50 throw new InvalidArgumentException(
51 'Must include a \'default\' password policy'
56 foreach ( $checks as $statement => $check ) {
57 if ( !is_callable( $check ) ) {
58 throw new InvalidArgumentException(
59 "Policy check functions must be callable. '$statement' isn't callable."
62 $this->policyCheckFunctions[$statement] = $check;
82 $this->policyCheckFunctions
103 $this->policies[
'default']
109 $this->policyCheckFunctions
121 $status = Status::newGood( [] );
122 $forceChange =
false;
123 $suggestChangeOnLogin =
false;
124 foreach (
$policies as $policy => $settings ) {
126 throw new DomainException(
"Invalid password policy config. No check defined for '$policy'." );
128 if ( !is_array( $settings ) ) {
130 $settings = [
'value' => $settings ];
132 if ( !array_key_exists(
'value', $settings ) ) {
133 throw new DomainException(
"Invalid password policy config. No value defined for '$policy'." );
135 $value = $settings[
'value'];
137 $policyStatus = call_user_func(
144 if ( !$policyStatus->isGood() ) {
145 if ( !empty( $settings[
'forceChange'] ) ) {
149 if ( !empty( $settings[
'suggestChangeOnLogin'] ) ) {
150 $suggestChangeOnLogin =
true;
153 $status->merge( $policyStatus );
156 if ( $status->isOK() ) {
157 if ( $forceChange ) {
158 $status->value[
'forceChange'] =
true;
159 } elseif ( $suggestChangeOnLogin ) {
160 $status->value[
'suggestChangeOnLogin'] =
true;
177 $this->policies[
'default']
180 Hooks::run(
'PasswordPoliciesForUser', [ $user, &$effectivePolicy ] );
182 return $effectivePolicy;
196 $effectivePolicy = $defaultPolicy;
197 foreach (
$policies as $group => $policy ) {
198 if ( in_array( $group, $userGroups ) ) {
206 return $effectivePolicy;
219 $keys = array_merge( array_keys( $p1 ), array_keys( $p2 ) );
220 foreach (
$keys as $key ) {
221 if ( !isset( $p1[$key] ) ) {
222 $ret[$key] = $p2[$key];
223 } elseif ( !isset( $p2[$key] ) ) {
224 $ret[$key] = $p1[$key];
225 } elseif ( !is_array( $p1[$key] ) && !is_array( $p2[$key] ) ) {
226 $ret[$key] = max( $p1[$key], $p2[$key] );
228 if ( !is_array( $p1[$key] ) ) {
229 $p1[$key] = [
'value' => $p1[$key] ];
230 } elseif ( !is_array( $p2[$key] ) ) {
231 $p2[$key] = [
'value' => $p2[$key] ];
Check if a user's password complies with any password policies that apply to that user,...
checkUserPassword(User $user, $password)
Check if a password meets the effective password policy for a User.
static getPoliciesForGroups(array $policies, array $userGroups, array $defaultPolicy)
Utility function to get the effective policy from a list of policies, based on a list of groups.
__construct(array $policies, array $checks)
checkPolicies(User $user, $password, $policies, $policyCheckFunctions)
checkUserPasswordForGroups(User $user, $password, array $groups)
Check if a password meets the effective password policy for a User, using a set of groups they may or...
static maxOfPolicies(array $p1, array $p2)
Utility function to get a policy that is the most restrictive of $p1 and $p2.
array $policyCheckFunctions
Mapping of statements to the function that will test the password for compliance.
getPoliciesForUser(User $user)
Get the policy for a user, based on their group membership.
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
getEffectiveGroups( $recache=false)
Get the list of implicit group memberships this user has.