MediaWiki  master
AuthManagerSpecialPage.php
Go to the documentation of this file.
1 <?php
2 
3 use MediaWiki\Auth\AuthenticationRequest;
4 use MediaWiki\Auth\AuthenticationResponse;
5 use MediaWiki\Auth\AuthManager;
6 use MediaWiki\Logger\LoggerFactory;
7 use MediaWiki\Session\Token;
8 
14 abstract class AuthManagerSpecialPage extends SpecialPage {
17  protected static $allowedActions = [
18  AuthManager::ACTION_LOGIN, AuthManager::ACTION_LOGIN_CONTINUE,
19  AuthManager::ACTION_CREATE, AuthManager::ACTION_CREATE_CONTINUE,
20  AuthManager::ACTION_LINK, AuthManager::ACTION_LINK_CONTINUE,
21  AuthManager::ACTION_CHANGE, AuthManager::ACTION_REMOVE, AuthManager::ACTION_UNLINK,
22  ];
23 
25  protected static $messages = [];
26 
28  protected $authAction;
29 
31  protected $authRequests;
32 
34  protected $subPage;
35 
37  protected $isReturn;
38 
40  protected $savedRequest;
41 
53  public function onAuthChangeFormFields(
54  array $requests, array $fieldInfo, array &$formDescriptor, $action
55  ) {
56  return true;
57  }
58 
59  protected function getLoginSecurityLevel() {
60  return $this->getName();
61  }
62 
63  public function getRequest() {
64  return $this->savedRequest ?: $this->getContext()->getRequest();
65  }
66 
75  protected function setRequest( array $data, $wasPosted = null ) {
76  $request = $this->getContext()->getRequest();
77  if ( $wasPosted === null ) {
78  $wasPosted = $request->wasPosted();
79  }
80  $this->savedRequest = new DerivativeRequest( $request, $data + $request->getQueryValues(),
81  $wasPosted );
82  }
83 
84  protected function beforeExecute( $subPage ) {
85  $this->getOutput()->disallowUserJs();
86 
87  return $this->handleReturnBeforeExecute( $subPage )
88  && $this->handleReauthBeforeExecute( $subPage );
89  }
90 
107  protected function handleReturnBeforeExecute( $subPage ) {
108  $authManager = AuthManager::singleton();
109  $key = 'AuthManagerSpecialPage:return:' . $this->getName();
110 
111  if ( $subPage === 'return' ) {
112  $this->loadAuth( $subPage );
113  $preservedParams = $this->getPreservedParams( false );
114 
115  // FIXME save POST values only from request
116  $authData = array_diff_key( $this->getRequest()->getValues(),
117  $preservedParams, [ 'title' => 1 ] );
118  $authManager->setAuthenticationSessionData( $key, $authData );
119 
120  $url = $this->getPageTitle()->getFullURL( $preservedParams, false, PROTO_HTTPS );
121  $this->getOutput()->redirect( $url );
122  return false;
123  }
124 
125  $authData = $authManager->getAuthenticationSessionData( $key );
126  if ( $authData ) {
127  $authManager->removeAuthenticationSessionData( $key );
128  $this->isReturn = true;
129  $this->setRequest( $authData, true );
130  }
131 
132  return true;
133  }
134 
145  protected function handleReauthBeforeExecute( $subPage ) {
146  $authManager = AuthManager::singleton();
147  $request = $this->getRequest();
148  $key = 'AuthManagerSpecialPage:reauth:' . $this->getName();
149 
150  $securityLevel = $this->getLoginSecurityLevel();
151  if ( $securityLevel ) {
152  $securityStatus = AuthManager::singleton()
153  ->securitySensitiveOperationStatus( $securityLevel );
154  if ( $securityStatus === AuthManager::SEC_REAUTH ) {
155  $queryParams = array_diff_key( $request->getQueryValues(), [ 'title' => true ] );
156 
157  if ( $request->wasPosted() ) {
158  // unique ID in case the same special page is open in multiple browser tabs
159  $uniqueId = MWCryptRand::generateHex( 6 );
160  $key = $key . ':' . $uniqueId;
161 
162  $queryParams = [ 'authUniqueId' => $uniqueId ] + $queryParams;
163  $authData = array_diff_key( $request->getValues(),
164  $this->getPreservedParams( false ), [ 'title' => 1 ] );
165  $authManager->setAuthenticationSessionData( $key, $authData );
166  }
167 
168  $title = SpecialPage::getTitleFor( 'Userlogin' );
169  $url = $title->getFullURL( [
170  'returnto' => $this->getFullTitle()->getPrefixedDBkey(),
171  'returntoquery' => wfArrayToCgi( $queryParams ),
172  'force' => $securityLevel,
173  ], false, PROTO_HTTPS );
174 
175  $this->getOutput()->redirect( $url );
176  return false;
177  } elseif ( $securityStatus !== AuthManager::SEC_OK ) {
178  throw new ErrorPageError( 'cannotauth-not-allowed-title', 'cannotauth-not-allowed' );
179  }
180  }
181 
182  $uniqueId = $request->getVal( 'authUniqueId' );
183  if ( $uniqueId ) {
184  $key = $key . ':' . $uniqueId;
185  $authData = $authManager->getAuthenticationSessionData( $key );
