MediaWiki\Auth\AbstractSecondaryAuthenticationProvider Class Reference

A base class that implements some of the boilerplate for a SecondaryAuthenticationProvider. More...

Inheritance diagram for MediaWiki\Auth\AbstractSecondaryAuthenticationProvider:

Collaboration diagram for MediaWiki\Auth\AbstractSecondaryAuthenticationProvider:

Public Member Functions
	autoCreatedAccount ( $user, $source)
	Post-auto-creation callback. Parameters User $user User being created (has been added to the database now). This may become a "UserValue" in the future, or User may be refactored into such. string $source The source of the auto-creation passed to AuthManager::autoCreateUser().
	continueSecondaryAccountCreation ( $user, $creator, array $reqs)
	Continue an authentication flow. Parameters User $user User being created (has been added to the database). This may become a "UserValue" in the future, or User may be refactored into such. User $creator User doing the creation. This may become a "UserValue" in the future, or User may be refactored into such. AuthenticationRequest[] $reqs Returns AuthenticationResponse Expected responses: PASS: The user creation is ok. Additional secondary providers may run. ABSTAIN: Additional secondary providers may run. UI: Additional AuthenticationRequests are needed to complete the process. REDIRECT: Redirection to a third party is needed to complete the process.
	continueSecondaryAuthentication ( $user, array $reqs)
	Continue an authentication flow. Parameters User $user User being authenticated. This may become a "UserValue" in the future, or User may be refactored into such. AuthenticationRequest[] $reqs Returns AuthenticationResponse Expected responses: PASS: The user is authenticated. Additional secondary providers may run. FAIL: The user is not authenticated. Fail the authentication process. ABSTAIN: Additional secondary providers may run. UI: Additional AuthenticationRequests are needed to complete the process. REDIRECT: Redirection to a third party is needed to complete the process.
	postAccountCreation ( $user, $creator, AuthenticationResponse $response)
	Post-creation callback.This will be called at the end of an account creation attempt. It will not be called if the account creation process results in a session timeout (possibly after a successful user creation, while a secondary provider is waiting for a response). Parameters User $user User that was attempted to be created. This may become a "UserValue" in the future, or User may be refactored into such. User $creator User doing the creation. This may become a "UserValue" in the future, or User may be refactored into such. AuthenticationResponse $response Authentication response that will be returned (PASS or FAIL)
	postAuthentication ( $user, AuthenticationResponse $response)
	Post-login callback.This will be called at the end of a login attempt. It will not be called for unfinished login attempts that fail by the session timing out. Parameters User | null $user User that was attempted to be logged in, if known. This may become a "UserValue" in the future, or User may be refactored into such. AuthenticationResponse $response Authentication response that will be returned (PASS or FAIL)
	providerAllowsAuthenticationDataChange (AuthenticationRequest $req, $checkData=true)
	Validate a change of authentication data (e.g.passwords)Return StatusValue::newGood( 'ignored' ) if you don't support this AuthenticationRequest type. Parameters AuthenticationRequest $req bool $checkData If false, $req hasn't been loaded from the submission so checks on user-submitted fields should be skipped. $req->username is considered user-submitted for this purpose, even if it cannot be changed via $req->loadFromSubmission. Returns StatusValue
	providerAllowsPropertyChange ( $property)
	Determine whether a property can change. See also AuthManager::allowsPropertyChange() Parameters string $property Returns bool
	providerChangeAuthenticationData (AuthenticationRequest $req)
	Change or remove authentication data (e.g.passwords)If $req was returned for AuthManager::ACTION_CHANGE, the corresponding credentials should result in a successful login in the future.If $req was returned for AuthManager::ACTION_REMOVE, the corresponding credentials should no longer result in a successful login.It can be assumed that providerAllowsAuthenticationDataChange with $checkData === true was called before this, and passed. This method should never fail (other than throwing an exception). Parameters AuthenticationRequest $req
	providerRevokeAccessForUser ( $username)
	Revoke the user's credentials.This may cause the user to no longer exist for the provider, or the user may continue to exist in a "disabled" state.The intention is that the named account will never again be usable for normal login (i.e. there is no way to undo the revocation of access). Parameters string $username
	testForAccountCreation ( $user, $creator, array $reqs)
	Determine whether an account creation may begin.Called from AuthManager::beginAccountCreation() Note No need to test if the account exists, AuthManager checks that Parameters User $user User being created (not added to the database yet). This may become a "UserValue" in the future, or User may be refactored into such. User $creator User doing the creation. This may become a "UserValue" in the future, or User may be refactored into such. AuthenticationRequest[] $reqs Returns StatusValue
	testUserForCreation ( $user, $autocreate, array $options=[])
	Determine whether an account may be created. Parameters User $user User being created (not added to the database yet). This may become a "UserValue" in the future, or User may be refactored into such. bool | string $autocreate False if this is not an auto-creation, or the source of the auto-creation passed to AuthManager::autoCreateUser(). array $options flags: (int) Bitfield of User:READ_* constants, default User::READ_NORMAL creating: (bool) If false (or missing), this call is only testing if a user could be created. If set, this (non-autocreation) is for actually creating an account and will be followed by a call to testForAccountCreation(). In this case, the provider might return StatusValue::newGood() here and let the later call to testForAccountCreation() do a more thorough test. Returns StatusValue
Public Member Functions inherited from MediaWiki\Auth\AbstractAuthenticationProvider
	getUniqueId ()
	Return a unique identifier for this instance.This must be the same across requests. If multiple instances return the same ID, exceptions will be thrown from AuthManager. Returns string
	init (LoggerInterface $logger, AuthManager $manager, HookContainer $hookContainer, Config $config, UserNameUtils $userNameUtils)
	Initialise with dependencies of an AuthenticationProvider.
	setConfig (Config $config)
	setHookContainer (HookContainer $hookContainer)
	setLogger (LoggerInterface $logger)
	setManager (AuthManager $manager)
Public Member Functions inherited from MediaWiki\Auth\AuthenticationProvider
	getAuthenticationRequests ( $action, array $options)
	Return the applicable list of AuthenticationRequests.
Public Member Functions inherited from MediaWiki\Auth\SecondaryAuthenticationProvider
	beginSecondaryAccountCreation ( $user, $creator, array $reqs)
	Start an account creation flow.
	beginSecondaryAuthentication ( $user, array $reqs)
	Start an authentication flow.

