MediaWiki REL1_32
|
This serves as the entry point to the authentication system. More...
Public Member Functions | |
__construct (WebRequest $request, Config $config) | |
forcePrimaryAuthenticationProviders (array $providers, $why) | |
Force certain PrimaryAuthenticationProviders. | |
getRequest () | |
setLogger (LoggerInterface $logger) | |
Authentication | |
canAuthenticateNow () | |
Indicate whether user authentication is possible. | |
beginAuthentication (array $reqs, $returnToUrl) | |
Start an authentication flow. | |
continueAuthentication (array $reqs) | |
Continue an authentication flow. | |
securitySensitiveOperationStatus ( $operation) | |
Whether security-sensitive operations should proceed. | |
userCanAuthenticate ( $username) | |
Determine whether a username can authenticate. | |
normalizeUsername ( $username) | |
Provide normalized versions of the username for security checks. | |
Authentication data changing | |
revokeAccessForUser ( $username) | |
Revoke any authentication credentials for a user. | |
allowsAuthenticationDataChange (AuthenticationRequest $req, $checkData=true) | |
Validate a change of authentication data (e.g. | |
changeAuthenticationData (AuthenticationRequest $req, $isAddition=false) | |
Change authentication data (e.g. | |
Account creation | |
canCreateAccounts () | |
Determine whether accounts can be created. | |
canCreateAccount ( $username, $options=[]) | |
Determine whether a particular account can be created. | |
checkAccountCreatePermissions (User $creator) | |
Basic permissions checks on whether a user can create accounts. | |
beginAccountCreation (User $creator, array $reqs, $returnToUrl) | |
Start an account creation flow. | |
continueAccountCreation (array $reqs) | |
Continue an account creation flow. | |
autoCreateUser (User $user, $source, $login=true) | |
Auto-create an account, and log into that account. | |
Account linking | |
canLinkAccounts () | |
Determine whether accounts can be linked. | |
beginAccountLink (User $user, array $reqs, $returnToUrl) | |
Start an account linking flow. | |
continueAccountLink (array $reqs) | |
Continue an account linking flow. | |
Static Public Member Functions | |
static | callLegacyAuthPlugin ( $method, array $params, $return=null) |
Call a legacy AuthPlugin method, if necessary. | |
static | singleton () |
Get the global AuthManager. | |
Public Attributes | |
const | ACTION_CHANGE = 'change' |
Change a user's credentials. | |
const | ACTION_CREATE = 'create' |
Create a new user. | |
const | ACTION_CREATE_CONTINUE = 'create-continue' |
Continue a user creation process that was interrupted by the need for user input or communication with an external provider. | |
const | ACTION_LINK = 'link' |
Link an existing user to a third-party account. | |
const | ACTION_LINK_CONTINUE = 'link-continue' |
Continue a user linking process that was interrupted by the need for user input or communication with an external provider. | |
const | ACTION_LOGIN = 'login' |
Log in with an existing (not necessarily local) user. | |
const | ACTION_LOGIN_CONTINUE = 'login-continue' |
Continue a login process that was interrupted by the need for user input or communication with an external provider. | |
const | ACTION_REMOVE = 'remove' |
Remove a user's credentials. | |
const | ACTION_UNLINK = 'unlink' |
Like ACTION_REMOVE but for linking providers only. | |
const | AUTOCREATE_SOURCE_SESSION = \MediaWiki\Session\SessionManager::class |
Auto-creation is due to SessionManager. | |
const | SEC_FAIL = 'fail' |
Security-sensitive should not be performed. | |
const | SEC_OK = 'ok' |
Security-sensitive operations are ok. | |
const | SEC_REAUTH = 'reauth' |
Security-sensitive operations should re-authenticate. | |
Private Attributes | |
AuthenticationProvider[] | $allAuthenticationProviders = [] |
Config | $config |
CreatedAccountAuthenticationRequest[] | $createdAccountAuthenticationRequests = [] |
LoggerInterface | $logger |
PreAuthenticationProvider[] | $preAuthenticationProviders = null |
PrimaryAuthenticationProvider[] | $primaryAuthenticationProviders = null |
WebRequest | $request |
SecondaryAuthenticationProvider[] | $secondaryAuthenticationProviders = null |
Static Private Attributes | |
static AuthManager null | $instance = null |
Internal methods | |
static | resetCache () |
Reset the internal caching for unit testing. | |
setAuthenticationSessionData ( $key, $data) | |
Store authentication in the current session. | |
getAuthenticationSessionData ( $key, $default=null) | |
Fetch authentication data from the current session. | |
removeAuthenticationSessionData ( $key) | |
Remove authentication data. | |
getConfiguration () | |
Get the configuration. | |
setSessionDataForUser ( $user, $remember=null) | |
Log the user in. | |
setDefaultUserOptions (User $user, $useContextLang) | |
callMethodOnProviders ( $which, $method, array $args) | |
providerArrayFromSpecs ( $class, array $specs) | |
Create an array of AuthenticationProviders from an array of ObjectFactory specs. | |
getPreAuthenticationProviders () | |
Get the list of PreAuthenticationProviders. | |
getPrimaryAuthenticationProviders () | |
Get the list of PrimaryAuthenticationProviders. | |
getSecondaryAuthenticationProviders () | |
Get the list of SecondaryAuthenticationProviders. | |
Information methods | |
getAuthenticationRequests ( $action, User $user=null) | |
Return the applicable list of AuthenticationRequests. | |
userExists ( $username, $flags=User::READ_NORMAL) | |
Determine whether a username exists. | |
allowsPropertyChange ( $property) | |
Determine whether a user property should be allowed to be changed. | |
getAuthenticationProvider ( $id) | |
Get a provider by ID. | |
getAuthenticationRequestsInternal ( $providerAction, array $options, array $providers, User $user=null) | |
Internal request lookup for self::getAuthenticationRequests. | |
fillRequests (array &$reqs, $action, $username, $forceAction=false) | |
Set values in an array of requests. | |
This serves as the entry point to the authentication system.
