This serves as the entry point to the authentication system. More...

Inheritance diagram for MediaWiki\Auth\AuthManager:

Collaboration diagram for MediaWiki\Auth\AuthManager:

[legend]

Public Member Functions
	__construct (WebRequest $request, Config $config, ObjectFactory $objectFactory, HookContainer $hookContainer, ReadOnlyMode $readOnlyMode, UserNameUtils $userNameUtils, BlockManager $blockManager, WatchlistManager $watchlistManager, ILoadBalancer $loadBalancer, Language $contentLanguage, LanguageConverterFactory $languageConverterFactory, BotPasswordStore $botPasswordStore, UserFactory $userFactory, UserIdentityLookup $userIdentityLookup, UserOptionsManager $userOptionsManager)

	forcePrimaryAuthenticationProviders (array $providers, $why)
	Force certain PrimaryAuthenticationProviders.

	getRequest ()

	setLogger (LoggerInterface $logger)

Authentication
	canAuthenticateNow ()
	Indicate whether user authentication is possible.

	beginAuthentication (array $reqs, $returnToUrl)
	Start an authentication flow.

	continueAuthentication (array $reqs)
	Continue an authentication flow.

	securitySensitiveOperationStatus ( $operation)
	Whether security-sensitive operations should proceed.

	userCanAuthenticate ( $username)
	Determine whether a username can authenticate.

	normalizeUsername ( $username)
	Provide normalized versions of the username for security checks.

Authentication data changing
	revokeAccessForUser ( $username)
	Revoke any authentication credentials for a user.

	allowsAuthenticationDataChange (AuthenticationRequest $req, $checkData=true)
	Validate a change of authentication data (e.g.

	changeAuthenticationData (AuthenticationRequest $req, $isAddition=false)
	Change authentication data (e.g.

Account creation
	canCreateAccounts ()
	Determine whether accounts can be created.

	canCreateAccount ( $username, $options=[])
	Determine whether a particular account can be created.

	checkAccountCreatePermissions (Authority $creator)
	Basic permissions checks on whether a user can create accounts.

	beginAccountCreation (Authority $creator, array $reqs, $returnToUrl)
	Start an account creation flow.

	continueAccountCreation (array $reqs)
	Continue an account creation flow.

	autoCreateUser (User $user, $source, $login=true, $log=true)
	Auto-create an account, and optionally log into that account.

Account linking
	canLinkAccounts ()
	Determine whether accounts can be linked.

	beginAccountLink (User $user, array $reqs, $returnToUrl)
	Start an account linking flow.

	continueAccountLink (array $reqs)
	Continue an account linking flow.

Public Attributes
const	ACTION_CHANGE = 'change'
	Change a user's credentials.

const	ACTION_CREATE = 'create'
	Create a new user.

const	ACTION_CREATE_CONTINUE = 'create-continue'
	Continue a user creation process that was interrupted by the need for user input or communication with an external provider.

const	ACTION_LINK = 'link'
	Link an existing user to a third-party account.

const	ACTION_LINK_CONTINUE = 'link-continue'
	Continue a user linking process that was interrupted by the need for user input or communication with an external provider.

const	ACTION_LOGIN = 'login'
	Log in with an existing (not necessarily local) user.

const	ACTION_LOGIN_CONTINUE = 'login-continue'
	Continue a login process that was interrupted by the need for user input or communication with an external provider.

const	ACTION_REMOVE = 'remove'
	Remove a user's credentials.

const	ACTION_UNLINK = 'unlink'
	Like ACTION_REMOVE but for linking providers only.

const	AUTOCREATE_SOURCE_MAINT = '::Maintenance::'
	Auto-creation is due to a Maintenance script.

const	AUTOCREATE_SOURCE_SESSION = \MediaWiki\Session\SessionManager::class
	Auto-creation is due to SessionManager.

const	SEC_FAIL = 'fail'
	Security-sensitive should not be performed.

const	SEC_OK = 'ok'
	Security-sensitive operations are ok.

const	SEC_REAUTH = 'reauth'
	Security-sensitive operations should re-authenticate.

Private Attributes
AuthenticationProvider[]	$allAuthenticationProviders = []

BlockManager	$blockManager

BotPasswordStore	$botPasswordStore

Config	$config

Language	$contentLanguage

CreatedAccountAuthenticationRequest[]	$createdAccountAuthenticationRequests = []

HookContainer	$hookContainer

HookRunner	$hookRunner

LanguageConverterFactory	$languageConverterFactory

ILoadBalancer	$loadBalancer

LoggerInterface	$logger

ObjectFactory	$objectFactory

PreAuthenticationProvider[]	$preAuthenticationProviders = null

PrimaryAuthenticationProvider[]	$primaryAuthenticationProviders = null

ReadOnlyMode	$readOnlyMode

WebRequest	$request

SecondaryAuthenticationProvider[]	$secondaryAuthenticationProviders = null

UserFactory	$userFactory

UserIdentityLookup	$userIdentityLookup

UserNameUtils	$userNameUtils

UserOptionsManager	$userOptionsManager

WatchlistManager	$watchlistManager

Information methods
	getAuthenticationRequests ( $action, UserIdentity $user=null)
	Return the applicable list of AuthenticationRequests.

	userExists ( $username, $flags=User::READ_NORMAL)
	Determine whether a username exists.

	allowsPropertyChange ( $property)
	Determine whether a user property should be allowed to be changed.

	getAuthenticationProvider ( $id)
	Get a provider by ID.

	getAuthenticationRequestsInternal ( $providerAction, array $options, array $providers, UserIdentity $user=null)
	Internal request lookup for self::getAuthenticationRequests.

	fillRequests (array &$reqs, $action, $username, $forceAction=false)
	Set values in an array of requests.