186  if ( $authData ) {
187  $authManager->removeAuthenticationSessionData( $key );
188  $this->setRequest( $authData, true );
189  }
190  }
191 
192  return true;
193  }
194 
201  protected function getDefaultAction( $subPage ) {
202  throw new BadMethodCallException( 'Subclass did not implement getDefaultAction' );
203  }
204 
210  protected function messageKey( $defaultKey ) {
211  return array_key_exists( $defaultKey, static::$messages )
212  ? static::$messages[$defaultKey] : $defaultKey;
213  }
214 
219  protected function getRequestBlacklist() {
220  return [];
221  }
222 
232  protected function loadAuth( $subPage, $authAction = null, $reset = false ) {
233  // Do not load if already loaded, to cut down on the number of getAuthenticationRequests
234  // calls. This is important for requests which have hidden information so any
235  // getAuthenticationRequests call would mean putting data into some cache.
236  if (
237  !$reset && $this->subPage === $subPage && $this->authAction
238  && ( !$authAction || $authAction === $this->authAction )
239  ) {
240  return;
241  }
242 
243  $request = $this->getRequest();
244  $this->subPage = $subPage;
245  $this->authAction = $authAction ?: $request->getText( 'authAction' );
246  if ( !in_array( $this->authAction, static::$allowedActions, true ) ) {
247  $this->authAction = $this->getDefaultAction( $subPage );
248  if ( $request->wasPosted() ) {
249  $continueAction = $this->getContinueAction( $this->authAction );
250  if ( in_array( $continueAction, static::$allowedActions, true ) ) {
251  $this->authAction = $continueAction;
252  }
253  }
254  }
255 
256  $allReqs = AuthManager::singleton()->getAuthenticationRequests(
257  $this->authAction, $this->getUser() );
258  $this->authRequests = array_filter( $allReqs, function ( $req ) use ( $subPage ) {
259  return !in_array( get_class( $req ), $this->getRequestBlacklist(), true );
260  } );
261  }
262 
267  protected function isContinued() {
268  return in_array( $this->authAction, [
269  AuthManager::ACTION_LOGIN_CONTINUE,
270  AuthManager::ACTION_CREATE_CONTINUE,
271  AuthManager::ACTION_LINK_CONTINUE,
272  ], true );
273  }
274 
280  protected function getContinueAction( $action ) {
281  switch ( $action ) {
282  case AuthManager::ACTION_LOGIN:
283  $action = AuthManager::ACTION_LOGIN_CONTINUE;
284  break;
285  case AuthManager::ACTION_CREATE:
286  $action = AuthManager::ACTION_CREATE_CONTINUE;
287  break;
288  case AuthManager::ACTION_LINK:
289  $action = AuthManager::ACTION_LINK_CONTINUE;
290  break;
291  }
292  return $action;
293  }
294 
303  protected function isActionAllowed( $action ) {
304  $authManager = AuthManager::singleton();
305  if ( !in_array( $action, static::$allowedActions, true ) ) {
306  throw new InvalidArgumentException( 'invalid action: ' . $action );
307  }
308 
309  // calling getAuthenticationRequests can be expensive, avoid if possible
310  $requests = ( $action === $this->authAction ) ? $this->authRequests
311  : $authManager->getAuthenticationRequests( $action );
312  if ( !$requests ) {
313  // no provider supports this action in the current state
314  return false;
315  }
316 
317  switch ( $action ) {
318  case AuthManager::ACTION_LOGIN:
319  case AuthManager::ACTION_LOGIN_CONTINUE:
320  return $authManager->canAuthenticateNow();
321  case AuthManager::ACTION_CREATE:
322  case AuthManager::ACTION_CREATE_CONTINUE:
323  return $authManager->canCreateAccounts();
324  case AuthManager::ACTION_LINK:
325  case AuthManager::ACTION_LINK_CONTINUE:
326  return $authManager->canLinkAccounts();
327  case AuthManager::ACTION_CHANGE:
328  case AuthManager::ACTION_REMOVE:
329  case AuthManager::ACTION_UNLINK:
330  return true;
331  default:
332  // should never reach here but makes static code analyzers happy
333  throw new InvalidArgumentException( 'invalid action: ' . $action );
334  }
335  }
336 
343  protected function performAuthenticationStep( $action, array $requests ) {
344  if ( !in_array( $action, static::$allowedActions, true ) ) {
345  throw new InvalidArgumentException( 'invalid action: ' . $action );
346  }
347 
348  $authManager = AuthManager::singleton();
349  $returnToUrl = $this->getPageTitle( 'return' )
350  ->getFullURL( $this->getPreservedParams( true ), false, PROTO_HTTPS );
351 
352  switch ( $action ) {
353  case AuthManager::ACTION_LOGIN:
354  return $authManager->beginAuthentication( $requests, $returnToUrl );