In the future, it may also serve as the entry point to the authorization system.
If you are looking at this because you are working on an extension that creates its own login or signup page, then 1) you really shouldn't do that, 2) if you feel you absolutely have to, subclass AuthManagerSpecialPage or build it on the client side using the clientlogin or the createaccount API. Trying to call this class directly will very likely end up in security vulnerabilities or broken UX in edge cases.
If you are working on an extension that needs to integrate with the authentication system (e.g. by providing a new login method, or doing extra permission checks), you'll probably need to write an AuthenticationProvider.
If you want to create a "reserved" user programmatically, User::newSystemUser() might be what you are looking for. If you want to change user data, use User::changeAuthenticationData(). Code that is related to some SessionProvider or PrimaryAuthenticationProvider can create a (non-reserved) user by calling AuthManager::autoCreateUser(); it is then the provider's responsibility to ensure that the user can authenticate somehow (see especially PrimaryAuthenticationProvider::autoCreatedAccount()). If you are writing code that is not associated with such a provider and needs to create accounts programmatically for real users, you should rethink your architecture. There is no good way to do that as such code has no knowledge of what authentication methods are enabled on the wiki and cannot provide any means for users to access the accounts it would create.
The two main control flows when using this class are as follows:
Definition at line 83 of file AuthManager.php.
MediaWiki\Auth\AuthManager::__construct | ( | WebRequest | $request, |
Config | $config ) |
WebRequest | $request | |
Config | $config |
Definition at line 161 of file AuthManager.php.
References MediaWiki\Auth\AuthManager\$config, MediaWiki\Auth\AuthManager\$request, and MediaWiki\Auth\AuthManager\setLogger().
MediaWiki\Auth\AuthManager::allowsAuthenticationDataChange | ( | AuthenticationRequest | $req, |
$checkData = true ) |
Validate a change of authentication data (e.g.
passwords)
AuthenticationRequest | $req | |
bool | $checkData | If false, $req hasn't been loaded from the submission so checks on user-submitted fields should be skipped. $req->username is considered user-submitted for this purpose, even if it cannot be changed via $req->loadFromSubmission. |
Definition at line 858 of file AuthManager.php.
References $req, MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), and MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders().
Referenced by MediaWiki\Auth\AuthManager\getAuthenticationRequestsInternal().
MediaWiki\Auth\AuthManager::allowsPropertyChange | ( | $property | ) |
Determine whether a user property should be allowed to be changed.
Supported properties are:
string | $property |
Definition at line 2189 of file AuthManager.php.
References $property, MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), and MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders().
Auto-create an account, and log into that account.
PrimaryAuthenticationProviders can invoke this method by returning a PASS from beginPrimaryAuthentication/continuePrimaryAuthentication with the username of a non-existing user. SessionProviders can invoke it by returning a SessionInfo with the username of a non-existing user from provideSessionInfo(). Calling this method explicitly (e.g. from a maintenance script) is also fine.
User | $user | User to auto-create |
string | $source | What caused the auto-creation? This must be the ID of a PrimaryAuthenticationProvider or the constant self::AUTOCREATE_SOURCE_SESSION. |
bool | $login | Whether to also log the user in |
Definition at line 1550 of file AuthManager.php.
References $cache, $options, $ret, $source, $username, MediaWiki\Auth\AuthManager\callMethodOnProviders(), MediaWiki\Auth\AuthManager\getAuthenticationProvider(), MediaWiki\MediaWikiServices\getInstance(), MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders(), User\idFromName(), User\IGNORE_USER_RIGHTS, User\isCreatableName(), MediaWiki\Auth\AuthManager\setDefaultUserOptions(), User\setId(), MediaWiki\Auth\AuthManager\setSessionDataForUser(), wfMessage(), wfReadOnly(), and wfReadOnlyReason().
Referenced by MediaWiki\Auth\AuthManager\continueAuthentication().
Start an account creation flow.
In addition to the AuthenticationRequests returned by $this->getAuthenticationRequests(), a client might include a CreateFromLoginAuthenticationRequest from a previous login attempt. If $createFromLoginAuthenticationRequest->hasPrimaryStateForAction( AuthManager::ACTION_CREATE )
returns true, any AuthenticationRequest::PRIMARY_REQUIRED requests should be omitted. If the CreateFromLoginAuthenticationRequest has a username set, that username must be used for all other requests.
User | $creator | User doing the account creation |
AuthenticationRequest[] | $reqs | |
string | $returnToUrl | Url that REDIRECT responses should eventually return to. |
Definition at line 1049 of file AuthManager.php.
References $req, $username, MediaWiki\Auth\AuthManager\canCreateAccount(), MediaWiki\Auth\AuthManager\canCreateAccounts(), MediaWiki\Auth\AuthManager\checkAccountCreatePermissions(), MediaWiki\Auth\AuthManager\continueAccountCreation(), MediaWiki\Auth\AuthenticationRequest\getRequestByClass(), MediaWiki\Auth\AuthenticationRequest\getUsernameFromRequests(), MediaWiki\Auth\AuthenticationResponse\newFail(), User\newFromName(), IDBAccessObject\READ_LOCKING, MediaWiki\Auth\AuthManager\removeAuthenticationSessionData(), and wfMessage().
Start an account linking flow.
User | $user | User being linked |
AuthenticationRequest[] | $reqs | |
string | $returnToUrl | Url that REDIRECT responses should eventually return to. |
Definition at line 1800 of file AuthManager.php.
References $req, $res, $ret, MediaWiki\Auth\AuthenticationResponse\ABSTAIN, MediaWiki\Auth\AuthManager\callMethodOnProviders(), MediaWiki\Auth\AuthManager\canLinkAccounts(), MediaWiki\Auth\AuthenticationResponse\FAIL, MediaWiki\Auth\AuthManager\fillRequests(), MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), User\isUsableName(), MediaWiki\Auth\AuthenticationResponse\newFail(), MediaWiki\Auth\AuthenticationResponse\PASS, MediaWiki\Auth\AuthenticationResponse\REDIRECT, MediaWiki\Auth\AuthManager\removeAuthenticationSessionData(), MediaWiki\Auth\PrimaryAuthenticationProvider\TYPE_LINK, MediaWiki\Auth\AuthenticationResponse\UI, and wfMessage().
MediaWiki\Auth\AuthManager::beginAuthentication | ( | array | $reqs, |
$returnToUrl ) |
Start an authentication flow.
In addition to the AuthenticationRequests returned by $this->getAuthenticationRequests(), a client might include a CreateFromLoginAuthenticationRequest from a previous login attempt to preserve state.
Instead of the AuthenticationRequests returned by $this->getAuthenticationRequests(), a client might pass a CreatedAccountAuthenticationRequest from an account creation that just succeeded to log in to the just-created account.
AuthenticationRequest[] | $reqs | |
string | $returnToUrl | Url that REDIRECT responses should eventually return to. |
Definition at line 284 of file AuthManager.php.
References $req, $ret, MediaWiki\Auth\AuthManager\callMethodOnProviders(), MediaWiki\Auth\AuthManager\continueAuthentication(), MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthenticationRequest\getRequestByClass(), MediaWiki\Auth\AuthenticationResponse\newFail(), User\newFromName(), MediaWiki\Auth\AuthenticationResponse\newPass(), MediaWiki\Auth\AuthManager\removeAuthenticationSessionData(), and MediaWiki\Auth\AuthManager\setSessionDataForUser().
|
static |
Call a legacy AuthPlugin method, if necessary.
string | $method | AuthPlugin method to call |
array | $params | Parameters to pass |
mixed | $return | Return value if AuthPlugin wasn't called |
Definition at line 239 of file AuthManager.php.
|
private |
int | $which | Bitmask: 1 = pre, 2 = primary, 4 = secondary |
string | $method | |
array | $args |
Definition at line 2429 of file AuthManager.php.
References $args, MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), and MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders().
Referenced by MediaWiki\Auth\AuthManager\autoCreateUser(), MediaWiki\Auth\AuthManager\beginAccountLink(), MediaWiki\Auth\AuthManager\beginAuthentication(), MediaWiki\Auth\AuthManager\changeAuthenticationData(), MediaWiki\Auth\AuthManager\continueAccountCreation(), MediaWiki\Auth\AuthManager\continueAccountLink(), MediaWiki\Auth\AuthManager\continueAuthentication(), and MediaWiki\Auth\AuthManager\revokeAccessForUser().
MediaWiki\Auth\AuthManager::canAuthenticateNow | ( | ) |
Indicate whether user authentication is possible.
It may not be if the session is provided by something like OAuth for which each individual request includes authentication data.
Definition at line 262 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\securitySensitiveOperationStatus().
MediaWiki\Auth\AuthManager::canCreateAccount | ( | $username, | |
$options = [] ) |
Determine whether a particular account can be created.
string | $username | MediaWiki username |
array | $options |
|
Definition at line 939 of file AuthManager.php.
References $options, $username, MediaWiki\Auth\AuthManager\canCreateAccounts(), MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders(), User\newFromName(), and MediaWiki\Auth\AuthManager\userExists().
Referenced by MediaWiki\Auth\AuthManager\beginAccountCreation().
MediaWiki\Auth\AuthManager::canCreateAccounts | ( | ) |
Determine whether accounts can be created.
Definition at line 920 of file AuthManager.php.
References MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), MediaWiki\Auth\PrimaryAuthenticationProvider\TYPE_CREATE, and MediaWiki\Auth\PrimaryAuthenticationProvider\TYPE_LINK.
Referenced by MediaWiki\Auth\AuthManager\beginAccountCreation(), MediaWiki\Auth\AuthManager\canCreateAccount(), and MediaWiki\Auth\AuthManager\continueAccountCreation().
MediaWiki\Auth\AuthManager::canLinkAccounts | ( | ) |
Determine whether accounts can be linked.
Definition at line 1782 of file AuthManager.php.
References MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), and MediaWiki\Auth\PrimaryAuthenticationProvider\TYPE_LINK.
Referenced by MediaWiki\Auth\AuthManager\beginAccountLink(), and MediaWiki\Auth\AuthManager\continueAccountLink().