Internal methods
	setAuthenticationSessionData ( $key, $data)
	Store authentication in the current session.

	getAuthenticationSessionData ( $key, $default=null)
	Fetch authentication data from the current session.

	removeAuthenticationSessionData ( $key)
	Remove authentication data.

	getConfiguration ()

	setSessionDataForUser ( $user, $remember=null)
	Log the user in.

	setDefaultUserOptions (User $user, $useContextLang)

	callMethodOnProviders ( $which, $method, array $args)

	getHookContainer ()

	getHookRunner ()

	providerArrayFromSpecs ( $class, array $specs)
	Create an array of AuthenticationProviders from an array of ObjectFactory specs.

	getPreAuthenticationProviders ()
	Get the list of PreAuthenticationProviders.

	getPrimaryAuthenticationProviders ()
	Get the list of PrimaryAuthenticationProviders.

	getSecondaryAuthenticationProviders ()
	Get the list of SecondaryAuthenticationProviders.

Detailed Description

This serves as the entry point to the authentication system.

In the future, it may also serve as the entry point to the authorization system.

If you are looking at this because you are working on an extension that creates its own login or signup page, then 1) you really shouldn't do that, 2) if you feel you absolutely have to, subclass AuthManagerSpecialPage or build it on the client side using the clientlogin or the createaccount API. Trying to call this class directly will very likely end up in security vulnerabilities or broken UX in edge cases.

If you are working on an extension that needs to integrate with the authentication system (e.g. by providing a new login method, or doing extra permission checks), you'll probably need to write an AuthenticationProvider.

If you want to create a "reserved" user programmatically, User::newSystemUser() might be what you are looking for. If you want to change user data, use User::changeAuthenticationData(). Code that is related to some SessionProvider or PrimaryAuthenticationProvider can create a (non-reserved) user by calling AuthManager::autoCreateUser(); it is then the provider's responsibility to ensure that the user can authenticate somehow (see especially PrimaryAuthenticationProvider::autoCreatedAccount()). The same functionality can also be used from Maintenance scripts such as createAndPromote.php. If you are writing code that is not associated with such a provider and needs to create accounts programmatically for real users, you should rethink your architecture. There is no good way to do that as such code has no knowledge of what authentication methods are enabled on the wiki and cannot provide any means for users to access the accounts it would create.

The two main control flows when using this class are as follows:

Login, user creation or account linking code will call getAuthenticationRequests(), populate the requests with data (by using them to build a HTMLForm and have the user fill it, or by exposing a form specification via the API, so that the client can build it), and pass them to the appropriate begin* method. That will return either a success/failure response, or more requests to fill (either by building a form or by redirecting the user to some external provider which will send the data back), in which case they need to be submitted to the appropriate continue* method and that step has to be repeated until the response is a success or failure response. AuthManager will use the session to maintain internal state during the process.
Code doing an authentication data change will call getAuthenticationRequests(), select a single request, populate it, and pass it to allowsAuthenticationDataChange() and then changeAuthenticationData(). If the data change is user-initiated, the whole process needs to be preceded by a call to securitySensitiveOperationStatus() and aborted if that returns a non-OK status.

Since: 1.27

See also: https://www.mediawiki.org/wiki/Manual:SessionManager_and_AuthManager

Definition at line 102 of file AuthManager.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Auth\AuthManager::__construct	(	WebRequest	$request,
		Config	$config,
		ObjectFactory	$objectFactory,
		HookContainer	$hookContainer,
		ReadOnlyMode	$readOnlyMode,
		UserNameUtils	$userNameUtils,
		BlockManager	$blockManager,
		WatchlistManager	$watchlistManager,
		ILoadBalancer	$loadBalancer,
		Language	$contentLanguage,
		LanguageConverterFactory	$languageConverterFactory,
		BotPasswordStore	$botPasswordStore,
		UserFactory	$userFactory,
		UserIdentityLookup	$userIdentityLookup,
		UserOptionsManager	$userOptionsManager
	)

Parameters

WebRequest	$request
Config	$config
ObjectFactory	$objectFactory
HookContainer	$hookContainer
ReadOnlyMode	$readOnlyMode
UserNameUtils	$userNameUtils
BlockManager	$blockManager
WatchlistManager	$watchlistManager
ILoadBalancer	$loadBalancer
Language	$contentLanguage
LanguageConverterFactory	$languageConverterFactory
BotPasswordStore	$botPasswordStore
UserFactory	$userFactory
UserIdentityLookup	$userIdentityLookup
UserOptionsManager	$userOptionsManager

Definition at line 224 of file AuthManager.php.

Member Function Documentation

◆ allowsAuthenticationDataChange()

MediaWiki\Auth\AuthManager::allowsAuthenticationDataChange	(	AuthenticationRequest	$req,
			$checkData = `true`
	)

Validate a change of authentication data (e.g.

passwords)

Parameters

AuthenticationRequest	$req
bool	$checkData	If false, $req hasn't been loaded from the submission so checks on user-submitted fields should be skipped. $req->username is considered user-submitted for this purpose, even if it cannot be changed via $req->loadFromSubmission.

Returns: Status

Definition at line 949 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), and MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders().

Referenced by MediaWiki\Auth\AuthManager\getAuthenticationRequestsInternal(), and AuthManagerSpecialPage\performAuthenticationStep().

◆ allowsPropertyChange()

MediaWiki\Auth\AuthManager::allowsPropertyChange ( $property )

Determine whether a user property should be allowed to be changed.

Supported properties are:

emailaddress
realname
nickname

Parameters

string $property

Returns: bool

Definition at line 2282 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), and MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders().

◆ autoCreateUser()

MediaWiki\Auth\AuthManager::autoCreateUser	(	User	$user,
			$source,
			$login = `true`,
			$log = `true`
	)

Auto-create an account, and optionally log into that account.

