSame(true, $status);
} else {
$this->assertSame(true, $status);
}
if ($value !== false) {
$restrictions = $form->mFieldData['restrictions'];
$this->assertInstanceOf(MWRestrictions::class, $restrictions);
$this->assertEquals($value, $restrictions->toArray()['IPAddresses']);
}
// sanity
$form->getHTML($status);
}
private function getContext($requestedAction = null)
{
$request = new FauxRequest(array('action' => $requestedAction));
$context = new DerivativeContext(RequestContext::getMain());
$context->setRequest($request);
$context->setWikiPage($this->getPage());
return $context;
}
/**
* Returns a DerivativeContext with the request variables in place
*
* @param $request WebRequest request object including parameters and session
* @param $user User or null
* @return DerivativeContext
*/
public function newTestContext(WebRequest $request, User $user = null)
{
$context = new DerivativeContext($this);
$context->setRequest($request);
if ($user !== null) {
$context->setUser($user);
}
return $context;
}
/**
* @param string $url
* @param array $cookies
* @return MobileContext
*/
private function makeContext($url = '/', $cookies = array())
{
$context = new DerivativeContext(RequestContext::getMain());
$context->setRequest(new MFFauxRequest($url, $cookies));
$context->setOutput(new OutputPage($context));
$instance = unserialize('O:13:"MobileContext":0:{}');
$instance->setContext($context);
return $instance;
}
/**
* @param WebRequest|null $request
* @param Language|string|null $language
* @param User|null $user
*
* @return DerivativeContext
*/
private function newContext(WebRequest $request = null, $language = null, User $user = null)
{
$context = new DerivativeContext(RequestContext::getMain());
$context->setRequest($request ?: new FauxRequest());
if ($language !== null) {
$context->setLanguage($language);
}
if ($user !== null) {
$context->setUser($user);
}
$this->setEditTokenFromUser($context);
return $context;
}
/**
* @param string $url
* @param array $cookies
* @return MobileContext
*/
private function makeContext($url = '/', $cookies = array())
{
$query = array();
if ($url) {
$params = wfParseUrl(wfExpandUrl($url));
if (isset($params['query'])) {
$query = wfCgiToArray($params['query']);
}
}
$request = new FauxRequest($query);
$request->setRequestURL($url);
$request->setCookies($cookies, '');
$context = new DerivativeContext(RequestContext::getMain());
$context->setRequest($request);
$context->setOutput(new OutputPage($context));
$instance = unserialize('O:13:"MobileContext":0:{}');
$instance->setContext($context);
return $instance;
}
/**
* @dataProvider provideGetParameterFromSettings
* @param string|null $input
* @param array $paramSettings
* @param mixed $expected
* @param string[] $warnings
*/
public function testGetParameterFromSettings($input, $paramSettings, $expected, $warnings)
{
$mock = new MockApi();
$wrapper = TestingAccessWrapper::newFromObject($mock);
$context = new DerivativeContext($mock);
$context->setRequest(new FauxRequest($input !== null ? ['foo' => $input] : []));
$wrapper->mMainModule = new ApiMain($context);
if ($expected instanceof UsageException) {
try {
$wrapper->getParameterFromSettings('foo', $paramSettings, true);
} catch (UsageException $ex) {
$this->assertEquals($expected, $ex);
}
} else {
$result = $wrapper->getParameterFromSettings('foo', $paramSettings, true);
$this->assertSame($expected, $result);
$this->assertSame($warnings, $mock->warnings);
}
}
/**
* Creates a new set of object for the actual test context, including a new
* outputpage and skintemplate.
*
* @param string $mode The mode for the test cases (desktop, mobile)
* @return array Array of objects, including MobileContext (context),
* SkinTemplate (sk) and OutputPage (out)
*/
protected function getContextSetup($mode, $mfXAnalyticsItems)
{
// Create a new MobileContext object for this test
MobileContext::setInstance(null);
// create a new instance of MobileContext
$context = MobileContext::singleton();
// create a DerivativeContext to use in MobileContext later
$mainContext = new DerivativeContext(RequestContext::getMain());
// create a new, empty OutputPage
$out = new OutputPage($context);
// create a new, empty SkinTemplate
$sk = new SkinTemplate();
// create a new Title (main page)
$title = Title::newMainPage();
// create a FauxRequest to use instead of a WebRequest object (FauxRequest forces
// the creation of a FauxResponse, which allows to investigate sent header values)
$request = new FauxRequest();
// set the new request object to the context
$mainContext->setRequest($request);
// set the main page title to the context
$mainContext->setTitle($title);
// set the context to the SkinTemplate
$sk->setContext($mainContext);
// set the OutputPage to the context
$mainContext->setOutput($out);
// set the DerivativeContext as a base to MobileContext
$context->setContext($mainContext);
// set the mode to MobileContext
$context->setUseFormat($mode);
// if there are any XAnalytics items, add them
foreach ($mfXAnalyticsItems as $key => $val) {
$context->addAnalyticsLogItem($key, $val);
}
// set the newly created MobileContext object as the current instance to use
MobileContext::setInstance($context);
// return the stuff
return array('out' => $out, 'sk' => $sk, 'context' => $context);
}
/**
* @param AuthenticationRequest[] $requests
* @param string $action AuthManager action name (one of the AuthManager::ACTION_* constants)
* @return HTMLForm
*/
protected function getAuthForm(array $requests, $action)
{
$formDescriptor = $this->getAuthFormDescriptor($requests, $action);
$context = $this->getContext();
if ($context->getRequest() !== $this->getRequest()) {
// We have overridden the request, need to make sure the form uses that too.
$context = new DerivativeContext($this->getContext());
$context->setRequest($this->getRequest());
}
$form = HTMLForm::factory('ooui', $formDescriptor, $context);
$form->setAction($this->getFullTitle()->getFullURL($this->getPreservedParams()));
$form->addHiddenField($this->getTokenName(), $this->getToken()->toString());
$form->addHiddenField('authAction', $this->authAction);
$form->suppressDefaultSubmit(!$this->needsSubmitButton($formDescriptor));
return $form;
}
/**
* Generates a form from the given request.
* @param AuthenticationRequest[] $requests
* @param string $action AuthManager action name
* @param string|Message $msg
* @param string $msgType
* @return HTMLForm
*/
protected function getAuthForm(array $requests, $action, $msg = '', $msgType = 'error')
{
global $wgSecureLogin, $wgLoginLanguageSelector;
// FIXME merge this with parent
if (isset($this->authForm)) {
return $this->authForm;
}
$usingHTTPS = $this->getRequest()->getProtocol() === 'https';
// get basic form description from the auth logic
$fieldInfo = AuthenticationRequest::mergeFieldInfo($requests);
$fakeTemplate = $this->getFakeTemplate($msg, $msgType);
$this->fakeTemplate = $fakeTemplate;
// FIXME there should be a saner way to pass this to the hook
// this will call onAuthChangeFormFields()
$formDescriptor = static::fieldInfoToFormDescriptor($requests, $fieldInfo, $this->authAction);
$this->postProcessFormDescriptor($formDescriptor, $requests);
$context = $this->getContext();
if ($context->getRequest() !== $this->getRequest()) {
// We have overridden the request, need to make sure the form uses that too.