355  case AuthManager::ACTION_LOGIN_CONTINUE:
356  return $authManager->continueAuthentication( $requests );
357  case AuthManager::ACTION_CREATE:
358  return $authManager->beginAccountCreation( $this->getUser(), $requests,
359  $returnToUrl );
360  case AuthManager::ACTION_CREATE_CONTINUE:
361  return $authManager->continueAccountCreation( $requests );
362  case AuthManager::ACTION_LINK:
363  return $authManager->beginAccountLink( $this->getUser(), $requests, $returnToUrl );
364  case AuthManager::ACTION_LINK_CONTINUE:
365  return $authManager->continueAccountLink( $requests );
366  case AuthManager::ACTION_CHANGE:
367  case AuthManager::ACTION_REMOVE:
368  case AuthManager::ACTION_UNLINK:
369  if ( count( $requests ) > 1 ) {
370  throw new InvalidArgumentException( 'only one auth request can be changed at a time' );
371  } elseif ( !$requests ) {
372  throw new InvalidArgumentException( 'no auth request' );
373  }
374  $req = reset( $requests );
375  $status = $authManager->allowsAuthenticationDataChange( $req );
376  Hooks::run( 'ChangeAuthenticationDataAudit', [ $req, $status ] );
377  if ( !$status->isGood() ) {
378  return AuthenticationResponse::newFail( $status->getMessage() );
379  }
380  $authManager->changeAuthenticationData( $req );
381  return AuthenticationResponse::newPass();
382  default:
383  // should never reach here but makes static code analyzers happy
384  throw new InvalidArgumentException( 'invalid action: ' . $action );
385  }
386  }
387 
398  protected function trySubmit() {
399  $status = false;
400 
401  $form = $this->getAuthForm( $this->authRequests, $this->authAction );
402  $form->setSubmitCallback( [ $this, 'handleFormSubmit' ] );
403 
404  if ( $this->getRequest()->wasPosted() ) {
405  // handle tokens manually; $form->tryAuthorizedSubmit only works for logged-in users
406  $requestTokenValue = $this->getRequest()->getVal( $this->getTokenName() );
407  $sessionToken = $this->getToken();
408  if ( $sessionToken->wasNew() ) {
409  return Status::newFatal( $this->messageKey( 'authform-newtoken' ) );
410  } elseif ( !$requestTokenValue ) {
411  return Status::newFatal( $this->messageKey( 'authform-notoken' ) );
412  } elseif ( !$sessionToken->match( $requestTokenValue ) ) {
413  return Status::newFatal( $this->messageKey( 'authform-wrongtoken' ) );
414  }
415 
416  $form->prepareForm();
417  $status = $form->trySubmit();
418 
419  // HTMLForm submit return values are a mess; let's ensure it is false or a Status
420  // FIXME this probably should be in HTMLForm
421  if ( $status === true ) {
422  // not supposed to happen since our submit handler should always return a Status
423  throw new UnexpectedValueException( 'HTMLForm::trySubmit() returned true' );
424  } elseif ( $status === false ) {
425  // form was not submitted; nothing to do
426  } elseif ( $status instanceof Status ) {
427  // already handled by the form; nothing to do
428  } elseif ( $status instanceof StatusValue ) {
429  // in theory not an allowed return type but nothing stops the submit handler from
430  // accidentally returning it so best check and fix
431  $status = Status::wrap( $status );
432  } elseif ( is_string( $status ) ) {
433  $status = Status::newFatal( new RawMessage( '$1', $status ) );
434  } elseif ( is_array( $status ) ) {
435  if ( is_string( reset( $status ) ) ) {
436  $status = call_user_func_array( 'Status::newFatal', $status );
437  } elseif ( is_array( reset( $status ) ) ) {
438  $status = Status::newGood();
439  foreach ( $status as $message ) {
440  call_user_func_array( [ $status, 'fatal' ], $message );
441  }
442  } else {
443  throw new UnexpectedValueException( 'invalid HTMLForm::trySubmit() return value: '
444  . 'first element of array is ' . gettype( reset( $status ) ) );
445  }
446  } else {
447  // not supposed to happen but HTMLForm does not actually verify the return type
448  // from the submit callback; better safe then sorry
449  throw new UnexpectedValueException( 'invalid HTMLForm::trySubmit() return type: '
450  . gettype( $status ) );
451  }
452 
453  if ( ( !$status || !$status->isOK() ) && $this->isReturn ) {
454  // This is awkward. There was a form validation error, which means the data was not
455  // passed to AuthManager. Normally we would display the form with an error message,
456  // but for the data we received via the redirect flow that would not be helpful at all.