Additional Inherited Members
Protected Member Functions inherited from MediaWiki\Auth\AbstractAuthenticationProvider
	getHookContainer ()
	getHookRunner ()
	postInitSetup ()
	A provider can override this to do any necessary setup after init() is called.
Protected Attributes inherited from MediaWiki\Auth\AbstractAuthenticationProvider
Config	$config
LoggerInterface	$logger
AuthManager	$manager
UserNameUtils	$userNameUtils

Detailed Description

A base class that implements some of the boilerplate for a SecondaryAuthenticationProvider.

Stability: stable

to extend

Since

1.27

Definition at line 31 of file AbstractSecondaryAuthenticationProvider.php.

Member Function Documentation

autoCreatedAccount()

MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::autoCreatedAccount	(		$user,
			$source
	)

Post-auto-creation callback.

Parameters

User	$user	User being created (has been added to the database now). This may become a "UserValue" in the future, or User may be refactored into such.
string	$source	The source of the auto-creation passed to AuthManager::autoCreateUser().

Stability: stable

to override

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Definition at line 126 of file AbstractSecondaryAuthenticationProvider.php.

continueSecondaryAccountCreation()

MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::continueSecondaryAccountCreation	(		$user,
			$creator,
		array	$reqs
	)

Continue an authentication flow.

Parameters

User	$user	User being created (has been added to the database). This may become a "UserValue" in the future, or User may be refactored into such.
User	$creator	User doing the creation. This may become a "UserValue" in the future, or User may be refactored into such.
AuthenticationRequest[]	$reqs

Returns

AuthenticationResponse Expected responses:

• PASS: The user creation is ok. Additional secondary providers may run.
• ABSTAIN: Additional secondary providers may run.
• UI: Additional AuthenticationRequests are needed to complete the process.
• REDIRECT: Redirection to a third party is needed to complete the process.

Stability: stable

to override

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Reimplemented in MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider, and MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider.

Definition at line 103 of file AbstractSecondaryAuthenticationProvider.php.

continueSecondaryAuthentication()

MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::continueSecondaryAuthentication	(		$user,
		array	$reqs
	)

Continue an authentication flow.

Parameters

User	$user	User being authenticated. This may become a "UserValue" in the future, or User may be refactored into such.
AuthenticationRequest[]	$reqs

Returns

AuthenticationResponse Expected responses:

• PASS: The user is authenticated. Additional secondary providers may run.
• FAIL: The user is not authenticated. Fail the authentication process.
• ABSTAIN: Additional secondary providers may run.
• UI: Additional AuthenticationRequests are needed to complete the process.
• REDIRECT: Redirection to a third party is needed to complete the process.

Stability: stable

to override

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Reimplemented in MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider, and MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider.

Definition at line 39 of file AbstractSecondaryAuthenticationProvider.php.

postAccountCreation()

MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::postAccountCreation	(		$user,
			$creator,
		AuthenticationResponse	$response
	)

Post-creation callback.This will be called at the end of an account creation attempt. It will not be called if the account creation process results in a session timeout (possibly after a successful user creation, while a secondary provider is waiting for a response).

Parameters

User	$user	User that was attempted to be created. This may become a "UserValue" in the future, or User may be refactored into such.
User	$creator	User doing the creation. This may become a "UserValue" in the future, or User may be refactored into such.
AuthenticationResponse	$response	Authentication response that will be returned (PASS or FAIL)

Stability: stable

to override

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Definition at line 111 of file AbstractSecondaryAuthenticationProvider.php.

postAuthentication()

MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::postAuthentication	(		$user,
		AuthenticationResponse	$response
	)

Post-login callback.This will be called at the end of a login attempt. It will not be called for unfinished login attempts that fail by the session timing out.