MediaWiki\Auth\AuthManager::changeAuthenticationData | ( | AuthenticationRequest | $req, |
$isAddition = false ) |
Change authentication data (e.g.
passwords)
If $req was returned for AuthManager::ACTION_CHANGE, using $req should result in a successful login in the future.
If $req was returned for AuthManager::ACTION_REMOVE, using $req should no longer result in a successful login.
This method should only be called if allowsAuthenticationDataChange( $req, true ) returned success.
AuthenticationRequest | $req | |
bool | $isAddition | Set true if this represents an addition of credentials rather than a change. The main difference is that additions should not invalidate BotPasswords. If you're not sure, leave it false. |
Definition at line 894 of file AuthManager.php.
References $req, and MediaWiki\Auth\AuthManager\callMethodOnProviders().
MediaWiki\Auth\AuthManager::checkAccountCreatePermissions | ( | User | $creator | ) |
Basic permissions checks on whether a user can create accounts.
Definition at line 987 of file AuthManager.php.
References $args, MediaWiki\Auth\AuthManager\getRequest(), User\isDnsBlacklisted(), Block\TYPE_RANGE, wfMessage(), wfReadOnly(), and wfReadOnlyReason().
Referenced by MediaWiki\Auth\AuthManager\beginAccountCreation(), and MediaWiki\Auth\AuthManager\continueAccountCreation().
MediaWiki\Auth\AuthManager::continueAccountCreation | ( | array | $reqs | ) |
Continue an account creation flow.
AuthenticationRequest[] | $reqs |
Definition at line 1150 of file AuthManager.php.
References $cache, $req, $res, $ret, MediaWiki\Auth\AuthenticationResponse\ABSTAIN, MediaWiki\Auth\AuthManager\callMethodOnProviders(), MediaWiki\Auth\AuthManager\canCreateAccounts(), MediaWiki\Auth\AuthManager\checkAccountCreatePermissions(), MediaWiki\Auth\AuthenticationResponse\FAIL, MediaWiki\Auth\AuthManager\fillRequests(), MediaWiki\Auth\AuthManager\getAuthenticationProvider(), MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), MediaWiki\Auth\AuthenticationRequest\getRequestByClass(), MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders(), User\IGNORE_USER_RIGHTS, MediaWiki\Auth\AuthenticationResponse\newFail(), User\newFromId(), User\newFromName(), MediaWiki\Auth\AuthenticationResponse\newPass(), MediaWiki\Auth\AuthenticationResponse\PASS, IDBAccessObject\READ_LOCKING, MediaWiki\Auth\AuthenticationResponse\REDIRECT, MediaWiki\Auth\AuthManager\removeAuthenticationSessionData(), MediaWiki\Auth\AuthManager\setDefaultUserOptions(), User\setName(), MediaWiki\Auth\PrimaryAuthenticationProvider\TYPE_NONE, MediaWiki\Auth\AuthenticationResponse\UI, and wfMessage().
Referenced by MediaWiki\Auth\AuthManager\beginAccountCreation().
MediaWiki\Auth\AuthManager::continueAccountLink | ( | array | $reqs | ) |
Continue an account linking flow.
AuthenticationRequest[] | $reqs |
Definition at line 1909 of file AuthManager.php.
References $req, $res, $ret, MediaWiki\Auth\AuthManager\callMethodOnProviders(), MediaWiki\Auth\AuthManager\canLinkAccounts(), MediaWiki\Auth\AuthenticationResponse\FAIL, MediaWiki\Auth\AuthManager\fillRequests(), MediaWiki\Auth\AuthManager\getAuthenticationProvider(), MediaWiki\Auth\AuthenticationResponse\newFail(), User\newFromName(), MediaWiki\Auth\AuthenticationResponse\PASS, MediaWiki\Auth\AuthenticationResponse\REDIRECT, MediaWiki\Auth\AuthenticationResponse\UI, and wfMessage().
MediaWiki\Auth\AuthManager::continueAuthentication | ( | array | $reqs | ) |
Continue an authentication flow.
Return values are interpreted as follows:
AuthenticationRequest[] | $reqs |
Definition at line 408 of file AuthManager.php.
References $req, $res, $ret, MediaWiki\Auth\AuthenticationResponse\ABSTAIN, MediaWiki\Auth\AuthManager\autoCreateUser(), MediaWiki\Auth\AuthManager\callMethodOnProviders(), MediaWiki\Auth\AuthenticationResponse\FAIL, MediaWiki\Auth\AuthManager\fillRequests(), MediaWiki\Auth\AuthManager\getAuthenticationProvider(), MediaWiki\Auth\AuthManager\getAuthenticationRequestsInternal(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), MediaWiki\Auth\AuthenticationRequest\getRequestByClass(), MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders(), MediaWiki\Auth\AuthenticationResponse\newFail(), User\newFromName(), MediaWiki\Auth\AuthenticationResponse\newPass(), MediaWiki\Auth\AuthenticationResponse\newRestart(), MediaWiki\Auth\AuthenticationResponse\PASS, MediaWiki\Auth\AuthenticationResponse\REDIRECT, MediaWiki\Auth\AuthManager\removeAuthenticationSessionData(), MediaWiki\Auth\AuthManager\setSessionDataForUser(), MediaWiki\Auth\PrimaryAuthenticationProvider\TYPE_LINK, MediaWiki\Auth\AuthenticationResponse\UI, and wfMessage().
