AbstractPasswordPrimaryAuthenticationProvider.php

Go to the documentation of this file.

<?php
namespace MediaWiki\Auth;
 
use Password;
use PasswordFactory;
use Status;
 
abstract class AbstractPasswordPrimaryAuthenticationProvider
    extends AbstractPrimaryAuthenticationProvider
{
    protected $authoritative;
 
    private $passwordFactory = null;
 
    public function __construct( array $params = [] ) {
        $this->authoritative = !isset( $params['authoritative'] ) || (bool)$params['authoritative'];
    }
 
    protected function getPasswordFactory() {
        if ( $this->passwordFactory === null ) {
            $this->passwordFactory = new PasswordFactory(
                $this->config->get( 'PasswordConfig' ),
                $this->config->get( 'PasswordDefault' )
            );
        }
        return $this->passwordFactory;
    }
 
    protected function getPassword( $hash ) {
        $passwordFactory = $this->getPasswordFactory();
        try {
            return $passwordFactory->newFromCiphertext( $hash );
        } catch ( \PasswordError $e ) {
            $class = static::class;
            $this->logger->debug( "Invalid password hash in {$class}::getPassword()" );
            return $passwordFactory->newFromCiphertext( null );
        }
    }
 
    protected function failResponse( PasswordAuthenticationRequest $req ) {
        if ( $this->authoritative ) {
            return AuthenticationResponse::newFail(
                wfMessage( $req->password === '' ? 'wrongpasswordempty' : 'wrongpassword' )
            );
        } else {
            return AuthenticationResponse::newAbstain();
        }
    }
 
    protected function checkPasswordValidity( $username, $password ) {
        return \User::newFromName( $username )->checkPasswordValidity( $password );
    }
 
    protected function setPasswordResetFlag( $username, Status $status, $data = null ) {
        $reset = $this->getPasswordResetData( $username, $data );
 
        if ( !$reset && $this->config->get( 'InvalidPasswordReset' ) && !$status->isGood() ) {
            $hard = $status->getValue()['forceChange'] ?? false;
 
            if ( $hard || !empty( $status->getValue()['suggestChangeOnLogin'] ) ) {
                $reset = (object)[
                    'msg' => $status->getMessage( $hard ? 'resetpass-validity' : 'resetpass-validity-soft' ),
                    'hard' => $hard,
                ];
            }
        }
 
        if ( $reset ) {
            $this->manager->setAuthenticationSessionData( 'reset-pass', $reset );
        }
    }
 
    protected function getPasswordResetData( $username, $data ) {
        return null;
    }
 
    protected function getNewPasswordExpiry( $username ) {
        $days = $this->config->get( 'PasswordExpirationDays' );
        $expires = $days ? wfTimestamp( TS_MW, time() + $days * 86400 ) : null;
 
        // Give extensions a chance to force an expiration
        \Hooks::run( 'ResetPasswordExpiration', [ \User::newFromName( $username ), &$expires ] );
 
        return $expires;
    }
 
    public function getAuthenticationRequests( $action, array $options ) {
        switch ( $action ) {
            case AuthManager::ACTION_LOGIN:
            case AuthManager::ACTION_REMOVE:
            case AuthManager::ACTION_CREATE:
            case AuthManager::ACTION_CHANGE:
                return [ new PasswordAuthenticationRequest() ];
            default:
                return [];
        }
    }
}