MediaWiki  1.27.2
MediaWiki\Auth\AuthManager Class Reference

This serves as the entry point to the authentication system. More...

Inheritance diagram for MediaWiki\Auth\AuthManager:
Collaboration diagram for MediaWiki\Auth\AuthManager:

Public Member Functions

 __construct (WebRequest $request, Config $config)
 
 forcePrimaryAuthenticationProviders (array $providers, $why)
 Force certain PrimaryAuthenticationProviders. More...
 
 getRequest ()
 
 setLogger (LoggerInterface $logger)
 
Authentication
 canAuthenticateNow ()
 Indicate whether user authentication is possible. More...
 
 beginAuthentication (array $reqs, $returnToUrl)
 Start an authentication flow. More...
 
 continueAuthentication (array $reqs)
 Continue an authentication flow. More...
 
 securitySensitiveOperationStatus ($operation)
 Whether security-sensitive operations should proceed. More...
 
 userCanAuthenticate ($username)
 Determine whether a username can authenticate. More...
 
 normalizeUsername ($username)
 Provide normalized versions of the username for security checks. More...
 
Authentication data changing
 revokeAccessForUser ($username)
 Revoke any authentication credentials for a user. More...
 
 allowsAuthenticationDataChange (AuthenticationRequest $req, $checkData=true)
 Validate a change of authentication data (e.g. More...
 
 changeAuthenticationData (AuthenticationRequest $req)
 Change authentication data (e.g. More...
 
Account creation
 canCreateAccounts ()
 Determine whether accounts can be created. More...
 
 canCreateAccount ($username, $flags=User::READ_NORMAL)
 Determine whether a particular account can be created. More...
 
 checkAccountCreatePermissions (User $creator)
 Basic permissions checks on whether a user can create accounts. More...
 
 beginAccountCreation (User $creator, array $reqs, $returnToUrl)
 Start an account creation flow. More...
 
 continueAccountCreation (array $reqs)
 Continue an account creation flow. More...
 
 autoCreateUser (User $user, $source, $login=true)
 Auto-create an account, and log into that account. More...
 
Account linking
 canLinkAccounts ()
 Determine whether accounts can be linked. More...
 
 beginAccountLink (User $user, array $reqs, $returnToUrl)
 Start an account linking flow. More...
 
 continueAccountLink (array $reqs)
 Continue an account linking flow. More...
 

Static Public Member Functions

static callLegacyAuthPlugin ($method, array $params, $return=null)
 Call a legacy AuthPlugin method, if necessary. More...
 
static singleton ()
 Get the global AuthManager. More...
 

Public Attributes

const ACTION_CHANGE = 'change'
 Change a user's credentials. More...
 
const ACTION_CREATE = 'create'
 Create a new user. More...
 
const ACTION_CREATE_CONTINUE = 'create-continue'
 Continue a user creation process that was interrupted by the need for user input or communication with an external provider. More...
 
const ACTION_LINK = 'link'
 Link an existing user to a third-party account. More...
 
const ACTION_LINK_CONTINUE = 'link-continue'
 Continue a user linking process that was interrupted by the need for user input or communication with an external provider. More...
 
const ACTION_LOGIN = 'login'
 Log in with an existing (not necessarily local) user. More...
 
const ACTION_LOGIN_CONTINUE = 'login-continue'
 Continue a login process that was interrupted by the need for user input or communication with an external provider. More...
 
const ACTION_REMOVE = 'remove'
 Remove a user's credentials. More...
 
const ACTION_UNLINK = 'unlink'
 Like ACTION_REMOVE but for linking providers only. More...
 
const AUTOCREATE_SOURCE_SESSION = \MediaWiki\Session\SessionManager::class
 Auto-creation is due to SessionManager. More...
 
const SEC_FAIL = 'fail'
 Security-sensitive should not be performed. More...
 
const SEC_OK = 'ok'
 Security-sensitive operations are ok. More...
 
const SEC_REAUTH = 'reauth'
 Security-sensitive operations should re-authenticate. More...
 

Private Attributes

AuthenticationProvider[] $allAuthenticationProviders = []
 
Config $config
 
CreatedAccountAuthenticationRequest[] $createdAccountAuthenticationRequests = []
 
LoggerInterface $logger
 
PreAuthenticationProvider[] $preAuthenticationProviders = null
 
PrimaryAuthenticationProvider[] $primaryAuthenticationProviders = null
 
WebRequest $request
 
SecondaryAuthenticationProvider[] $secondaryAuthenticationProviders = null
 

Static Private Attributes

static AuthManager null $instance = null
 

Information methods

 getAuthenticationRequests ($action, User $user=null)
 Return the applicable list of AuthenticationRequests. More...
 
 userExists ($username, $flags=User::READ_NORMAL)
 Determine whether a username exists. More...
 
 allowsPropertyChange ($property)
 Determine whether a user property should be allowed to be changed. More...
 
 getAuthenticationProvider ($id)
 Get a provider by ID. More...
 
 getAuthenticationRequestsInternal ($providerAction, array $options, array $providers, User $user=null)
 Internal request lookup for self::getAuthenticationRequests. More...
 
 fillRequests (array &$reqs, $action, $username, $forceAction=false)
 Set values in an array of requests. More...
 

Internal methods

static resetCache ()
 Reset the internal caching for unit testing. More...
 
 setAuthenticationSessionData ($key, $data)
 Store authentication in the current session. More...
 
 getAuthenticationSessionData ($key, $default=null)
 Fetch authentication data from the current session. More...
 
 removeAuthenticationSessionData ($key)
 Remove authentication data. More...
 
 getConfiguration ()
 Get the configuration. More...
 
 setSessionDataForUser ($user, $remember=null)
 
 setDefaultUserOptions (User $user, $useContextLang)
 
 callMethodOnProviders ($which, $method, array $args)
 
 providerArrayFromSpecs ($class, array $specs)
 Create an array of AuthenticationProviders from an array of ObjectFactory specs. More...
 
 getPreAuthenticationProviders ()
 Get the list of PreAuthenticationProviders. More...
 
 getPrimaryAuthenticationProviders ()
 Get the list of PrimaryAuthenticationProviders. More...
 
 getSecondaryAuthenticationProviders ()
 Get the list of SecondaryAuthenticationProviders. More...
 

Detailed Description

This serves as the entry point to the authentication system.

In the future, it may also serve as the entry point to the authorization system.

Since
1.27

Definition at line 43 of file AuthManager.php.

Constructor & Destructor Documentation

MediaWiki\Auth\AuthManager::__construct ( WebRequest  $request,
Config  $config 
)

Member Function Documentation

MediaWiki\Auth\AuthManager::allowsAuthenticationDataChange ( AuthenticationRequest  $req,
  $checkData = true 
)

Validate a change of authentication data (e.g.

passwords)

Parameters
AuthenticationRequest$req
bool$checkDataIf false, $req hasn't been loaded from the submission so checks on user-submitted fields should be skipped. $req->username is considered user-submitted for this purpose, even if it cannot be changed via $req->loadFromSubmission.
Returns
Status

Definition at line 807 of file AuthManager.php.

References $status, as, MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders(), Status\newGood(), and Status\wrap().

Referenced by MediaWiki\Auth\AuthManager\getAuthenticationRequestsInternal().

MediaWiki\Auth\AuthManager::allowsPropertyChange (   $property)

Determine whether a user property should be allowed to be changed.

Supported properties are:

  • emailaddress
  • realname
  • nickname
Parameters
string$property
Returns
bool

Definition at line 2099 of file AuthManager.php.

References $property, as, MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), and MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders().

MediaWiki\Auth\AuthManager::autoCreateUser ( User  $user,
  $source,
  $login = true 
)
MediaWiki\Auth\AuthManager::beginAccountCreation ( User  $creator,
array  $reqs,
  $returnToUrl 
)

Start an account creation flow.

In addition to the AuthenticationRequests returned by $this->getAuthenticationRequests(), a client might include a CreateFromLoginAuthenticationRequest from a previous login attempt. If $createFromLoginAuthenticationRequest->hasPrimaryStateForAction( AuthManager::ACTION_CREATE ) returns true, any AuthenticationRequest::PRIMARY_REQUIRED requests should be omitted. If the CreateFromLoginAuthenticationRequest has a username set, that username must be used for all other requests.