Referenced by MediaWiki\Auth\AuthManager\beginAuthentication().
|
private |
Set values in an array of requests.
AuthenticationRequest[] | &$reqs | |
string | $action | |
string | null | $username | |
bool | $forceAction |
Definition at line 2151 of file AuthManager.php.
References $req, and $username.
Referenced by MediaWiki\Auth\AuthManager\beginAccountLink(), MediaWiki\Auth\AuthManager\continueAccountCreation(), MediaWiki\Auth\AuthManager\continueAccountLink(), MediaWiki\Auth\AuthManager\continueAuthentication(), and MediaWiki\Auth\AuthManager\getAuthenticationRequestsInternal().
MediaWiki\Auth\AuthManager::forcePrimaryAuthenticationProviders | ( | array | $providers, |
$why ) |
Force certain PrimaryAuthenticationProviders.
PrimaryAuthenticationProvider[] | $providers | |
string | $why |
Definition at line 187 of file AuthManager.php.
MediaWiki\Auth\AuthManager::getAuthenticationProvider | ( | $id | ) |
Get a provider by ID.
string | $id |
Definition at line 2208 of file AuthManager.php.
References MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), and MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders().
Referenced by MediaWiki\Auth\AuthManager\autoCreateUser(), MediaWiki\Auth\AuthManager\continueAccountCreation(), MediaWiki\Auth\AuthManager\continueAccountLink(), and MediaWiki\Auth\AuthManager\continueAuthentication().
MediaWiki\Auth\AuthManager::getAuthenticationRequests | ( | $action, | |
User | $user = null ) |
Return the applicable list of AuthenticationRequests.
Possible values for $action:
string | $action | One of the AuthManager::ACTION_* constants |
User | null | $user | User being acted on, instead of the current user. |
Definition at line 2021 of file AuthManager.php.
References $options, MediaWiki\Auth\AuthManager\ACTION_CHANGE, MediaWiki\Auth\AuthManager\ACTION_CREATE, MediaWiki\Auth\AuthManager\ACTION_CREATE_CONTINUE, MediaWiki\Auth\AuthManager\ACTION_LINK, MediaWiki\Auth\AuthManager\ACTION_LINK_CONTINUE, MediaWiki\Auth\AuthManager\ACTION_LOGIN, MediaWiki\Auth\AuthManager\ACTION_LOGIN_CONTINUE, MediaWiki\Auth\AuthManager\ACTION_REMOVE, MediaWiki\Auth\AuthManager\ACTION_UNLINK, MediaWiki\Auth\AuthManager\getAuthenticationRequestsInternal(), MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders(), and MediaWiki\Auth\PrimaryAuthenticationProvider\TYPE_LINK.
|
private |
Internal request lookup for self::getAuthenticationRequests.
string | $providerAction | Action to pass to providers |
array | $options | Options to pass to providers |
AuthenticationProvider[] | $providers | |
User | null | $user |
Definition at line 2085 of file AuthManager.php.
References $options, $req, MediaWiki\Auth\AuthManager\ACTION_CREATE, MediaWiki\Auth\AuthManager\ACTION_LOGIN, MediaWiki\Auth\AuthManager\allowsAuthenticationDataChange(), MediaWiki\Auth\AuthManager\fillRequests(), MediaWiki\Auth\AuthenticationRequest\OPTIONAL, MediaWiki\Auth\AuthenticationRequest\PRIMARY_REQUIRED, and MediaWiki\Auth\AuthenticationRequest\REQUIRED.
Referenced by MediaWiki\Auth\AuthManager\continueAuthentication(), and MediaWiki\Auth\AuthManager\getAuthenticationRequests().
MediaWiki\Auth\AuthManager::getAuthenticationSessionData | ( | $key, | |
$default = null ) |
Fetch authentication data from the current session.
string | $key | |
mixed | null | $default |
Definition at line 2261 of file AuthManager.php.
|
private |
Get the configuration.
Definition at line 2335 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), and MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders().
|
protected |
Get the list of PreAuthenticationProviders.
Definition at line 2343 of file AuthManager.php.
References MediaWiki\Auth\AuthManager\$preAuthenticationProviders, MediaWiki\Auth\AuthManager\getConfiguration(), and MediaWiki\Auth\AuthManager\providerArrayFromSpecs().
Referenced by MediaWiki\Auth\AuthManager\autoCreateUser(), MediaWiki\Auth\AuthManager\beginAccountLink(), MediaWiki\Auth\AuthManager\beginAuthentication(), MediaWiki\Auth\AuthManager\callMethodOnProviders(), MediaWiki\Auth\AuthManager\canCreateAccount(), MediaWiki\Auth\AuthManager\continueAccountCreation(), MediaWiki\Auth\AuthManager\getAuthenticationProvider(), and MediaWiki\Auth\AuthManager\getAuthenticationRequests().
|
protected |
Get the list of PrimaryAuthenticationProviders.
Definition at line 2357 of file AuthManager.php.
References MediaWiki\Auth\AuthManager\$primaryAuthenticationProviders, MediaWiki\Auth\AuthManager\getConfiguration(), and MediaWiki\Auth\AuthManager\providerArrayFromSpecs().
