/**
* Return the appropriate response for failure
* @param PasswordAuthenticationRequest $req
* @return AuthenticationResponse
*/
protected function failResponse(PasswordAuthenticationRequest $req)
{
if ($this->authoritative) {
return AuthenticationResponse::newFail(wfMessage($req->password === '' ? 'wrongpasswordempty' : 'wrongpassword'));
} else {
return AuthenticationResponse::newAbstain();
}
}
/**
* Continue the link attempt
* @param User $user
* @param string $key Session key to look in
* @param AuthenticationRequest[] $reqs
* @return AuthenticationResponse
*/
protected function continueLinkAttempt($user, $key, array $reqs)
{
$req = ButtonAuthenticationRequest::getRequestByName($reqs, 'linkOk');
if ($req) {
return AuthenticationResponse::newPass();
}
$req = AuthenticationRequest::getRequestByClass($reqs, ConfirmLinkAuthenticationRequest::class);
if (!$req) {
// WTF? Retry.
return $this->beginLinkAttempt($user, $key);
}
$session = $this->manager->getRequest()->getSession();
$state = $session->getSecret($key);
if (!is_array($state)) {
return AuthenticationResponse::newAbstain();
}
$maybeLink = [];
foreach ($state['maybeLink'] as $linkReq) {
$maybeLink[$linkReq->getUniqueId()] = $linkReq;
}
if (!$maybeLink) {
return AuthenticationResponse::newAbstain();
}
$state['maybeLink'] = [];
$session->setSecret($key, $state);
$statuses = [];
$anyFailed = false;
foreach ($req->confirmedLinkIDs as $id) {
if (isset($maybeLink[$id])) {
$req = $maybeLink[$id];
$req->username = $user->getName();
if (!$req->action) {
// Make sure the action is set, but don't override it if
// the provider filled it in.
$req->action = AuthManager::ACTION_CHANGE;
}
$status = $this->manager->allowsAuthenticationDataChange($req);
$statuses[] = [$req, $status];
if ($status->isGood()) {
$this->manager->changeAuthenticationData($req);
} else {
$anyFailed = true;
}
}
}
if (!$anyFailed) {
return AuthenticationResponse::newPass();
}
$combinedStatus = \Status::newGood();
foreach ($statuses as $data) {
list($req, $status) = $data;
$descriptionInfo = $req->describeCredentials();
$description = wfMessage('authprovider-confirmlink-option', $descriptionInfo['provider']->text(), $descriptionInfo['account']->text())->text();
if ($status->isGood()) {
$combinedStatus->error(wfMessage('authprovider-confirmlink-success-line', $description));
} else {
$combinedStatus->error(wfMessage('authprovider-confirmlink-failure-line', $description, $status->getMessage()->text()));
}
}
return AuthenticationResponse::newUI([new ButtonAuthenticationRequest('linkOk', wfMessage('ok'), wfMessage('authprovider-confirmlink-ok-help'))], $combinedStatus->getMessage('authprovider-confirmlink-failed'));
}
public function beginSecondaryAccountCreation($user, $creator, array $reqs)
{
return AuthenticationResponse::newAbstain();
}
public function provideAccountLink()
{
$req = $this->getMockForAbstractClass(AuthenticationRequest::class);
$good = StatusValue::newGood();
return ['Pre-link test fail in pre' => [StatusValue::newFatal('fail-from-pre'), [], [AuthenticationResponse::newFail($this->message('fail-from-pre'))]], 'Failure in primary' => [$good, $tmp = [AuthenticationResponse::newFail($this->message('fail-from-primary'))], $tmp], 'All primary abstain' => [$good, [AuthenticationResponse::newAbstain()], [AuthenticationResponse::newFail($this->message('authmanager-link-no-primary'))]], 'Primary UI, then redirect, then fail' => [$good, $tmp = [AuthenticationResponse::newUI([$req], $this->message('...')), AuthenticationResponse::newRedirect([$req], '/foo.html', ['foo' => 'bar']), AuthenticationResponse::newFail($this->message('fail-in-primary-continue'))], $tmp], 'Primary redirect, then abstain' => [$good, [$tmp = AuthenticationResponse::newRedirect([$req], '/foo.html', ['foo' => 'bar']), AuthenticationResponse::newAbstain()], [$tmp, new \DomainException('MockPrimaryAuthenticationProvider::continuePrimaryAccountLink() returned ABSTAIN')]], 'Primary UI, then pass' => [$good, [$tmp1 = AuthenticationResponse::newUI([$req], $this->message('...')), AuthenticationResponse::newPass()], [$tmp1, AuthenticationResponse::newPass('')]], 'Primary pass' => [$good, [AuthenticationResponse::newPass('')], [AuthenticationResponse::newPass('')]]];
}
public function beginPrimaryAccountCreation($user, $creator, array $reqs)
{
/** @var TemporaryPasswordAuthenticationRequest $req */
$req = AuthenticationRequest::getRequestByClass($reqs, TemporaryPasswordAuthenticationRequest::class);