PrimaryAuthenticationProviders can invoke this method by returning a PASS from beginPrimaryAuthentication/continuePrimaryAuthentication with the username of a non-existing user. SessionProviders can invoke it by returning a SessionInfo with the username of a non-existing user from provideSessionInfo(). Calling this method explicitly (e.g. from a maintenance script) is also fine.

Parameters

User	$user	User to auto-create
string	$source	What caused the auto-creation? This must be one of: the ID of a PrimaryAuthenticationProvider, the constant self::AUTOCREATE_SOURCE_SESSION, or the constant AUTOCREATE_SOURCE_MAINT.
bool	$login	Whether to also log the user in
bool	$log	Whether to generate a user creation log entry (since 1.36)

Returns: Status Good if user was created, Ok if user already existed, otherwise Fatal

Definition at line 1631 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\continueAuthentication().

◆ beginAccountCreation()

MediaWiki\Auth\AuthManager::beginAccountCreation	(	Authority	$creator,
		array	$reqs,
			$returnToUrl
	)

Start an account creation flow.

In addition to the AuthenticationRequests returned by $this->getAuthenticationRequests(), a client might include a CreateFromLoginAuthenticationRequest from a previous login attempt. If $createFromLoginAuthenticationRequest->hasPrimaryStateForAction( AuthManager::ACTION_CREATE ) returns true, any AuthenticationRequest::PRIMARY_REQUIRED requests should be omitted. If the CreateFromLoginAuthenticationRequest has a username set, that username must be used for all other requests.

Parameters

Authority	$creator	User doing the account creation
AuthenticationRequest[]	$reqs
string	$returnToUrl	Url that REDIRECT responses should eventually return to.

Returns: AuthenticationResponse

Definition at line 1124 of file AuthManager.php.

Referenced by AuthManagerSpecialPage\performAuthenticationStep().

◆ beginAccountLink()

MediaWiki\Auth\AuthManager::beginAccountLink	(	User	$user,
		array	$reqs,
			$returnToUrl
	)

Start an account linking flow.

Parameters

User	$user	User being linked
AuthenticationRequest[]	$reqs
string	$returnToUrl	Url that REDIRECT responses should eventually return to.

Returns: AuthenticationResponse

Definition at line 1887 of file AuthManager.php.

Referenced by AuthManagerSpecialPage\performAuthenticationStep().

◆ beginAuthentication()

MediaWiki\Auth\AuthManager::beginAuthentication	(	array	$reqs,
			$returnToUrl
	)

Start an authentication flow.

In addition to the AuthenticationRequests returned by $this->getAuthenticationRequests(), a client might include a CreateFromLoginAuthenticationRequest from a previous login attempt to preserve state.

Instead of the AuthenticationRequests returned by $this->getAuthenticationRequests(), a client might pass a CreatedAccountAuthenticationRequest from an account creation that just succeeded to log in to the just-created account.

Parameters

AuthenticationRequest[]	$reqs
string	$returnToUrl	Url that REDIRECT responses should eventually return to.

Returns: AuthenticationResponse See self::continueAuthentication()

Definition at line 355 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\callMethodOnProviders(), MediaWiki\Auth\AuthManager\continueAuthentication(), MediaWiki\Auth\AuthManager\getHookRunner(), MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthenticationRequest\getRequestByClass(), MediaWiki\Auth\AuthenticationResponse\newFail(), MediaWiki\Auth\AuthenticationResponse\newPass(), MediaWiki\Auth\AuthManager\removeAuthenticationSessionData(), and MediaWiki\Auth\AuthManager\setSessionDataForUser().

Referenced by LoginSignupSpecialPage\execute(), and AuthManagerSpecialPage\performAuthenticationStep().

◆ callMethodOnProviders()

MediaWiki\Auth\AuthManager::callMethodOnProviders	(		$which,
			$method,
		array	$args
	)

private

Parameters

int	$which	Bitmask: 1 = pre, 2 = primary, 4 = secondary
string	$method
array	$args

Definition at line 2521 of file AuthManager.php.

References $args, MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), and MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders().

Referenced by MediaWiki\Auth\AuthManager\autoCreateUser(), MediaWiki\Auth\AuthManager\beginAccountLink(), MediaWiki\Auth\AuthManager\beginAuthentication(), MediaWiki\Auth\AuthManager\changeAuthenticationData(), MediaWiki\Auth\AuthManager\continueAccountCreation(), MediaWiki\Auth\AuthManager\continueAccountLink(), MediaWiki\Auth\AuthManager\continueAuthentication(), and MediaWiki\Auth\AuthManager\revokeAccessForUser().

◆ canAuthenticateNow()

MediaWiki\Auth\AuthManager::canAuthenticateNow ( )

Indicate whether user authentication is possible.

It may not be if the session is provided by something like OAuth for which each individual request includes authentication data.

Returns: bool

Definition at line 333 of file AuthManager.php.

Referenced by LoginSignupSpecialPage\execute(), AuthManagerSpecialPage\isActionAllowed(), and MediaWiki\Auth\AuthManager\securitySensitiveOperationStatus().

◆ canCreateAccount()

MediaWiki\Auth\AuthManager::canCreateAccount	(	$username,
		$options = `[]`
	)

Determine whether a particular account can be created.

Parameters

string	$username	MediaWiki username
array	$options	flags: (int) Bitfield of User:READ_* constants, default User::READ_NORMAL creating: (bool) For internal use only. Never specify this.

Returns: Status

Definition at line 1034 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\canCreateAccounts(), MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders(), and MediaWiki\Auth\AuthManager\userExists().

Referenced by MediaWiki\Auth\AuthManager\beginAccountCreation().

◆ canCreateAccounts()

MediaWiki\Auth\AuthManager::canCreateAccounts ( )

Determine whether accounts can be created.

Returns: bool

Definition at line 1015 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), MediaWiki\Auth\PrimaryAuthenticationProvider\TYPE_CREATE, and MediaWiki\Auth\PrimaryAuthenticationProvider\TYPE_LINK.

