MediaWiki REL1_37
PasswordPolicyChecks Class Reference

Functions to check passwords against a policy requirement. More...

Static Public Member Functions

static checkMaximalPasswordLength ( $policyVal, UserIdentity $user, $password)
 Check password is shorter than maximum, fatal.
 
static checkMinimalPasswordLength ( $policyVal, UserIdentity $user, $password)
 Check password is longer than minimum, not fatal.
 
static checkMinimumPasswordLengthToLogin ( $policyVal, UserIdentity $user, $password)
 Check password is longer than minimum, fatal.
 
static checkPasswordCannotBeSubstringInUsername ( $policyVal, UserIdentity $user, $password)
 Check if password is a (case-insensitive) substring within the username.
 
static checkPasswordCannotMatchDefaults ( $policyVal, UserIdentity $user, $password)
 Check if username and password are on a list of past MediaWiki default passwords.
 
static checkPasswordNotInCommonList ( $policyVal, UserIdentity $user, $password)
 Ensure the password isn't in the list of common passwords by the wikimedia/common-passwords library, which contains (as of 0.2.0) the 100,000 top passwords from SecLists (as a Bloom filter, with an 0.000001 false positive ratio).
 

Detailed Description

Functions to check passwords against a policy requirement.

$policyVal is the value configured in $wgPasswordPolicy. If the return status is fatal, the user won't be allowed to login. If the status is not good but not fatal, the user will not be allowed to set the given password (on registration or password change), but can still log in after bypassing a warning.

Since
1.26
See also
$wgPasswordPolicy

Definition at line 37 of file PasswordPolicyChecks.php.

Member Function Documentation

◆ checkMaximalPasswordLength()

static PasswordPolicyChecks::checkMaximalPasswordLength (   $policyVal,
UserIdentity  $user,
  $password 
)
static

Check password is shorter than maximum, fatal.

Intended for preventing DoS attacks when using a more expensive password hash like PBKDF2.

Parameters
int$policyValmaximum length
UserIdentity$user
string$password
Returns
Status fatal if $password is shorter than $policyVal

Definition at line 79 of file PasswordPolicyChecks.php.

◆ checkMinimalPasswordLength()

static PasswordPolicyChecks::checkMinimalPasswordLength (   $policyVal,
UserIdentity  $user,
  $password 
)
static

Check password is longer than minimum, not fatal.

Parameters
int$policyValminimal length
UserIdentity$user
string$password
Returns
Status error if $password is shorter than $policyVal

Definition at line 46 of file PasswordPolicyChecks.php.

◆ checkMinimumPasswordLengthToLogin()

static PasswordPolicyChecks::checkMinimumPasswordLengthToLogin (   $policyVal,
UserIdentity  $user,
  $password 
)
static

Check password is longer than minimum, fatal.

Intended for locking out users with passwords too short to trust, requiring them to recover their account by some other means.

Parameters
int$policyValminimal length
UserIdentity$user
string$password
Returns
Status fatal if $password is shorter than $policyVal

Definition at line 63 of file PasswordPolicyChecks.php.

◆ checkPasswordCannotBeSubstringInUsername()

static PasswordPolicyChecks::checkPasswordCannotBeSubstringInUsername (   $policyVal,
UserIdentity  $user,
  $password 
)
static

Check if password is a (case-insensitive) substring within the username.

Parameters
bool$policyValtrue to force compliance.
UserIdentity$user
string$password
Returns
Status error if password is a substring within username, and policy is true

Definition at line 94 of file PasswordPolicyChecks.php.

References MediaWiki\User\UserIdentity\getName().

◆ checkPasswordCannotMatchDefaults()

static PasswordPolicyChecks::checkPasswordCannotMatchDefaults (   $policyVal,
UserIdentity  $user,
  $password 
)
static

Check if username and password are on a list of past MediaWiki default passwords.

Parameters
bool$policyValtrue to force compliance.
UserIdentity$user
string$password
Returns
Status error if username and password match, and policy is true

Definition at line 114 of file PasswordPolicyChecks.php.

References MediaWiki\User\UserIdentity\getName().

◆ checkPasswordNotInCommonList()

static PasswordPolicyChecks::checkPasswordNotInCommonList (   $policyVal,
UserIdentity  $user,
  $password 
)
static

Ensure the password isn't in the list of common passwords by the wikimedia/common-passwords library, which contains (as of 0.2.0) the 100,000 top passwords from SecLists (as a Bloom filter, with an 0.000001 false positive ratio).

Parameters
bool$policyValWhether to apply this policy
UserIdentity$user
string$password
Since
1.33
Returns
Status

Definition at line 156 of file PasswordPolicyChecks.php.


The documentation for this class was generated from the following file: