public function execute()
{
if (!$this->getUser()->isLoggedIn()) {
$this->dieUsage('Must be logged in to link accounts', 'notloggedin');
}
$params = $this->extractRequestParams();
$this->requireAtLeastOneParameter($params, 'continue', 'returnurl');
if ($params['returnurl'] !== null) {
$bits = wfParseUrl($params['returnurl']);
if (!$bits || $bits['scheme'] === '') {
$encParamName = $this->encodeParamName('returnurl');
$this->dieUsage("Invalid value '{$params['returnurl']}' for url parameter {$encParamName}", "badurl_{$encParamName}");
}
}
$helper = new ApiAuthManagerHelper($this);
$manager = AuthManager::singleton();
// Check security-sensitive operation status
$helper->securitySensitiveOperation('LinkAccounts');
// Make sure it's possible to link accounts
if (!$manager->canLinkAccounts()) {
$this->getResult()->addValue(null, 'linkaccount', $helper->formatAuthenticationResponse(AuthenticationResponse::newFail($this->msg('userlogin-cannot-' . AuthManager::ACTION_LINK))));
return;
}
// Perform the link step
if ($params['continue']) {
$reqs = $helper->loadAuthenticationRequests(AuthManager::ACTION_LINK_CONTINUE);
$res = $manager->continueAccountLink($reqs);
} else {
$reqs = $helper->loadAuthenticationRequests(AuthManager::ACTION_LINK);
$res = $manager->beginAccountLink($this->getUser(), $reqs, $params['returnurl']);
}
$this->getResult()->addValue(null, 'linkaccount', $helper->formatAuthenticationResponse($res));
}
public function execute()
{
$params = $this->extractRequestParams();
$this->requireAtLeastOneParameter($params, 'continue', 'returnurl');
if ($params['returnurl'] !== null) {
$bits = wfParseUrl($params['returnurl']);
if (!$bits || $bits['scheme'] === '') {
$encParamName = $this->encodeParamName('returnurl');
$this->dieUsage("Invalid value '{$params['returnurl']}' for url parameter {$encParamName}", "badurl_{$encParamName}");
}
}
$helper = new ApiAuthManagerHelper($this);
$manager = AuthManager::singleton();
// Make sure it's possible to log in
if (!$manager->canAuthenticateNow()) {
$this->getResult()->addValue(null, 'clientlogin', $helper->formatAuthenticationResponse(AuthenticationResponse::newFail($this->msg('userlogin-cannot-' . AuthManager::ACTION_LOGIN))));
return;
}
// Perform the login step
if ($params['continue']) {
$reqs = $helper->loadAuthenticationRequests(AuthManager::ACTION_LOGIN_CONTINUE);
$res = $manager->continueAuthentication($reqs);
} else {
$reqs = $helper->loadAuthenticationRequests(AuthManager::ACTION_LOGIN);
if ($params['preservestate']) {
$req = $helper->getPreservedRequest();
if ($req) {
$reqs[] = $req;
}
}
$res = $manager->beginAuthentication($reqs, $params['returnurl']);
}
$this->getResult()->addValue(null, 'clientlogin', $helper->formatAuthenticationResponse($res));
}
public function execute()
{
$params = $this->extractRequestParams();
$this->requireAtLeastOneParameter($params, 'continue', 'returnurl');
if ($params['returnurl'] !== null) {
$bits = wfParseUrl($params['returnurl']);
if (!$bits || $bits['scheme'] === '') {
$encParamName = $this->encodeParamName('returnurl');
$this->dieUsage("Invalid value '{$params['returnurl']}' for url parameter {$encParamName}", "badurl_{$encParamName}");
}
}
$helper = new ApiAuthManagerHelper($this);
$manager = AuthManager::singleton();
// Make sure it's possible to log in
if (!$manager->canAuthenticateNow()) {
$this->getResult()->addValue(null, 'clientlogin', $helper->formatAuthenticationResponse(AuthenticationResponse::newFail($this->msg('userlogin-cannot-' . AuthManager::ACTION_LOGIN))));
$helper->logAuthenticationResult('login', 'userlogin-cannot-' . AuthManager::ACTION_LOGIN);
return;
}
// Perform the login step
if ($params['continue']) {
$reqs = $helper->loadAuthenticationRequests(AuthManager::ACTION_LOGIN_CONTINUE);
$res = $manager->continueAuthentication($reqs);
} else {
$reqs = $helper->loadAuthenticationRequests(AuthManager::ACTION_LOGIN);
if ($params['preservestate']) {
$req = $helper->getPreservedRequest();
if ($req) {
$reqs[] = $req;
}
}
$res = $manager->beginAuthentication($reqs, $params['returnurl']);
}
// Remove CreateFromLoginAuthenticationRequest from $res->neededRequests.
// It's there so a RESTART treated as UI will work right, but showing
// it to the API client is just confusing.
$res->neededRequests = ApiAuthManagerHelper::blacklistAuthenticationRequests($res->neededRequests, [CreateFromLoginAuthenticationRequest::class]);
$this->getResult()->addValue(null, 'clientlogin', $helper->formatAuthenticationResponse($res));
$helper->logAuthenticationResult('login', $res);
}
public function execute()
{
if (!$this->getUser()->isLoggedIn()) {
$this->dieUsage('Must be logged in to change authentication data', 'notloggedin');
}
$helper = new ApiAuthManagerHelper($this);
$manager = AuthManager::singleton();
// Check security-sensitive operation status
$helper->securitySensitiveOperation('ChangeCredentials');
// Fetch the request
$reqs = ApiAuthManagerHelper::blacklistAuthenticationRequests($helper->loadAuthenticationRequests(AuthManager::ACTION_CHANGE), $this->getConfig()->get('ChangeCredentialsBlacklist'));
if (count($reqs) !== 1) {
$this->dieUsage('Failed to create change request', 'badrequest');
}
$req = reset($reqs);
// Make the change
$status = $manager->allowsAuthenticationDataChange($req, true);
if (!$status->isGood()) {
$this->dieStatus($status);
}
$manager->changeAuthenticationData($req);
$this->getResult()->addValue(null, 'changeauthenticationdata', ['status' => 'success']);
}
