/**
* Given a username, returns one of several codes to indicate whether it is valid to be a NEW username or not.
*
* Codes:
* - OK: A user with this username may be created.
* - INVALID: This is not a valid username. This may mean that it is too long or has characters that aren't permitted, etc.
* - EXISTS: A user with this name, so you cannot create one with this name.
*
* TODO: Is this a duplicate of user::isCreatableName()? It is important to note that wgWikiaMaxNameChars may be less than wgMaxNameChars which
* is intentional because there are some long usernames that were created when only wgMaxNameChars limited to 255 characters and we still want
* those usernames to be valid (so that they can still login), but we just don't want NEW accounts to be created above the length of wgWikiaMaxNameChars.
*
* @param string $uName The user name to check
*
* @return bool|string Return errors as an i18n key or true if the name is valid
*/
function wfValidateUserName($uName)
{
if (!User::isNotMaxNameChars($uName)) {
return 'userlogin-bad-username-length';
}
$userTitle = Title::newFromText($uName);
if (is_null($userTitle)) {
return 'userlogin-bad-username-character';
}
$uName = $userTitle->getText();
if (!User::isCreatableName($uName)) {
return 'userlogin-bad-username-character';
}
$dbr = wfGetDB(DB_SLAVE);
$uName = $dbr->strencode($uName);
if ($uName == '') {
return 'userlogin-bad-username-character';
}
if (class_exists('SpoofUser')) {
$spoof = new SpoofUser($uName);
if ($spoof->isLegal()) {
$conflicts = $spoof->getConflicts();
if (!empty($conflicts)) {
return 'userlogin-bad-username-taken';
}
}
}
if (in_array($uName, F::app()->wg->ReservedUsernames)) {
// if we returned 'invalid', that would be confusing once a user
// checked and found that the name already met the naming requirements.
return 'userlogin-bad-username-taken';
}
// This username is valid
return true;
}
public function execute()
{
$params = $this->extractRequestParams();
$res = $this->getResult();
$res->addValue(null, $this->getModuleName(), array('username' => $params['username']));
$spoof = new SpoofUser($params['username']);
if ($spoof->isLegal()) {
$normalized = $spoof->getNormalized();
$res->addValue(null, $this->getModuleName(), array('normalised' => $normalized));
$unfilteredConflicts = $spoof->getConflicts();
if (empty($unfilteredConflicts)) {
$res->addValue(null, $this->getModuleName(), array('result' => 'pass'));
} else {
$hasSuppressed = false;
$conflicts = array();
foreach ($unfilteredConflicts as $conflict) {
if (!User::newFromName($conflict)->isHidden()) {
$conflicts[] = $conflict;
} else {
$hasSuppressed = true;
}
}
if ($hasSuppressed) {
$res->addValue(null, $this->getModuleName(), array('suppressed' => 'true'));
}
$res->addValue(null, $this->getModuleName(), array('result' => 'conflict'));
$res->setIndexedTagName($conflicts, 'u');
$res->addValue(array($this->getModuleName()), 'users', $conflicts);
}
} else {
$error = $spoof->getError();
$res->addValue('antispoof', 'result', 'error');
$res->addValue('antispoof', 'error', $error);
}
}
/**
* @covers SpoofUser::update
*/
public function testUpdate()
{
$user = User::newFromName('MyNewUserName');
$user->addToDatabase();
$s = new SpoofUser('MyNewUserName');
$s->update('BAZFOO');
$this->assertArrayEquals(array('MyNewUserName'), $s->getConflicts());
$foobaz = new SpoofUser('BAZFOO');
$this->assertArrayEquals(array('BazF00', 'BazFoo'), $foobaz->getConflicts());
}
/**
* Can be used to cancel user account creation
*
* @param $user User
* @param $message string
* @return bool true to continue, false to abort user creation
*/
public static function asAbortNewAccountHook($user, &$message)
{
global $wgAntiSpoofAccounts, $wgUser, $wgRequest;
if (!$wgAntiSpoofAccounts) {
$mode = 'LOGGING ';
$active = false;
} elseif ($wgRequest->getCheck('wpIgnoreAntiSpoof') && $wgUser->isAllowed('override-antispoof')) {
$mode = 'OVERRIDE ';
$active = false;
} else {
$mode = '';
$active = true;
}
$name = $user->getName();
$spoof = new SpoofUser($name);
if ($spoof->isLegal()) {
$normalized = $spoof->getNormalized();
$conflicts = $spoof->getConflicts();
if (empty($conflicts)) {
wfDebugLog('antispoof', "{$mode}PASS new account '{$name}' [{$normalized}]");
} else {
wfDebugLog('antispoof', "{$mode}CONFLICT new account '{$name}' [{$normalized}] spoofs " . implode(',', $conflicts));
if ($active) {
$numConflicts = count($conflicts);
$message = wfMessage('antispoof-conflict-top', $name)->numParams($numConflicts)->parse();
$message .= '<ul>';
foreach ($conflicts as $simUser) {
$message .= '<li>' . wfMessage('antispoof-conflict-item', $simUser)->escaped() . '</li>';
}
$message .= '</ul>' . wfMessage('antispoof-conflict-bottom')->parse();
return false;
}
}
} else {
$error = $spoof->getError();
wfDebugLog('antispoof', "{$mode}ILLEGAL new account '{$name}' {$error}");
if ($active) {
$message = wfMessage('antispoof-name-illegal', $name, $error)->text();
return false;
}
}
return true;
}
/**
* AntiSpoof: verify whether the name is legal for a new account.
*
* @see extensions/AntiSpoof
*/
public function checkAntiSpoof()
{
$this->response->setFormat('json');
$this->response->setCacheValidity(\WikiaResponse::CACHE_DISABLED);
if ($this->getVal('secret') != $this->wg->TheSchwartzSecretToken) {
$this->response->setVal('allow', false);
$this->response->setVal('message', 'invalid secret');
return;
}
$username = $this->getVal('username');
// Allow the given user name if the AntiSpoof extension is disabled.
if (empty($this->wg->EnableAntiSpoofExt)) {
$this->response->setVal('allow', true);
return;
}
$spoofUser = new \SpoofUser($username);
// Allow the given user name if it is legal and does not conflict with other names.
$this->response->setVal('allow', $spoofUser->isLegal() && !$spoofUser->getConflicts());
return;
}
