A service class for checking blocks. More...
Public Member Functions | |
| __construct (ServiceOptions $options, PermissionManager $permissionManager, UserFactory $userFactory, LoggerInterface $logger, HookContainer $hookContainer) | |
| getCookieValue (DatabaseBlock $block) | |
| Get the BlockID cookie's value for this block. | |
| getIdFromCookieValue ( $cookieValue) | |
| Get the stored ID from the 'BlockID' cookie. | |
| getUserBlock (UserIdentity $user, $request, $fromReplica, $disableIpBlockExemptChecking=false) | |
| Get the blocks that apply to a user. | |
| isDnsBlacklisted ( $ip, $checkAllowed=false) | |
| Whether the given IP is in a DNS blacklist. | |
| setBlockCookie (DatabaseBlock $block, WebResponse $response) | |
| Set the 'BlockID' cookie to this block's ID and expiry time. | |
| trackBlockWithCookie (User $user, WebResponse $response) | |
| Set the 'BlockID' cookie depending on block type and user authentication status. | |
Static Public Member Functions | |
| static | clearBlockCookie (WebResponse $response) |
| Unset the 'BlockID' cookie. | |
Public Attributes | |
| const | CONSTRUCTOR_OPTIONS |
Protected Member Functions | |
| checkHost ( $hostname) | |
| Wrapper for mocking in tests. | |
Private Member Functions | |
| getAdditionalIpBlocks (&$blocks, WebRequest $request, $isAnon, $fromPrimary) | |
| Check for any additional blocks against the IP address or any IPs in the XFF header. | |
| getBlockFromCookieValue (UserIdentity $user, WebRequest $request) | |
| Try to load a block from an ID given in a cookie value. | |
| getCookieBlock (&$blocks, UserIdentity $user, WebRequest $request) | |
| Get the cookie block, if there is one. | |
| getUniqueBlocks (array $blocks) | |
| Given a list of blocks, return a list of unique blocks. | |
| inDnsBlacklist ( $ip, array $bases) | |
| Whether the given IP is in a given DNS blacklist. | |
| isLocallyBlockedProxy ( $ip) | |
| Check if an IP address is in the local proxy list. | |
| shouldApplyCookieBlock (DatabaseBlock $block, $isAnon) | |
| Check if the block loaded from the cookie should be applied. | |
| shouldTrackBlockWithCookie (AbstractBlock $block, $isAnon) | |
| Check if the block should be tracked with a cookie. | |
Private Attributes | |
| HookRunner | $hookRunner |
| LoggerInterface | $logger |
| ServiceOptions | $options |
| PermissionManager | $permissionManager |
| UserFactory | $userFactory |
Detailed Description
A service class for checking blocks.
To obtain an instance, use MediaWikiServices::getInstance()->getBlockManager().
- Since
- 1.34 Refactored from User and Block.
Definition at line 47 of file BlockManager.php.
Constructor & Destructor Documentation
◆ __construct()
| MediaWiki\Block\BlockManager::__construct | ( | ServiceOptions | $options, |
| PermissionManager | $permissionManager, | ||
| UserFactory | $userFactory, | ||
| LoggerInterface | $logger, | ||
| HookContainer | $hookContainer | ||
| ) |
- Parameters
-
ServiceOptions $options PermissionManager $permissionManager UserFactory $userFactory LoggerInterface $logger HookContainer $hookContainer
Definition at line 85 of file BlockManager.php.
References MediaWiki\Block\BlockManager\$logger, MediaWiki\Block\BlockManager\$options, MediaWiki\Block\BlockManager\$permissionManager, MediaWiki\Block\BlockManager\$userFactory, and MediaWiki\Config\ServiceOptions\assertRequiredOptions().
Member Function Documentation
◆ checkHost()
|
protected |
Wrapper for mocking in tests.
- Parameters
-
string $hostname DNSBL query
- Returns
- string[]|bool IPv4 array, or false if the IP is not blacklisted
Definition at line 451 of file BlockManager.php.
Referenced by MediaWiki\Block\BlockManager\inDnsBlacklist().
◆ clearBlockCookie()
|
static |
Unset the 'BlockID' cookie.
