Basic framework for a primary authentication provider that uses passwords. More...

Inheritance diagram for MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider:

[legend]

Collaboration diagram for MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider:

[legend]

Public Member Functions
	__construct (array $params=[])

	getAuthenticationRequests ( $action, array $options)
	Return the applicable list of AuthenticationRequests.

Public Member Functions inherited from MediaWiki\Auth\AbstractPrimaryAuthenticationProvider
	autoCreatedAccount ( $user, $source)
	Post-auto-creation callback.

	beginPrimaryAccountLink ( $user, array $reqs)
	Start linking an account to an existing user.

	continuePrimaryAccountCreation ( $user, $creator, array $reqs)
	Continue an account creation flow.

	continuePrimaryAccountLink ( $user, array $reqs)
	Continue linking an account to an existing user.

	continuePrimaryAuthentication (array $reqs)
	Continue an authentication flow.

	finishAccountCreation ( $user, $creator, AuthenticationResponse $response)
	Post-creation callback.

	postAccountCreation ( $user, $creator, AuthenticationResponse $response)
	Post-creation callback.

	postAccountLink ( $user, AuthenticationResponse $response)
	Post-link callback.

	postAuthentication ( $user, AuthenticationResponse $response)
	Post-login callback.

	providerAllowsPropertyChange ( $property)
	Determine whether a property can change.

	providerNormalizeUsername ( $username)
	@inheritDoc

	providerRevokeAccessForUser ( $username)
	@inheritDoc

	testForAccountCreation ( $user, $creator, array $reqs)
	Determine whether an account creation may begin.

	testUserCanAuthenticate ( $username)
	Test whether the named user can authenticate with this provider.

	testUserForCreation ( $user, $autocreate, array $options=[])
	Determine whether an account may be created.

Public Member Functions inherited from MediaWiki\Auth\AbstractAuthenticationProvider
	getUniqueId ()
	@inheritDoc

	setConfig (Config $config)
	Set configuration.

	setLogger (LoggerInterface $logger)

	setManager (AuthManager $manager)
	Set AuthManager.

Public Member Functions inherited from MediaWiki\Auth\PrimaryAuthenticationProvider
	accountCreationType ()
	Fetch the account-creation type.

	beginPrimaryAccountCreation ( $user, $creator, array $reqs)
	Start an account creation flow.

	beginPrimaryAuthentication (array $reqs)
	Start an authentication flow.

	providerAllowsAuthenticationDataChange (AuthenticationRequest $req, $checkData=true)
	Validate a change of authentication data (e.g.

	providerChangeAuthenticationData (AuthenticationRequest $req)
	Change or remove authentication data (e.g.

	testUserExists ( $username, $flags=User::READ_NORMAL)
	Test whether the named user exists.

Protected Member Functions
	checkPasswordValidity ( $username, $password)
	Check that the password is valid.

	failResponse (PasswordAuthenticationRequest $req)
	Return the appropriate response for failure.

	getNewPasswordExpiry ( $username)
	Get expiration date for a new password, if any.

	getPassword ( $hash)
	Get a Password object from the hash.

	getPasswordFactory ()
	Get the PasswordFactory.

	getPasswordResetData ( $username, $data)
	Get password reset data, if any.

	setPasswordResetFlag ( $username, Status $status, $data=null)
	Check if the password should be reset.

Protected Attributes
bool	$authoritative
	Whether this provider should ABSTAIN (false) or FAIL (true) on password failure.

Protected Attributes inherited from MediaWiki\Auth\AbstractAuthenticationProvider
Config	$config

LoggerInterface	$logger

AuthManager	$manager

Private Attributes
	$passwordFactory = null

Additional Inherited Members
Public Attributes inherited from MediaWiki\Auth\PrimaryAuthenticationProvider
const	TYPE_CREATE = 'create'
	Provider can create accounts.

const	TYPE_LINK = 'link'
	Provider can link to existing accounts elsewhere.

const	TYPE_NONE = 'none'
	Provider cannot create or link to accounts.

Detailed Description

Basic framework for a primary authentication provider that uses passwords.

Since: 1.27

Definition at line 33 of file AbstractPasswordPrimaryAuthenticationProvider.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider::__construct ( array $params = [] )

Parameters

array

$params

Settings

authoritative: Whether this provider should ABSTAIN (false) or FAIL (true) on password failure

Definition at line 46 of file AbstractPasswordPrimaryAuthenticationProvider.php.

References $params.

Member Function Documentation

◆ checkPasswordValidity()

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider::checkPasswordValidity	(	$username,
		$password
	)

protected

Check that the password is valid.

This should be called before validating the password. If the result is not ok, login should fail immediately.

Parameters

string	$username
string	$password

Returns: Status

Definition at line 105 of file AbstractPasswordPrimaryAuthenticationProvider.php.

References $username.

Referenced by MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider\beginPrimaryAuthentication(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\beginPrimaryAuthentication(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider\providerAllowsAuthenticationDataChange(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\providerAllowsAuthenticationDataChange(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider\testForAccountCreation(), and MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\testForAccountCreation().

◆ failResponse()

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider::failResponse ( PasswordAuthenticationRequest $req )

protected

Return the appropriate response for failure.

Parameters

PasswordAuthenticationRequest $req

Returns: AuthenticationResponse

Definition at line 85 of file AbstractPasswordPrimaryAuthenticationProvider.php.

References $req, MediaWiki\Auth\AuthenticationResponse\newAbstain(), MediaWiki\Auth\AuthenticationResponse\newFail(), and wfMessage().

Referenced by MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider\beginPrimaryAuthentication(), and MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\beginPrimaryAuthentication().

◆ getAuthenticationRequests()

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider::getAuthenticationRequests	(		$action,
		array	$options
	)

Return the applicable list of AuthenticationRequests.

Possible values for $action depend on whether the implementing class is also a PreAuthenticationProvider, PrimaryAuthenticationProvider, or SecondaryAuthenticationProvider.

ACTION_LOGIN: Valid for passing to beginAuthentication. Called on all providers.
ACTION_CREATE: Valid for passing to beginAccountCreation. Called on all providers.
ACTION_LINK: Valid for passing to beginAccountLink. Called on linking primary providers only.
ACTION_CHANGE: Valid for passing to AuthManager::changeAuthenticationData to change credentials. Called on primary and secondary providers.
ACTION_REMOVE: Valid for passing to AuthManager::changeAuthenticationData to remove credentials. Must work without additional user input (i.e. without calling loadFromSubmission). Called on primary and secondary providers.

See also: AuthManager::getAuthenticationRequests()

Parameters

string	$action
array	$options	Options are: username: User name related to the action, or null/unset if anon. ACTION_LOGIN: The currently logged-in user, if any. ACTION_CREATE: The account creator, if non-anonymous. ACTION_LINK: The local user being linked to. ACTION_CHANGE: The user having data changed. ACTION_REMOVE: The user having data removed. If you leave the username property of the returned requests empty, this will automatically be copied there (except for ACTION_CREATE where it wouldn't really make sense).