$context = new DerivativeContext($this->getContext());
$context->setRequest($this->getRequest());
}
$form = HTMLForm::factory('vform', $formDescriptor, $context);
$form->addHiddenField('authAction', $this->authAction);
if ($wgLoginLanguageSelector) {
$form->addHiddenField('uselang', $this->mLanguage);
}
$form->addHiddenField('force', $this->securityLevel);
$form->addHiddenField($this->getTokenName(), $this->getToken()->toString());
if ($wgSecureLogin) {
// If using HTTPS coming from HTTP, then the 'fromhttp' parameter must be preserved
if (!$this->isSignup()) {
$form->addHiddenField('wpForceHttps', (int) $this->mStickHTTPS);
$form->addHiddenField('wpFromhttp', $usingHTTPS);
}
}
// set properties of the form itself
$form->setAction($this->getPageTitle()->getLocalURL($this->getReturnToQueryStringFragment()));
$form->setName('userlogin' . ($this->isSignup() ? '2' : ''));
if ($this->isSignup()) {
$form->setId('userlogin2');
}
$form->suppressDefaultSubmit();
$this->authForm = $form;
return $form;
}
/**
* @param $title Title
* @param $summary string
* @param $context IContextSource
* @todo rework this to use a generic CollaborationList editor function once it exists
*/
public static function postMemberList(Title $title, $summary, IContextSource $context)
{
$username = $context->getUser()->getName();
$collabList = self::makeMemberList($username, $context->msg('collaborationkit-hub-members-description'));
// Ensure that a valid context is provided to the API in unit tests
$der = new DerivativeContext($context);
$request = new DerivativeRequest($context->getRequest(), ['action' => 'edit', 'title' => $title->getFullText(), 'contentmodel' => 'CollaborationListContent', 'contentformat' => 'application/json', 'text' => $collabList->serialize(), 'summary' => $summary, 'token' => $context->getUser()->getEditToken()], true);
$der->setRequest($request);
try {
$api = new ApiMain($der, true);
$api->execute();
} catch (UsageException $e) {
return Status::newFatal($context->msg('collaborationkit-hub-edit-apierror', $e->getCodeString()));
}
return Status::newGood();
}
/**
* Executes the log-in attempt using the parameters passed. If
* the log-in succeeds, it attaches a cookie to the session
* and outputs the user id, username, and session token. If a
* log-in fails, as the result of a bad password, a nonexistent
* user, or any other reason, the host is cached with an expiry
* and no log-in attempts will be accepted until that expiry
* is reached. The expiry is $this->mLoginThrottle.
*/
public function execute()
{
// If we're in a mode that breaks the same-origin policy, no tokens can
// be obtained
if ($this->lacksSameOriginSecurity()) {
$this->getResult()->addValue(null, 'login', array('result' => 'Aborted', 'reason' => 'Cannot log in when the same-origin policy is not applied'));
return;
}
$params = $this->extractRequestParams();
$result = array();
// Init session if necessary
if (session_id() == '') {
wfSetupSession();
}
$context = new DerivativeContext($this->getContext());
$context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpDomain' => $params['domain'], 'wpLoginToken' => $params['token'], 'wpRemember' => '')));
$loginForm = new LoginForm();
$loginForm->setContext($context);
$authRes = $loginForm->authenticateUserData();
switch ($authRes) {
case LoginForm::SUCCESS:
$user = $context->getUser();
$this->getContext()->setUser($user);
$user->setCookies($this->getRequest(), null, true);
ApiQueryInfo::resetTokenCache();
// Run hooks.
// @todo FIXME: Split back and frontend from this hook.
// @todo FIXME: This hook should be placed in the backend
$injected_html = '';
Hooks::run('UserLoginComplete', array(&$user, &$injected_html));
$result['result'] = 'Success';
$result['lguserid'] = intval($user->getId());
$result['lgusername'] = $user->getName();
$result['lgtoken'] = $user->getToken();
$result['cookieprefix'] = $this->getConfig()->get('CookiePrefix');
$result['sessionid'] = session_id();
break;
case LoginForm::NEED_TOKEN:
$result['result'] = 'NeedToken';
$result['token'] = $loginForm->getLoginToken();
$result['cookieprefix'] = $this->getConfig()->get('CookiePrefix');
$result['sessionid'] = session_id();
break;
case LoginForm::WRONG_TOKEN:
$result['result'] = 'WrongToken';
break;
case LoginForm::NO_NAME:
$result['result'] = 'NoName';
break;
case LoginForm::ILLEGAL:
$result['result'] = 'Illegal';
break;
case LoginForm::WRONG_PLUGIN_PASS:
$result['result'] = 'WrongPluginPass';
break;
case LoginForm::NOT_EXISTS:
$result['result'] = 'NotExists';
break;
// bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
// The e-mailed temporary password should not be used for actual logins.
// bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
// The e-mailed temporary password should not be used for actual logins.
case LoginForm::RESET_PASS:
case LoginForm::WRONG_PASS:
$result['result'] = 'WrongPass';
break;
case LoginForm::EMPTY_PASS:
$result['result'] = 'EmptyPass';
break;
case LoginForm::CREATE_BLOCKED:
$result['result'] = 'CreateBlocked';
$result['details'] = 'Your IP address is blocked from account creation';
$block = $context->getUser()->getBlock();
if ($block) {
$result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block));
}
break;
case LoginForm::THROTTLED:
$result['result'] = 'Throttled';
$throttle = $this->getConfig()->get('PasswordAttemptThrottle');
$result['wait'] = intval($throttle['seconds']);
break;
case LoginForm::USER_BLOCKED:
$result['result'] = 'Blocked';
$block = User::newFromName($params['name'])->getBlock();
if ($block) {
$result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block));
}
break;
case LoginForm::ABORTED:
$result['result'] = 'Aborted';
$result['reason'] = $loginForm->mAbortLoginErrorMsg;
break;
default:
ApiBase::dieDebug(__METHOD__, "Unhandled case value: {$authRes}");
}
$this->getResult()->addValue(null, 'login', $result);
LoggerFactory::getInstance('authmanager')->info('Login attempt', array('event' => 'login', 'successful' => $authRes === LoginForm::SUCCESS, 'status' => LoginForm::$statusCodes[$authRes]));
}
function __construct(Page $page, $request = false)
{
wfDeprecated(__CLASS__, '1.19');
parent::__construct($page);
if ($request !== false) {
$context = new DerivativeContext($this->getContext());
$context->setRequest($request);
$this->context = $context;
}
}
/**
* @param $data array
* @return Status
*/
public function onSubmit(array $data)
{
$title = Title::newFromText($data['title']);
if (!$title) {
return Status::newFatal('collaborationkit-createhub-invalidtitle');
} elseif ($title->exists()) {
// TODO: Add an option to import it to itself as target if the page already exists, archiving the existing page to a subpage (T136475)
return Status::newFatal('collaborationkit-createhub-exists');
} elseif (!$title->userCan('edit') || !$title->userCan('create') || !$title->userCan('editcontentmodel')) {
return Status::newFatal('collaborationhkit-createhub-nopermission');
}
/* Comment this out until it's actually implemented (T135408)
// ACTUAL STUFF HERE
if ( $data['content_source'] !== 'new' ) { // Importing from wikitext
$source = Title::newFromText( $data['source'] );
if ( !$source ) {
return Status::newFatal( 'collaborationkit-createhub-invalidsource' );
}
if ( $data['content_source'] === 'clone' ) {
// Copy another hub
// Just copy some of the bits...