- Since
- 1.34
- Parameters
-
WebResponse $response
Definition at line 580 of file BlockManager.php.
References WebResponse\clearCookie().
Referenced by MediaWiki\Block\BlockManager\trackBlockWithCookie().
◆ getAdditionalIpBlocks()
|
private |
Check for any additional blocks against the IP address or any IPs in the XFF header.
- Parameters
-
AbstractBlock[] &$blocks Blocks found so far WebRequest $request bool $isAnon The user is logged out bool $fromPrimary
- Returns
- void
Definition at line 217 of file BlockManager.php.
References MediaWiki\Block\DatabaseBlock\getBlocksForIPList(), WebRequest\getHeader(), WebRequest\getIP(), MediaWiki\Block\BlockManager\isDnsBlacklisted(), and MediaWiki\Block\BlockManager\isLocallyBlockedProxy().
Referenced by MediaWiki\Block\BlockManager\getUserBlock().
◆ getBlockFromCookieValue()
|
private |
Try to load a block from an ID given in a cookie value.
If the block is invalid, doesn't exist, or the cookie value is malformed, no block will be loaded. In these cases the cookie will either (1) be replaced with a valid cookie or (2) removed, next time trackBlockWithCookie is called.
- Parameters
-
UserIdentity $user WebRequest $request
- Returns
- DatabaseBlock|bool The block object, or false if none could be loaded.
Definition at line 304 of file BlockManager.php.
References WebRequest\getCookie(), MediaWiki\Block\BlockManager\getIdFromCookieValue(), MediaWiki\User\UserIdentity\isRegistered(), MediaWiki\Block\DatabaseBlock\newFromID(), and MediaWiki\Block\BlockManager\shouldApplyCookieBlock().
Referenced by MediaWiki\Block\BlockManager\getCookieBlock(), and MediaWiki\Block\BlockManager\trackBlockWithCookie().
◆ getCookieBlock()
|
private |
Get the cookie block, if there is one.
- Parameters
-
AbstractBlock[] &$blocks UserIdentity $user WebRequest $request
- Returns
- void
Definition at line 201 of file BlockManager.php.
References MediaWiki\Block\BlockManager\getBlockFromCookieValue().
Referenced by MediaWiki\Block\BlockManager\getUserBlock().
◆ getCookieValue()
| MediaWiki\Block\BlockManager::getCookieValue | ( | DatabaseBlock | $block | ) |
Get the BlockID cookie's value for this block.
This is usually the block ID concatenated with an HMAC in order to avoid spoofing (T152951), but if wgSecretKey is not set will just be the block ID.
- Since
- 1.34
- Access: internal
- Should be private. Left public for backwards compatibility, until DatabaseBlock::getCookieValue is removed.
- Parameters
-
DatabaseBlock $block
- Returns
- string The block ID, probably concatenated with "!" and the HMAC.
Definition at line 627 of file BlockManager.php.
References MediaWiki\Block\DatabaseBlock\getId(), and MWCryptHash\hmac().
Referenced by MediaWiki\Block\BlockManager\setBlockCookie().
◆ getIdFromCookieValue()
| MediaWiki\Block\BlockManager::getIdFromCookieValue | ( | $cookieValue | ) |
Get the stored ID from the 'BlockID' cookie.
The cookie's value is usually a combination of the ID and a HMAC (see DatabaseBlock::setCookie), but will sometimes only be the ID.
- Since
- 1.34
- Access: internal
- Should be private. Left public for backwards compatibility, until DatabaseBlock::getIdFromCookieValue is removed.
- Parameters
-
string $cookieValue The string in which to find the ID.
- Returns
- int|null The block ID, or null if the HMAC is present and invalid.
Definition at line 594 of file BlockManager.php.
References MWCryptHash\hmac().
Referenced by MediaWiki\Block\BlockManager\getBlockFromCookieValue().
◆ getUniqueBlocks()
|
private |
Given a list of blocks, return a list of unique blocks.
This usually means that each block has a unique ID. For a block with ID null, if it's an autoblock, it will be filtered out if the parent block is present; if not, it is assumed to be a unique system block, and kept.
- Parameters
-
AbstractBlock[] $blocks
- Returns
- AbstractBlock[]
Definition at line 272 of file BlockManager.php.
References MediaWiki\Block\Block\TYPE_AUTO.
Referenced by MediaWiki\Block\BlockManager\getUserBlock().
◆ getUserBlock()
| MediaWiki\Block\BlockManager::getUserBlock | ( | UserIdentity | $user, |
| $request, | |||
| $fromReplica, | |||
$disableIpBlockExemptChecking = false |
|||
| ) |
Get the blocks that apply to a user.
If there is only one, return that, otherwise return a composite block that combines the strictest features of the applicable blocks.
Different blocks may be sought, depending on the user and their permissions. The user may be: (1) The global user (and can be affected by IP blocks). The global request object is needed for checking the IP address, the XFF header and the cookies. (2) The global user (and exempt from IP blocks). The global request object is available. (3) Another user (not the global user). No request object is available or needed; just look for a block against the user account.
Cases #1 and #2 check whether the global user is blocked in practice; the block may due to their user account being blocked or to an IP address block or cookie block (or multiple of these). Case #3 simply checks whether a user's account is blocked, and does not determine whether the person using that account is affected in practice by any IP address or cookie blocks.
- Access: internal
- This should only be called by User::getBlockedStatus
- Parameters
-
UserIdentity $user WebRequest | null $request The global request object if the user is the global user (cases #1 and #2), otherwise null (case #3). The IP address and information from the request header are needed to find some types of blocks. bool $fromReplica Whether to check the replica DB first. To improve performance, non-critical checks are done against replica DBs. Check when actually saving should be done against primary. bool $disableIpBlockExemptChecking This is used internally to prevent a infinite recursion with autopromote. See T270145.
- Returns
- AbstractBlock|null The most relevant block, or null if there is no block.
Definition at line 132 of file BlockManager.php.
References MediaWiki\Block\BlockManager\getAdditionalIpBlocks(), MediaWiki\Block\BlockManager\getCookieBlock(), MediaWiki\Block\BlockManager\getUniqueBlocks(), MediaWiki\User\UserIdentity\isRegistered(), and MediaWiki\Block\DatabaseBlock\newListFromTarget().
◆ inDnsBlacklist()
|
private |
Whether the given IP is in a given DNS blacklist.
- Parameters
-
string $ip IP to check string[] $bases URL of the DNS blacklist
- Returns
- bool True if blacklisted.
Definition at line 399 of file BlockManager.php.
References $base, and MediaWiki\Block\BlockManager\checkHost().
Referenced by MediaWiki\Block\BlockManager\isDnsBlacklisted().
◆ isDnsBlacklisted()
| MediaWiki\Block\BlockManager::isDnsBlacklisted | ( | $ip, | |
$checkAllowed = false |
|||
| ) |
Whether the given IP is in a DNS blacklist.
- Parameters
-
string $ip IP to check bool $checkAllowed Whether to check $wgProxyWhitelist first
- Returns
- bool True if blacklisted.
Definition at line 382 of file BlockManager.php.
References MediaWiki\Block\BlockManager\inDnsBlacklist().
Referenced by MediaWiki\Block\BlockManager\getAdditionalIpBlocks().
◆ isLocallyBlockedProxy()
|
private |
Check if an IP address is in the local proxy list.
- Parameters
-
string $ip
- Returns
- bool
Definition at line 360 of file BlockManager.php.
Referenced by MediaWiki\Block\BlockManager\getAdditionalIpBlocks().
◆ setBlockCookie()
| MediaWiki\Block\BlockManager::setBlockCookie | ( | DatabaseBlock | $block, |
| WebResponse | $response | ||
| ) |
Set the 'BlockID' cookie to this block's ID and expiry time.
The cookie's expiry will be the same as the block's, to a maximum of 24 hours.
- Since
- 1.34
- Access: internal
- Should be private. Left public for backwards compatibility, until DatabaseBlock::setCookie is removed.
- Parameters
-
DatabaseBlock $block WebResponse $response The response on which to set the cookie.