Referenced by MediaWiki\Auth\AuthManager\beginAccountCreation(), MediaWiki\Auth\AuthManager\canCreateAccount(), MediaWiki\Auth\AuthManager\continueAccountCreation(), LoginSignupSpecialPage\execute(), and AuthManagerSpecialPage\isActionAllowed().

◆ canLinkAccounts()

MediaWiki\Auth\AuthManager::canLinkAccounts ( )

Determine whether accounts can be linked.

Returns: bool

Definition at line 1869 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), and MediaWiki\Auth\PrimaryAuthenticationProvider\TYPE_LINK.

Referenced by MediaWiki\Auth\AuthManager\beginAccountLink(), MediaWiki\Auth\AuthManager\continueAccountLink(), and AuthManagerSpecialPage\isActionAllowed().

◆ changeAuthenticationData()

MediaWiki\Auth\AuthManager::changeAuthenticationData	(	AuthenticationRequest	$req,
			$isAddition = `false`
	)

Change authentication data (e.g.

passwords)

If $req was returned for AuthManager::ACTION_CHANGE, using $req should result in a successful login in the future.

If $req was returned for AuthManager::ACTION_REMOVE, using $req should no longer result in a successful login.

This method should only be called if allowsAuthenticationDataChange( $req, true ) returned success.

Parameters

AuthenticationRequest	$req
bool	$isAddition	Set true if this represents an addition of credentials rather than a change. The main difference is that additions should not invalidate BotPasswords. If you're not sure, leave it false.

Definition at line 990 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\callMethodOnProviders().

Referenced by AuthManagerSpecialPage\performAuthenticationStep().

◆ checkAccountCreatePermissions()

MediaWiki\Auth\AuthManager::checkAccountCreatePermissions ( Authority $creator )

Basic permissions checks on whether a user can create accounts.

Parameters

Authority $creator User doing the account creation

Returns: Status

Definition at line 1082 of file AuthManager.php.

References MediaWiki\Permissions\Authority\authorizeWrite(), MediaWiki\Auth\AuthManager\getRequest(), SpecialPage\getTitleFor(), and wfMessage().

Referenced by MediaWiki\Auth\AuthManager\beginAccountCreation(), and MediaWiki\Auth\AuthManager\continueAccountCreation().

◆ continueAccountCreation()

MediaWiki\Auth\AuthManager::continueAccountCreation ( array $reqs )

Continue an account creation flow.

Parameters

AuthenticationRequest[] $reqs

Returns: AuthenticationResponse

Definition at line 1225 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\beginAccountCreation(), and AuthManagerSpecialPage\performAuthenticationStep().

◆ continueAccountLink()

MediaWiki\Auth\AuthManager::continueAccountLink ( array $reqs )

Continue an account linking flow.

Parameters

AuthenticationRequest[] $reqs

Returns: AuthenticationResponse

Definition at line 1996 of file AuthManager.php.

References $res, MediaWiki\Auth\AuthManager\callMethodOnProviders(), MediaWiki\Auth\AuthManager\canLinkAccounts(), MediaWiki\Auth\AuthenticationResponse\FAIL, MediaWiki\Auth\AuthManager\fillRequests(), MediaWiki\Auth\AuthManager\getAuthenticationProvider(), MediaWiki\Auth\AuthenticationResponse\newFail(), MediaWiki\Auth\AuthenticationResponse\PASS, MediaWiki\Auth\AuthenticationResponse\REDIRECT, MediaWiki\Auth\AuthenticationResponse\UI, and wfMessage().

Referenced by AuthManagerSpecialPage\performAuthenticationStep().

◆ continueAuthentication()

MediaWiki\Auth\AuthManager::continueAuthentication ( array $reqs )

Continue an authentication flow.

Return values are interpreted as follows:

status FAIL: Authentication failed. If $response->createRequest is set, that may be passed to self::beginAuthentication() or to self::beginAccountCreation() to preserve state.
status REDIRECT: The client should be redirected to the contained URL, new AuthenticationRequests should be made (if any), then AuthManager::continueAuthentication() should be called.
status UI: The client should be presented with a user interface for the fields in the specified AuthenticationRequests, then new AuthenticationRequests should be made, then AuthManager::continueAuthentication() should be called.
status RESTART: The user logged in successfully with a third-party service, but the third-party credentials aren't attached to any local account. This could be treated as a UI or a FAIL.
status PASS: Authentication was successful.

Parameters

AuthenticationRequest[] $reqs

Returns: AuthenticationResponse

Definition at line 480 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\beginAuthentication(), and AuthManagerSpecialPage\performAuthenticationStep().

◆ fillRequests()

MediaWiki\Auth\AuthManager::fillRequests	(	array &	$reqs,
			$action,
			$username,
			$forceAction = `false`
	)

private

Set values in an array of requests.

Parameters

AuthenticationRequest[]	&$reqs
string	$action
string \| null	$username
bool	$forceAction

Definition at line 2244 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\beginAccountLink(), MediaWiki\Auth\AuthManager\continueAccountCreation(), MediaWiki\Auth\AuthManager\continueAccountLink(), MediaWiki\Auth\AuthManager\continueAuthentication(), and MediaWiki\Auth\AuthManager\getAuthenticationRequestsInternal().

◆ forcePrimaryAuthenticationProviders()

MediaWiki\Auth\AuthManager::forcePrimaryAuthenticationProviders	(	array	$providers,
			$why
	)

Force certain PrimaryAuthenticationProviders.

Deprecated:: For backwards compatibility only

Parameters

PrimaryAuthenticationProvider[]	$providers
string	$why

Definition at line 280 of file AuthManager.php.

◆ getAuthenticationProvider()

MediaWiki\Auth\AuthManager::getAuthenticationProvider ( $id )

Get a provider by ID.

Note: This is public so extensions can check whether their own provider is installed and so they can read its configuration if necessary. Other uses are not recommended.