// TODO prefill the actual content
} elseif ( $data['content_source'] === 'import' ) {
// Do some magic based on the source:
// If wikiproject x project: get module list, recreate modules
// If regular page: pull headers
// TODO prefill the actual content
}
// Render preview?
} else {
// ...?
}
*/
$title = Title::newFromText($data['title']);
if (!$title) {
return Status::newFatal('collaborationkit-createhub-invalidtitle');
}
$result = CollaborationHubContentHandler::edit($title, $data['display_name'], $data['icon'], $data['colour'], $data['introduction'], '', [], $this->msg('collaborationkit-createhub-editsummary')->inContentLanguage()->plain(), $this->getContext());
if (!$result->isGood()) {
return $result;
}
$memberListTitle = Title::newFromText($data['title'] . '/' . $this->msg('collaborationkit-hub-pagetitle-members'));
if (!$memberListTitle) {
return Status::newFatal('collaborationkit-createhub-invalidtitle');
}
$memberResult = CollaborationListContentHandler::postMemberList($memberListTitle, $this->msg('collaborationkit-createhub-editsummary')->inContentLanguage()->plain(), $this->getContext());
if (!$memberResult->isGood()) {
return $memberResult;
}
$announcementsTitle = Title::newFromText($data['title'] . '/' . $this->msg('collaborationkit-hub-pagetitle-announcements')->inContentLanguage()->plain());
if (!$announcementsTitle) {
return Status::newFatal('collaborationkit-createhub-invalidtitle');
}
// Ensure that a valid context is provided to the API in unit tests
$context = $this->getContext();
$der = new DerivativeContext($context);
$request = new DerivativeRequest($context->getRequest(), ['action' => 'edit', 'title' => $announcementsTitle->getFullText(), 'text' => "* " . $context->msg('collaborationkit-hub-announcements-initial')->inContentLanguage()->plain() . " ~~~~~", 'summary' => $context->msg('collaborationkit-createhub-editsummary')->inContentLanguage()->plain(), 'token' => $context->getUser()->getEditToken()], true);
$der->setRequest($request);
try {
$api = new ApiMain($der, true);
$api->execute();
} catch (UsageException $e) {
return Status::newFatal($context->msg('collaborationkit-hub-edit-apierror', $e->getCodeString()));
}
// Once all the pages we want to create are created, we send them to the first one
$this->getOutput()->redirect($title->getFullUrl());
return Status::newGood();
}
private function executeQuery($request)
{
$this->mContext->setRequest(new FauxRequest($request, true, $this->mSession));
$this->mTested->execute();
return $this->mTested->getResult()->getData();
}
/**
* Returns a DerivativeContext with the request variables in place
*
* @param $params Array key-value API params
* @param $session Array session data
* @param $user User or null
* @return DerivativeContext
*/
public function newTestContext($params, $session, $user = null)
{
$context = new DerivativeContext($this);
$context->setRequest(new FauxRequest($params, true, $session));
if ($user !== null) {
$context->setUser($user);
}
return $context;
}
public function execute()
{
// If we're in a mode that breaks the same-origin policy, no tokens can
// be obtained
if ($this->lacksSameOriginSecurity()) {
$this->dieUsage('Cannot create account when the same-origin policy is not applied', 'aborted');
}
// $loginForm->addNewaccountInternal will throw exceptions
// if wiki is read only (already handled by api), user is blocked or does not have rights.
// Use userCan in order to hit GlobalBlock checks (according to Special:userlogin)
$loginTitle = SpecialPage::getTitleFor('Userlogin');
if (!$loginTitle->userCan('createaccount', $this->getUser())) {
$this->dieUsage('You do not have the right to create a new account', 'permdenied-createaccount');
}
if ($this->getUser()->isBlockedFromCreateAccount()) {
$this->dieUsage('You cannot create a new account because you are blocked', 'blocked', 0, array('blockinfo' => ApiQueryUserInfo::getBlockInfo($this->getUser()->getBlock())));
}
$params = $this->extractRequestParams();
// Init session if necessary
if (session_id() == '') {
wfSetupSession();
}
if ($params['mailpassword'] && !$params['email']) {
$this->dieUsageMsg('noemail');
}
if ($params['language'] && !Language::isSupportedLanguage($params['language'])) {
$this->dieUsage('Invalid language parameter', 'langinvalid');
}
$context = new DerivativeContext($this->getContext());
$context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('type' => 'signup', 'uselang' => $params['language'], 'wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpRetype' => $params['password'], 'wpDomain' => $params['domain'], 'wpEmail' => $params['email'], 'wpRealName' => $params['realname'], 'wpCreateaccountToken' => $params['token'], 'wpCreateaccount' => $params['mailpassword'] ? null : '1', 'wpCreateaccountMail' => $params['mailpassword'] ? '1' : null)));
$loginForm = new LoginForm();
$loginForm->setContext($context);
Hooks::run('AddNewAccountApiForm', array($this, $loginForm));
$loginForm->load();
$status = $loginForm->addNewaccountInternal();
$result = array();
if ($status->isGood()) {
// Success!
$user = $status->getValue();
if ($params['language']) {
$user->setOption('language', $params['language']);
}
if ($params['mailpassword']) {
// If mailpassword was set, disable the password and send an email.
$user->setPassword(null);
$status->merge($loginForm->mailPasswordInternal($user, false, 'createaccount-title', 'createaccount-text'));
} elseif ($this->getConfig()->get('EmailAuthentication') && Sanitizer::validateEmail($user->getEmail())) {
// Send out an email authentication message if needed
$status->merge($user->sendConfirmationMail());
}
// Save settings (including confirmation token)
$user->saveSettings();
Hooks::run('AddNewAccount', array($user, $params['mailpassword']));
if ($params['mailpassword']) {
$logAction = 'byemail';
} elseif ($this->getUser()->isLoggedIn()) {
$logAction = 'create2';
} else {
$logAction = 'create';
}
$user->addNewUserLogEntry($logAction, (string) $params['reason']);
// Add username, id, and token to result.
$result['username'] = $user->getName();
$result['userid'] = $user->getId();
$result['token'] = $user->getToken();
}
$apiResult = $this->getResult();
if ($status->hasMessage('sessionfailure') || $status->hasMessage('nocookiesfornew')) {
// Token was incorrect, so add it to result, but don't throw an exception
// since not having the correct token is part of the normal
// flow of events.
$result['token'] = LoginForm::getCreateaccountToken();
$result['result'] = 'NeedToken';
} elseif (!$status->isOK()) {
// There was an error. Die now.
$this->dieStatus($status);
} elseif (!$status->isGood()) {
// Status is not good, but OK. This means warnings.
$result['result'] = 'Warning';
// Add any warnings to the result
$warnings = $status->getErrorsByType('warning');
if ($warnings) {
foreach ($warnings as &$warning) {
ApiResult::setIndexedTagName($warning['params'], 'param');
}
ApiResult::setIndexedTagName($warnings, 'warning');
$result['warnings'] = $warnings;
}
} else {
// Everything was fine.
$result['result'] = 'Success';
}
// Give extensions a chance to modify the API result data
Hooks::run('AddNewAccountApiResult', array($this, $loginForm, &$result));
$apiResult->addValue(null, 'createaccount', $result);
}
/**
* Executes the log-in attempt using the parameters passed. If
* the log-in succeeds, it attaches a cookie to the session
* and outputs the user id, username, and session token. If a
* log-in fails, as the result of a bad password, a nonexistent
* user, or any other reason, the host is cached with an expiry
* and no log-in attempts will be accepted until that expiry
* is reached. The expiry is $this->mLoginThrottle.
*/
public function execute()
{
// If we're in a mode that breaks the same-origin policy, no tokens can
// be obtained
if ($this->lacksSameOriginSecurity()) {
$this->getResult()->addValue(null, 'login', ['result' => 'Aborted', 'reason' => 'Cannot log in when the same-origin policy is not applied']);
return;
}
$params = $this->extractRequestParams();
$result = [];
// Make sure session is persisted
$session = MediaWiki\Session\SessionManager::getGlobalSession();
$session->persist();
// Make sure it's possible to log in
if (!$session->canSetUser()) {
$this->getResult()->addValue(null, 'login', ['result' => 'Aborted', 'reason' => 'Cannot log in when using ' . $session->getProvider()->describe(Language::factory('en'))]);
return;
}
$authRes = false;
$context = new DerivativeContext($this->getContext());
$loginType = 'N/A';
// Check login token
$token = $session->getToken('', 'login');
if ($token->wasNew() || !$params['token']) {
$authRes = 'NeedToken';
} elseif (!$token->match($params['token'])) {
$authRes = 'WrongToken';
}
// Try bot passwords
if ($authRes === false && $this->getConfig()->get('EnableBotPasswords') && strpos($params['name'], BotPassword::getSeparator()) !== false) {
$status = BotPassword::login($params['name'], $params['password'], $this->getRequest());
if ($status->isOK()) {
$session = $status->getValue();
$authRes = 'Success';
$loginType = 'BotPassword';
} else {
$authRes = 'Failed';
$message = $status->getMessage();
LoggerFactory::getInstance('authmanager')->info('BotPassword login failed: ' . $status->getWikiText(false, false, 'en'));
}
}
if ($authRes === false) {
if ($this->getConfig()->get('DisableAuthManager')) {
// Non-AuthManager login
$context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), ['wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpDomain' => $params['domain'], 'wpLoginToken' => $params['token'], 'wpRemember' => '']));
$loginForm = new LoginForm();
$loginForm->setContext($context);
$authRes = $loginForm->authenticateUserData();
$loginType = 'LoginForm';
switch ($authRes) {
case LoginForm::SUCCESS:
$authRes = 'Success';
break;
case LoginForm::NEED_TOKEN:
$authRes = 'NeedToken';
break;
}
} else {
// Simplified AuthManager login, for backwards compatibility
$manager = AuthManager::singleton();
$reqs = AuthenticationRequest::loadRequestsFromSubmission($manager->getAuthenticationRequests(AuthManager::ACTION_LOGIN, $this->getUser()), ['username' => $params['name'], 'password' => $params['password'], 'domain' => $params['domain'], 'rememberMe' => true]);
$res = AuthManager::singleton()->beginAuthentication($reqs, 'null:');
switch ($res->status) {
case AuthenticationResponse::PASS:
if ($this->getConfig()->get('EnableBotPasswords')) {
$warn = 'Main-account login via action=login is deprecated and may stop working ' . 'without warning.';
$warn .= ' To continue login with action=login, see [[Special:BotPasswords]].';
$warn .= ' To safely continue using main-account login, see action=clientlogin.';
} else {
$warn = 'Login via action=login is deprecated and may stop working without warning.';
$warn .= ' To safely log in, see action=clientlogin.';
}
$this->setWarning($warn);
$authRes = 'Success';
$loginType = 'AuthManager';
break;
case AuthenticationResponse::FAIL:
// Hope it's not a PreAuthenticationProvider that failed...
$authRes = 'Failed';
$message = $res->message;
\MediaWiki\Logger\LoggerFactory::getInstance('authentication')->info(__METHOD__ . ': Authentication failed: ' . $message->plain());
break;
default:
$authRes = 'Aborted';
break;
}
}
}
$result['result'] = $authRes;
switch ($authRes) {
case 'Success':
if ($this->getConfig()->get('DisableAuthManager')) {
$user = $context->getUser();
$this->getContext()->setUser($user);
$user->setCookies($this->getRequest(), null, true);
} else {
$user = $session->getUser();
}
ApiQueryInfo::resetTokenCache();
// Deprecated hook
$injected_html = '';
Hooks::run('UserLoginComplete', [&$user, &$injected_html]);
$result['lguserid'] = intval($user->getId());
$result['lgusername'] = $user->getName();
// @todo: These are deprecated, and should be removed at some
// point (1.28 at the earliest, and see T121527). They were ok
// when the core cookie-based login was the only thing, but
// CentralAuth broke that a while back and
// SessionManager/AuthManager *really* break it.
$result['lgtoken'] = $user->getToken();
$result['cookieprefix'] = $this->getConfig()->get('CookiePrefix');
$result['sessionid'] = $session->getId();
break;
case 'NeedToken':
$result['token'] = $token->toString();
$this->setWarning('Fetching a token via action=login is deprecated. ' . 'Use action=query&meta=tokens&type=login instead.');
$this->logFeatureUsage('action=login&!lgtoken');
// @todo: See above about deprecation
$result['cookieprefix'] = $this->getConfig()->get('CookiePrefix');
$result['sessionid'] = $session->getId();
break;
case 'WrongToken':
break;
case 'Failed':
$result['reason'] = $message->useDatabase('false')->inLanguage('en')->text();
break;
case 'Aborted':
$result['reason'] = 'Authentication requires user interaction, ' . 'which is not supported by action=login.';
if ($this->getConfig()->get('EnableBotPasswords')) {
$result['reason'] .= ' To be able to login with action=login, see [[Special:BotPasswords]].';
$result['reason'] .= ' To continue using main-account login, see action=clientlogin.';
} else {
$result['reason'] .= ' To log in, see action=clientlogin.';
}
break;
// Results from LoginForm for when $wgDisableAuthManager is true
// Results from LoginForm for when $wgDisableAuthManager is true
case LoginForm::WRONG_TOKEN:
$result['result'] = 'WrongToken';
break;
case LoginForm::NO_NAME:
$result['result'] = 'NoName';
break;
case LoginForm::ILLEGAL:
$result['result'] = 'Illegal';
break;
case LoginForm::WRONG_PLUGIN_PASS:
$result['result'] = 'WrongPluginPass';
break;
case LoginForm::NOT_EXISTS:
$result['result'] = 'NotExists';
break;
// bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
// The e-mailed temporary password should not be used for actual logins.
// bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
// The e-mailed temporary password should not be used for actual logins.
case LoginForm::RESET_PASS:
case LoginForm::WRONG_PASS:
$result['result'] = 'WrongPass';
break;
case LoginForm::EMPTY_PASS:
$result['result'] = 'EmptyPass';
break;
case LoginForm::CREATE_BLOCKED:
$result['result'] = 'CreateBlocked';
$result['details'] = 'Your IP address is blocked from account creation';
$block = $context->getUser()->getBlock();
if ($block) {
$result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block));
}
break;
case LoginForm::THROTTLED:
$result['result'] = 'Throttled';
$result['wait'] = intval($loginForm->mThrottleWait);
break;
case LoginForm::USER_BLOCKED:
$result['result'] = 'Blocked';
$block = User::newFromName($params['name'])->getBlock();
if ($block) {
$result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block));
}
break;
case LoginForm::ABORTED:
$result['result'] = 'Aborted';
$result['reason'] = $loginForm->mAbortLoginErrorMsg;
break;
default:
ApiBase::dieDebug(__METHOD__, "Unhandled case value: {$authRes}");
}
$this->getResult()->addValue(null, 'login', $result);
if ($loginType === 'LoginForm' && isset(LoginForm::$statusCodes[$authRes])) {
$authRes = LoginForm::$statusCodes[$authRes];
}
LoggerFactory::getInstance('authmanager')->info('Login attempt', ['event' => 'login', 'successful' => $authRes === 'Success', 'loginType' => $loginType, 'status' => $authRes]);
}
/**
* Parse a 'continue' parameter and return status information.
*
* This must be balanced by a call to endContinuation().
*
* @since 1.24
* @deprecated since 1.25, use ApiContinuationManager instead
* @param string|null $continue
* @param ApiBase[] $allModules
* @param array $generatedModules
* @return array
*/
public function beginContinuation($continue, array $allModules = array(), array $generatedModules = array())
{
wfDeprecated(__METHOD__, '1.25');
if ($this->mainForContinuation->getContinuationManager()) {
throw new UnexpectedValueException(__METHOD__ . ': Continuation already in progress from ' . $this->mainForContinuation->getContinuationManager()->getSource());
}
// Ugh. If $continue doesn't match that in the request, temporarily
// replace the request when creating the ApiContinuationManager.
if ($continue === null) {
$continue = '';
}
if ($this->mainForContinuation->getVal('continue', '') !== $continue) {
$oldCtx = $this->mainForContinuation->getContext();
$newCtx = new DerivativeContext($oldCtx);
$newCtx->setRequest(new DerivativeRequest($oldCtx->getRequest(), array('continue' => $continue) + $oldCtx->getRequest()->getValues(), $oldCtx->getRequest()->wasPosted()));
$this->mainForContinuation->setContext($newCtx);
$reset = new ScopedCallback(array($this->mainForContinuation, 'setContext'), array($oldCtx));
}
$manager = new ApiContinuationManager($this->mainForContinuation, $allModules, $generatedModules);
$reset = null;
$this->mainForContinuation->setContinuationManager($manager);
return array($manager->isGeneratorDone(), $manager->getRunModules());
}
/**
* Executes the log-in attempt using the parameters passed. If
* the log-in succeeds, it attaches a cookie to the session
* and outputs the user id, username, and session token. If a
* log-in fails, as the result of a bad password, a nonexistent
* user, or any other reason, the host is cached with an expiry
* and no log-in attempts will be accepted until that expiry
* is reached. The expiry is $this->mLoginThrottle.
*/
public function execute()
{
// If we're in a mode that breaks the same-origin policy, no tokens can
// be obtained
if ($this->lacksSameOriginSecurity()) {
$this->getResult()->addValue(null, 'login', array('result' => 'Aborted', 'reason' => 'Cannot log in when the same-origin policy is not applied'));
return;
}
$params = $this->extractRequestParams();
$result = array();
// Make sure session is persisted
$session = MediaWiki\Session\SessionManager::getGlobalSession();
$session->persist();
// Make sure it's possible to log in
if (!$session->canSetUser()) {
$this->getResult()->addValue(null, 'login', array('result' => 'Aborted', 'reason' => 'Cannot log in when using ' . $session->getProvider()->describe(Language::factory('en'))));
return;
}
$authRes = false;
$context = new DerivativeContext($this->getContext());
$loginType = 'N/A';
// Check login token
$token = LoginForm::getLoginToken();
if (!$token) {
LoginForm::setLoginToken();
$authRes = LoginForm::NEED_TOKEN;
} elseif (!$params['token']) {
$authRes = LoginForm::NEED_TOKEN;
} elseif ($token !== $params['token']) {
$authRes = LoginForm::WRONG_TOKEN;
}
// Try bot passwords
if ($authRes === false && $this->getConfig()->get('EnableBotPasswords') && strpos($params['name'], BotPassword::getSeparator()) !== false) {
$status = BotPassword::login($params['name'], $params['password'], $this->getRequest());
if ($status->isOk()) {
$session = $status->getValue();
$authRes = LoginForm::SUCCESS;
$loginType = 'BotPassword';
} else {
LoggerFactory::getInstance('authmanager')->info('BotPassword login failed: ' . $status->getWikiText());
}
}
// Normal login
if ($authRes === false) {
$context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpDomain' => $params['domain'], 'wpLoginToken' => $params['token'], 'wpRemember' => '')));
$loginForm = new LoginForm();
$loginForm->setContext($context);
$authRes = $loginForm->authenticateUserData();
$loginType = 'LoginForm';
}
switch ($authRes) {
case LoginForm::SUCCESS:
$user = $context->getUser();
$this->getContext()->setUser($user);
$user->setCookies($this->getRequest(), null, true);
ApiQueryInfo::resetTokenCache();
// Run hooks.
// @todo FIXME: Split back and frontend from this hook.
// @todo FIXME: This hook should be placed in the backend
$injected_html = '';
Hooks::run('UserLoginComplete', array(&$user, &$injected_html));
$result['result'] = 'Success';
$result['lguserid'] = intval($user->getId());
$result['lgusername'] = $user->getName();
// @todo: These are deprecated, and should be removed at some
// point (1.28 at the earliest, and see T121527). They were ok
// when the core cookie-based login was the only thing, but
// CentralAuth broke that a while back and
// SessionManager/AuthManager are *really* going to break it.
$result['lgtoken'] = $user->getToken();
$result['cookieprefix'] = $this->getConfig()->get('CookiePrefix');
$result['sessionid'] = $session->getId();
break;
case LoginForm::NEED_TOKEN:
$result['result'] = 'NeedToken';
$result['token'] = LoginForm::getLoginToken();
// @todo: See above about deprecation
$result['cookieprefix'] = $this->getConfig()->get('CookiePrefix');
$result['sessionid'] = $session->getId();
break;
case LoginForm::WRONG_TOKEN:
$result['result'] = 'WrongToken';
break;
case LoginForm::NO_NAME:
$result['result'] = 'NoName';
break;
case LoginForm::ILLEGAL:
$result['result'] = 'Illegal';
break;
case LoginForm::WRONG_PLUGIN_PASS:
$result['result'] = 'WrongPluginPass';
break;
case LoginForm::NOT_EXISTS:
$result['result'] = 'NotExists';
break;
// bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
// The e-mailed temporary password should not be used for actual logins.
// bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
// The e-mailed temporary password should not be used for actual logins.
case LoginForm::RESET_PASS:
case LoginForm::WRONG_PASS:
$result['result'] = 'WrongPass';
break;
case LoginForm::EMPTY_PASS:
$result['result'] = 'EmptyPass';
break;
case LoginForm::CREATE_BLOCKED:
$result['result'] = 'CreateBlocked';
$result['details'] = 'Your IP address is blocked from account creation';
$block = $context->getUser()->getBlock();
if ($block) {
$result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block));
}
break;
case LoginForm::THROTTLED:
$result['result'] = 'Throttled';
$throttle = $this->getConfig()->get('PasswordAttemptThrottle');
$result['wait'] = intval($throttle['seconds']);
break;
case LoginForm::USER_BLOCKED:
$result['result'] = 'Blocked';
$block = User::newFromName($params['name'])->getBlock();
if ($block) {
$result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block));
}
break;
case LoginForm::ABORTED:
$result['result'] = 'Aborted';
$result['reason'] = $loginForm->mAbortLoginErrorMsg;
break;
default:
ApiBase::dieDebug(__METHOD__, "Unhandled case value: {$authRes}");
}
$this->getResult()->addValue(null, 'login', $result);
LoggerFactory::getInstance('authmanager')->info('Login attempt', array('event' => 'login', 'successful' => $authRes === LoginForm::SUCCESS, 'loginType' => $loginType, 'status' => LoginForm::$statusCodes[$authRes]));
}
public function execute()
{
// $loginForm->addNewaccountInternal will throw exceptions
// if wiki is read only (already handled by api), user is blocked or does not have rights.
// Use userCan in order to hit GlobalBlock checks (according to Special:userlogin)
$loginTitle = SpecialPage::getTitleFor('Userlogin');
if (!$loginTitle->userCan('createaccount', $this->getUser())) {
$this->dieUsage('You do not have the right to create a new account', 'permdenied-createaccount');
}
if ($this->getUser()->isBlockedFromCreateAccount()) {
$this->dieUsage('You cannot create a new account because you are blocked', 'blocked');
}
$params = $this->extractRequestParams();
$result = array();
// Init session if necessary
if (session_id() == '') {
wfSetupSession();
}
if ($params['mailpassword'] && !$params['email']) {
$this->dieUsageMsg('noemail');
}
$context = new DerivativeContext($this->getContext());
$context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('type' => 'signup', 'uselang' => $params['language'], 'wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpRetype' => $params['password'], 'wpDomain' => $params['domain'], 'wpEmail' => $params['email'], 'wpRealName' => $params['realname'], 'wpCreateaccountToken' => $params['token'], 'wpCreateaccount' => $params['mailpassword'] ? null : '1', 'wpCreateaccountMail' => $params['mailpassword'] ? '1' : null)));
$loginForm = new LoginForm();
$loginForm->setContext($context);
$loginForm->load();
$status = $loginForm->addNewaccountInternal();
$result = array();
if ($status->isGood()) {
// Success!
$user = $status->getValue();
// If we showed up language selection links, and one was in use, be
// smart (and sensible) and save that language as the user's preference
global $wgLoginLanguageSelector, $wgEmailAuthentication;
if ($wgLoginLanguageSelector && $params['language']) {
$user->setOption('language', $params['language']);
}
if ($params['mailpassword']) {
// If mailpassword was set, disable the password and send an email.
$user->setPassword(null);
$status->merge($loginForm->mailPasswordInternal($user, false, 'createaccount-title', 'createaccount-text'));
} elseif ($wgEmailAuthentication && Sanitizer::validateEmail($user->getEmail())) {
// Send out an email authentication message if needed
$status->merge($user->sendConfirmationMail());
}
// Save settings (including confirmation token)
$user->saveSettings();
wfRunHooks('AddNewAccount', array($user, $params['mailpassword']));
if ($params['mailpassword']) {
$logAction = 'byemail';
} elseif ($this->getUser()->isLoggedIn()) {
$logAction = 'create2';
} else {
$logAction = 'create';
}
$user->addNewUserLogEntry($logAction, (string) $params['reason']);
// Add username, id, and token to result.
$result['username'] = $user->getName();
$result['userid'] = $user->getId();
$result['token'] = $user->getToken();
}
$apiResult = $this->getResult();
if ($status->hasMessage('sessionfailure') || $status->hasMessage('nocookiesfornew')) {
// Token was incorrect, so add it to result, but don't throw an exception
// since not having the correct token is part of the normal
// flow of events.
$result['token'] = LoginForm::getCreateaccountToken();
$result['result'] = 'needtoken';
} elseif (!$status->isOK()) {
// There was an error. Die now.
// Cannot use dieUsageMsg() directly because extensions
// might return custom error messages.
$errors = $status->getErrorsArray();
if ($errors[0] instanceof Message) {
$code = 'aborted';
$desc = $errors[0];
} else {
$code = array_shift($errors[0]);
$desc = wfMessage($code, $errors[0]);
}
$this->dieUsage($desc, $code);
} elseif (!$status->isGood()) {
// Status is not good, but OK. This means warnings.
$result['result'] = 'warning';
// Add any warnings to the result
$warnings = $status->getErrorsByType('warning');
if ($warnings) {
foreach ($warnings as &$warning) {
$apiResult->setIndexedTagName($warning['params'], 'param');
}
$apiResult->setIndexedTagName($warnings, 'warning');
$result['warnings'] = $warnings;
}
} else {
// Everything was fine.
$result['result'] = 'success';
}
$apiResult->addValue(null, 'createaccount', $result);
}
/**
* Generates a form from the given request.
* @param AuthenticationRequest[] $requests
* @param string $action AuthManager action name
* @param string|Message $msg
* @param string $msgType
* @return HTMLForm
*/
protected function getAuthForm(array $requests, $action, $msg = '', $msgType = 'error')
{
global $wgSecureLogin, $wgLoginLanguageSelector;
// FIXME merge this with parent
if (isset($this->authForm)) {
return $this->authForm;
}
$usingHTTPS = $this->getRequest()->getProtocol() === 'https';
// get basic form description from the auth logic
$fieldInfo = AuthenticationRequest::mergeFieldInfo($requests);
$fakeTemplate = $this->getFakeTemplate($msg, $msgType);
$this->fakeTemplate = $fakeTemplate;
// FIXME there should be a saner way to pass this to the hook
// this will call onAuthChangeFormFields()
$formDescriptor = static::fieldInfoToFormDescriptor($requests, $fieldInfo, $this->authAction);
$this->postProcessFormDescriptor($formDescriptor);
$context = $this->getContext();
if ($context->getRequest() !== $this->getRequest()) {
// We have overridden the request, need to make sure the form uses that too.
$context = new DerivativeContext($this->getContext());
$context->setRequest($this->getRequest());
}
$form = HTMLForm::factory('vform', $formDescriptor, $context);
$form->addHiddenField('authAction', $this->authAction);
if ($wgLoginLanguageSelector) {
$form->addHiddenField('uselang', $this->mLanguage);
}
$form->addHiddenField('force', $this->securityLevel);
$form->addHiddenField($this->getTokenName(), $this->getToken()->toString());
if ($wgSecureLogin) {
// If using HTTPS coming from HTTP, then the 'fromhttp' parameter must be preserved
if (!$this->isSignup()) {
$form->addHiddenField('wpForceHttps', (int) $this->mStickHTTPS);
$form->addHiddenField('wpFromhttp', $usingHTTPS);
}
}
// set properties of the form itself
$form->setAction($this->getPageTitle()->getLocalURL($this->getReturnToQueryStringFragment()));
$form->setName('userlogin' . ($this->isSignup() ? '2' : ''));
if ($this->isSignup()) {
$form->setId('userlogin2');
}
// add pre/post text
// header used by ConfirmEdit, CondfirmAccount, Persona, WikimediaIncubator, SemanticSignup
// should be above the error message but HTMLForm doesn't support that
$form->addHeaderText($fakeTemplate->html('header'));
// FIXME the old form used this for error/warning messages which does not play well with
// HTMLForm (maybe it could with a subclass?); for now only display it for signups
// (where the JS username validation needs it) and alway empty
if ($this->isSignup()) {
// used by the mediawiki.special.userlogin.signup.js module
$statusAreaAttribs = ['id' => 'mw-createacct-status-area'];
// $statusAreaAttribs += $msg ? [ 'class' => "{$msgType}box" ] : [ 'style' => 'display: none;' ];
$form->addHeaderText(Html::element('div', $statusAreaAttribs));
}
// header used by MobileFrontend
$form->addHeaderText($fakeTemplate->html('formheader'));
// blank signup footer for site customization
if ($this->isSignup() && $this->showExtraInformation()) {
// Use signupend-https for HTTPS requests if it's not blank, signupend otherwise
$signupendMsg = $this->msg('signupend');
$signupendHttpsMsg = $this->msg('signupend-https');
if (!$signupendMsg->isDisabled()) {
$signupendText = $usingHTTPS && !$signupendHttpsMsg->isBlank() ? $signupendHttpsMsg->parse() : $signupendMsg->parse();
$form->addPostText(Html::rawElement('div', ['id' => 'signupend'], $signupendText));
}
}
// warning header for non-standard workflows (e.g. security reauthentication)
if (!$this->isSignup() && $this->getUser()->isLoggedIn()) {
$reauthMessage = $this->securityLevel ? 'userlogin-reauth' : 'userlogin-loggedin';
$form->addHeaderText(Html::rawElement('div', ['class' => 'warningbox'], $this->msg($reauthMessage)->params($this->getUser()->getName())->parse()));
}
if (!$this->isSignup() && $this->showExtraInformation()) {
$passwordReset = new PasswordReset($this->getConfig(), AuthManager::singleton());
if ($passwordReset->isAllowed($this->getUser())) {
$form->addFooterText(Html::rawElement('div', ['class' => 'mw-ui-vform-field mw-form-related-link-container'], Linker::link(SpecialPage::getTitleFor('PasswordReset'), $this->msg('userlogin-resetpassword-link')->escaped())));
}
// Don't show a "create account" link if the user can't.
if ($this->showCreateAccountLink()) {
// link to the other action
$linkTitle = $this->getTitleFor($this->isSignup() ? 'Userlogin' : 'CreateAccount');
$linkq = $this->getReturnToQueryStringFragment();
// Pass any language selection on to the mode switch link
if ($wgLoginLanguageSelector && $this->mLanguage) {
$linkq .= '&uselang=' . $this->mLanguage;
}
$createOrLoginHref = $linkTitle->getLocalURL($linkq);
if ($this->getUser()->isLoggedIn()) {
$createOrLoginHtml = Html::rawElement('div', ['class' => 'mw-ui-vform-field'], Html::element('a', ['id' => 'mw-createaccount-join', 'href' => $createOrLoginHref, 'tabindex' => 100], $this->msg('userlogin-createanother')->escaped()));
} else {
$createOrLoginHtml = Html::rawElement('div', ['id' => 'mw-createaccount-cta', 'class' => 'mw-ui-vform-field'], $this->msg('userlogin-noaccount')->escaped() . Html::element('a', ['id' => 'mw-createaccount-join', 'href' => $createOrLoginHref, 'class' => 'mw-ui-button', 'tabindex' => 100], $this->msg('userlogin-joinproject')->escaped()));
}
$form->addFooterText($createOrLoginHtml);
}
}
$form->suppressDefaultSubmit();
$this->authForm = $form;
return $form;
}
/**
* Edit a Collaboration Hub via the edit API
* @param $title Title
* @param $displayName string
* @param $icon string
* @param $colour string
* @param $introduction string
* @param $footer string
* @param $content array
* @param $summary string Message key for edit summary
* @param $context IContextSource The calling context
* @return Status
*/
public static function edit(Title $title, $displayName, $image, $colour, $introduction, $footer, $content, $summary, IContextSource $context)
{
$contentBlock = ['display_name' => $displayName, 'introduction' => $introduction, 'footer' => $footer, 'image' => $image, 'colour' => $colour, 'content' => $content];
// TODO Do content
$jsonText = FormatJson::encode($contentBlock);
if ($jsonText === null) {
return Status::newFatal('collaborationkit-hub-edit-tojsonerror');
}
// Ensure that a valid context is provided to the API in unit tests
$der = new DerivativeContext($context);
$request = new DerivativeRequest($context->getRequest(), ['action' => 'edit', 'title' => $title->getFullText(), 'contentmodel' => 'CollaborationHubContent', 'text' => $jsonText, 'summary' => $summary, 'token' => $context->getUser()->getEditToken()], true);
$der->setRequest($request);
try {
$api = new ApiMain($der, true);
$api->execute();
} catch (UsageException $e) {
return Status::newFatal($context->msg('collaborationkit-hub-edit-apierror', $e->getCodeString()));
}
return Status::newGood();
}
/**
* @param array $data
* @return Status
*/
public function onSubmit(array $data)
{
$collaborationHub = $data['collaborationhub'];
$featureName = $data['featurename'];
$titleText = $collaborationHub . '/' . $featureName;
$title = Title::newFromText($titleText);
if (!$title) {
return Status::newFatal('collaborationkit-createhubfeature-invalidtitle');
} elseif ($title->exists()) {
return Status::newFatal('collaborationkit-createhubfeature-exists');
} elseif (!$title->userCan('edit') || !$title->userCan('create') || !$title->userCan('editcontentmodel')) {
return Status::newFatal('collaborationkit-createhubfeature-nopermission');
}
// Update hub with link to new feature
$newFeature = ['title' => $titleText, 'display_title' => $featureName];
if ($data['icon']) {
$newFeature['image'] = $data['icon'];
}
$hubTitleObject = Title::newFromText($collaborationHub);
if (!$hubTitleObject->exists()) {
return Status::newFatal('collaborationkit-createhubfeature-hubdoesnotexist');
}
if ($hubTitleObject->getContentModel() != "CollaborationHubContent") {
return Status::newFatal('collaborationkit-createhubfeature-hubisnotahub');
}
$hubWikiPageObject = WikiPage::factory($hubTitleObject);
$hubRawContent = $hubWikiPageObject->getContent();
$hubContent = json_decode($hubRawContent->serialize(), true);
// Don't actually update the hub if the hub includes the feature.
