MediaWiki REL1_34
AbstractPasswordPrimaryAuthenticationProvider.php
Go to the documentation of this file.
1<?php
22namespace MediaWiki\Auth;
23
24use Password;
26use Status;
27
35{
37 protected $authoritative;
38
39 private $passwordFactory = null;
40
46 public function __construct( array $params = [] ) {
47 $this->authoritative = !isset( $params['authoritative'] ) || (bool)$params['authoritative'];
48 }
49
54 protected function getPasswordFactory() {
55 if ( $this->passwordFactory === null ) {
56 $this->passwordFactory = new PasswordFactory(
57 $this->config->get( 'PasswordConfig' ),
58 $this->config->get( 'PasswordDefault' )
59 );
60 }
62 }
63
69 protected function getPassword( $hash ) {
71 try {
72 return $passwordFactory->newFromCiphertext( $hash );
73 } catch ( \PasswordError $e ) {
74 $class = static::class;
75 $this->logger->debug( "Invalid password hash in {$class}::getPassword()" );
76 return $passwordFactory->newFromCiphertext( null );
77 }
78 }
79
85 protected function failResponse( PasswordAuthenticationRequest $req ) {
86 if ( $this->authoritative ) {
88 wfMessage( $req->password === '' ? 'wrongpasswordempty' : 'wrongpassword' )
89 );
90 } else {
92 }
93 }
94
105 protected function checkPasswordValidity( $username, $password ) {
106 return \User::newFromName( $username )->checkPasswordValidity( $password );
107 }
108
120 protected function setPasswordResetFlag( $username, Status $status, $data = null ) {
121 $reset = $this->getPasswordResetData( $username, $data );
122
123 if ( !$reset && $this->config->get( 'InvalidPasswordReset' ) && !$status->isGood() ) {
124 $hard = $status->getValue()['forceChange'] ?? false;
125
126 if ( $hard || !empty( $status->getValue()['suggestChangeOnLogin'] ) ) {
127 $reset = (object)[
128 'msg' => $status->getMessage( $hard ? 'resetpass-validity' : 'resetpass-validity-soft' ),
129 'hard' => $hard,
130 ];
131 }
132 }
133
134 if ( $reset ) {
135 $this->manager->setAuthenticationSessionData( 'reset-pass', $reset );
136 }
137 }
138
146 protected function getPasswordResetData( $username, $data ) {
147 return null;
148 }
149
156 protected function getNewPasswordExpiry( $username ) {
157 $days = $this->config->get( 'PasswordExpirationDays' );
158 $expires = $days ? wfTimestamp( TS_MW, time() + $days * 86400 ) : null;
159
160 // Give extensions a chance to force an expiration
161 \Hooks::run( 'ResetPasswordExpiration', [ \User::newFromName( $username ), &$expires ] );
162
163 return $expires;
164 }
165
166 public function getAuthenticationRequests( $action, array $options ) {
167 switch ( $action ) {
172 return [ new PasswordAuthenticationRequest() ];
173 default:
174 return [];
175 }
176 }
177}
wfTimestamp( $outputtype=TS_UNIX, $ts=0)
Get a timestamp string in one of various formats.
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
Basic framework for a primary authentication provider that uses passwords.
failResponse(PasswordAuthenticationRequest $req)
Return the appropriate response for failure.
setPasswordResetFlag( $username, Status $status, $data=null)
Check if the password should be reset.
bool $authoritative
Whether this provider should ABSTAIN (false) or FAIL (true) on password failure.
getNewPasswordExpiry( $username)
Get expiration date for a new password, if any.
getAuthenticationRequests( $action, array $options)
Return the applicable list of AuthenticationRequests.
A base class that implements some of the boilerplate for a PrimaryAuthenticationProvider.
const ACTION_CHANGE
Change a user's credentials.
const ACTION_REMOVE
Remove a user's credentials.
const ACTION_LOGIN
Log in with an existing (not necessarily local) user.
const ACTION_CREATE
Create a new user.
This is a value object for authentication requests with a username and password.
Show an error when any operation involving passwords fails to run.
Factory class for creating and checking Password objects.
Represents a password hash for use in authentication.
Definition Password.php:61
isGood()
Returns whether the operation completed and didn't have any error or warnings.
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition Status.php:40
getMessage( $shortContext=false, $longContext=false, $lang=null)
Get a bullet list of the errors as a Message object.
Definition Status.php:232
static newFromName( $name, $validate='valid')
Static factory method for creation from username.
Definition User.php:518