diff options
Diffstat (limited to 'www/wiki/extensions/Translate/utils/TranslateSandbox.php')
| -rw-r--r-- | www/wiki/extensions/Translate/utils/TranslateSandbox.php | 146 |
1 files changed, 114 insertions, 32 deletions
diff --git a/www/wiki/extensions/Translate/utils/TranslateSandbox.php b/www/wiki/extensions/Translate/utils/TranslateSandbox.php index 988ccc9f..999c4a3e 100644 --- a/www/wiki/extensions/Translate/utils/TranslateSandbox.php +++ b/www/wiki/extensions/Translate/utils/TranslateSandbox.php @@ -4,15 +4,23 @@ * * @file * @author Niklas Laxström - * @license GPL-2.0+ + * @license GPL-2.0-or-later */ +use MediaWiki\Auth\AuthManager; +use MediaWiki\Auth\AuthenticationRequest; +use MediaWiki\Auth\AuthenticationResponse; + /** - * Utility class for the sandbox feature of Translate. + * Utility class for the sandbox feature of Translate. Do not try this yourself. This code makes a + * lot of assumptions about what happens to the user account. */ class TranslateSandbox { + public static $userToCreate = null; + /** * Adds a new user without doing much validation. + * * @param string $name User name. * @param string $email Email address. * @param string $password User provided password. @@ -21,25 +29,51 @@ class TranslateSandbox { */ public static function addUser( $name, $email, $password ) { $user = User::newFromName( $name, 'creatable' ); + if ( !$user instanceof User ) { throw new MWException( 'Invalid user name' ); } - $user->setEmail( $email ); - $status = $user->addToDatabase(); - - if ( !$status->isOK() ) { - throw new MWException( $status->getWikiText() ); + $data = [ + 'username' => $user->getName(), + 'password' => $password, + 'retype' => $password, + 'email' => $email, + 'realname' => '', + ]; + + self::$userToCreate = $user; + $reqs = AuthManager::singleton()->getAuthenticationRequests( AuthManager::ACTION_CREATE ); + $reqs = AuthenticationRequest::loadRequestsFromSubmission( $reqs, $data ); + $res = AuthManager::singleton()->beginAccountCreation( $user, $reqs, 'null:' ); + self::$userToCreate = null; + + switch ( $res->status ) { + case AuthenticationResponse::PASS: + break; + case AuthenticationResponse::FAIL: + // Unless things are misconfigured, this will handle errors such as username taken, + // invalid user name or too short password. The WebAPI is prechecking these to + // provide nicer error messages. + $reason = $res->message->inLanguage( 'en' )->useDatabase( false )->text(); + throw new MWException( "Account creation failed: $reason" ); + default: + // Just in case it was a Secondary that failed + $user->clearInstanceCache( 'name' ); + if ( $user->getId() ) { + self::deleteUser( $user, 'force' ); + } + throw new MWException( + 'AuthManager does not support such simplified account creation' + ); } - $user->setPassword( $password ); - $user->saveSettings(); + // User now has an id, but we must clear the cache to see it. Without this the group + // addition below would not be saved in the database. + $user->clearInstanceCache( 'name' ); - // Need to have an id first // group-translate-sandboxed group-translate-sandboxed-member $user->addGroup( 'translate-sandboxed' ); - $user->clearInstanceCache( 'name' ); - $user->sendConfirmationMail(); return $user; } @@ -53,6 +87,7 @@ class TranslateSandbox { */ public static function deleteUser( User $user, $force = '' ) { $uid = $user->getId(); + $username = $user->getName(); if ( $force !== 'force' && !self::isSandboxed( $user ) ) { throw new MWException( 'Not a sandboxed user' ); @@ -60,8 +95,24 @@ class TranslateSandbox { // Delete from database $dbw = wfGetDB( DB_MASTER ); - $dbw->delete( 'user', array( 'user_id' => $uid ), __METHOD__ ); - $dbw->delete( 'user_groups', array( 'ug_user' => $uid ), __METHOD__ ); + $dbw->delete( 'user', [ 'user_id' => $uid ], __METHOD__ ); + $dbw->delete( 'user_groups', [ 'ug_user' => $uid ], __METHOD__ ); + $dbw->delete( 'user_properties', [ 'up_user' => $uid ], __METHOD__ ); + + if ( class_exists( ActorMigration::class ) ) { + $m = ActorMigration::newMigration(); + + // Assume no joins are needed for logging or recentchanges + $dbw->delete( 'logging', $m->getWhere( $dbw, 'log_user', $user )['conds'], __METHOD__ ); + $dbw->delete( 'recentchanges', $m->getWhere( $dbw, 'rc_user', $user )['conds'], __METHOD__ ); + } else { + $dbw->delete( 'logging', [ 'log_user' => $uid ], __METHOD__ ); + $dbw->delete( + 'recentchanges', + [ 'rc_user' => $uid, 'rc_user_text' => $username ], + __METHOD__ + ); + } // If someone tries to access still object still, they will get anon user // data. @@ -88,14 +139,25 @@ class TranslateSandbox { */ public static function getUsers() { $dbw = TranslateUtils::getSafeReadDB(); - $tables = array( 'user', 'user_groups' ); - $fields = User::selectFields(); - $conds = array( + if ( is_callable( [ User::class, 'getQueryInfo' ] ) ) { + $userQuery = User::getQueryInfo(); + } else { + $userQuery = [ + 'tables' => [ 'user' ], + 'fields' => User::selectFields(), + 'joins' => [], + ]; + } + $tables = array_merge( $userQuery['tables'], [ 'user_groups' ] ); + $fields = $userQuery['fields']; + $conds = [ 'ug_group' => 'translate-sandboxed', - 'ug_user = user_id', - ); + ]; + $joins = [ + 'user_groups' => [ 'JOIN', 'ug_user = user_id' ], + ] + $userQuery['joins']; - $res = $dbw->select( $tables, $fields, $conds, __METHOD__ ); + $res = $dbw->select( $tables, $fields, $conds, __METHOD__, [], $joins ); return UserArray::newFromResult( $res ); } @@ -169,15 +231,15 @@ class TranslateSandbox { $sender->getName() )->inLanguage( $targetLang )->text(); - $params = array( + $params = [ 'user' => $target->getId(), - 'to' => new MailAddress( $target ), - 'from' => new MailAddress( $sender ), + 'to' => MailAddress::newFromUser( $target ), + 'from' => MailAddress::newFromUser( $sender ), 'replyto' => new MailAddress( $wgNoReplyAddress ), 'subj' => $subject, 'body' => $body, 'emailType' => $type, - ); + ]; JobQueueGroup::singleton()->push( TranslateSandboxEmailJob::newJob( $params ) ); } @@ -196,7 +258,12 @@ class TranslateSandbox { return false; } - /// Hook: UserGetRights + /** + * Hook: UserGetRights + * @param User $user + * @param array &$rights + * @return true + */ public static function enforcePermissions( User $user, array &$rights ) { global $wgTranslateUseSandbox; @@ -209,7 +276,7 @@ class TranslateSandbox { } // right-translate-sandboxaction action-translate-sandboxaction - $rights = array( + $rights = [ 'editmyoptions', 'editmyprivateinfo', 'read', @@ -217,16 +284,23 @@ class TranslateSandbox { 'translate-sandboxaction', 'viewmyprivateinfo', 'writeapi', - ); + ]; // Do not let other hooks add more actions return false; } + /// Hook: UserGetRights + public static function allowAccountCreation( $user, &$rights ) { + if ( self::$userToCreate && $user->equals( self::$userToCreate ) ) { + $rights[] = 'createaccount'; + } + } + /// Hook: onGetPreferences public static function onGetPreferences( $user, &$preferences ) { $preferences['translate-sandbox'] = $preferences['translate-sandbox-reminders'] = - array( 'type' => 'api' ); + [ 'type' => 'api' ]; return true; } @@ -234,19 +308,27 @@ class TranslateSandbox { /** * Whitelisting for certain API modules. See also enforcePermissions. * Hook: ApiCheckCanExecute + * @param ApiBase $module + * @param User $user + * @param string &$message + * @return bool */ public static function onApiCheckCanExecute( ApiBase $module, User $user, &$message ) { - $whitelist = array( + $whitelist = [ // Obviously this is needed to get out of the sandbox 'ApiTranslationStash', // Used by UniversalLanguageSelector for example 'ApiOptions' - ); + ]; - if ( TranslateSandbox::isSandboxed( $user ) ) { + if ( self::isSandboxed( $user ) ) { $class = get_class( $module ); if ( $module->isWriteMode() && !in_array( $class, $whitelist, true ) ) { - $message = 'writerequired'; + $message = ApiMessage::create( 'apierror-writeapidenied' ); + if ( $message->getApiCode() === 'apierror-writeapidenied' ) { + // Backwards compatibility for pre-1.29 MediaWiki + $message = 'writerequired'; + } return false; } } |