Parameters

string $id

Returns: AuthenticationProvider|null

Definition at line 2301 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), and MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders().

Referenced by MediaWiki\Auth\AuthManager\autoCreateUser(), MediaWiki\Auth\AuthManager\continueAccountCreation(), MediaWiki\Auth\AuthManager\continueAccountLink(), and MediaWiki\Auth\AuthManager\continueAuthentication().

◆ getAuthenticationRequests()

MediaWiki\Auth\AuthManager::getAuthenticationRequests	(		$action,
		UserIdentity	$user = `null`
	)

Return the applicable list of AuthenticationRequests.

Possible values for $action:

ACTION_LOGIN: Valid for passing to beginAuthentication
ACTION_LOGIN_CONTINUE: Valid for passing to continueAuthentication in the current state
ACTION_CREATE: Valid for passing to beginAccountCreation
ACTION_CREATE_CONTINUE: Valid for passing to continueAccountCreation in the current state
ACTION_LINK: Valid for passing to beginAccountLink
ACTION_LINK_CONTINUE: Valid for passing to continueAccountLink in the current state
ACTION_CHANGE: Valid for passing to changeAuthenticationData to change credentials
ACTION_REMOVE: Valid for passing to changeAuthenticationData to remove credentials.
ACTION_UNLINK: Same as ACTION_REMOVE, but limited to linked accounts.

Parameters

string	$action	One of the AuthManager::ACTION_* constants
UserIdentity \| null	$user	User being acted on, instead of the current user.

Returns: AuthenticationRequest[]

Definition at line 2110 of file AuthManager.php.

Referenced by AuthManagerSpecialPage\isActionAllowed().

◆ getAuthenticationRequestsInternal()

MediaWiki\Auth\AuthManager::getAuthenticationRequestsInternal	(		$providerAction,
		array	$options,
		array	$providers,
		UserIdentity	$user = `null`
	)

private

Internal request lookup for self::getAuthenticationRequests.

Parameters

string	$providerAction	Action to pass to providers
array	$options	Options to pass to providers
AuthenticationProvider[]	$providers
UserIdentity \| null	$user	being acted on

Returns: AuthenticationRequest[]

Definition at line 2180 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\ACTION_CREATE, MediaWiki\Auth\AuthManager\ACTION_LOGIN, MediaWiki\Auth\AuthManager\allowsAuthenticationDataChange(), MediaWiki\Auth\AuthManager\fillRequests(), MediaWiki\Auth\AuthenticationProvider\getUniqueId(), MediaWiki\Auth\AuthenticationRequest\OPTIONAL, MediaWiki\Auth\AuthenticationRequest\PRIMARY_REQUIRED, and MediaWiki\Auth\AuthenticationRequest\REQUIRED.

Referenced by MediaWiki\Auth\AuthManager\continueAuthentication(), and MediaWiki\Auth\AuthManager\getAuthenticationRequests().

◆ getAuthenticationSessionData()

MediaWiki\Auth\AuthManager::getAuthenticationSessionData	(	$key,
		$default = `null`
	)

Fetch authentication data from the current session.

Note: For use by AuthenticationProviders only

Parameters

string	$key
mixed \| null	$default

Returns: mixed

Definition at line 2353 of file AuthManager.php.

Referenced by LoginSignupSpecialPage\getFieldDefinitions(), AuthManagerSpecialPage\handleReauthBeforeExecute(), and AuthManagerSpecialPage\handleReturnBeforeExecute().

◆ getConfiguration()

MediaWiki\Auth\AuthManager::getConfiguration ( )

private

Returns: array

Definition at line 2420 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), and MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders().

◆ getHookContainer()

MediaWiki\Auth\AuthManager::getHookContainer ( )

private

Returns: HookContainer

Definition at line 2540 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\$hookContainer.

Referenced by MediaWiki\Auth\AuthManager\providerArrayFromSpecs().

◆ getHookRunner()

MediaWiki\Auth\AuthManager::getHookRunner ( )

private

Returns: HookRunner

Definition at line 2547 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\$hookRunner.

Referenced by MediaWiki\Auth\AuthManager\autoCreateUser(), MediaWiki\Auth\AuthManager\beginAuthentication(), MediaWiki\Auth\AuthManager\continueAccountCreation(), MediaWiki\Auth\AuthManager\continueAuthentication(), MediaWiki\Auth\AuthManager\securitySensitiveOperationStatus(), and MediaWiki\Auth\AuthManager\setSessionDataForUser().

◆ getPreAuthenticationProviders()

MediaWiki\Auth\AuthManager::getPreAuthenticationProviders ( )

protected

Get the list of PreAuthenticationProviders.

Returns: PreAuthenticationProvider[]

Definition at line 2428 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\$preAuthenticationProviders, MediaWiki\Auth\AuthManager\getConfiguration(), and MediaWiki\Auth\AuthManager\providerArrayFromSpecs().

Referenced by MediaWiki\Auth\AuthManager\autoCreateUser(), MediaWiki\Auth\AuthManager\beginAccountLink(), MediaWiki\Auth\AuthManager\beginAuthentication(), MediaWiki\Auth\AuthManager\callMethodOnProviders(), MediaWiki\Auth\AuthManager\canCreateAccount(), MediaWiki\Auth\AuthManager\continueAccountCreation(), MediaWiki\Auth\AuthManager\getAuthenticationProvider(), and MediaWiki\Auth\AuthManager\getAuthenticationRequests().

◆ getPrimaryAuthenticationProviders()

MediaWiki\Auth\AuthManager::getPrimaryAuthenticationProviders ( )

protected

Get the list of PrimaryAuthenticationProviders.

Returns: PrimaryAuthenticationProvider[]

Definition at line 2442 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\$primaryAuthenticationProviders, MediaWiki\Auth\AuthManager\getConfiguration(), and MediaWiki\Auth\AuthManager\providerArrayFromSpecs().