Definition at line 529 of file BlockManager.php.
References MediaWiki\Block\BlockManager\getCookieValue(), MediaWiki\Block\AbstractBlock\getExpiry(), WebResponse\setCookie(), and wfTimestamp().
Referenced by MediaWiki\Block\BlockManager\trackBlockWithCookie().
◆ shouldApplyCookieBlock()
|
private |
Check if the block loaded from the cookie should be applied.
- Parameters
-
DatabaseBlock $block bool $isAnon The user is logged out
- Returns
- bool The block sould be applied
Definition at line 335 of file BlockManager.php.
References MediaWiki\Block\DatabaseBlock\getType(), MediaWiki\Block\DatabaseBlock\isAutoblocking(), MediaWiki\Block\DatabaseBlock\isExpired(), MediaWiki\Block\Block\TYPE_IP, MediaWiki\Block\Block\TYPE_RANGE, and MediaWiki\Block\Block\TYPE_USER.
Referenced by MediaWiki\Block\BlockManager\getBlockFromCookieValue(), and MediaWiki\Block\BlockManager\trackBlockWithCookie().
◆ shouldTrackBlockWithCookie()
|
private |
Check if the block should be tracked with a cookie.
- Parameters
-
AbstractBlock $block bool $isAnon The user is logged out
- Returns
- bool The block sould be tracked with a cookie
Definition at line 557 of file BlockManager.php.
References MediaWiki\Block\AbstractBlock\getType(), MediaWiki\Block\Block\TYPE_IP, MediaWiki\Block\Block\TYPE_RANGE, and MediaWiki\Block\Block\TYPE_USER.
Referenced by MediaWiki\Block\BlockManager\trackBlockWithCookie().
◆ trackBlockWithCookie()
| MediaWiki\Block\BlockManager::trackBlockWithCookie | ( | User | $user, |
| WebResponse | $response | ||
| ) |
Set the 'BlockID' cookie depending on block type and user authentication status.
If a block cookie is already set, this will check the block that the cookie references and do the following:
- If the block is a valid block that should be applied, do nothing and return early. This ensures that the cookie's expiry time is based on the time of the first page load or attempt. (See discussion on T233595.)
- If the block is invalid (e.g. has expired), clear the cookie and continue to check whether there is another block that should be tracked.
- If the block is a valid block, but should not be tracked by a cookie, clear the cookie and continue to check whether there is another block that should be tracked.
- Since
- 1.34
- Parameters
-
User $user WebResponse $response The response on which to set the cookie.
- Exceptions
-
LogicException If called before the User object was loaded. LogicException If not called pre-send.
Definition at line 474 of file BlockManager.php.
References MediaWiki\Block\BlockManager\clearBlockCookie(), User\getBlock(), MediaWiki\Block\BlockManager\getBlockFromCookieValue(), User\getRequest(), WebResponse\headersSent(), User\isAnon(), User\isSafeToLoad(), MediaWiki\Block\BlockManager\setBlockCookie(), MediaWiki\Block\BlockManager\shouldApplyCookieBlock(), and MediaWiki\Block\BlockManager\shouldTrackBlockWithCookie().
Member Data Documentation
◆ $hookRunner
|
private |
Definition at line 76 of file BlockManager.php.
◆ $logger
|
private |
Definition at line 73 of file BlockManager.php.
Referenced by MediaWiki\Block\BlockManager\__construct().
◆ $options
|
private |
Definition at line 55 of file BlockManager.php.
Referenced by MediaWiki\Block\BlockManager\__construct().
◆ $permissionManager
|
private |
Definition at line 49 of file BlockManager.php.
Referenced by MediaWiki\Block\BlockManager\__construct().
◆ $userFactory
|
private |
Definition at line 52 of file BlockManager.php.
Referenced by MediaWiki\Block\BlockManager\__construct().
◆ CONSTRUCTOR_OPTIONS
| const MediaWiki\Block\BlockManager::CONSTRUCTOR_OPTIONS |
- Access: internal
- For use by ServiceWiring
Definition at line 60 of file BlockManager.php.
The documentation for this class was generated from the following file:
- includes/block/BlockManager.php