Parameters
User$creatorUser doing the account creation
AuthenticationRequest[]$reqs
string$returnToUrlUrl that REDIRECT responses should eventually return to.
Returns
AuthenticationResponse

Definition at line 978 of file AuthManager.php.

References $req, $status, $user, $username, as, MediaWiki\Auth\AuthManager\canCreateAccount(), MediaWiki\Auth\AuthManager\canCreateAccounts(), MediaWiki\Auth\AuthManager\checkAccountCreatePermissions(), class, MediaWiki\Auth\AuthManager\continueAccountCreation(), User\getId(), User\getName(), MediaWiki\Auth\AuthenticationRequest\getRequestByClass(), MediaWiki\Auth\AuthenticationRequest\getUsernameFromRequests(), MediaWiki\Auth\AuthenticationResponse\newFail(), User\newFromName(), IDBAccessObject\READ_LOCKING, MediaWiki\Auth\AuthManager\removeAuthenticationSessionData(), request, wfMessage(), and Status\wrap().

MediaWiki\Auth\AuthManager::beginAuthentication ( array  $reqs,
  $returnToUrl 
)

Start an authentication flow.

In addition to the AuthenticationRequests returned by $this->getAuthenticationRequests(), a client might include a CreateFromLoginAuthenticationRequest from a previous login attempt to preserve state.

Instead of the AuthenticationRequests returned by $this->getAuthenticationRequests(), a client might pass a CreatedAccountAuthenticationRequest from an account creation that just succeeded to log in to the just-created account.

Parameters
AuthenticationRequest[]$reqs
string$returnToUrlUrl that REDIRECT responses should eventually return to.
Returns
AuthenticationResponse See self::continueAuthentication()

Definition at line 244 of file AuthManager.php.

References $req, $ret, $status, $user, as, MediaWiki\Auth\AuthManager\callMethodOnProviders(), class, MediaWiki\Auth\AuthManager\continueAuthentication(), MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthenticationRequest\getRequestByClass(), MediaWiki\Auth\AuthenticationResponse\newFail(), User\newFromName(), MediaWiki\Auth\AuthenticationResponse\newPass(), MediaWiki\Auth\AuthManager\removeAuthenticationSessionData(), request, Hooks\run(), MediaWiki\Auth\AuthManager\setSessionDataForUser(), and Status\wrap().

static MediaWiki\Auth\AuthManager::callLegacyAuthPlugin (   $method,
array  $params,
  $return = null 
)
static

Call a legacy AuthPlugin method, if necessary.

Deprecated:
For backwards compatibility only, should be avoided in new code
Parameters
string$methodAuthPlugin method to call
array$paramsParameters to pass
mixed$returnReturn value if AuthPlugin wasn't called
Returns
mixed Return value from the AuthPlugin method, or $return

Definition at line 199 of file AuthManager.php.

References global.

Referenced by SpecialChangeEmail\attemptChange(), UserrightsPage\doSaveUserGroups(), MediaWiki\Session\SessionManager\invalidateSessionsForUser(), and Preferences\tryFormSubmit().

MediaWiki\Auth\AuthManager::canAuthenticateNow ( )

Indicate whether user authentication is possible.

It may not be if the session is provided by something like OAuth for which each individual request includes authentication data.

Returns
bool

Definition at line 222 of file AuthManager.php.

References request.

Referenced by MediaWiki\Auth\AuthManager\securitySensitiveOperationStatus().

MediaWiki\Auth\AuthManager::canLinkAccounts ( )
MediaWiki\Auth\AuthManager::changeAuthenticationData ( AuthenticationRequest  $req)

Change authentication data (e.g.

passwords)

If $req was returned for AuthManager::ACTION_CHANGE, using $req should result in a successful login in the future.

If $req was returned for AuthManager::ACTION_REMOVE, using $req should no longer result in a successful login.

Parameters
AuthenticationRequest$req

Definition at line 837 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\callMethodOnProviders(), and BotPassword\invalidateAllPasswordsForUser().

MediaWiki\Auth\AuthManager::checkAccountCreatePermissions ( User  $creator)
MediaWiki\Auth\AuthManager::continueAccountCreation ( array  $reqs)

Continue an account creation flow.

Parameters
AuthenticationRequest[]$reqs
Returns
AuthenticationResponse

Definition at line 1077 of file AuthManager.php.

References $cache, $name, $req, $res, $ret, $status, $user, MediaWiki\Auth\AuthenticationResponse\ABSTAIN, DeferredUpdates\addUpdate(), as, MediaWiki\Auth\AuthManager\callMethodOnProviders(), MediaWiki\Auth\AuthManager\canCreateAccounts(), MediaWiki\Auth\AuthManager\checkAccountCreatePermissions(), class, MediaWiki\Auth\AuthenticationResponse\FAIL, MediaWiki\Auth\AuthManager\fillRequests(), MediaWiki\Auth\AuthManager\getAuthenticationProvider(), ObjectCache\getLocalClusterInstance(), MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), MediaWiki\Auth\AuthenticationRequest\getRequestByClass(), MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders(), User\IGNORE_USER_RIGHTS, MediaWiki\Auth\AuthenticationResponse\newFail(), User\newFromId(), User\newFromName(), MediaWiki\Auth\AuthenticationResponse\newPass(), MediaWiki\Auth\AuthenticationResponse\PASS, IDBAccessObject\READ_LOCKING, MediaWiki\Auth\AuthenticationResponse\REDIRECT, MediaWiki\Auth\AuthManager\removeAuthenticationSessionData(), request, Hooks\run(), MediaWiki\Auth\AuthManager\setDefaultUserOptions(), MediaWiki\Auth\PrimaryAuthenticationProvider\TYPE_NONE, MediaWiki\Auth\AuthenticationResponse\UI, User, wfMessage(), and Status\wrap().

Referenced by MediaWiki\Auth\AuthManager\beginAccountCreation().

MediaWiki\Auth\AuthManager::continueAuthentication ( array  $reqs)

Continue an authentication flow.

Return values are interpreted as follows:

  • status FAIL: Authentication failed. If $response->createRequest is set, that may be passed to self::beginAuthentication() or to self::beginAccountCreation() to preserve state.
  • status REDIRECT: The client should be redirected to the contained URL, new AuthenticationRequests should be made (if any), then AuthManager::continueAuthentication() should be called.
  • status UI: The client should be presented with a user interface for the fields in the specified AuthenticationRequests, then new AuthenticationRequests should be made, then AuthManager::continueAuthentication() should be called.
  • status RESTART: The user logged in successfully with a third-party service, but the third-party credentials aren't attached to any local account. This could be treated as a UI or a FAIL.
  • status PASS: Authentication was successful.
Parameters
AuthenticationRequest[]$reqs
Returns
AuthenticationResponse

Definition at line 368 of file AuthManager.php.

References $req, $res, $ret, $status, $user, MediaWiki\Auth\AuthenticationResponse\ABSTAIN, as, MediaWiki\Auth\AuthManager\autoCreateUser(), MediaWiki\Auth\AuthManager\callMethodOnProviders(), class, MediaWiki\Auth\AuthenticationResponse\FAIL, MediaWiki\Auth\AuthManager\fillRequests(), MediaWiki\Auth\AuthManager\getAuthenticationProvider(), MediaWiki\Auth\AuthManager\getAuthenticationRequestsInternal(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), MediaWiki\Auth\AuthenticationRequest\getRequestByClass(), MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders(), MediaWiki\Auth\AuthenticationResponse\newFail(), User\newFromName(), MediaWiki\Auth\AuthenticationResponse\newPass(), MediaWiki\Auth\AuthenticationResponse\newRestart(), MediaWiki\Auth\AuthenticationResponse\PASS, MediaWiki\Auth\AuthenticationResponse\REDIRECT, MediaWiki\Auth\AuthManager\removeAuthenticationSessionData(), request, Hooks\run(), MediaWiki\Auth\AuthManager\setSessionDataForUser(), MediaWiki\Auth\PrimaryAuthenticationProvider\TYPE_LINK, MediaWiki\Auth\AuthenticationResponse\UI, wfMessage(), and Status\wrap().

Referenced by MediaWiki\Auth\AuthManager\beginAuthentication().