◆ getRequest()

MediaWiki\Auth\AuthManager::getRequest ( )

Returns: WebRequest

Definition at line 270 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\$request.

Referenced by MediaWiki\Auth\AuthManager\checkAccountCreatePermissions().

◆ getSecondaryAuthenticationProviders()

MediaWiki\Auth\AuthManager::getSecondaryAuthenticationProviders ( )

protected

Get the list of SecondaryAuthenticationProviders.

Returns: SecondaryAuthenticationProvider[]

Definition at line 2456 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\$secondaryAuthenticationProviders, MediaWiki\Auth\AuthManager\getConfiguration(), and MediaWiki\Auth\AuthManager\providerArrayFromSpecs().

Referenced by MediaWiki\Auth\AuthManager\allowsAuthenticationDataChange(), MediaWiki\Auth\AuthManager\allowsPropertyChange(), MediaWiki\Auth\AuthManager\autoCreateUser(), MediaWiki\Auth\AuthManager\callMethodOnProviders(), MediaWiki\Auth\AuthManager\canCreateAccount(), MediaWiki\Auth\AuthManager\continueAccountCreation(), MediaWiki\Auth\AuthManager\continueAuthentication(), MediaWiki\Auth\AuthManager\getAuthenticationProvider(), and MediaWiki\Auth\AuthManager\getAuthenticationRequests().

◆ normalizeUsername()

MediaWiki\Auth\AuthManager::normalizeUsername ( $username )

Provide normalized versions of the username for security checks.

Since different providers can normalize the input in different ways, this returns an array of all the different ways the name might be normalized for authentication.

The returned strings should not be revealed to the user, as that might leak private information (e.g. an email address might be normalized to a username).

Parameters

string $username

Returns: string[]

Definition at line 909 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders().

◆ providerArrayFromSpecs()

MediaWiki\Auth\AuthManager::providerArrayFromSpecs	(		$class,
		array	$specs
	)

protected

Create an array of AuthenticationProviders from an array of ObjectFactory specs.

Parameters

string	$class
array[]	$specs

Returns: AuthenticationProvider[]

Definition at line 2386 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\getHookContainer().

Referenced by MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), and MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders().

◆ removeAuthenticationSessionData()

MediaWiki\Auth\AuthManager::removeAuthenticationSessionData ( $key )

Remove authentication data.

Note: For use by AuthenticationProviders

Parameters

string | null $key If null, all data is removed

Definition at line 2367 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\beginAccountCreation(), MediaWiki\Auth\AuthManager\beginAccountLink(), MediaWiki\Auth\AuthManager\beginAuthentication(), MediaWiki\Auth\AuthManager\continueAccountCreation(), MediaWiki\Auth\AuthManager\continueAuthentication(), AuthManagerSpecialPage\handleReauthBeforeExecute(), and AuthManagerSpecialPage\handleReturnBeforeExecute().

◆ revokeAccessForUser()

MediaWiki\Auth\AuthManager::revokeAccessForUser ( $username )

Revoke any authentication credentials for a user.

After this, the user should no longer be able to log in.

Parameters

string $username

Definition at line 933 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\callMethodOnProviders().

◆ securitySensitiveOperationStatus()

MediaWiki\Auth\AuthManager::securitySensitiveOperationStatus ( $operation )

Whether security-sensitive operations should proceed.

A "security-sensitive operation" is something like a password or email change, that would normally have a "reenter your password to confirm" box if we only supported password-based authentication.

Parameters

string $operation Operation being checked. This should be a message-key-like string such as 'change-password' or 'change-email'.

Returns: string One of the SEC_* constants.

Definition at line 809 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\canAuthenticateNow(), MediaWiki\Auth\AuthManager\getHookRunner(), MediaWiki\Auth\AuthManager\SEC_FAIL, MediaWiki\Auth\AuthManager\SEC_OK, and MediaWiki\Auth\AuthManager\SEC_REAUTH.

Referenced by AuthManagerSpecialPage\handleReauthBeforeExecute().

◆ setAuthenticationSessionData()

MediaWiki\Auth\AuthManager::setAuthenticationSessionData	(	$key,
		$data
	)

Store authentication in the current session.

Note: For use by AuthenticationProviders only

Parameters

string	$key
mixed	$data	Must be serializable

Definition at line 2336 of file AuthManager.php.

Referenced by LoginSignupSpecialPage\getFieldDefinitions(), AuthManagerSpecialPage\handleReauthBeforeExecute(), and AuthManagerSpecialPage\handleReturnBeforeExecute().

◆ setDefaultUserOptions()

MediaWiki\Auth\AuthManager::setDefaultUserOptions	(	User	$user,
			$useContextLang
	)

private

Parameters

User	$user
bool	$useContextLang	Use 'uselang' to set the user's language

Definition at line 2496 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\$contentLanguage, $lang, and User\setToken().

Referenced by MediaWiki\Auth\AuthManager\autoCreateUser(), and MediaWiki\Auth\AuthManager\continueAccountCreation().

◆ setLogger()

MediaWiki\Auth\AuthManager::setLogger ( LoggerInterface $logger )

Parameters

LoggerInterface $logger

Definition at line 263 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\$logger.

Referenced by MediaWiki\Auth\AuthManager\__construct().

◆ setSessionDataForUser()

MediaWiki\Auth\AuthManager::setSessionDataForUser	(	$user,
		$remember = `null`
	)

private

Log the user in.

Parameters

User	$user
bool \| null	$remember

Definition at line 2471 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\getHookRunner().

Referenced by MediaWiki\Auth\AuthManager\autoCreateUser(), MediaWiki\Auth\AuthManager\beginAuthentication(), and MediaWiki\Auth\AuthManager\continueAuthentication().