Parameters

User | null	$user	User that was attempted to be logged in, if known. This may become a "UserValue" in the future, or User may be refactored into such.
AuthenticationResponse	$response	Authentication response that will be returned (PASS or FAIL)

Stability: stable

to override

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Definition at line 47 of file AbstractSecondaryAuthenticationProvider.php.

providerAllowsAuthenticationDataChange()

MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::providerAllowsAuthenticationDataChange	(	AuthenticationRequest	$req,
			$checkData = true
	)

Validate a change of authentication data (e.g.passwords)Return StatusValue::newGood( 'ignored' ) if you don't support this AuthenticationRequest type.

Parameters

AuthenticationRequest	$req
bool	$checkData	If false, $req hasn't been loaded from the submission so checks on user-submitted fields should be skipped. $req->username is considered user-submitted for this purpose, even if it cannot be changed via $req->loadFromSubmission.

Returns

StatusValue

Stability: stable

to override

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Definition at line 78 of file AbstractSecondaryAuthenticationProvider.php.

providerAllowsPropertyChange()

MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::providerAllowsPropertyChange

(

$property

)

Determine whether a property can change.

See also

AuthManager::allowsPropertyChange()

Parameters

string

$property

Returns

bool

Stability: stable

to override

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Definition at line 54 of file AbstractSecondaryAuthenticationProvider.php.

providerChangeAuthenticationData()

MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::providerChangeAuthenticationData

(

AuthenticationRequest

$req

)

Change or remove authentication data (e.g.passwords)If $req was returned for AuthManager::ACTION_CHANGE, the corresponding credentials should result in a successful login in the future.If $req was returned for AuthManager::ACTION_REMOVE, the corresponding credentials should no longer result in a successful login.It can be assumed that providerAllowsAuthenticationDataChange with $checkData === true was called before this, and passed. This method should never fail (other than throwing an exception).

Parameters

AuthenticationRequest

$req

Stability: stable

to override

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Definition at line 88 of file AbstractSecondaryAuthenticationProvider.php.

Referenced by MediaWiki\Auth\AbstractSecondaryAuthenticationProvider\providerRevokeAccessForUser().

providerRevokeAccessForUser()

MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::providerRevokeAccessForUser

(

$username

)

Revoke the user's credentials.This may cause the user to no longer exist for the provider, or the user may continue to exist in a "disabled" state.The intention is that the named account will never again be usable for normal login (i.e. there is no way to undo the revocation of access).

Parameters

string

$username

Stability: stable

to override

Note

Reimplement this if self::getAuthenticationRequests( AuthManager::ACTION_REMOVE ) doesn't return requests that will revoke all access for the user.

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Definition at line 64 of file AbstractSecondaryAuthenticationProvider.php.

References MediaWiki\Auth\AuthManager\ACTION_REMOVE, MediaWiki\Auth\AuthenticationProvider\getAuthenticationRequests(), and MediaWiki\Auth\AbstractSecondaryAuthenticationProvider\providerChangeAuthenticationData().

testForAccountCreation()

MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::testForAccountCreation	(		$user,
			$creator,
		array	$reqs
	)

Determine whether an account creation may begin.Called from AuthManager::beginAccountCreation()

Note

No need to test if the account exists, AuthManager checks that

Parameters

User	$user	User being created (not added to the database yet). This may become a "UserValue" in the future, or User may be refactored into such.
User	$creator	User doing the creation. This may become a "UserValue" in the future, or User may be refactored into such.
AuthenticationRequest[]	$reqs

Returns

StatusValue

Stability: stable

to override

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Definition at line 95 of file AbstractSecondaryAuthenticationProvider.php.

testUserForCreation()

MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::testUserForCreation	(		$user,
			$autocreate,
		array	$options = []
	)

Determine whether an account may be created.

Parameters

User	$user	User being created (not added to the database yet). This may become a "UserValue" in the future, or User may be refactored into such.
bool | string	$autocreate	False if this is not an auto-creation, or the source of the auto-creation passed to AuthManager::autoCreateUser().
array	$options	flags: (int) Bitfield of User:READ_* constants, default User::READ_NORMAL creating: (bool) If false (or missing), this call is only testing if a user could be created. If set, this (non-autocreation) is for actually creating an account and will be followed by a call to testForAccountCreation(). In this case, the provider might return StatusValue::newGood() here and let the later call to testForAccountCreation() do a more thorough test.

Returns

StatusValue

Stability: stable

to override

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Reimplemented in MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider.

Definition at line 118 of file AbstractSecondaryAuthenticationProvider.php.

---

The documentation for this class was generated from the following file:

• includes/auth/AbstractSecondaryAuthenticationProvider.php