457  // Let's just submit the data to AuthManager directly instead.
458  LoggerFactory::getInstance( 'authmanager' )
459  ->warning( 'Validation error on return', [ 'data' => $form->mFieldData,
460  'status' => $status->getWikiText() ] );
461  $status = $this->handleFormSubmit( $form->mFieldData );
462  }
463  }
464 
465  $changeActions = [
466  AuthManager::ACTION_CHANGE, AuthManager::ACTION_REMOVE, AuthManager::ACTION_UNLINK
467  ];
468  if ( in_array( $this->authAction, $changeActions, true ) && $status && !$status->isOK() ) {
469  Hooks::run( 'ChangeAuthenticationDataAudit', [ reset( $this->authRequests ), $status ] );
470  }
471 
472  return $status;
473  }
474 
481  public function handleFormSubmit( $data ) {
482  $requests = AuthenticationRequest::loadRequestsFromSubmission( $this->authRequests, $data );
483  $response = $this->performAuthenticationStep( $this->authAction, $requests );
484 
485  // we can't handle FAIL or similar as failure here since it might require changing the form
486  return Status::newGood( $response );
487  }
488 
496  protected function getPreservedParams( $withToken = false ) {
497  $params = [];
498  if ( $this->authAction !== $this->getDefaultAction( $this->subPage ) ) {
499  $params['authAction'] = $this->getContinueAction( $this->authAction );
500  }
501  if ( $withToken ) {
502  $params[$this->getTokenName()] = $this->getToken()->toString();
503  }
504  return $params;
505  }
506 
513  protected function getAuthFormDescriptor( $requests, $action ) {
514  $fieldInfo = AuthenticationRequest::mergeFieldInfo( $requests );
515  $formDescriptor = $this->fieldInfoToFormDescriptor( $requests, $fieldInfo, $action );
516 
517  $this->addTabIndex( $formDescriptor );
518 
519  return $formDescriptor;
520  }
521 
527  protected function getAuthForm( array $requests, $action ) {
528  $formDescriptor = $this->getAuthFormDescriptor( $requests, $action );
529  $context = $this->getContext();
530  if ( $context->getRequest() !== $this->getRequest() ) {
531  // We have overridden the request, need to make sure the form uses that too.
532  $context = new DerivativeContext( $this->getContext() );
533  $context->setRequest( $this->getRequest() );
534  }
535  $form = HTMLForm::factory( 'ooui', $formDescriptor, $context );
536  $form->setAction( $this->getFullTitle()->getFullURL( $this->getPreservedParams() ) );
537  $form->addHiddenField( $this->getTokenName(), $this->getToken()->toString() );
538  $form->addHiddenField( 'authAction', $this->authAction );
539  $form->suppressDefaultSubmit( !$this->needsSubmitButton( $formDescriptor ) );
540 
541  return $form;
542  }
543 
548  protected function displayForm( $status ) {
549  if ( $status instanceof StatusValue ) {
550  $status = Status::wrap( $status );
551  }
552  $form = $this->getAuthForm( $this->authRequests, $this->authAction );
553  $form->prepareForm()->displayForm( $status );
554  }
555 
564  protected function needsSubmitButton( $formDescriptor ) {
565  return (bool)array_filter( $formDescriptor, function ( $item ) {
566  $class = false;
567  if ( array_key_exists( 'class', $item ) ) {
568  $class = $item['class'];
569  } elseif ( array_key_exists( 'type', $item ) ) {
570  $class = HTMLForm::$typeMappings[$item['type']];
571  }
572  return !is_a( $class, \HTMLInfoField::class, true ) &&
573  !is_a( $class, \HTMLSubmitField::class, true );
574  } );
575  }
576 
582  protected function addTabIndex( &$formDescriptor ) {
583  $i = 1;
584  foreach ( $formDescriptor as $field => &$definition ) {
585  $class = false;
586  if ( array_key_exists( 'class', $definition ) ) {
587  $class = $definition['class'];
588  } elseif ( array_key_exists( 'type', $definition ) ) {
589  $class = HTMLForm::$typeMappings[$definition['type']];
590  }
591  if ( $class !== 'HTMLInfoField' ) {
592  $definition['tabindex'] = $i;
593  $i++;
