/** * Return the appropriate response for failure * @param PasswordAuthenticationRequest $req * @return AuthenticationResponse */ protected function failResponse(PasswordAuthenticationRequest $req) { if ($this->authoritative) { return AuthenticationResponse::newFail(wfMessage($req->password === '' ? 'wrongpasswordempty' : 'wrongpassword')); } else { return AuthenticationResponse::newAbstain(); } }
/** * Continue the link attempt * @param User $user * @param string $key Session key to look in * @param AuthenticationRequest[] $reqs * @return AuthenticationResponse */ protected function continueLinkAttempt($user, $key, array $reqs) { $req = ButtonAuthenticationRequest::getRequestByName($reqs, 'linkOk'); if ($req) { return AuthenticationResponse::newPass(); } $req = AuthenticationRequest::getRequestByClass($reqs, ConfirmLinkAuthenticationRequest::class); if (!$req) { // WTF? Retry. return $this->beginLinkAttempt($user, $key); } $session = $this->manager->getRequest()->getSession(); $state = $session->getSecret($key); if (!is_array($state)) { return AuthenticationResponse::newAbstain(); } $maybeLink = []; foreach ($state['maybeLink'] as $linkReq) { $maybeLink[$linkReq->getUniqueId()] = $linkReq; } if (!$maybeLink) { return AuthenticationResponse::newAbstain(); } $state['maybeLink'] = []; $session->setSecret($key, $state); $statuses = []; $anyFailed = false; foreach ($req->confirmedLinkIDs as $id) { if (isset($maybeLink[$id])) { $req = $maybeLink[$id]; $req->username = $user->getName(); if (!$req->action) { // Make sure the action is set, but don't override it if // the provider filled it in. $req->action = AuthManager::ACTION_CHANGE; } $status = $this->manager->allowsAuthenticationDataChange($req); $statuses[] = [$req, $status]; if ($status->isGood()) { $this->manager->changeAuthenticationData($req); } else { $anyFailed = true; } } } if (!$anyFailed) { return AuthenticationResponse::newPass(); } $combinedStatus = \Status::newGood(); foreach ($statuses as $data) { list($req, $status) = $data; $descriptionInfo = $req->describeCredentials(); $description = wfMessage('authprovider-confirmlink-option', $descriptionInfo['provider']->text(), $descriptionInfo['account']->text())->text(); if ($status->isGood()) { $combinedStatus->error(wfMessage('authprovider-confirmlink-success-line', $description)); } else { $combinedStatus->error(wfMessage('authprovider-confirmlink-failure-line', $description, $status->getMessage()->text())); } } return AuthenticationResponse::newUI([new ButtonAuthenticationRequest('linkOk', wfMessage('ok'), wfMessage('authprovider-confirmlink-ok-help'))], $combinedStatus->getMessage('authprovider-confirmlink-failed')); }
public function beginSecondaryAccountCreation($user, $creator, array $reqs) { return AuthenticationResponse::newAbstain(); }
public function provideAccountLink() { $req = $this->getMockForAbstractClass(AuthenticationRequest::class); $good = StatusValue::newGood(); return ['Pre-link test fail in pre' => [StatusValue::newFatal('fail-from-pre'), [], [AuthenticationResponse::newFail($this->message('fail-from-pre'))]], 'Failure in primary' => [$good, $tmp = [AuthenticationResponse::newFail($this->message('fail-from-primary'))], $tmp], 'All primary abstain' => [$good, [AuthenticationResponse::newAbstain()], [AuthenticationResponse::newFail($this->message('authmanager-link-no-primary'))]], 'Primary UI, then redirect, then fail' => [$good, $tmp = [AuthenticationResponse::newUI([$req], $this->message('...')), AuthenticationResponse::newRedirect([$req], '/foo.html', ['foo' => 'bar']), AuthenticationResponse::newFail($this->message('fail-in-primary-continue'))], $tmp], 'Primary redirect, then abstain' => [$good, [$tmp = AuthenticationResponse::newRedirect([$req], '/foo.html', ['foo' => 'bar']), AuthenticationResponse::newAbstain()], [$tmp, new \DomainException('MockPrimaryAuthenticationProvider::continuePrimaryAccountLink() returned ABSTAIN')]], 'Primary UI, then pass' => [$good, [$tmp1 = AuthenticationResponse::newUI([$req], $this->message('...')), AuthenticationResponse::newPass()], [$tmp1, AuthenticationResponse::newPass('')]], 'Primary pass' => [$good, [AuthenticationResponse::newPass('')], [AuthenticationResponse::newPass('')]]]; }