◆ userCanAuthenticate()

MediaWiki\Auth\AuthManager::userCanAuthenticate ( $username )

Determine whether a username can authenticate.

This is mainly for internal purposes and only takes authentication data into account, not things like blocks that can change without the authentication system being aware.

Parameters

string $username MediaWiki username

Returns: bool

Definition at line 886 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders().

◆ userExists()

MediaWiki\Auth\AuthManager::userExists	(	$username,
		$flags = `User::READ_NORMAL`
	)

Determine whether a username exists.

Parameters

string	$username
int	$flags	Bitfield of User:READ_* constants

Returns: bool

Definition at line 2261 of file AuthManager.php.

References MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders().

Referenced by MediaWiki\Auth\AuthManager\canCreateAccount().

Member Data Documentation

◆ $allAuthenticationProviders

AuthenticationProvider [] MediaWiki\Auth\AuthManager::$allAuthenticationProviders = []

private

Definition at line 157 of file AuthManager.php.

◆ $blockManager

BlockManager MediaWiki\Auth\AuthManager::$blockManager

private

Definition at line 181 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\__construct().

◆ $botPasswordStore

BotPasswordStore MediaWiki\Auth\AuthManager::$botPasswordStore

private

Definition at line 196 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\__construct().

◆ $config

Config MediaWiki\Auth\AuthManager::$config

private

Definition at line 145 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\__construct().

◆ $contentLanguage

Language MediaWiki\Auth\AuthManager::$contentLanguage

private

Definition at line 190 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\__construct(), and MediaWiki\Auth\AuthManager\setDefaultUserOptions().

◆ $createdAccountAuthenticationRequests

CreatedAccountAuthenticationRequest [] MediaWiki\Auth\AuthManager::$createdAccountAuthenticationRequests = []

private

Definition at line 169 of file AuthManager.php.

◆ $hookContainer

HookContainer MediaWiki\Auth\AuthManager::$hookContainer

private

Definition at line 172 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\__construct(), and MediaWiki\Auth\AuthManager\getHookContainer().

◆ $hookRunner

HookRunner MediaWiki\Auth\AuthManager::$hookRunner

private

Definition at line 175 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\getHookRunner().

◆ $languageConverterFactory

LanguageConverterFactory MediaWiki\Auth\AuthManager::$languageConverterFactory

private

Definition at line 193 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\__construct().

◆ $loadBalancer

ILoadBalancer MediaWiki\Auth\AuthManager::$loadBalancer

private

Definition at line 187 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\__construct().

◆ $logger

LoggerInterface MediaWiki\Auth\AuthManager::$logger

private

Definition at line 151 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\setLogger().

◆ $objectFactory

ObjectFactory MediaWiki\Auth\AuthManager::$objectFactory

private

Definition at line 148 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\__construct().

◆ $preAuthenticationProviders

PreAuthenticationProvider [] MediaWiki\Auth\AuthManager::$preAuthenticationProviders = null

private

Definition at line 160 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\getPreAuthenticationProviders().

◆ $primaryAuthenticationProviders

PrimaryAuthenticationProvider [] MediaWiki\Auth\AuthManager::$primaryAuthenticationProviders = null

private

Definition at line 163 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders().

◆ $readOnlyMode

ReadOnlyMode MediaWiki\Auth\AuthManager::$readOnlyMode

private

Definition at line 178 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\__construct().

◆ $request

WebRequest MediaWiki\Auth\AuthManager::$request

private

Definition at line 142 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\__construct(), and MediaWiki\Auth\AuthManager\getRequest().

◆ $secondaryAuthenticationProviders

SecondaryAuthenticationProvider [] MediaWiki\Auth\AuthManager::$secondaryAuthenticationProviders = null

private

Definition at line 166 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders().

◆ $userFactory

UserFactory MediaWiki\Auth\AuthManager::$userFactory

private

Definition at line 199 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\__construct().

◆ $userIdentityLookup

UserIdentityLookup MediaWiki\Auth\AuthManager::$userIdentityLookup

private

Definition at line 202 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\__construct().

◆ $userNameUtils

UserNameUtils MediaWiki\Auth\AuthManager::$userNameUtils

private

Definition at line 154 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\__construct().

◆ $userOptionsManager

UserOptionsManager MediaWiki\Auth\AuthManager::$userOptionsManager

private

Definition at line 205 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\__construct().

◆ $watchlistManager

WatchlistManager MediaWiki\Auth\AuthManager::$watchlistManager

private

Definition at line 184 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\__construct().

◆ ACTION_CHANGE

const MediaWiki\Auth\AuthManager::ACTION_CHANGE = 'change'

Change a user's credentials.

Definition at line 122 of file AuthManager.php.

Referenced by MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider\continueLinkAttempt(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AuthManager\getAuthenticationRequests(), MediaWiki\Auth\PasswordAuthenticationRequest\getFieldInfo(), and MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider\tryReset().

◆ ACTION_CREATE

const MediaWiki\Auth\AuthManager::ACTION_CREATE = 'create'

Create a new user.

Definition at line 110 of file AuthManager.php.

Referenced by MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AuthManager\getAuthenticationRequests(), MediaWiki\Auth\AuthManager\getAuthenticationRequestsInternal(), MediaWiki\Auth\CreateFromLoginAuthenticationRequest\hasPrimaryStateForAction(), and MediaWiki\Auth\CreateFromLoginAuthenticationRequest\hasStateForAction().

◆ ACTION_CREATE_CONTINUE

const MediaWiki\Auth\AuthManager::ACTION_CREATE_CONTINUE = 'create-continue'

Continue a user creation process that was interrupted by the need for user input or communication with an external provider.

Definition at line 114 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\getAuthenticationRequests().

◆ ACTION_LINK

const MediaWiki\Auth\AuthManager::ACTION_LINK = 'link'

Link an existing user to a third-party account.

Definition at line 116 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\getAuthenticationRequests().