594  }
595  }
596  }
597 
602  protected function getToken() {
603  return $this->getRequest()->getSession()->getToken( 'AuthManagerSpecialPage:'
604  . $this->getName() );
605  }
606 
611  protected function getTokenName() {
612  return 'wpAuthToken';
613  }
614 
624  protected function fieldInfoToFormDescriptor( array $requests, array $fieldInfo, $action ) {
625  $formDescriptor = [];
626  foreach ( $fieldInfo as $fieldName => $singleFieldInfo ) {
627  $formDescriptor[$fieldName] = self::mapSingleFieldInfo( $singleFieldInfo, $fieldName );
628  }
629 
630  $requestSnapshot = serialize( $requests );
631  $this->onAuthChangeFormFields( $requests, $fieldInfo, $formDescriptor, $action );
632  \Hooks::run( 'AuthChangeFormFields', [ $requests, $fieldInfo, &$formDescriptor, $action ] );
633  if ( $requestSnapshot !== serialize( $requests ) ) {
634  LoggerFactory::getInstance( 'authentication' )->warning(
635  'AuthChangeFormFields hook changed auth requests' );
636  }
637 
638  // Process the special 'weight' property, which is a way for AuthChangeFormFields hook
639  // subscribers (who only see one field at a time) to influence ordering.
640  self::sortFormDescriptorFields( $formDescriptor );
641 
642  return $formDescriptor;
643  }
644 
651  protected static function mapSingleFieldInfo( $singleFieldInfo, $fieldName ) {
652  $type = self::mapFieldInfoTypeToFormDescriptorType( $singleFieldInfo['type'] );
653  $descriptor = [
654  'type' => $type,
655  // Do not prefix input name with 'wp'. This is important for the redirect flow.
656  'name' => $fieldName,
657  ];
658 
659  if ( $type === 'submit' && isset( $singleFieldInfo['label'] ) ) {
660  $descriptor['default'] = wfMessage( $singleFieldInfo['label'] )->plain();
661  } elseif ( $type !== 'submit' ) {
662  $descriptor += array_filter( [
663  // help-message is omitted as it is usually not really useful for a web interface
664  'label-message' => self::getField( $singleFieldInfo, 'label' ),
665  ] );
666 
667  if ( isset( $singleFieldInfo['options'] ) ) {
668  $descriptor['options'] = array_flip( array_map( function ( $message ) {
670  return $message->parse();
671  }, $singleFieldInfo['options'] ) );
672  }
673 
674  if ( isset( $singleFieldInfo['value'] ) ) {
675  $descriptor['default'] = $singleFieldInfo['value'];
676  }
677 
678  if ( empty( $singleFieldInfo['optional'] ) ) {
679  $descriptor['required'] = true;
680  }
681  }
682 
683  return $descriptor;
684  }
685 
693  protected static function sortFormDescriptorFields( array &$formDescriptor ) {
694  $i = 0;
695  foreach ( $formDescriptor as &$field ) {
696  $field['__index'] = $i++;
697  }
698  uasort( $formDescriptor, function ( $first, $second ) {
699  return self::getField( $first, 'weight', 0 ) - self::getField( $second, 'weight', 0 )
700  ?: $first['__index'] - $second['__index'];
701  } );
702  foreach ( $formDescriptor as &$field ) {
703  unset( $field['__index'] );
704  }
705  }
706 
714  protected static function getField( array $array, $fieldName, $default = null ) {
715  if ( array_key_exists( $fieldName, $array ) ) {
716  return $array[$fieldName];
717  } else {
718  return $default;
719  }
720  }
721 
728  protected static function mapFieldInfoTypeToFormDescriptorType( $type ) {
729  $map = [
730  'string' => 'text',
731  'password' => 'password',
732  'select' => 'select',
733  'checkbox' => 'check',
734  'multiselect' => 'multiselect',
735  'button' => 'submit',
736  'hidden' => 'hidden',
737  'null' => 'info',
738  ];
739  if ( !array_key_exists( $type, $map ) ) {
740  throw new \LogicException( 'invalid field type: ' . $type );
741  }
742  return $map[$type];
743  }
744 }
AuthManagerSpecialPage\$messages
static array $messages
Customized messages.
Definition: AuthManagerSpecialPage.php:25
array
the array() calling protocol came about after MediaWiki 1.4rc1.