public function beginPrimaryAccountCreation($user, $creator, array $reqs) { /** @var TemporaryPasswordAuthenticationRequest $req */ $req = AuthenticationRequest::getRequestByClass($reqs, TemporaryPasswordAuthenticationRequest::class); if ($req) { if ($req->username !== null && $req->password !== null) { // Nothing we can do yet, because the user isn't in the DB yet if ($req->username !== $user->getName()) { $req = clone $req; $req->username = $user->getName(); } if ($req->mailpassword) { // prevent EmailNotificationSecondaryAuthenticationProvider from sending another mail $this->manager->setAuthenticationSessionData('no-email', true); } $ret = AuthenticationResponse::newPass($req->username); $ret->createRequest = $req; return $ret; } } return AuthenticationResponse::newAbstain(); }
public function beginPrimaryAccountCreation($user, $creator, array $reqs) { if ($this->accountCreationType() === self::TYPE_NONE) { throw new \BadMethodCallException('Shouldn\'t call this when accountCreationType() is NONE'); } $req = AuthenticationRequest::getRequestByClass($reqs, PasswordAuthenticationRequest::class); if ($req) { if ($req->username !== null && $req->password !== null) { // Nothing we can do besides claim it, because the user isn't in // the DB yet if ($req->username !== $user->getName()) { $req = clone $req; $req->username = $user->getName(); } $ret = AuthenticationResponse::newPass($req->username); $ret->createRequest = $req; return $ret; } } return AuthenticationResponse::newAbstain(); }
public function testBeginSecondaryAuthentication() { $provider = new EmailNotificationSecondaryAuthenticationProvider(['sendConfirmationEmail' => true]); $this->assertEquals(AuthenticationResponse::newAbstain(), $provider->beginSecondaryAuthentication(\User::newFromName('Foo'), [])); }
public function testAccountCreation() { $resetMailer = $this->hookMailer(); $user = \User::newFromName('Foo'); $req = new TemporaryPasswordAuthenticationRequest(); $reqs = [TemporaryPasswordAuthenticationRequest::class => $req]; $authreq = new PasswordAuthenticationRequest(); $authreq->action = AuthManager::ACTION_CREATE; $authreqs = [PasswordAuthenticationRequest::class => $authreq]; $provider = $this->getProvider(); $this->assertEquals(AuthenticationResponse::newAbstain(), $provider->beginPrimaryAccountCreation($user, $user, [])); $req->username = '******'; $req->password = null; $this->assertEquals(AuthenticationResponse::newAbstain(), $provider->beginPrimaryAccountCreation($user, $user, $reqs)); $req->username = null; $req->password = '******'; $this->assertEquals(AuthenticationResponse::newAbstain(), $provider->beginPrimaryAccountCreation($user, $user, $reqs)); $req->username = '******'; $req->password = '******'; $expect = AuthenticationResponse::newPass('Foo'); $expect->createRequest = clone $req; $expect->createRequest->username = '******'; $this->assertEquals($expect, $provider->beginPrimaryAccountCreation($user, $user, $reqs)); $this->assertNull($this->manager->getAuthenticationSessionData('no-email')); $user = self::getMutableTestUser()->getUser(); $req->username = $authreq->username = $user->getName(); $req->password = $authreq->password = '******'; $expect = AuthenticationResponse::newPass($user->getName()); $expect->createRequest = $req; $res2 = $provider->beginPrimaryAccountCreation($user, $user, $reqs); $this->assertEquals($expect, $res2, 'Sanity check'); $ret = $provider->beginPrimaryAuthentication($authreqs); $this->assertEquals(AuthenticationResponse::FAIL, $ret->status, 'sanity check'); $this->assertSame(null, $provider->finishAccountCreation($user, $user, $res2)); $ret = $provider->beginPrimaryAuthentication($authreqs); $this->assertEquals(AuthenticationResponse::PASS, $ret->status, 'new password is set'); }
public function beginPrimaryAccountCreation($user, $creator, array $reqs) { if ($this->accountCreationType() === self::TYPE_NONE) { throw new \BadMethodCallException('Shouldn\'t call this when accountCreationType() is NONE'); } $req = AuthenticationRequest::getRequestByClass($reqs, $this->requestType); if (!$req || $req->username === null || $req->password === null || $this->hasDomain && $req->domain === null) { return AuthenticationResponse::newAbstain(); } $username = User::getCanonicalName($req->username, 'usable'); if ($username === false) { return AuthenticationResponse::newAbstain(); } $this->setDomain($req); if ($this->auth->addUser($user, $req->password, $user->getEmail(), $user->getRealName())) { return AuthenticationResponse::newPass(); } else { return AuthenticationResponse::newFail(new \Message('authmanager-authplugin-create-fail')); } }