- Generated on Fri Dec 13 2019 22:10:04 for MediaWiki by
1.8.16
|
MediaWiki
1.33.0
|
Functions to check passwords against a policy requirement. More...
Static Public Member Functions | |
| static | checkMaximalPasswordLength ( $policyVal, User $user, $password) |
| Check password is shorter than maximum, fatal. More... | |
| static | checkMinimalPasswordLength ( $policyVal, User $user, $password) |
| Check password is longer than minimum, not fatal. More... | |
| static | checkMinimumPasswordLengthToLogin ( $policyVal, User $user, $password) |
| Check password is longer than minimum, fatal. More... | |
| static | checkPasswordCannotMatchBlacklist ( $policyVal, User $user, $password) |
| Check if username and password are on a blacklist of past MediaWiki default passwords. More... | |
| static | checkPasswordCannotMatchUsername ( $policyVal, User $user, $password) |
| Check if username and password are a (case-insensitive) match. More... | |
| static | checkPasswordNotInLargeBlacklist ( $policyVal, User $user, $password) |
| Ensure the password isn't in the list of passwords blacklisted by the wikimedia/password-blacklist library, which contains (as of 0.1.4) the 100.000 top passwords from SecLists (as a Bloom filter, with an 0.000001 false positive ratio). More... | |
| static | checkPopularPasswordBlacklist ( $policyVal, User $user, $password) |
| Ensure that password isn't in top X most popular passwords, as defined by $wgPopularPasswordFile. More... | |
Functions to check passwords against a policy requirement.
$policyVal is the value configured in $wgPasswordPolicy. If the return status is fatal, the user won't be allowed to login. If the status is not good but not fatal, the user will not be allowed to set the given password (on registration or password change), but can still log in after bypassing a warning.
Definition at line 38 of file PasswordPolicyChecks.php.
|
static |
Check password is shorter than maximum, fatal.
Intended for preventing DoS attacks when using a more expensive password hash like PBKDF2.
| int | $policyVal | maximum length |
| User | $user | |
| string | $password |
Definition at line 78 of file PasswordPolicyChecks.php.
References StatusValue\newGood().
Referenced by PasswordPolicyChecksTest\testCheckMaximalPasswordLength().
|
static |
Check password is longer than minimum, not fatal.
| int | $policyVal | minimal length |
| User | $user | |
| string | $password |
Definition at line 47 of file PasswordPolicyChecks.php.
References StatusValue\newGood().
Referenced by PasswordPolicyChecksTest\testCheckMinimalPasswordLength().
|
static |
Check password is longer than minimum, fatal.
| int | $policyVal | minimal length |
| User | $user | |
| string | $password |
Definition at line 62 of file PasswordPolicyChecks.php.
References StatusValue\newGood().
Referenced by PasswordPolicyChecksTest\testCheckMinimumPasswordLengthToLogin().
|
static |
Check if username and password are on a blacklist of past MediaWiki default passwords.
| bool | $policyVal | true to force compliance. |
| User | $user | |
| string | $password |
Definition at line 112 of file PasswordPolicyChecks.php.
References $user, $username, and StatusValue\newGood().
Referenced by PasswordPolicyChecksTest\testCheckPasswordCannotMatchBlacklist().
|
static |
Check if username and password are a (case-insensitive) match.
| bool | $policyVal | true to force compliance. |
| User | $user | |
| string | $password |
Definition at line 93 of file PasswordPolicyChecks.php.
References $user, $username, and StatusValue\newGood().
Referenced by PasswordPolicyChecksTest\testCheckPasswordCannotMatchUsername().
|
static |
Ensure the password isn't in the list of passwords blacklisted by the wikimedia/password-blacklist library, which contains (as of 0.1.4) the 100.000 top passwords from SecLists (as a Bloom filter, with an 0.000001 false positive ratio).
| bool | $policyVal | Whether to apply this policy |
| User | $user | |
| string | $password |
Definition at line 201 of file PasswordPolicyChecks.php.
References StatusValue\newGood().
Referenced by PasswordPolicyChecksTest\testCheckNotInLargeBlacklist().
|
static |
Ensure that password isn't in top X most popular passwords, as defined by $wgPopularPasswordFile.
| int | $policyVal | Cut off to use. Will automatically shrink to the max supported for error messages if set to more than max number of passwords on file, so you can use the PHP_INT_MAX constant here safely. |
| User | $user | |
| string | $password |
Definition at line 150 of file PasswordPolicyChecks.php.
References $res, $wgPopularPasswordFile, $wgSitename, Language\factory(), StatusValue\newGood(), Makefile\open, and wfDeprecated().
Referenced by PasswordPolicyChecksTest\testCheckPopularPasswordBlacklist().
1.8.16