REL1_39/php/AbstractPasswordPrimaryAuthenticationProvider_8php_source.html

<?php

namespace MediaWiki\Auth;


use MediaWiki\MainConfigNames;

use Password;

use PasswordFactory;

use Status;


abstract class AbstractPasswordPrimaryAuthenticationProvider

    extends AbstractPrimaryAuthenticationProvider

{

    protected $authoritative;


    private $passwordFactory = null;


    public function __construct( array $params = [] ) {

        $this->authoritative = !isset( $params['authoritative'] ) || (bool)$params['authoritative'];

    }


    protected function getPasswordFactory() {

        if ( $this->passwordFactory === null ) {

            $this->passwordFactory = new PasswordFactory(

                $this->config->get( MainConfigNames::PasswordConfig ),

                $this->config->get( MainConfigNames::PasswordDefault )

            );

        }

        return $this->passwordFactory;

    }


    protected function getPassword( $hash ) {

        $passwordFactory = $this->getPasswordFactory();

        try {

            return $passwordFactory->newFromCiphertext( $hash );

        } catch ( \PasswordError $e ) {

            $class = static::class;

            $this->logger->debug( "Invalid password hash in {$class}::getPassword()" );

            return $passwordFactory->newFromCiphertext( null );

        }

    }


    protected function failResponse( PasswordAuthenticationRequest $req ) {

        if ( $this->authoritative ) {

            return AuthenticationResponse::newFail(

                wfMessage( $req->password === '' ? 'wrongpasswordempty' : 'wrongpassword' )

            );

        } else {

            return AuthenticationResponse::newAbstain();

        }

    }


    protected function checkPasswordValidity( $username, $password ) {

        return \User::newFromName( $username )->checkPasswordValidity( $password );

    }


    protected function setPasswordResetFlag( $username, Status $status, $data = null ) {

        $reset = $this->getPasswordResetData( $username, $data );


        if ( !$reset && $this->config->get( MainConfigNames::InvalidPasswordReset ) &&

        !$status->isGood() ) {

            $hard = $status->getValue()['forceChange'] ?? false;


            if ( $hard || !empty( $status->getValue()['suggestChangeOnLogin'] ) ) {

                $reset = (object)[

                    'msg' => $status->getMessage( $hard ? 'resetpass-validity' : 'resetpass-validity-soft' ),

                    'hard' => $hard,

                ];

            }

        }


        if ( $reset ) {

            $this->manager->setAuthenticationSessionData( 'reset-pass', $reset );

        }

    }


    protected function getPasswordResetData( $username, $data ) {

        return null;

    }


    protected function getNewPasswordExpiry( $username ) {

        $days = $this->config->get( MainConfigNames::PasswordExpirationDays );

        $expires = $days ? wfTimestamp( TS_MW, time() + $days * 86400 ) : null;


        // Give extensions a chance to force an expiration

        $this->getHookRunner()->onResetPasswordExpiration(

            \User::newFromName( $username ), $expires );


        return $expires;

    }


    public function getAuthenticationRequests( $action, array $options ) {

        switch ( $action ) {

            case AuthManager::ACTION_LOGIN:

            case AuthManager::ACTION_REMOVE:

            case AuthManager::ACTION_CREATE:

            case AuthManager::ACTION_CHANGE:

                return [ new PasswordAuthenticationRequest() ];

            default:

                return [];

        }

    }


}


wfTimestamp
wfTimestamp( $outputtype=TS_UNIX, $ts=0)
Get a timestamp string in one of various formats.
Definition GlobalFunctions.php:1424

wfMessage
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
Definition GlobalFunctions.php:934

MediaWiki\Auth\AbstractAuthenticationProvider\getHookRunner
getHookRunner()
Definition AbstractAuthenticationProvider.php:171

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider
Basic framework for a primary authentication provider that uses passwords.
Definition AbstractPasswordPrimaryAuthenticationProvider.php:38

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\checkPasswordValidity
checkPasswordValidity( $username, $password)
Check that the password is valid.
Definition AbstractPasswordPrimaryAuthenticationProvider.php:108

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\failResponse
failResponse(PasswordAuthenticationRequest $req)
Return the appropriate response for failure.
Definition AbstractPasswordPrimaryAuthenticationProvider.php:88

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getPasswordResetData
getPasswordResetData( $username, $data)
Get password reset data, if any.
Definition AbstractPasswordPrimaryAuthenticationProvider.php:151

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\setPasswordResetFlag
setPasswordResetFlag( $username, Status $status, $data=null)
Check if the password should be reset.
Definition AbstractPasswordPrimaryAuthenticationProvider.php:123

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getPasswordFactory
getPasswordFactory()
Definition AbstractPasswordPrimaryAuthenticationProvider.php:57

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\$authoritative
bool $authoritative
Whether this provider should ABSTAIN (false) or FAIL (true) on password failure.
Definition AbstractPasswordPrimaryAuthenticationProvider.php:40

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\__construct
__construct(array $params=[])
Definition AbstractPasswordPrimaryAuthenticationProvider.php:50

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getNewPasswordExpiry
getNewPasswordExpiry( $username)
Get expiration date for a new password, if any.
Definition AbstractPasswordPrimaryAuthenticationProvider.php:162

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getPassword
getPassword( $hash)
Get a Password object from the hash.
Definition AbstractPasswordPrimaryAuthenticationProvider.php:72

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getAuthenticationRequests
getAuthenticationRequests( $action, array $options)
Definition AbstractPasswordPrimaryAuthenticationProvider.php:180

MediaWiki\Auth\AbstractPrimaryAuthenticationProvider
A base class that implements some of the boilerplate for a PrimaryAuthenticationProvider.
Definition AbstractPrimaryAuthenticationProvider.php:33

MediaWiki\Auth\AuthManager\ACTION_CHANGE
const ACTION_CHANGE
Change a user's credentials.
Definition AuthManager.php:126

MediaWiki\Auth\AuthManager\ACTION_REMOVE
const ACTION_REMOVE
Remove a user's credentials.
Definition AuthManager.php:128

MediaWiki\Auth\AuthManager\ACTION_LOGIN
const ACTION_LOGIN
Log in with an existing (not necessarily local) user.
Definition AuthManager.php:108

MediaWiki\Auth\AuthManager\ACTION_CREATE
const ACTION_CREATE
Create a new user.
Definition AuthManager.php:114

MediaWiki\Auth\AuthenticationResponse\newFail
static newFail(Message $msg, array $failReasons=[])
Definition AuthenticationResponse.php:157

MediaWiki\Auth\AuthenticationResponse\newAbstain
static newAbstain()
Definition AuthenticationResponse.php:182

MediaWiki\Auth\PasswordAuthenticationRequest
This is a value object for authentication requests with a username and password.
Definition PasswordAuthenticationRequest.php:30

MediaWiki\MainConfigNames
A class containing constants representing the names of configuration variables.
Definition MainConfigNames.php:23

MediaWiki\MainConfigNames\PasswordExpirationDays
const PasswordExpirationDays
Name constant for the PasswordExpirationDays setting, for use with Config::get()
Definition MainConfigNames.php:957

MediaWiki\MainConfigNames\PasswordDefault
const PasswordDefault
Name constant for the PasswordDefault setting, for use with Config::get()
Definition MainConfigNames.php:2553

MediaWiki\MainConfigNames\PasswordConfig
const PasswordConfig
Name constant for the PasswordConfig setting, for use with Config::get()
Definition MainConfigNames.php:2559

MediaWiki\MainConfigNames\InvalidPasswordReset
const InvalidPasswordReset
Name constant for the InvalidPasswordReset setting, for use with Config::get()
Definition MainConfigNames.php:2547

PasswordError
Show an error when any operation involving passwords fails to run.
Definition PasswordError.php:29

PasswordFactory
Factory class for creating and checking Password objects.
Definition PasswordFactory.php:32

Password
Represents a password hash for use in authentication.
Definition Password.php:61

StatusValue\getValue
getValue()
Definition StatusValue.php:144

StatusValue\isGood
isGood()
Returns whether the operation completed and didn't have any error or warnings.
Definition StatusValue.php:128

Status
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition Status.php:44

Status\getMessage
getMessage( $shortContext=false, $longContext=false, $lang=null)
Get a bullet list of the errors as a Message object.
Definition Status.php:244

User\newFromName
static newFromName( $name, $validate='valid')
Definition User.php:598

MediaWiki\Auth
Definition AbstractAuthenticationProvider.php:22