HTMLForm\$typeMappings
static $typeMappings
Definition: HTMLForm.php:130
Status\wrap
static wrap($sv)
Succinct helper method to wrap a StatusValue.
Definition: Status.php:79
AuthManagerSpecialPage
A special page subclass for authentication-related special pages.
Definition: AuthManagerSpecialPage.php:14
$context
$context
Definition: load.php:43
SpecialPage\getContext
getContext()
Gets the context this SpecialPage is executed in.
Definition: SpecialPage.php:631
use
Apache License January AND DISTRIBUTION Definitions License shall mean the terms and conditions for use
Definition: APACHE-LICENSE-2.0.txt:3
SpecialPage\getTitleFor
static getTitleFor($name, $subpage=false, $fragment= '')
Get a localised Title object for a specified special page name.
Definition: SpecialPage.php:80
AuthManagerSpecialPage\needsSubmitButton
needsSubmitButton($formDescriptor)
Returns true if the form has fields which take values.
Definition: AuthManagerSpecialPage.php:564
AuthManagerSpecialPage\messageKey
messageKey($defaultKey)
Return custom message key.
Definition: AuthManagerSpecialPage.php:210
AuthManagerSpecialPage\$allowedActions
static string[] $allowedActions
The list of actions this special page deals with.
Definition: AuthManagerSpecialPage.php:17
DerivativeContext
An IContextSource implementation which will inherit context from another source but allow individual ...
Definition: DerivativeContext.php:31
DerivativeRequest
Similar to FauxRequest, but only fakes URL parameters and method (POST or GET) and use the base reque...
Definition: DerivativeRequest.php:34
HTMLForm\factory
static factory($displayFormat)
Construct a HTMLForm object for given display type.
Definition: HTMLForm.php:272
Status
Generic operation result class Has warning/error list, boolean status and arbitrary value...
Definition: Status.php:40
AuthManagerSpecialPage\mapFieldInfoTypeToFormDescriptorType
static mapFieldInfoTypeToFormDescriptorType($type)
Maps AuthenticationRequest::getFieldInfo() types to HTMLForm types.
Definition: AuthManagerSpecialPage.php:728
AuthManagerSpecialPage\getToken
getToken()
Returns the CSRF token.
Definition: AuthManagerSpecialPage.php:602
MediaWiki\Auth\AuthenticationResponse
This is a value object to hold authentication response data.
Definition: AuthenticationResponse.php:33
SpecialPage\getOutput
getOutput()
Get the OutputPage being used for this instance.
Definition: SpecialPage.php:658
$response
this hook is for auditing only $response
Definition: hooks.txt:776
Status\newFatal
static newFatal($message)
Factory function for fatal errors.
Definition: Status.php:89
AuthManagerSpecialPage\displayForm
displayForm($status)
Display the form.
Definition: AuthManagerSpecialPage.php:548
AuthManagerSpecialPage\getRequestBlacklist
getRequestBlacklist()
Allows blacklisting certain request types.
Definition: AuthManagerSpecialPage.php:219
AuthManagerSpecialPage\setRequest
setRequest(array $data, $wasPosted=null)
Override the POST data, GET data from the real request is preserved.
Definition: AuthManagerSpecialPage.php:75
true
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped noclasses just before the function returns a value If you return true
Definition: hooks.txt:1816
AuthManagerSpecialPage\isActionAllowed
isActionAllowed($action)
Checks whether AuthManager is ready to perform the action.
Definition: AuthManagerSpecialPage.php:303
AuthManagerSpecialPage\$isReturn
bool $isReturn
True if the current request is a result of returning from a redirect flow.
Definition: AuthManagerSpecialPage.php:37
SpecialPage
Parent class for all special pages.
Definition: SpecialPage.php:36
PROTO_HTTPS
const PROTO_HTTPS
Definition: Defines.php:263
AuthManagerSpecialPage\isContinued
isContinued()
Returns true if this is not the first step of the authentication.
Definition: AuthManagerSpecialPage.php:267
MediaWiki\Session\Token
Value object representing a CSRF token.
Definition: Token.php:32
AuthManagerSpecialPage\getContinueAction
getContinueAction($action)
Gets the _CONTINUE version of an action.
Definition: AuthManagerSpecialPage.php:280
AuthManagerSpecialPage\addTabIndex
addTabIndex(&$formDescriptor)
Adds a sequential tabindex starting from 1 to all form elements.
Definition: AuthManagerSpecialPage.php:582
AuthManagerSpecialPage\handleReturnBeforeExecute
handleReturnBeforeExecute($subPage)
Handle redirection from the /return subpage.