MediaWiki\Auth\AuthManager::fillRequests ( array $reqs,
  $action,
  $username,
  $forceAction = false 
)
private

Set values in an array of requests.

Parameters
AuthenticationRequest[]&$reqs
string$action
string | null$username
boolean$forceAction

Definition at line 2061 of file AuthManager.php.

References MediaWiki\$action, $req, $username, and as.

Referenced by MediaWiki\Auth\AuthManager\beginAccountLink(), MediaWiki\Auth\AuthManager\continueAccountCreation(), MediaWiki\Auth\AuthManager\continueAccountLink(), MediaWiki\Auth\AuthManager\continueAuthentication(), and MediaWiki\Auth\AuthManager\getAuthenticationRequestsInternal().

MediaWiki\Auth\AuthManager::forcePrimaryAuthenticationProviders ( array  $providers,
  $why 
)

Force certain PrimaryAuthenticationProviders.

Deprecated:
For backwards compatibility only
Parameters
PrimaryAuthenticationProvider[]$providers
string$why

Definition at line 147 of file AuthManager.php.

References as, and request.

MediaWiki\Auth\AuthManager::getAuthenticationProvider (   $id)

Get a provider by ID.

Note
This is public so extensions can check whether their own provider is installed and so they can read its configuration if necessary. Other uses are not recommended.
Parameters
string$id
Returns
AuthenticationProvider|null

Definition at line 2118 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), and MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders().

Referenced by MediaWiki\Auth\AuthManager\autoCreateUser(), MediaWiki\Auth\AuthManager\continueAccountCreation(), MediaWiki\Auth\AuthManager\continueAccountLink(), and MediaWiki\Auth\AuthManager\continueAuthentication().

MediaWiki\Auth\AuthManager::getAuthenticationRequests (   $action,
User  $user = null 
)

Return the applicable list of AuthenticationRequests.

Possible values for $action:

  • ACTION_LOGIN: Valid for passing to beginAuthentication
  • ACTION_LOGIN_CONTINUE: Valid for passing to continueAuthentication in the current state
  • ACTION_CREATE: Valid for passing to beginAccountCreation
  • ACTION_CREATE_CONTINUE: Valid for passing to continueAccountCreation in the current state
  • ACTION_LINK: Valid for passing to beginAccountLink
  • ACTION_LINK_CONTINUE: Valid for passing to continueAccountLink in the current state
  • ACTION_CHANGE: Valid for passing to changeAuthenticationData to change credentials
  • ACTION_REMOVE: Valid for passing to changeAuthenticationData to remove credentials.
  • ACTION_UNLINK: Same as ACTION_REMOVE, but limited to linked accounts.
Parameters
string$actionOne of the AuthManager::ACTION_* constants
User | null$userUser being acted on, instead of the current user.
Returns
AuthenticationRequest[]

Definition at line 1931 of file AuthManager.php.

References MediaWiki\$action, $options, $user, MediaWiki\Auth\AuthManager\getAuthenticationRequestsInternal(), MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders(), request, and MediaWiki\Auth\PrimaryAuthenticationProvider\TYPE_LINK.

MediaWiki\Auth\AuthManager::getAuthenticationRequestsInternal (   $providerAction,
array  $options,
array  $providers,
User  $user = null 
)
private

Internal request lookup for self::getAuthenticationRequests.

Parameters
string$providerActionAction to pass to providers
array$optionsOptions to pass to providers
AuthenticationProvider[]$providers
User | null$user
Returns
AuthenticationRequest[]

Definition at line 1995 of file AuthManager.php.

References $req, $user, MediaWiki\Auth\AuthManager\allowsAuthenticationDataChange(), as, MediaWiki\Auth\AuthManager\fillRequests(), RequestContext\getMain(), MediaWiki\Auth\AuthenticationRequest\OPTIONAL, MediaWiki\Auth\AuthenticationRequest\PRIMARY_REQUIRED, and MediaWiki\Auth\AuthenticationRequest\REQUIRED.

Referenced by MediaWiki\Auth\AuthManager\continueAuthentication(), and MediaWiki\Auth\AuthManager\getAuthenticationRequests().