◆ ACTION_LINK_CONTINUE

const MediaWiki\Auth\AuthManager::ACTION_LINK_CONTINUE = 'link-continue'

Continue a user linking process that was interrupted by the need for user input or communication with an external provider.

Definition at line 120 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\getAuthenticationRequests().

◆ ACTION_LOGIN

const MediaWiki\Auth\AuthManager::ACTION_LOGIN = 'login'

Log in with an existing (not necessarily local) user.

Definition at line 104 of file AuthManager.php.

Referenced by MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AuthManager\getAuthenticationRequests(), MediaWiki\Auth\AuthManager\getAuthenticationRequestsInternal(), MediaWiki\Auth\PasswordAuthenticationRequest\getFieldInfo(), and MediaWiki\Auth\CreateFromLoginAuthenticationRequest\hasStateForAction().

◆ ACTION_LOGIN_CONTINUE

const MediaWiki\Auth\AuthManager::ACTION_LOGIN_CONTINUE = 'login-continue'

Continue a login process that was interrupted by the need for user input or communication with an external provider.

Definition at line 108 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\getAuthenticationRequests().

◆ ACTION_REMOVE

const MediaWiki\Auth\AuthManager::ACTION_REMOVE = 'remove'

Remove a user's credentials.

Definition at line 124 of file AuthManager.php.

Referenced by MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AuthManager\getAuthenticationRequests(), MediaWiki\Auth\PasswordAuthenticationRequest\getFieldInfo(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\providerChangeAuthenticationData(), MediaWiki\Auth\AbstractPrimaryAuthenticationProvider\providerRevokeAccessForUser(), and MediaWiki\Auth\AbstractSecondaryAuthenticationProvider\providerRevokeAccessForUser().

◆ ACTION_UNLINK

const MediaWiki\Auth\AuthManager::ACTION_UNLINK = 'unlink'

Like ACTION_REMOVE but for linking providers only.

Definition at line 126 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\getAuthenticationRequests().

◆ AUTOCREATE_SOURCE_MAINT

const MediaWiki\Auth\AuthManager::AUTOCREATE_SOURCE_MAINT = '::Maintenance::'

Auto-creation is due to a Maintenance script.

Definition at line 139 of file AuthManager.php.

◆ AUTOCREATE_SOURCE_SESSION

const MediaWiki\Auth\AuthManager::AUTOCREATE_SOURCE_SESSION = \MediaWiki\Session\SessionManager::class

Auto-creation is due to SessionManager.

Definition at line 136 of file AuthManager.php.

◆ SEC_FAIL

const MediaWiki\Auth\AuthManager::SEC_FAIL = 'fail'

Security-sensitive should not be performed.

Definition at line 133 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\securitySensitiveOperationStatus().

◆ SEC_OK

const MediaWiki\Auth\AuthManager::SEC_OK = 'ok'

Security-sensitive operations are ok.

Definition at line 129 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\securitySensitiveOperationStatus().

◆ SEC_REAUTH

const MediaWiki\Auth\AuthManager::SEC_REAUTH = 'reauth'

Security-sensitive operations should re-authenticate.

Definition at line 131 of file AuthManager.php.

Referenced by MediaWiki\Auth\AuthManager\securitySensitiveOperationStatus().

The documentation for this class was generated from the following file:

includes/auth/AuthManager.php

Public Member Functions

Public Attributes

Private Attributes

Information methods

Internal methods

Detailed Description

Constructor & Destructor Documentation

◆ __construct()

Member Function Documentation

◆ allowsAuthenticationDataChange()

◆ allowsPropertyChange()

◆ autoCreateUser()

◆ beginAccountCreation()

◆ beginAccountLink()

◆ beginAuthentication()

◆ callMethodOnProviders()

◆ canAuthenticateNow()

◆ canCreateAccount()

◆ canCreateAccounts()

◆ canLinkAccounts()

◆ changeAuthenticationData()

◆ checkAccountCreatePermissions()

◆ continueAccountCreation()

◆ continueAccountLink()

◆ continueAuthentication()

◆ fillRequests()

◆ forcePrimaryAuthenticationProviders()

◆ getAuthenticationProvider()

◆ getAuthenticationRequests()

◆ getAuthenticationRequestsInternal()

◆ getAuthenticationSessionData()

◆ getConfiguration()

◆ getHookContainer()

◆ getHookRunner()

◆ getPreAuthenticationProviders()

◆ getPrimaryAuthenticationProviders()

◆ getRequest()

◆ getSecondaryAuthenticationProviders()

◆ normalizeUsername()

◆ providerArrayFromSpecs()

◆ removeAuthenticationSessionData()

◆ revokeAccessForUser()

◆ securitySensitiveOperationStatus()

◆ setAuthenticationSessionData()

◆ setDefaultUserOptions()

◆ setLogger()

◆ setSessionDataForUser()

◆ userCanAuthenticate()

◆ userExists()

Member Data Documentation

◆ $allAuthenticationProviders

◆ $blockManager

◆ $botPasswordStore

◆ $config

◆ $contentLanguage

◆ $createdAccountAuthenticationRequests

◆ $hookContainer

◆ $hookRunner

◆ $languageConverterFactory

◆ $loadBalancer

◆ $logger

◆ $objectFactory

◆ $preAuthenticationProviders

◆ $primaryAuthenticationProviders

◆ $readOnlyMode

◆ $request

◆ $secondaryAuthenticationProviders

◆ $userFactory

◆ $userIdentityLookup

◆ $userNameUtils

◆ $userOptionsManager

◆ $watchlistManager

◆ ACTION_CHANGE

◆ ACTION_CREATE

◆ ACTION_CREATE_CONTINUE

◆ ACTION_LINK

◆ ACTION_LINK_CONTINUE

◆ ACTION_LOGIN

◆ ACTION_LOGIN_CONTINUE

◆ ACTION_REMOVE