MediaWiki REL1_28
PasswordReset Class Reference

Helper class for the password reset functionality shared by the web UI and the API. More...

Collaboration diagram for PasswordReset:

Public Member Functions

 __construct (Config $config, AuthManager $authManager)
 
 execute (User $performingUser, $username=null, $email=null, $displayPassword=false)
 Do a password reset.
 
 isAllowed (User $user, $displayPassword=false)
 Check if a given user has permission to use this functionality.
 

Protected Member Functions

 getUsersByEmail ( $email)
 

Protected Attributes

AuthManager $authManager
 
Config $config
 

Private Attributes

HashBagOStuff $permissionCache
 In-process cache for isAllowed lookups, by username.
 

Detailed Description

Helper class for the password reset functionality shared by the web UI and the API.

Requires the TemporaryPasswordPrimaryAuthenticationProvider and the EmailNotificationSecondaryAuthenticationProvider (or something providing equivalent functionality) to be enabled.

Definition at line 33 of file PasswordReset.php.

Constructor & Destructor Documentation

◆ __construct()

PasswordReset::__construct ( Config  $config,
AuthManager  $authManager 
)

Definition at line 47 of file PasswordReset.php.

References $authManager, and $config.

Member Function Documentation

◆ execute()

PasswordReset::execute ( User  $performingUser,
  $username = null,
  $email = null,
  $displayPassword = false 
)

Do a password reset.

Authorization is the caller's responsibility.

Process the form. At this point we know that the user passes all the criteria in userCanExecute(), and if the data array contains 'Username', etc, then Username resets are allowed.

Parameters
User$performingUserThe user that does the password reset
string$usernameThe user whose password is reset
string$emailAlternative way to specify the user
bool$displayPasswordWhether to display the password
Returns
StatusValue Will contain the passwords as a username => password array if the $displayPassword flag was set
Exceptions
LogicExceptionWhen the user is not allowed to perform the action
MWExceptionOn unexpected DB errors

Definition at line 123 of file PasswordReset.php.

References $req, $status, $user, $username, as, false, User\getId(), User\getName(), User\getRequest(), getUsersByEmail(), isAllowed(), User\pingLimiter(), wfEscapeWikiText(), and wfMessage().

◆ getUsersByEmail()

PasswordReset::getUsersByEmail (   $email)
protected
Parameters
string$email
Returns
User[]
Exceptions
MWExceptionOn unexpected database errors

Definition at line 238 of file PasswordReset.php.

References $res, as, DB_REPLICA, and wfGetDB().

Referenced by execute().

◆ isAllowed()

PasswordReset::isAllowed ( User  $user,
  $displayPassword = false 
)

Check if a given user has permission to use this functionality.

Parameters
User$user
bool$displayPasswordIf set, also check whether the user is allowed to reset the password of another user and see the temporary password.
Returns
StatusValue

Definition at line 60 of file PasswordReset.php.

References $status, $user, and list.

Referenced by execute().

Member Data Documentation

◆ $authManager

AuthManager PasswordReset::$authManager
protected

Definition at line 38 of file PasswordReset.php.

Referenced by __construct().

◆ $config

Config PasswordReset::$config
protected

Definition at line 35 of file PasswordReset.php.

Referenced by __construct().

◆ $permissionCache

HashBagOStuff PasswordReset::$permissionCache
private

In-process cache for isAllowed lookups, by username.

Contains pairs of StatusValue objects (for false and true value of $displayPassword, respectively).

Definition at line 45 of file PasswordReset.php.


The documentation for this class was generated from the following file: