MediaWiki REL1_32
MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider Class Reference

Basic framework for a primary authentication provider that uses passwords. More...

Inheritance diagram for MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider:
Collaboration diagram for MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider:

Public Member Functions

 __construct (array $params=[])
 
 getAuthenticationRequests ( $action, array $options)
 Return the applicable list of AuthenticationRequests.
 
- Public Member Functions inherited from MediaWiki\Auth\AbstractPrimaryAuthenticationProvider
 autoCreatedAccount ( $user, $source)
 Post-auto-creation callback.
 
 beginPrimaryAccountLink ( $user, array $reqs)
 Start linking an account to an existing user.
 
 continuePrimaryAccountCreation ( $user, $creator, array $reqs)
 Continue an account creation flow.
 
 continuePrimaryAccountLink ( $user, array $reqs)
 Continue linking an account to an existing user.
 
 continuePrimaryAuthentication (array $reqs)
 Continue an authentication flow.
 
 finishAccountCreation ( $user, $creator, AuthenticationResponse $response)
 Post-creation callback.
 
 postAccountCreation ( $user, $creator, AuthenticationResponse $response)
 Post-creation callback.
 
 postAccountLink ( $user, AuthenticationResponse $response)
 Post-link callback.
 
 postAuthentication ( $user, AuthenticationResponse $response)
 Post-login callback.
 
 providerAllowsPropertyChange ( $property)
 Determine whether a property can change.
 
 providerNormalizeUsername ( $username)
 @inheritDoc
 
 providerRevokeAccessForUser ( $username)
 @inheritDoc
 
 testForAccountCreation ( $user, $creator, array $reqs)
 Determine whether an account creation may begin.
 
 testUserCanAuthenticate ( $username)
 Test whether the named user can authenticate with this provider.
 
 testUserForCreation ( $user, $autocreate, array $options=[])
 Determine whether an account may be created.
 
- Public Member Functions inherited from MediaWiki\Auth\AbstractAuthenticationProvider
 getUniqueId ()
 @inheritDoc
 
 setConfig (Config $config)
 Set configuration.
 
 setLogger (LoggerInterface $logger)
 
 setManager (AuthManager $manager)
 Set AuthManager.
 
- Public Member Functions inherited from MediaWiki\Auth\PrimaryAuthenticationProvider
 accountCreationType ()
 Fetch the account-creation type.
 
 beginPrimaryAccountCreation ( $user, $creator, array $reqs)
 Start an account creation flow.
 
 beginPrimaryAuthentication (array $reqs)
 Start an authentication flow.
 
 providerAllowsAuthenticationDataChange (AuthenticationRequest $req, $checkData=true)
 Validate a change of authentication data (e.g.
 
 providerChangeAuthenticationData (AuthenticationRequest $req)
 Change or remove authentication data (e.g.
 
 testUserExists ( $username, $flags=User::READ_NORMAL)
 Test whether the named user exists.
 

Protected Member Functions

 checkPasswordValidity ( $username, $password)
 Check that the password is valid.
 
 failResponse (PasswordAuthenticationRequest $req)
 Return the appropriate response for failure.
 
 getNewPasswordExpiry ( $username)
 Get expiration date for a new password, if any.
 
 getPassword ( $hash)
 Get a Password object from the hash.
 
 getPasswordFactory ()
 Get the PasswordFactory.
 
 getPasswordResetData ( $username, $data)
 Get password reset data, if any.
 
 setPasswordResetFlag ( $username, Status $status, $data=null)
 Check if the password should be reset.
 

Protected Attributes

bool $authoritative
 Whether this provider should ABSTAIN (false) or FAIL (true) on password failure.
 
- Protected Attributes inherited from MediaWiki\Auth\AbstractAuthenticationProvider
Config $config
 
LoggerInterface $logger
 
AuthManager $manager
 

Private Attributes

 $passwordFactory = null
 

Additional Inherited Members

- Public Attributes inherited from MediaWiki\Auth\PrimaryAuthenticationProvider
const TYPE_CREATE = 'create'
 Provider can create accounts.
 
const TYPE_LINK = 'link'
 Provider can link to existing accounts elsewhere.
 
const TYPE_NONE = 'none'
 Provider cannot create or link to accounts.
 

Detailed Description

Basic framework for a primary authentication provider that uses passwords.

Since
1.27

Definition at line 33 of file AbstractPasswordPrimaryAuthenticationProvider.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider::__construct ( array  $params = [])
Parameters
array$paramsSettings
  • authoritative: Whether this provider should ABSTAIN (false) or FAIL (true) on password failure

Definition at line 46 of file AbstractPasswordPrimaryAuthenticationProvider.php.

References $params.

Member Function Documentation

◆ checkPasswordValidity()

◆ failResponse()

◆ getAuthenticationRequests()

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider::getAuthenticationRequests (   $action,
array  $options 
)

Return the applicable list of AuthenticationRequests.

Possible values for $action depend on whether the implementing class is also a PreAuthenticationProvider, PrimaryAuthenticationProvider, or SecondaryAuthenticationProvider.

  • ACTION_LOGIN: Valid for passing to beginAuthentication. Called on all providers.
  • ACTION_CREATE: Valid for passing to beginAccountCreation. Called on all providers.
  • ACTION_LINK: Valid for passing to beginAccountLink. Called on linking primary providers only.
  • ACTION_CHANGE: Valid for passing to AuthManager::changeAuthenticationData to change credentials. Called on primary and secondary providers.
  • ACTION_REMOVE: Valid for passing to AuthManager::changeAuthenticationData to remove credentials. Must work without additional user input (i.e. without calling loadFromSubmission). Called on primary and secondary providers.
See also
AuthManager::getAuthenticationRequests()
Parameters
string$action
array$optionsOptions are:
  • username: User name related to the action, or null/unset if anon.
    • ACTION_LOGIN: The currently logged-in user, if any.
    • ACTION_CREATE: The account creator, if non-anonymous.
    • ACTION_LINK: The local user being linked to.
    • ACTION_CHANGE: The user having data changed.
    • ACTION_REMOVE: The user having data removed. If you leave the username property of the returned requests empty, this will automatically be copied there (except for ACTION_CREATE where it wouldn't really make sense).
Returns
AuthenticationRequest[]

Implements MediaWiki\Auth\AuthenticationProvider.

Reimplemented in MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider, and MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider.

Definition at line 162 of file AbstractPasswordPrimaryAuthenticationProvider.php.

References MediaWiki\Auth\AuthManager\ACTION_CHANGE, MediaWiki\Auth\AuthManager\ACTION_CREATE, MediaWiki\Auth\AuthManager\ACTION_LOGIN, and MediaWiki\Auth\AuthManager\ACTION_REMOVE.

◆ getNewPasswordExpiry()

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider::getNewPasswordExpiry (   $username)
protected

Get expiration date for a new password, if any.

Parameters
string$username
Returns
string|null

Definition at line 152 of file AbstractPasswordPrimaryAuthenticationProvider.php.

References $username, User\newFromName(), and wfTimestamp().

Referenced by MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider\providerChangeAuthenticationData().

◆ getPassword()

◆ getPasswordFactory()

◆ getPasswordResetData()

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider::getPasswordResetData (   $username,
  $data 
)
protected

Get password reset data, if any.

Parameters
string$username
mixed$data
Returns
object|null { 'hard' => bool, 'msg' => Message }

Reimplemented in MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider, and MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider.

Definition at line 142 of file AbstractPasswordPrimaryAuthenticationProvider.php.

Referenced by MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\setPasswordResetFlag().

◆ setPasswordResetFlag()

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider::setPasswordResetFlag (   $username,
Status  $status,
  $data = null 
)
protected

Check if the password should be reset.

This should be called after a successful login. It sets 'reset-pass' authentication data if necessary, see ResetPassSecondaryAuthenticationProvider.

Parameters
string$username
Status$statusFrom $this->checkPasswordValidity()
mixed | null$dataPassed through to $this->getPasswordResetData()

Definition at line 120 of file AbstractPasswordPrimaryAuthenticationProvider.php.

References $username, MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getPasswordResetData(), and object.

Referenced by MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider\beginPrimaryAuthentication(), and MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\beginPrimaryAuthentication().

Member Data Documentation

◆ $authoritative

bool MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider::$authoritative
protected

Whether this provider should ABSTAIN (false) or FAIL (true) on password failure.

Definition at line 37 of file AbstractPasswordPrimaryAuthenticationProvider.php.

◆ $passwordFactory

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider::$passwordFactory = null
private

The documentation for this class was generated from the following file: