public function execute() { if (!$this->getUser()->isLoggedIn()) { $this->dieUsage('Must be logged in to link accounts', 'notloggedin'); } $params = $this->extractRequestParams(); $this->requireAtLeastOneParameter($params, 'continue', 'returnurl'); if ($params['returnurl'] !== null) { $bits = wfParseUrl($params['returnurl']); if (!$bits || $bits['scheme'] === '') { $encParamName = $this->encodeParamName('returnurl'); $this->dieUsage("Invalid value '{$params['returnurl']}' for url parameter {$encParamName}", "badurl_{$encParamName}"); } } $helper = new ApiAuthManagerHelper($this); $manager = AuthManager::singleton(); // Check security-sensitive operation status $helper->securitySensitiveOperation('LinkAccounts'); // Make sure it's possible to link accounts if (!$manager->canLinkAccounts()) { $this->getResult()->addValue(null, 'linkaccount', $helper->formatAuthenticationResponse(AuthenticationResponse::newFail($this->msg('userlogin-cannot-' . AuthManager::ACTION_LINK)))); return; } // Perform the link step if ($params['continue']) { $reqs = $helper->loadAuthenticationRequests(AuthManager::ACTION_LINK_CONTINUE); $res = $manager->continueAccountLink($reqs); } else { $reqs = $helper->loadAuthenticationRequests(AuthManager::ACTION_LINK); $res = $manager->beginAccountLink($this->getUser(), $reqs, $params['returnurl']); } $this->getResult()->addValue(null, 'linkaccount', $helper->formatAuthenticationResponse($res)); }
public function execute() { $params = $this->extractRequestParams(); $this->requireAtLeastOneParameter($params, 'continue', 'returnurl'); if ($params['returnurl'] !== null) { $bits = wfParseUrl($params['returnurl']); if (!$bits || $bits['scheme'] === '') { $encParamName = $this->encodeParamName('returnurl'); $this->dieUsage("Invalid value '{$params['returnurl']}' for url parameter {$encParamName}", "badurl_{$encParamName}"); } } $helper = new ApiAuthManagerHelper($this); $manager = AuthManager::singleton(); // Make sure it's possible to log in if (!$manager->canAuthenticateNow()) { $this->getResult()->addValue(null, 'clientlogin', $helper->formatAuthenticationResponse(AuthenticationResponse::newFail($this->msg('userlogin-cannot-' . AuthManager::ACTION_LOGIN)))); return; } // Perform the login step if ($params['continue']) { $reqs = $helper->loadAuthenticationRequests(AuthManager::ACTION_LOGIN_CONTINUE); $res = $manager->continueAuthentication($reqs); } else { $reqs = $helper->loadAuthenticationRequests(AuthManager::ACTION_LOGIN); if ($params['preservestate']) { $req = $helper->getPreservedRequest(); if ($req) { $reqs[] = $req; } } $res = $manager->beginAuthentication($reqs, $params['returnurl']); } $this->getResult()->addValue(null, 'clientlogin', $helper->formatAuthenticationResponse($res)); }
public function execute() { $params = $this->extractRequestParams(); $this->requireAtLeastOneParameter($params, 'continue', 'returnurl'); if ($params['returnurl'] !== null) { $bits = wfParseUrl($params['returnurl']); if (!$bits || $bits['scheme'] === '') { $encParamName = $this->encodeParamName('returnurl'); $this->dieUsage("Invalid value '{$params['returnurl']}' for url parameter {$encParamName}", "badurl_{$encParamName}"); } } $helper = new ApiAuthManagerHelper($this); $manager = AuthManager::singleton(); // Make sure it's possible to log in if (!$manager->canAuthenticateNow()) { $this->getResult()->addValue(null, 'clientlogin', $helper->formatAuthenticationResponse(AuthenticationResponse::newFail($this->msg('userlogin-cannot-' . AuthManager::ACTION_LOGIN)))); $helper->logAuthenticationResult('login', 'userlogin-cannot-' . AuthManager::ACTION_LOGIN); return; } // Perform the login step if ($params['continue']) { $reqs = $helper->loadAuthenticationRequests(AuthManager::ACTION_LOGIN_CONTINUE); $res = $manager->continueAuthentication($reqs); } else { $reqs = $helper->loadAuthenticationRequests(AuthManager::ACTION_LOGIN); if ($params['preservestate']) { $req = $helper->getPreservedRequest(); if ($req) { $reqs[] = $req; } } $res = $manager->beginAuthentication($reqs, $params['returnurl']); } // Remove CreateFromLoginAuthenticationRequest from $res->neededRequests. // It's there so a RESTART treated as UI will work right, but showing // it to the API client is just confusing. $res->neededRequests = ApiAuthManagerHelper::blacklistAuthenticationRequests($res->neededRequests, [CreateFromLoginAuthenticationRequest::class]); $this->getResult()->addValue(null, 'clientlogin', $helper->formatAuthenticationResponse($res)); $helper->logAuthenticationResult('login', $res); }
public function execute() { if (!$this->getUser()->isLoggedIn()) { $this->dieUsage('Must be logged in to change authentication data', 'notloggedin'); } $helper = new ApiAuthManagerHelper($this); $manager = AuthManager::singleton(); // Check security-sensitive operation status $helper->securitySensitiveOperation('ChangeCredentials'); // Fetch the request $reqs = ApiAuthManagerHelper::blacklistAuthenticationRequests($helper->loadAuthenticationRequests(AuthManager::ACTION_CHANGE), $this->getConfig()->get('ChangeCredentialsBlacklist')); if (count($reqs) !== 1) { $this->dieUsage('Failed to create change request', 'badrequest'); } $req = reset($reqs); // Make the change $status = $manager->allowsAuthenticationDataChange($req, true); if (!$status->isGood()) { $this->dieStatus($status); } $manager->changeAuthenticationData($req); $this->getResult()->addValue(null, 'changeauthenticationdata', ['status' => 'success']); }