Definition: AuthManagerSpecialPage.php:107
ErrorPageError
An error page which can definitely be safely rendered using the OutputPage.
Definition: ErrorPageError.php:27
AuthManagerSpecialPage\getPreservedParams
getPreservedParams($withToken=false)
Returns URL query parameters which can be used to reload the page (or leave and return) while preserv...
Definition: AuthManagerSpecialPage.php:496
$params
$params
Definition: styleTest.css.php:40
AuthManagerSpecialPage\performAuthenticationStep
performAuthenticationStep($action, array $requests)
Definition: AuthManagerSpecialPage.php:343
wfMessage
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped just before the function returns a value If you return an< a > element with HTML attributes $attribs and contents $html will be returned If you return $ret will be returned after processing after in associative array form externallinks including delete and has completed for all link tables whether this was an auto creation default is conds Array Extra conditions for the No matching items in log is displayed if loglist is empty msgKey Array If you want a nice box with a set this to the key of the message First element is the message additional optional elements are parameters for the key that are processed with wfMessage() -> params() ->parseAsBlock()-offset Set to overwrite offset parameter in $wgRequest set to ''to unsetoffset-wrap String Wrap the message in html(usually something like"&lt
$title
Allows to change the fields on the form that will be generated are created Can be used to omit specific feeds from being outputted You must not use this hook to add use OutputPage::addFeedLink() instead.&$feedLinks conditions will AND in the final query as a Content object as a Content object $title
Definition: hooks.txt:312
StatusValue
Generic operation result class Has warning/error list, boolean status and arbitrary value...
Definition: StatusValue.php:42
Hooks\run
static run($event, array $args=[], $deprecatedVersion=null)
Call hook functions defined in Hooks::register and $wgHooks.
Definition: Hooks.php:131
MediaWiki\Auth\AuthManager
This serves as the entry point to the authentication system.
Definition: AuthManager.php:43
as
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition: distributors.txt:9
AuthManagerSpecialPage\loadAuth
loadAuth($subPage, $authAction=null, $reset=false)
Load or initialize $authAction, $authRequests and $subPage.
Definition: AuthManagerSpecialPage.php:232
AuthManagerSpecialPage\$savedRequest
WebRequest null $savedRequest
If set, will be used instead of the real request.
Definition: AuthManagerSpecialPage.php:40
AuthManagerSpecialPage\onAuthChangeFormFields
onAuthChangeFormFields(array $requests, array $fieldInfo, array &$formDescriptor, $action)
Change the form descriptor that determines how a field will look in the authentication form...
Definition: AuthManagerSpecialPage.php:53
$requests
Allows to change the fields on the form that will be generated are created Can be used to omit specific feeds from being outputted You must not use this hook to add use OutputPage::addFeedLink() instead.&$feedLinks conditions will AND in the final query as a Content object as a Content object the(raw HTML) error message to display(added in 1.13) &$status hooks can tweak the array to change how login etc forms should look $requests
Definition: hooks.txt:594
AuthManagerSpecialPage\$authRequests
AuthenticationRequest[] $authRequests
Definition: AuthManagerSpecialPage.php:31
AuthManagerSpecialPage\getField
static getField(array $array, $fieldName, $default=null)
Get an array value, or a default if it does not exist.
Definition: AuthManagerSpecialPage.php:714
php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition: injection.txt:35
$req
this hook is for auditing only $req
Definition: hooks.txt:981
AuthManagerSpecialPage\handleReauthBeforeExecute
handleReauthBeforeExecute($subPage)
Handle redirection when the user needs to (re)authenticate.
Definition: AuthManagerSpecialPage.php:145
AuthManagerSpecialPage\mapSingleFieldInfo
static mapSingleFieldInfo($singleFieldInfo, $fieldName)
Maps an authentication field configuration for a single field (as returned by AuthenticationRequest::...
Definition: AuthManagerSpecialPage.php:651
AuthManagerSpecialPage\getTokenName
getTokenName()
Returns the name of the CSRF token (under which it should be found in the POST or GET data)...
Definition: AuthManagerSpecialPage.php:611
$request
error also a ContextSource you ll probably need to make sure the header is varied on $request
Definition: hooks.txt:2458
SpecialPage\getName
getName()
Get the name of this Special Page.
Definition: SpecialPage.php:133
class
you have access to all of the normal MediaWiki so you can get a DB use the etc For full docs on the Maintenance class
Definition: maintenance.txt:52
AuthManagerSpecialPage\getDefaultAction
getDefaultAction($subPage)
Get the default action for this special page, if none is given via URL/POST data. ...
Definition: AuthManagerSpecialPage.php:201
RawMessage
Variant of the Message class.
Definition: Message.php:1236
SpecialPage\getUser
getUser()
Shortcut to get the User executing this instance.
Definition: SpecialPage.php:668
wfArrayToCgi
wfArrayToCgi($array1, $array2=null, $prefix= '')
This function takes one or two arrays as input, and returns a CGI-style string, e.g.
Definition: GlobalFunctions.php:406
MWCryptRand\generateHex
static generateHex($chars, $forceStrong=false)
Generate a run of (ideally) cryptographically random data and return it in hexadecimal string format...
Definition: MWCryptRand.php:419
AuthManagerSpecialPage\sortFormDescriptorFields
static sortFormDescriptorFields(array &$formDescriptor)
Sort the fields of a form descriptor by their 'weight' property.
Definition: AuthManagerSpecialPage.php:693
AuthManagerSpecialPage\fieldInfoToFormDescriptor
fieldInfoToFormDescriptor(array $requests, array $fieldInfo, $action)
Turns a field info array into a form descriptor.
Definition: AuthManagerSpecialPage.php:624
AuthManagerSpecialPage\getAuthForm
getAuthForm(array $requests, $action)
Definition: AuthManagerSpecialPage.php:527
$status
this hook is for auditing only RecentChangesLinked and Watchlist RecentChangesLinked and Watchlist e g Watchlist removed from all revisions and log entries to which it was applied This gives extensions a chance to take it off their books as the deletion has already been partly carried out by this point or something similar the user will be unable to create the tag set $status
Definition: hooks.txt:1020
LoggerFactory
MediaWiki Logger LoggerFactory implements a PSR[0] compatible message logging system Named Psr Log LoggerInterface instances can be obtained from the MediaWiki Logger LoggerFactory::getInstance() static method.MediaWiki\Logger\LoggerFactory expects a class implementing the MediaWiki\Logger\Spi interface to act as a factory for new Psr\Log\LoggerInterface instances.The"Spi"in MediaWiki\Logger\Spi stands for"service provider interface".An SPI is an API intended to be implemented or extended by a third party.This software design pattern is intended to enable framework extension and replaceable components.It is specifically used in the MediaWiki\Logger\LoggerFactory service to allow alternate PSR-3 logging implementations to be easily integrated with MediaWiki.The service provider interface allows the backend logging library to be implemented in multiple ways.The $wgMWLoggerDefaultSpi global provides the classname of the default MediaWiki\Logger\Spi implementation to be loaded at runtime.This can either be the name of a class implementing the MediaWiki\Logger\Spi with a zero argument const ructor or a callable that will return an MediaWiki\Logger\Spi instance.Alternately the MediaWiki\Logger\LoggerFactory MediaWiki Logger LoggerFactory
Definition: logger.txt:5
SpecialPage\getFullTitle
getFullTitle()
Return the full title, including $par.
Definition: SpecialPage.php:707
$messages
$messages
Definition: LogTests.i18n.php:8
AuthManagerSpecialPage\handleFormSubmit
handleFormSubmit($data)
Submit handler callback for HTMLForm.
Definition: AuthManagerSpecialPage.php:481
serialize
serialize()
Definition: ApiMessage.php:94
AuthManagerSpecialPage\$subPage
string $subPage
Subpage of the special page.
Definition: AuthManagerSpecialPage.php:34
$type
do that in ParserLimitReportFormat instead use this to modify the parameters of the image and a DIV can begin in one section and end in another Make sure your code can handle that case gracefully See the EditSectionClearerLink extension for an example zero but section is usually empty its values are the globals values before the output is cached one of or reset my talk my contributions etc etc otherwise the built in rate limiting checks are if enabled allows for interception of redirect as a string mapping parameter names to values & $type
Definition: hooks.txt:2376
Status\newGood
static newGood($value=null)
Factory function for good results.
Definition: Status.php:101
AuthManagerSpecialPage\getAuthFormDescriptor
getAuthFormDescriptor($requests, $action)
Generates a HTMLForm descriptor array from a set of authentication requests.
Definition: AuthManagerSpecialPage.php:513
MediaWiki\Auth\AuthenticationRequest
This is a value object for authentication requests.
Definition: AuthenticationRequest.php:37
AuthManagerSpecialPage\$authAction
string $authAction
one of the AuthManager::ACTION_* constants.
Definition: AuthManagerSpecialPage.php:28
SpecialPage\getPageTitle
getPageTitle($subpage=false)
Get a self-referential title object.
Definition: SpecialPage.php:611
AuthManagerSpecialPage\trySubmit
trySubmit()
Attempts to do an authentication step with the submitted data.
Definition: AuthManagerSpecialPage.php:398