MediaWiki\Auth\AuthManager::getAuthenticationSessionData (   $key,
  $default = null 
)

Fetch authentication data from the current session.

Access:
protected For use by AuthenticationProviders
Parameters
string$key
mixed$default
Returns
mixed

Definition at line 2171 of file AuthManager.php.

References $key, and request.

MediaWiki\Auth\AuthManager::getConfiguration ( )
private
MediaWiki\Auth\AuthManager::getRequest ( )
MediaWiki\Auth\AuthManager::normalizeUsername (   $username)

Provide normalized versions of the username for security checks.

Since different providers can normalize the input in different ways, this returns an array of all the different ways the name might be normalized for authentication.

The returned strings should not be revealed to the user, as that might leak private information (e.g. an email address might be normalized to a username).

Parameters
string$username
Returns
string[]

Definition at line 766 of file AuthManager.php.

References $ret, $username, as, and MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders().

MediaWiki\Auth\AuthManager::providerArrayFromSpecs (   $class,
array  $specs 
)
protected

Create an array of AuthenticationProviders from an array of ObjectFactory specs.

Parameters
string$class
array[]$specs
Returns
AuthenticationProvider[]

Definition at line 2204 of file AuthManager.php.

References $ret, as, and ObjectFactory\getObjectFromSpec().

Referenced by MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), and MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders().

MediaWiki\Auth\AuthManager::removeAuthenticationSessionData (   $key)

Remove authentication data.

Access:
protected For use by AuthenticationProviders
Parameters
string | null$keyIf null, all data is removed

Definition at line 2185 of file AuthManager.php.

References $key, and request.

Referenced by MediaWiki\Auth\AuthManager\beginAccountCreation(), MediaWiki\Auth\AuthManager\beginAccountLink(), MediaWiki\Auth\AuthManager\beginAuthentication(), MediaWiki\Auth\AuthManager\continueAccountCreation(), and MediaWiki\Auth\AuthManager\continueAuthentication().

static MediaWiki\Auth\AuthManager::resetCache ( )
static

Reset the internal caching for unit testing.

Definition at line 2356 of file AuthManager.php.

Referenced by ApiTestCase\doApiRequest(), and MediaWikiTestCase\tearDown().

MediaWiki\Auth\AuthManager::revokeAccessForUser (   $username)

Revoke any authentication credentials for a user.

After this, the user should no longer be able to log in.

Parameters
string$username

Definition at line 791 of file AuthManager.php.

References $username, and MediaWiki\Auth\AuthManager\callMethodOnProviders().

MediaWiki\Auth\AuthManager::securitySensitiveOperationStatus (   $operation)

Whether security-sensitive operations should proceed.

A "security-sensitive operation" is something like a password or email change, that would normally have a "reenter your password to confirm" box if we only supported password-based authentication.

Parameters
string$operationOperation being checked. This should be a message-key-like string such as 'change-password' or 'change-email'.
Returns
string One of the SEC_* constants.

Definition at line 673 of file AuthManager.php.

References $last, $status, MediaWiki\Auth\AuthManager\canAuthenticateNow(), request, and Hooks\run().

MediaWiki\Auth\AuthManager::setAuthenticationSessionData (   $key,
  $data 
)

Store authentication in the current session.

Access:
protected For use by AuthenticationProviders
Parameters
string$key
mixed$dataMust be serializable

Definition at line 2154 of file AuthManager.php.

References $key, and request.

MediaWiki\Auth\AuthManager::setDefaultUserOptions ( User  $user,
  $useContextLang 
)
private
Parameters
User$user
bool$useContextLangUse 'uselang' to set the user's language

Definition at line 2319 of file AuthManager.php.

References $lang, $wgContLang, RequestContext\getMain(), global, User\setOption(), and User\setToken().

Referenced by MediaWiki\Auth\AuthManager\autoCreateUser(), and MediaWiki\Auth\AuthManager\continueAccountCreation().

MediaWiki\Auth\AuthManager::setLogger ( LoggerInterface  $logger)
Parameters
LoggerInterface$logger

Definition at line 130 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\$logger.

Referenced by MediaWiki\Auth\AuthManager\__construct().