$found = false;
foreach ($hubContent['content'] as $c) {
if ($c['title'] === $titleText) {
$found = true;
break;
}
}
if (!$found) {
$hubContent['content'][] = $newFeature;
$newHubRawContent = json_encode($hubContent);
$editHubSummary = $this->msg('collaborationkit-createhubfeature-hubeditsummary', $featureName)->plain();
$context = $this->getContext();
$der = new DerivativeContext($context);
$request = new DerivativeRequest($context->getRequest(), ['action' => 'edit', 'title' => $hubTitleObject->getFullText(), 'contentmodel' => 'CollaborationHubContent', 'text' => $newHubRawContent, 'summary' => $editHubSummary, 'token' => $context->getUser()->getEditToken()], true);
$der->setRequest($request);
try {
$api = new ApiMain($der, true);
$api->execute();
} catch (UsageException $e) {
return Status::newFatal($context->msg('collaborationkit-hub-edit-apierror', $e->getCodeString()));
}
}
// Create feature
$contentModel = $data['contenttype'];
if ($contentModel != 'wikitext' && $contentModel != 'CollaborationListContent') {
return Status::newFatal('collaborationkit-createhubfeature-invalidcontenttype');
}
if ($contentModel == 'wikitext') {
$contentFormat = 'text/x-wiki';
} elseif ($contentModel == 'CollaborationListContent') {
$contentFormat = 'application/json';
} else {
return Status::newFatal('collaborationkit-createhubfeature-invalidcontenttype');
}
$initialContent = '';
// Create empty page by default; exception is if there needs to be something such as JSON.
if ($contentModel == 'CollaborationListContent') {
// FIXME why are we redefining this here? Can't we reuse something from collaborationlistcontenthandler, which already has default content?
$initialContent = '{ "columns": [ { "items":[], "options":{}, "description":"" } ] }';
}
$summary = $this->msg('collaborationkit-createhubfeature-editsummary')->plain();
$context = $this->getContext();
$der = new DerivativeContext($context);
$request = new DerivativeRequest($context->getRequest(), ['action' => 'edit', 'title' => $title->getFullText(), 'contentmodel' => $contentModel, 'contentformat' => $contentFormat, 'text' => $initialContent, 'summary' => $summary, 'token' => $context->getUser()->getEditToken()], true);
$der->setRequest($request);
try {
$api = new ApiMain($der, true);
$api->execute();
} catch (UsageException $e) {
return Status::newFatal($context->msg('collaborationkit-hub-edit-apierror', $e->getCodeString()));
}
// Once all the pages we want to create are created, we send them to the first one
$this->getOutput()->redirect($title->getFullUrl());
return Status::newGood();
}
/**
* Executes the log-in attempt using the parameters passed. If
* the log-in succeeeds, it attaches a cookie to the session
* and outputs the user id, username, and session token. If a
* log-in fails, as the result of a bad password, a nonexistent
* user, or any other reason, the host is cached with an expiry
* and no log-in attempts will be accepted until that expiry
* is reached. The expiry is $this->mLoginThrottle.
*/
public function execute()
{
$params = $this->extractRequestParams();
$result = array();
// Init session if necessary
if (session_id() == '') {
wfSetupSession();
}
$context = new DerivativeContext($this->getContext());
$context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpDomain' => $params['domain'], 'wpLoginToken' => $params['token'], 'wpRemember' => '')));
$loginForm = new LoginForm();
$loginForm->setContext($context);
global $wgCookiePrefix, $wgPasswordAttemptThrottle;
$authRes = $loginForm->authenticateUserData();
switch ($authRes) {
case LoginForm::SUCCESS:
$user = $context->getUser();
$this->getContext()->setUser($user);
$user->setOption('rememberpassword', 1);
$user->setCookies($this->getRequest());
ApiQueryInfo::resetTokenCache();
// Run hooks.
// @todo FIXME: Split back and frontend from this hook.
// @todo FIXME: This hook should be placed in the backend
$injected_html = '';
wfRunHooks('UserLoginComplete', array(&$user, &$injected_html));
$result['result'] = 'Success';
$result['lguserid'] = intval($user->getId());
$result['lgusername'] = $user->getName();
$result['lgtoken'] = $user->getToken();
$result['cookieprefix'] = $wgCookiePrefix;
$result['sessionid'] = session_id();
break;
case LoginForm::NEED_TOKEN:
$result['result'] = 'NeedToken';
$result['token'] = $loginForm->getLoginToken();
$result['cookieprefix'] = $wgCookiePrefix;
$result['sessionid'] = session_id();
break;
case LoginForm::WRONG_TOKEN:
$result['result'] = 'WrongToken';
break;
case LoginForm::NO_NAME:
$result['result'] = 'NoName';
break;
case LoginForm::ILLEGAL:
$result['result'] = 'Illegal';
break;
case LoginForm::WRONG_PLUGIN_PASS:
$result['result'] = 'WrongPluginPass';
break;
case LoginForm::NOT_EXISTS:
$result['result'] = 'NotExists';
break;
case LoginForm::RESET_PASS:
// bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin - "The e-mailed temporary password should not be used for actual logins;"
// bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin - "The e-mailed temporary password should not be used for actual logins;"
case LoginForm::WRONG_PASS:
$result['result'] = 'WrongPass';
break;
case LoginForm::EMPTY_PASS:
$result['result'] = 'EmptyPass';
break;
case LoginForm::CREATE_BLOCKED:
$result['result'] = 'CreateBlocked';
$result['details'] = 'Your IP address is blocked from account creation';
break;
case LoginForm::THROTTLED:
$result['result'] = 'Throttled';
$result['wait'] = intval($wgPasswordAttemptThrottle['seconds']);
break;
case LoginForm::USER_BLOCKED:
$result['result'] = 'Blocked';
break;
case LoginForm::ABORTED:
$result['result'] = 'Aborted';
$result['reason'] = $loginForm->mAbortLoginErrorMsg;
break;
default:
ApiBase::dieDebug(__METHOD__, "Unhandled case value: {$authRes}");
}
$this->getResult()->addValue(null, 'login', $result);
}
public function testGetActionName_whenCanNotUseWikiPage_defaultsToView()
{
$request = new FauxRequest(array('action' => 'edit'));
$context = new DerivativeContext(RequestContext::getMain());
$context->setRequest($request);
$actionName = Action::getActionName($context);
$this->assertEquals('view', $actionName);
}
