Check if a user's password complies with any password policies that apply to that user, based on the user's group membership. More...

Public Member Functions
	__construct (array $policies, array $checks)

	checkUserPassword (User $user, $password)
	Check if a password meets the effective password policy for a User. More...

	checkUserPasswordForGroups (User $user, $password, array $groups)
	Check if a password meets the effective password policy for a User, using a set of groups they may or may not belong to. More...

	getPoliciesForUser (User $user)
	Get the policy for a user, based on their group membership. More...

Static Public Member Functions
static	getPoliciesForGroups (array $policies, array $userGroups, array $defaultPolicy)
	Utility function to get the effective policy from a list of policies, based on a list of groups. More...

static	maxOfPolicies (array $p1, array $p2)
	Utility function to get a policy that is the most restrictive of $p1 and $p2. More...

Private Member Functions
	checkPolicies (User $user, $password, $policies, $policyCheckFunctions)

Private Attributes
array	$policies

array	$policyCheckFunctions
	Mapping of statements to the function that will test the password for compliance. More...

Detailed Description

Check if a user's password complies with any password policies that apply to that user, based on the user's group membership.

Since: 1.26

Definition at line 28 of file UserPasswordPolicy.php.

Constructor & Destructor Documentation

◆ __construct()

UserPasswordPolicy::__construct	(	array	$policies,
		array	$checks
	)

Parameters

array	$policies
array	$checks	mapping statement to its checking function. Checking functions are called with the policy value for this user, the user object, and the password to check.

Definition at line 48 of file UserPasswordPolicy.php.

References $policies, and as.

Member Function Documentation

◆ checkPolicies()

UserPasswordPolicy::checkPolicies	(	User	$user,
			$password,
			$policies,
			$policyCheckFunctions
	)

private

Parameters

User	$user
string	$password
array	$policies
array	$policyCheckFunctions

Returns: Status

Definition at line 120 of file UserPasswordPolicy.php.

References $policies, $policyCheckFunctions, $user, $value, as, and StatusValue\newGood().

Referenced by checkUserPassword(), and checkUserPasswordForGroups().

◆ checkUserPassword()

UserPasswordPolicy::checkUserPassword	(	User	$user,
			$password
	)

Check if a password meets the effective password policy for a User.

Parameters

User	$user	whose policy we are checking
string	$password	the password to check

Returns

Status error to indicate the password didn't meet the policy, or fatal to indicate the user shouldn't be allowed to login. The status value will be an array, potentially with the following keys:

forceChange: do not allow the user to login without changing the password if invalid.
suggestChangeOnLogin: prompt for a password change on login if the password is invalid.

Definition at line 76 of file UserPasswordPolicy.php.

References checkPolicies(), and getPoliciesForUser().

◆ checkUserPasswordForGroups()

UserPasswordPolicy::checkUserPasswordForGroups	(	User	$user,
			$password,
		array	$groups
	)

Check if a password meets the effective password policy for a User, using a set of groups they may or may not belong to.

This function does not use the DB, so can be used in the installer.

Parameters

User	$user	whose policy we are checking
string	$password	the password to check
array	$groups	list of groups to which we assume the user belongs

Returns

Status error to indicate the password didn't meet the policy, or fatal to indicate the user shouldn't be allowed to login. The status value will be an array, potentially with the following keys:

forceChange: do not allow the user to login without changing the password if invalid.
suggestChangeOnLogin: prompt for a password change on login if the password is invalid.

Definition at line 99 of file UserPasswordPolicy.php.

References checkPolicies(), and getPoliciesForGroups().

◆ getPoliciesForGroups()

static UserPasswordPolicy::getPoliciesForGroups	(	array	$policies,
		array	$userGroups,
		array	$defaultPolicy
	)

static

Utility function to get the effective policy from a list of policies, based on a list of groups.

Parameters

array	$policies	list of policies to consider
array	$userGroups	the groups from which we calculate the effective policy
array	$defaultPolicy	the default policy to start from

Returns: array effective policy

Definition at line 193 of file UserPasswordPolicy.php.

References $policies, as, and maxOfPolicies().

Referenced by checkUserPasswordForGroups(), SpecialPasswordPolicies\formatPolicies(), getPoliciesForUser(), and UserPasswordPolicyTest\testGetPoliciesForGroups().

◆ getPoliciesForUser()

UserPasswordPolicy::getPoliciesForUser ( User $user )

Get the policy for a user, based on their group membership.

Public so UI elements can access and inform the user.

Parameters

User $user

Returns: array the effective policy for $user

Definition at line 173 of file UserPasswordPolicy.php.

References $user, getPoliciesForGroups(), and Hooks\run().

Referenced by checkUserPassword().

◆ maxOfPolicies()

static UserPasswordPolicy::maxOfPolicies	(	array	$p1,
		array	$p2
	)

static

Utility function to get a policy that is the most restrictive of $p1 and $p2.

For simplicity, we setup the policy values so the maximum value is always more restrictive. It is also used recursively to merge settings within the same policy.

Parameters

array	$p1
array	$p2

Returns: array containing the more restrictive values of $p1 and $p2

Definition at line 217 of file UserPasswordPolicy.php.

References $keys, $ret, and as.

Referenced by getPoliciesForGroups(), and UserPasswordPolicyTest\testMaxOfPolicies().

Member Data Documentation

◆ $policies

array UserPasswordPolicy::$policies

private

Definition at line 33 of file UserPasswordPolicy.php.

Referenced by __construct(), checkPolicies(), and getPoliciesForGroups().

◆ $policyCheckFunctions

array UserPasswordPolicy::$policyCheckFunctions

private

Mapping of statements to the function that will test the password for compliance.

The checking functions take the policy value, the user, and password, and return a Status object indicating compliance.

Definition at line 41 of file UserPasswordPolicy.php.

Referenced by checkPolicies().

The documentation for this class was generated from the following file:

includes/password/UserPasswordPolicy.php

Public Member Functions

Static Public Member Functions

Private Member Functions

Private Attributes

Detailed Description

Constructor & Destructor Documentation

◆ __construct()

Member Function Documentation

◆ checkPolicies()

◆ checkUserPassword()

◆ checkUserPasswordForGroups()

◆ getPoliciesForGroups()

◆ getPoliciesForUser()

◆ maxOfPolicies()

Member Data Documentation

◆ $policies

◆ $policyCheckFunctions