Referenced by MediaWiki\Auth\AuthManager\allowsAuthenticationDataChange(), MediaWiki\Auth\AuthManager\allowsPropertyChange(), MediaWiki\Auth\AuthManager\autoCreateUser(), MediaWiki\Auth\AuthManager\beginAccountLink(), MediaWiki\Auth\AuthManager\callMethodOnProviders(), MediaWiki\Auth\AuthManager\canCreateAccount(), MediaWiki\Auth\AuthManager\canCreateAccounts(), MediaWiki\Auth\AuthManager\canLinkAccounts(), MediaWiki\Auth\AuthManager\continueAccountCreation(), MediaWiki\Auth\AuthManager\continueAuthentication(), MediaWiki\Auth\AuthManager\getAuthenticationProvider(), MediaWiki\Auth\AuthManager\getAuthenticationRequests(), MediaWiki\Auth\AuthManager\normalizeUsername(), MediaWiki\Auth\AuthManager\userCanAuthenticate(), and MediaWiki\Auth\AuthManager\userExists().
MediaWiki\Auth\AuthManager::getRequest | ( | ) |
Definition at line 177 of file AuthManager.php.
References MediaWiki\Auth\AuthManager\$request.
Referenced by MediaWiki\Auth\AuthManager\checkAccountCreatePermissions().
|
protected |
Get the list of SecondaryAuthenticationProviders.
Definition at line 2371 of file AuthManager.php.
References MediaWiki\Auth\AuthManager\$secondaryAuthenticationProviders, MediaWiki\Auth\AuthManager\getConfiguration(), and MediaWiki\Auth\AuthManager\providerArrayFromSpecs().
Referenced by MediaWiki\Auth\AuthManager\allowsAuthenticationDataChange(), MediaWiki\Auth\AuthManager\allowsPropertyChange(), MediaWiki\Auth\AuthManager\autoCreateUser(), MediaWiki\Auth\AuthManager\callMethodOnProviders(), MediaWiki\Auth\AuthManager\canCreateAccount(), MediaWiki\Auth\AuthManager\continueAccountCreation(), MediaWiki\Auth\AuthManager\continueAuthentication(), MediaWiki\Auth\AuthManager\getAuthenticationProvider(), and MediaWiki\Auth\AuthManager\getAuthenticationRequests().
MediaWiki\Auth\AuthManager::normalizeUsername | ( | $username | ) |
Provide normalized versions of the username for security checks.
Since different providers can normalize the input in different ways, this returns an array of all the different ways the name might be normalized for authentication.
The returned strings should not be revealed to the user, as that might leak private information (e.g. an email address might be normalized to a username).
string | $username |
Definition at line 817 of file AuthManager.php.
References $ret, $username, and MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders().
|
protected |
Create an array of AuthenticationProviders from an array of ObjectFactory specs.
string | $class | |
array[] | $specs |
Definition at line 2294 of file AuthManager.php.
References $ret.
Referenced by MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), and MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders().
MediaWiki\Auth\AuthManager::removeAuthenticationSessionData | ( | $key | ) |
Remove authentication data.
string | null | $key | If null, all data is removed |
Definition at line 2275 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\beginAccountCreation(), MediaWiki\Auth\AuthManager\beginAccountLink(), MediaWiki\Auth\AuthManager\beginAuthentication(), MediaWiki\Auth\AuthManager\continueAccountCreation(), and MediaWiki\Auth\AuthManager\continueAuthentication().
|
static |
Reset the internal caching for unit testing.
Definition at line 2449 of file AuthManager.php.
MediaWiki\Auth\AuthManager::revokeAccessForUser | ( | $username | ) |
Revoke any authentication credentials for a user.
After this, the user should no longer be able to log in.
string | $username |
Definition at line 842 of file AuthManager.php.
References $username, and MediaWiki\Auth\AuthManager\callMethodOnProviders().
MediaWiki\Auth\AuthManager::securitySensitiveOperationStatus | ( | $operation | ) |
Whether security-sensitive operations should proceed.
A "security-sensitive operation" is something like a password or email change, that would normally have a "reenter your password to confirm" box if we only supported password-based authentication.
string | $operation | Operation being checked. This should be a message-key-like string such as 'change-password' or 'change-email'. |
Definition at line 716 of file AuthManager.php.
References $last, MediaWiki\Auth\AuthManager\canAuthenticateNow(), MediaWiki\Auth\AuthManager\SEC_FAIL, MediaWiki\Auth\AuthManager\SEC_OK, and MediaWiki\Auth\AuthManager\SEC_REAUTH.
MediaWiki\Auth\AuthManager::setAuthenticationSessionData | ( | $key, | |
$data ) |
Store authentication in the current session.
string | $key | |
mixed | $data | Must be serializable |
Definition at line 2244 of file AuthManager.php.
|
private |
User | $user | |
bool | $useContextLang | Use 'uselang' to set the user's language |
Definition at line 2411 of file AuthManager.php.
References $lang, and MediaWiki\MediaWikiServices\getInstance().
Referenced by MediaWiki\Auth\AuthManager\autoCreateUser(), and MediaWiki\Auth\AuthManager\continueAccountCreation().
MediaWiki\Auth\AuthManager::setLogger | ( | LoggerInterface | $logger | ) |
LoggerInterface | $logger |
Definition at line 170 of file AuthManager.php.
References MediaWiki\Auth\AuthManager\$logger.
Referenced by MediaWiki\Auth\AuthManager\__construct().
|
private |
Log the user in.
User | $user | |
bool | null | $remember |
Definition at line 2386 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\autoCreateUser(), MediaWiki\Auth\AuthManager\beginAuthentication(), and MediaWiki\Auth\AuthManager\continueAuthentication().
|
static |
Get the global AuthManager.
Definition at line 147 of file AuthManager.php.
References MediaWiki\Auth\AuthManager\$instance, and MediaWiki\MediaWikiServices\getInstance().
Referenced by MediaWiki\Auth\AuthManagerAuthPlugin\allowPasswordChange(), MediaWiki\Auth\AuthManagerAuthPlugin\allowPropChange(), MediaWiki\Auth\AuthManagerAuthPlugin\authenticate(), MediaWiki\Auth\AuthManagerAuthPlugin\canCreateAccounts(), MediaWiki\Auth\AuthManagerAuthPlugin\setPassword(), MediaWiki\Auth\AbstractAuthenticationProviderTest\testAbstractAuthenticationProvider(), MediaWiki\Auth\ThrottlePreAuthenticationProviderTest\testDisabled(), MediaWiki\Auth\ThrottlePreAuthenticationProviderTest\testPostAuthentication(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\testRangeBlock(), MediaWiki\Auth\AuthManagerTest\testSingleton(), MediaWiki\Auth\ThrottlePreAuthenticationProviderTest\testTestForAccountCreation(), MediaWiki\Auth\ThrottlePreAuthenticationProviderTest\testTestForAuthentication(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\testTestUserForCreation(), and MediaWiki\Auth\AuthManagerAuthPlugin\userExists().
MediaWiki\Auth\AuthManager::userCanAuthenticate | ( | $username | ) |
Determine whether a username can authenticate.
This is mainly for internal purposes and only takes authentication data into account, not things like blocks that can change without the authentication system being aware.
string | $username | MediaWiki username |
Definition at line 794 of file AuthManager.php.
References $username, and MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders().
MediaWiki\Auth\AuthManager::userExists | ( | $username, | |
$flags = User::READ_NORMAL ) |
Determine whether a username exists.
string | $username | |
int | $flags | Bitfield of User:READ_* constants |
Definition at line 2168 of file AuthManager.php.
References $username, and MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders().
Referenced by MediaWiki\Auth\AuthManager\canCreateAccount().
|
private |
Definition at line 129 of file AuthManager.php.
|
private |
Definition at line 123 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\__construct().
|
private |
Definition at line 141 of file AuthManager.php.
|
staticprivate |
Definition at line 117 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\singleton().
|
private |
Definition at line 126 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\setLogger().
|
private |
Definition at line 132 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\getPreAuthenticationProviders().
|
private |
Definition at line 135 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders().
|
private |
Definition at line 120 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\__construct(), and MediaWiki\Auth\AuthManager\getRequest().
|
private |
Definition at line 138 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders().
const MediaWiki\Auth\AuthManager::ACTION_CHANGE = 'change' |
Change a user's credentials.
Definition at line 100 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManagerAuthPlugin\allowPasswordChange(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider\continueLinkAttempt(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AuthManager\getAuthenticationRequests(), MediaWiki\Auth\PasswordAuthenticationRequest\getFieldInfo(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\PasswordAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\TemporaryPasswordAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\PasswordAuthenticationRequestTest\provideLoadFromSubmission(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\provideLoadFromSubmission(), MediaWiki\Auth\AuthManagerAuthPlugin\setPassword(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProviderTest\testBasics(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\testBasics(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProviderTest\testBeginLinkAttempt(), MediaWiki\Auth\PasswordAuthenticationRequestTest\testGetFieldInfo2(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\testGetFieldInfo2(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\testProviderAllowsAuthenticationDataChange(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProviderTest\testProviderAllowsAuthenticationDataChange(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\testProviderAllowsAuthenticationDataChange(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\testProviderChangeAuthenticationData(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProviderTest\testProviderChangeAuthenticationData(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\testProviderChangeAuthenticationData(), MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProviderTest\testTryReset(), and MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider\tryReset().
const MediaWiki\Auth\AuthManager::ACTION_CREATE = 'create' |
Create a new user.
Definition at line 90 of file AuthManager.php.
Referenced by MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AuthManager\getAuthenticationRequests(), MediaWiki\Auth\AuthManager\getAuthenticationRequestsInternal(), MediaWiki\Auth\CreateFromLoginAuthenticationRequest\hasPrimaryStateForAction(), MediaWiki\Auth\CreateFromLoginAuthenticationRequest\hasStateForAction(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\PasswordAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\TemporaryPasswordAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\TemporaryPasswordAuthenticationRequestTest\provideLoadFromSubmission(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\testAccountCreation(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProviderTest\testAccountCreation(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\testAccountCreation(), MediaWiki\Auth\AuthManagerTest\testAccountCreation(), MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequests(), MediaWiki\Auth\PasswordAuthenticationRequestTest\testGetFieldInfo2(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\testGetFieldInfo2(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\testProviderChangeAuthenticationData(), MediaWiki\Auth\CreateFromLoginAuthenticationRequestTest\testState(), and MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProviderTest\testTestForAccountCreation().
const MediaWiki\Auth\AuthManager::ACTION_CREATE_CONTINUE = 'create-continue' |
Continue a user creation process that was interrupted by the need for user input or communication with an external provider.
Definition at line 93 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\getAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\testAccountCreation(), and MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequests().
const MediaWiki\Auth\AuthManager::ACTION_LINK = 'link' |
Link an existing user to a third-party account.
