Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | n/a |
0 / 0 |
n/a |
0 / 0 |
CRAP | n/a |
0 / 0 |
1 | <?php |
2 | /** |
3 | * Pre-authentication provider interface |
4 | * |
5 | * This program is free software; you can redistribute it and/or modify |
6 | * it under the terms of the GNU General Public License as published by |
7 | * the Free Software Foundation; either version 2 of the License, or |
8 | * (at your option) any later version. |
9 | * |
10 | * This program is distributed in the hope that it will be useful, |
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
13 | * GNU General Public License for more details. |
14 | * |
15 | * You should have received a copy of the GNU General Public License along |
16 | * with this program; if not, write to the Free Software Foundation, Inc., |
17 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
18 | * http://www.gnu.org/copyleft/gpl.html |
19 | * |
20 | * @file |
21 | * @ingroup Auth |
22 | */ |
23 | |
24 | namespace MediaWiki\Auth; |
25 | |
26 | use MediaWiki\User\User; |
27 | use StatusValue; |
28 | |
29 | /** |
30 | * A pre-authentication provider can prevent authentication early on. |
31 | * |
32 | * A PreAuthenticationProvider is used to supply arbitrary checks to be |
33 | * performed before the PrimaryAuthenticationProviders are consulted during the |
34 | * login / account creation / account linking process. Possible uses include |
35 | * checking that a per-IP throttle has not been reached or that a captcha has been solved. |
36 | * |
37 | * This interface also provides callbacks that are invoked after login / account creation |
38 | * / account linking succeeded or failed. |
39 | * |
40 | * @ingroup Auth |
41 | * @since 1.27 |
42 | * @see https://www.mediawiki.org/wiki/Manual:SessionManager_and_AuthManager |
43 | */ |
44 | interface PreAuthenticationProvider extends AuthenticationProvider { |
45 | |
46 | /** |
47 | * Determine whether an authentication may begin |
48 | * |
49 | * Called from AuthManager::beginAuthentication() |
50 | * |
51 | * @param AuthenticationRequest[] $reqs |
52 | * @return StatusValue |
53 | */ |
54 | public function testForAuthentication( array $reqs ); |
55 | |
56 | /** |
57 | * Post-login callback |
58 | * |
59 | * This will be called at the end of a login attempt. It will not be called for unfinished |
60 | * login attempts that fail by the session timing out. |
61 | * |
62 | * @note Under certain circumstances, this can be called even when testForAuthentication |
63 | * was not; see AuthenticationRequest::$loginRequest. |
64 | * @param User|null $user User that was attempted to be logged in, if known. |
65 | * This may become a "UserValue" in the future, or User may be refactored |
66 | * into such. |
67 | * @param AuthenticationResponse $response Authentication response that will be returned |
68 | * (PASS or FAIL) |
69 | */ |
70 | public function postAuthentication( $user, AuthenticationResponse $response ); |
71 | |
72 | /** |
73 | * Determine whether an account creation may begin |
74 | * |
75 | * Called from AuthManager::beginAccountCreation() |
76 | * |
77 | * @note No need to test if the account exists, AuthManager checks that |
78 | * @param User $user User being created (not added to the database yet). |
79 | * This may become a "UserValue" in the future, or User may be refactored |
80 | * into such. |
81 | * @param User $creator User doing the creation. This may become a |
82 | * "UserValue" in the future, or User may be refactored into such. |
83 | * @param AuthenticationRequest[] $reqs |
84 | * @return StatusValue |
85 | */ |
86 | public function testForAccountCreation( $user, $creator, array $reqs ); |
87 | |
88 | /** |
89 | * Determine whether an account may be created |
90 | * |
91 | * @param User $user User being created (not added to the database yet). |
92 | * This may become a "UserValue" in the future, or User may be refactored |
93 | * into such. |
94 | * @param bool|string $autocreate False if this is not an auto-creation, or |
95 | * the source of the auto-creation passed to AuthManager::autoCreateUser(). |
96 | * @param array $options |
97 | * - flags: (int) Bitfield of IDBAccessObject::READ_* constants, default IDBAccessObject::READ_NORMAL |
98 | * - creating: (bool) If false (or missing), this call is only testing if |
99 | * a user could be created. If set, this (non-autocreation) is for |
100 | * actually creating an account and will be followed by a call to |
101 | * testForAccountCreation(). In this case, the provider might return |
102 | * StatusValue::newGood() here and let the later call to |
103 | * testForAccountCreation() do a more thorough test. |
104 | * @return StatusValue |
105 | */ |
106 | public function testUserForCreation( $user, $autocreate, array $options = [] ); |
107 | |
108 | /** |
109 | * Post-creation callback |
110 | * |
111 | * This will be called at the end of an account creation attempt. It will not be called if |
112 | * the account creation process results in a session timeout (possibly after a successful |
113 | * user creation, while a secondary provider is waiting for a response). |
114 | * |
115 | * @param User $user User that was attempted to be created. |
116 | * This may become a "UserValue" in the future, or User may be refactored |
117 | * into such. |
118 | * @param User $creator User doing the creation. This may become a |
119 | * "UserValue" in the future, or User may be refactored into such. |
120 | * @param AuthenticationResponse $response Authentication response that will be returned |
121 | * (PASS or FAIL) |
122 | */ |
123 | public function postAccountCreation( $user, $creator, AuthenticationResponse $response ); |
124 | |
125 | /** |
126 | * Determine whether an account may linked to another authentication method |
127 | * |
128 | * @param User $user User being linked. |
129 | * This may become a "UserValue" in the future, or User may be refactored |
130 | * into such. |
131 | * @return StatusValue |
132 | */ |
133 | public function testForAccountLink( $user ); |
134 | |
135 | /** |
136 | * Post-link callback |
137 | * |
138 | * This will be called at the end of an account linking attempt. |
139 | * |
140 | * @param User $user User that was attempted to be linked. |
141 | * This may become a "UserValue" in the future, or User may be refactored |
142 | * into such. |
143 | * @param AuthenticationResponse $response Authentication response that will be returned |
144 | * (PASS or FAIL) |
145 | */ |
146 | public function postAccountLink( $user, AuthenticationResponse $response ); |
147 | |
148 | } |