if ($req) {
if ($req->username !== null && $req->password !== null) {
// Nothing we can do yet, because the user isn't in the DB yet
if ($req->username !== $user->getName()) {
$req = clone $req;
$req->username = $user->getName();
}
if ($req->mailpassword) {
// prevent EmailNotificationSecondaryAuthenticationProvider from sending another mail
$this->manager->setAuthenticationSessionData('no-email', true);
}
$ret = AuthenticationResponse::newPass($req->username);
$ret->createRequest = $req;
return $ret;
}
}
return AuthenticationResponse::newAbstain();
}
public function beginPrimaryAccountCreation($user, $creator, array $reqs)
{
if ($this->accountCreationType() === self::TYPE_NONE) {
throw new \BadMethodCallException('Shouldn\'t call this when accountCreationType() is NONE');
}
$req = AuthenticationRequest::getRequestByClass($reqs, PasswordAuthenticationRequest::class);
if ($req) {
if ($req->username !== null && $req->password !== null) {
// Nothing we can do besides claim it, because the user isn't in
// the DB yet
if ($req->username !== $user->getName()) {
$req = clone $req;
$req->username = $user->getName();
}
$ret = AuthenticationResponse::newPass($req->username);
$ret->createRequest = $req;
return $ret;
}
}
return AuthenticationResponse::newAbstain();
}
public function testBeginSecondaryAuthentication()
{
$provider = new EmailNotificationSecondaryAuthenticationProvider(['sendConfirmationEmail' => true]);
$this->assertEquals(AuthenticationResponse::newAbstain(), $provider->beginSecondaryAuthentication(\User::newFromName('Foo'), []));
}
public function testAccountCreation()
{
$resetMailer = $this->hookMailer();
$user = \User::newFromName('Foo');
$req = new TemporaryPasswordAuthenticationRequest();
$reqs = [TemporaryPasswordAuthenticationRequest::class => $req];
$authreq = new PasswordAuthenticationRequest();
$authreq->action = AuthManager::ACTION_CREATE;
$authreqs = [PasswordAuthenticationRequest::class => $authreq];
$provider = $this->getProvider();
$this->assertEquals(AuthenticationResponse::newAbstain(), $provider->beginPrimaryAccountCreation($user, $user, []));
$req->username = '******';
$req->password = null;
$this->assertEquals(AuthenticationResponse::newAbstain(), $provider->beginPrimaryAccountCreation($user, $user, $reqs));
$req->username = null;
$req->password = '******';
$this->assertEquals(AuthenticationResponse::newAbstain(), $provider->beginPrimaryAccountCreation($user, $user, $reqs));
$req->username = '******';
$req->password = '******';
$expect = AuthenticationResponse::newPass('Foo');
$expect->createRequest = clone $req;
$expect->createRequest->username = '******';
$this->assertEquals($expect, $provider->beginPrimaryAccountCreation($user, $user, $reqs));
$this->assertNull($this->manager->getAuthenticationSessionData('no-email'));
$user = self::getMutableTestUser()->getUser();
$req->username = $authreq->username = $user->getName();
$req->password = $authreq->password = '******';
$expect = AuthenticationResponse::newPass($user->getName());
$expect->createRequest = $req;
$res2 = $provider->beginPrimaryAccountCreation($user, $user, $reqs);
$this->assertEquals($expect, $res2, 'Sanity check');
$ret = $provider->beginPrimaryAuthentication($authreqs);
$this->assertEquals(AuthenticationResponse::FAIL, $ret->status, 'sanity check');
$this->assertSame(null, $provider->finishAccountCreation($user, $user, $res2));
$ret = $provider->beginPrimaryAuthentication($authreqs);
$this->assertEquals(AuthenticationResponse::PASS, $ret->status, 'new password is set');
}
public function beginPrimaryAccountCreation($user, $creator, array $reqs)
{
if ($this->accountCreationType() === self::TYPE_NONE) {
throw new \BadMethodCallException('Shouldn\'t call this when accountCreationType() is NONE');
}
$req = AuthenticationRequest::getRequestByClass($reqs, $this->requestType);
if (!$req || $req->username === null || $req->password === null || $this->hasDomain && $req->domain === null) {
return AuthenticationResponse::newAbstain();
}
$username = User::getCanonicalName($req->username, 'usable');
if ($username === false) {
return AuthenticationResponse::newAbstain();
}
$this->setDomain($req);
if ($this->auth->addUser($user, $req->password, $user->getEmail(), $user->getRealName())) {
return AuthenticationResponse::newPass();
} else {
return AuthenticationResponse::newFail(new \Message('authmanager-authplugin-create-fail'));
}
}