Definition at line 95 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\getAuthenticationRequests(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\testAccountLink(), and MediaWiki\Auth\CreateFromLoginAuthenticationRequestTest\testState().
const MediaWiki\Auth\AuthManager::ACTION_LINK_CONTINUE = 'link-continue' |
Continue a user linking process that was interrupted by the need for user input or communication with an external provider.
Definition at line 98 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\getAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\testAccountLink(), and MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequests().
const MediaWiki\Auth\AuthManager::ACTION_LOGIN = 'login' |
Log in with an existing (not necessarily local) user.
Definition at line 85 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManagerAuthPlugin\authenticate(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AuthManager\getAuthenticationRequests(), MediaWiki\Auth\AuthManager\getAuthenticationRequestsInternal(), MediaWiki\Auth\PasswordAuthenticationRequest\getFieldInfo(), MediaWiki\Auth\CreateFromLoginAuthenticationRequest\hasStateForAction(), MediaWiki\Auth\AuthManagerTest\provideAuthentication(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\PasswordAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\PasswordAuthenticationRequestTest\provideLoadFromSubmission(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\provideLoadFromSubmission(), MediaWiki\Auth\AbstractPreAuthenticationProviderTest\testAbstractPreAuthenticationProvider(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\testAuthentication(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProviderTest\testAuthentication(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\testAuthentication(), MediaWiki\Auth\AuthManagerTest\testAuthentication(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\testConstruction(), MediaWiki\Auth\PasswordAuthenticationRequestTest\testDescribeCredentials(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\testDescribeCredentials(), MediaWiki\Auth\TemporaryPasswordAuthenticationRequestTest\testDescribeCredentials(), MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequestsRequired(), MediaWiki\Auth\PasswordAuthenticationRequestTest\testGetFieldInfo2(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\testGetFieldInfo2(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProviderTest\testProviderChangeAuthenticationData(), MediaWiki\Auth\CreateFromLoginAuthenticationRequestTest\testState(), MediaWiki\Auth\LegacyHookPreAuthenticationProviderTest\testTestForAuthentication(), and MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProviderTest\testTryReset().
const MediaWiki\Auth\AuthManager::ACTION_LOGIN_CONTINUE = 'login-continue' |
Continue a login process that was interrupted by the need for user input or communication with an external provider.
Definition at line 88 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\getAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\testAuthentication(), and MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequests().
const MediaWiki\Auth\AuthManager::ACTION_REMOVE = 'remove' |
Remove a user's credentials.
Definition at line 102 of file AuthManager.php.
Referenced by MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AuthManager\getAuthenticationRequests(), MediaWiki\Auth\PasswordAuthenticationRequest\getFieldInfo(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\PasswordAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\TemporaryPasswordAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\PasswordAuthenticationRequestTest\provideLoadFromSubmission(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\provideLoadFromSubmission(), MediaWiki\Auth\TemporaryPasswordAuthenticationRequestTest\provideLoadFromSubmission(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\providerChangeAuthenticationData(), MediaWiki\Auth\AbstractPrimaryAuthenticationProvider\providerRevokeAccessForUser(), MediaWiki\Auth\AbstractSecondaryAuthenticationProvider\providerRevokeAccessForUser(), MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequests(), MediaWiki\Auth\PasswordAuthenticationRequestTest\testGetFieldInfo2(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\testGetFieldInfo2(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProviderTest\testProviderRevokeAccessForUser(), MediaWiki\Auth\AbstractPrimaryAuthenticationProviderTest\testProviderRevokeAccessForUser(), and MediaWiki\Auth\AbstractSecondaryAuthenticationProviderTest\testProviderRevokeAccessForUser().
const MediaWiki\Auth\AuthManager::ACTION_UNLINK = 'unlink' |
Like ACTION_REMOVE but for linking providers only.
Definition at line 104 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\getAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), and MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequests().
const MediaWiki\Auth\AuthManager::AUTOCREATE_SOURCE_SESSION = \MediaWiki\Session\SessionManager::class |
Auto-creation is due to SessionManager.
Definition at line 114 of file AuthManager.php.
Referenced by MediaWiki\Auth\AbstractPreAuthenticationProviderTest\testAbstractPreAuthenticationProvider(), MediaWiki\Auth\AbstractPrimaryAuthenticationProviderTest\testAbstractPrimaryAuthenticationProvider(), MediaWiki\Auth\AbstractSecondaryAuthenticationProviderTest\testAbstractSecondaryAuthenticationProvider(), MediaWiki\Auth\AuthManagerTest\testAutoAccountCreation(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\testRangeBlock(), MediaWiki\Auth\LegacyHookPreAuthenticationProviderTest\testTestUserForCreation(), and MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\testTestUserForCreation().
const MediaWiki\Auth\AuthManager::SEC_FAIL = 'fail' |
Security-sensitive should not be performed.
Definition at line 111 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\securitySensitiveOperationStatus(), and MediaWiki\Auth\AuthManagerTest\testSecuritySensitiveOperationStatus().
const MediaWiki\Auth\AuthManager::SEC_OK = 'ok' |
Security-sensitive operations are ok.
Definition at line 107 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\securitySensitiveOperationStatus(), and MediaWiki\Auth\AuthManagerTest\testSecuritySensitiveOperationStatus().
const MediaWiki\Auth\AuthManager::SEC_REAUTH = 'reauth' |
Security-sensitive operations should re-authenticate.
Definition at line 109 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\securitySensitiveOperationStatus(), and MediaWiki\Auth\AuthManagerTest\testSecuritySensitiveOperationStatus().