MediaWiki\Auth\AuthManager::setSessionDataForUser (   $user,
  $remember = null 
)
private
MediaWiki\Auth\AuthManager::userCanAuthenticate (   $username)

Determine whether a username can authenticate.

Parameters
string$username
Returns
bool

Definition at line 743 of file AuthManager.php.

References $username, as, and MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders().

MediaWiki\Auth\AuthManager::userExists (   $username,
  $flags = User::READ_NORMAL 
)

Determine whether a username exists.

Parameters
string$username
int$flagsBitfield of User:READ_* constants
Returns
bool

Definition at line 2078 of file AuthManager.php.

References $flags, $username, as, and MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders().

Referenced by MediaWiki\Auth\AuthManager\canCreateAccount().

Member Data Documentation

AuthenticationProvider [] MediaWiki\Auth\AuthManager::$allAuthenticationProviders = []
private

Definition at line 89 of file AuthManager.php.

Config MediaWiki\Auth\AuthManager::$config
private

Definition at line 83 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\__construct().

CreatedAccountAuthenticationRequest [] MediaWiki\Auth\AuthManager::$createdAccountAuthenticationRequests = []
private

Definition at line 101 of file AuthManager.php.

AuthManager null MediaWiki\Auth\AuthManager::$instance = null
staticprivate

Definition at line 77 of file AuthManager.php.

LoggerInterface MediaWiki\Auth\AuthManager::$logger
private

Definition at line 86 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\setLogger().

PreAuthenticationProvider [] MediaWiki\Auth\AuthManager::$preAuthenticationProviders = null
private
PrimaryAuthenticationProvider [] MediaWiki\Auth\AuthManager::$primaryAuthenticationProviders = null
private
WebRequest MediaWiki\Auth\AuthManager::$request
private
SecondaryAuthenticationProvider [] MediaWiki\Auth\AuthManager::$secondaryAuthenticationProviders = null
private
const MediaWiki\Auth\AuthManager::ACTION_CHANGE = 'change'

Change a user's credentials.

Definition at line 60 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManagerAuthPlugin\allowPasswordChange(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider\continueLinkAttempt(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\PasswordAuthenticationRequest\getFieldInfo(), MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), MediaWiki\Auth\PasswordAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\TemporaryPasswordAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\PasswordAuthenticationRequestTest\provideLoadFromSubmission(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\provideLoadFromSubmission(), MediaWiki\Auth\AuthManagerAuthPlugin\setPassword(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProviderTest\testBasics(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\testBasics(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProviderTest\testBeginLinkAttempt(), MediaWiki\Auth\PasswordAuthenticationRequestTest\testGetFieldInfo2(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\testGetFieldInfo2(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProviderTest\testProviderAllowsAuthenticationDataChange(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\testProviderAllowsAuthenticationDataChange(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\testProviderAllowsAuthenticationDataChange(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\testProviderChangeAuthenticationData(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProviderTest\testProviderChangeAuthenticationData(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\testProviderChangeAuthenticationData(), MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProviderTest\testTryReset(), and MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider\tryReset().

const MediaWiki\Auth\AuthManager::ACTION_CREATE = 'create'

Create a new user.

Definition at line 50 of file AuthManager.php.

Referenced by MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\CreateFromLoginAuthenticationRequest\hasPrimaryStateForAction(), MediaWiki\Auth\CreateFromLoginAuthenticationRequest\hasStateForAction(), MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), MediaWiki\Auth\PasswordAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\TemporaryPasswordAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\TemporaryPasswordAuthenticationRequestTest\provideLoadFromSubmission(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProviderTest\testAccountCreation(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\testAccountCreation(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\testAccountCreation(), MediaWiki\Auth\AuthManagerTest\testAccountCreation(), MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequests(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\testGetFieldInfo2(), MediaWiki\Auth\PasswordAuthenticationRequestTest\testGetFieldInfo2(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\testProviderChangeAuthenticationData(), MediaWiki\Auth\CreateFromLoginAuthenticationRequestTest\testState(), and MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProviderTest\testTestForAccountCreation().

const MediaWiki\Auth\AuthManager::ACTION_CREATE_CONTINUE = 'create-continue'

Continue a user creation process that was interrupted by the need for user input or communication with an external provider.

Definition at line 53 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\testAccountCreation(), and MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequests().

const MediaWiki\Auth\AuthManager::ACTION_LINK_CONTINUE = 'link-continue'

Continue a user linking process that was interrupted by the need for user input or communication with an external provider.

Definition at line 58 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\testAccountLink(), and MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequests().

const MediaWiki\Auth\AuthManager::ACTION_LOGIN = 'login'

Log in with an existing (not necessarily local) user.

Definition at line 45 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManagerAuthPlugin\authenticate(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\PasswordAuthenticationRequest\getFieldInfo(), MediaWiki\Auth\CreateFromLoginAuthenticationRequest\hasStateForAction(), MediaWiki\Auth\AuthManagerTest\provideAuthentication(), MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), MediaWiki\Auth\PasswordAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\PasswordAuthenticationRequestTest\provideLoadFromSubmission(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\provideLoadFromSubmission(), MediaWiki\Auth\AbstractPreAuthenticationProviderTest\testAbstractPreAuthenticationProvider(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProviderTest\testAuthentication(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\testAuthentication(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\testAuthentication(), MediaWiki\Auth\AuthManagerTest\testAuthentication(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\testConstruction(), MediaWiki\Auth\TemporaryPasswordAuthenticationRequestTest\testDescribeCredentials(), MediaWiki\Auth\PasswordAuthenticationRequestTest\testDescribeCredentials(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\testDescribeCredentials(), MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequestsRequired(), MediaWiki\Auth\PasswordAuthenticationRequestTest\testGetFieldInfo2(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\testGetFieldInfo2(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProviderTest\testProviderChangeAuthenticationData(), MediaWiki\Auth\CreateFromLoginAuthenticationRequestTest\testState(), MediaWiki\Auth\LegacyHookPreAuthenticationProviderTest\testTestForAuthentication(), and MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProviderTest\testTryReset().

const MediaWiki\Auth\AuthManager::ACTION_LOGIN_CONTINUE = 'login-continue'

Continue a login process that was interrupted by the need for user input or communication with an external provider.

Definition at line 48 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\testAuthentication(), and MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequests().

const MediaWiki\Auth\AuthManager::ACTION_REMOVE = 'remove'

Remove a user's credentials.

Definition at line 62 of file AuthManager.php.

Referenced by MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\PasswordAuthenticationRequest\getFieldInfo(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\PasswordAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\TemporaryPasswordAuthenticationRequestTest\provideLoadFromSubmission(), MediaWiki\Auth\PasswordAuthenticationRequestTest\provideLoadFromSubmission(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\provideLoadFromSubmission(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\providerChangeAuthenticationData(), MediaWiki\Auth\AbstractSecondaryAuthenticationProvider\providerRevokeAccessForUser(), MediaWiki\Auth\AbstractPrimaryAuthenticationProvider\providerRevokeAccessForUser(), MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequests(), MediaWiki\Auth\PasswordAuthenticationRequestTest\testGetFieldInfo2(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\testGetFieldInfo2(), MediaWiki\Auth\AbstractSecondaryAuthenticationProviderTest\testProviderRevokeAccessForUser(), MediaWiki\Auth\AbstractPrimaryAuthenticationProviderTest\testProviderRevokeAccessForUser(), and MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProviderTest\testProviderRevokeAccessForUser().

const MediaWiki\Auth\AuthManager::ACTION_UNLINK = 'unlink'

Like ACTION_REMOVE but for linking providers only.

Definition at line 64 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), and MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequests().

const MediaWiki\Auth\AuthManager::SEC_FAIL = 'fail'

Security-sensitive should not be performed.

Definition at line 71 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManagerTest\testSecuritySensitiveOperationStatus().

const MediaWiki\Auth\AuthManager::SEC_OK = 'ok'

Security-sensitive operations are ok.

Definition at line 67 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManagerTest\testSecuritySensitiveOperationStatus().

const MediaWiki\Auth\AuthManager::SEC_REAUTH = 'reauth'

Security-sensitive operations should re-authenticate.

Definition at line 69 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManagerTest\testSecuritySensitiveOperationStatus().


The documentation for this class was generated from the following file: