50 parent::__construct();
53 throw new \InvalidArgumentException(
54 'Trying to wrap AuthManagerAuthPlugin in AuthPluginPrimaryAuthenticationProvider ' .
59 $need = count(
$auth->domainList() ) > 1
60 ? PasswordDomainAuthenticationRequest::class
61 : PasswordAuthenticationRequest::class;
65 throw new \InvalidArgumentException(
"$requestType is not a $need" );
71 $requestType === PasswordDomainAuthenticationRequest::class ||
72 is_subclass_of(
$requestType, PasswordDomainAuthenticationRequest::class )
74 $this->authoritative =
$auth->strict();
78 \Hooks::register(
'UserSaveSettings', [ $this,
'onUserSaveSettings' ] );
79 \Hooks::register(
'UserGroupsChanged', [ $this,
'onUserGroupsChanged' ] );
80 \Hooks::register(
'UserLoggedIn', [ $this,
'onUserLoggedIn' ] );
81 \Hooks::register(
'LocalUserCreated', [ $this,
'onLocalUserCreated' ] );
90 if ( $this->hasDomain ) {
91 return new $class( $this->auth->domainList() );
102 if ( $this->hasDomain ) {
103 $domain =
$req->domain;
106 $domainList = $this->auth->domainList();
107 $domain = reset( $domainList );
111 if ( !$this->auth->validDomain( $domain ) ) {
112 $domain = $this->auth->getDomain();
114 $this->auth->setDomain( $domain );
124 $this->auth->updateExternalDB( $user );
135 $this->auth->updateExternalDBGroups( $user, $added, $removed );
145 $this->auth->updateUser( $hookUser );
146 if ( $hookUser !== $user ) {
147 throw new \UnexpectedValueException(
148 get_class( $this->auth ) .
'::updateUser() tried to replace $user!'
160 if ( !$autocreated ) {
163 $this->auth->initUser( $hookUser, $autocreated );
164 if ( $hookUser !== $user ) {
165 throw new \UnexpectedValueException(
166 get_class( $this->auth ) .
'::initUser() tried to replace $user!'
173 return parent::getUniqueId() .
':' . get_class( $this->auth );
185 return $this->auth->allowPasswordChange() ? [ $this->
makeAuthReq() ] : [];
194 if ( !
$req ||
$req->username ===
null ||
$req->password ===
null ||
195 ( $this->hasDomain &&
$req->domain ===
null )
200 $username = User::getCanonicalName(
$req->username,
'usable' );
211 $this->authoritative = $this->auth->strict() || $this->auth->strictUserAuth(
$username );
225 $curDomain = $this->auth->getDomain();
226 $domains = $this->auth->domainList() ?: [
'' ];
227 foreach ( $domains as $domain ) {
228 $this->auth->setDomain( $domain );
230 $this->auth->setDomain( $curDomain );
234 $this->auth->setDomain( $curDomain );
245 if ( $this->auth->userExists( $user->getName() ) ) {
246 return !$this->auth->getUserInstance( $user )->isLocked();
260 $curDomain = $this->auth->getDomain();
261 $domains = $this->auth->domainList() ?: [
'' ];
263 foreach ( $domains as $domain ) {
264 $this->auth->setDomain( $domain );
266 !$this->auth->setPassword( $user,
null )
268 $failed[] = $domain ===
'' ?
'(default)' : $domain;
271 $this->auth->setDomain( $curDomain );
273 throw new \UnexpectedValueException(
274 "AuthPlugin failed to reset password for $username in the following domains: "
275 . join(
' ', $failed )
290 $curDomain = $this->auth->getDomain();
291 $domains = $this->auth->domainList() ?: [
'' ];
292 foreach ( $domains as $domain ) {
293 $this->auth->setDomain( $domain );
294 if ( $this->auth->userExists(
$username ) ) {
295 $this->auth->setDomain( $curDomain );
299 $this->auth->setDomain( $curDomain );
305 return $this->auth->allowPropChange(
$property );
311 if ( get_class(
$req ) !== $this->requestType ) {
312 return \StatusValue::newGood(
'ignored' );
316 $curDomain = $this->auth->getDomain();
320 if ( !$this->auth->allowPasswordChange() ) {
321 return \StatusValue::newFatal(
'authmanager-authplugin-setpass-denied' );
325 return \StatusValue::newGood();
328 if ( $this->hasDomain ) {
329 if (
$req->domain ===
null ) {
330 return \StatusValue::newGood(
'ignored' );
332 if ( !$this->auth->validDomain(
$req->domain ) ) {
333 return \StatusValue::newFatal(
'authmanager-authplugin-setpass-bad-domain' );
337 $username = User::getCanonicalName(
$req->username,
'usable' );
339 $sv = \StatusValue::newGood();
340 if (
$req->password !==
null ) {
341 if (
$req->password !==
$req->retype ) {
342 $sv->fatal(
'badretype' );
349 return \StatusValue::newGood(
'ignored' );
352 $this->auth->setDomain( $curDomain );
357 if ( get_class(
$req ) === $this->requestType ) {
358 $username =
$req->username !==
null ? User::getCanonicalName(
$req->username,
'usable' ) :
false;
363 if ( $this->hasDomain &&
$req->domain ===
null ) {
369 if ( !$this->auth->setPassword( $user,
$req->password ) ) {
373 throw new \ErrorPageError(
374 'authmanager-authplugin-setpass-failed-title',
375 'authmanager-authplugin-setpass-failed-message'
387 return \StatusValue::newGood();
392 throw new \BadMethodCallException(
'Shouldn\'t call this when accountCreationType() is NONE' );
396 if ( !
$req ||
$req->username ===
null ||
$req->password ===
null ||
397 ( $this->hasDomain &&
$req->domain ===
null )
402 $username = User::getCanonicalName(
$req->username,
'usable' );
408 if ( $this->auth->addUser(
409 $user,
$req->password, $user->getEmail(), $user->getRealName()
414 new \
Message(
'authmanager-authplugin-create-fail' )
422 $this->auth->initUser( $hookUser,
true );
423 if ( $hookUser !== $user ) {
424 throw new \UnexpectedValueException(
425 get_class( $this->auth ) .
'::initUser() tried to replace $user!'
Authentication plugin interface.
The Message class provides methods which fulfil two basic services:
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
this hook is for auditing only $req
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped & $options
it s the revision text itself In either if gzip is the revision text is gzipped $flags
this hook is for auditing only or null if authentication failed before getting that far $username
please add to it if you re going to add events to the MediaWiki code where normally authentication against an external auth plugin would be creating a local account $user