MediaWiki REL1_39
MediaWiki\Block\BlockManager Class Reference

A service class for checking blocks. More...

Public Member Functions

 __construct (ServiceOptions $options, PermissionManager $permissionManager, UserFactory $userFactory, LoggerInterface $logger, HookContainer $hookContainer)
 
 getCookieValue (DatabaseBlock $block)
 Get the BlockID cookie's value for this block.
 
 getIdFromCookieValue ( $cookieValue)
 Get the stored ID from the 'BlockID' cookie.
 
 getIpBlock (string $ip, bool $fromReplica)
 Get the blocks that apply to an IP address.
 
 getUserBlock (UserIdentity $user, $request, $fromReplica, $disableIpBlockExemptChecking=false)
 Get the blocks that apply to a user.
 
 isDnsBlacklisted ( $ip, $checkAllowed=false)
 Whether the given IP is in a DNS blacklist.
 
 setBlockCookie (DatabaseBlock $block, WebResponse $response)
 Set the 'BlockID' cookie to this block's ID and expiry time.
 
 trackBlockWithCookie (User $user, WebResponse $response)
 Set the 'BlockID' cookie depending on block type and user authentication status.
 

Static Public Member Functions

static clearBlockCookie (WebResponse $response)
 Unset the 'BlockID' cookie.
 

Public Attributes

const CONSTRUCTOR_OPTIONS
 

Protected Member Functions

 checkHost ( $hostname)
 Wrapper for mocking in tests.
 

Detailed Description

A service class for checking blocks.

To obtain an instance, use MediaWikiServices::getInstance()->getBlockManager().

Since
1.34 Refactored from User and Block.

Definition at line 46 of file BlockManager.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Block\BlockManager::__construct ( ServiceOptions  $options,
PermissionManager  $permissionManager,
UserFactory  $userFactory,
LoggerInterface  $logger,
HookContainer  $hookContainer 
)
Parameters
ServiceOptions$options
PermissionManager$permissionManager
UserFactory$userFactory
LoggerInterface$logger
HookContainer$hookContainer

Definition at line 84 of file BlockManager.php.

References MediaWiki\Config\ServiceOptions\assertRequiredOptions().

Member Function Documentation

◆ checkHost()

MediaWiki\Block\BlockManager::checkHost (   $hostname)
protected

Wrapper for mocking in tests.

Parameters
string$hostnameDNSBL query
Returns
string[]|bool IPv4 array, or false if the IP is not blacklisted

Definition at line 506 of file BlockManager.php.

◆ clearBlockCookie()

static MediaWiki\Block\BlockManager::clearBlockCookie ( WebResponse  $response)
static

Unset the 'BlockID' cookie.

Since
1.34
Parameters
WebResponse$response

Definition at line 631 of file BlockManager.php.

References WebResponse\clearCookie().

◆ getCookieValue()

MediaWiki\Block\BlockManager::getCookieValue ( DatabaseBlock  $block)

Get the BlockID cookie's value for this block.

This is usually the block ID concatenated with an HMAC in order to avoid spoofing (T152951), but if wgSecretKey is not set will just be the block ID.

Since
1.34
Access: internal
Should be private. Left public for backwards compatibility, until DatabaseBlock::getCookieValue is removed.
Parameters
DatabaseBlock$block
Returns
string The block ID, probably concatenated with "!" and the HMAC.

Definition at line 678 of file BlockManager.php.

References MediaWiki\Block\DatabaseBlock\getId().

◆ getIdFromCookieValue()

MediaWiki\Block\BlockManager::getIdFromCookieValue (   $cookieValue)

Get the stored ID from the 'BlockID' cookie.

The cookie's value is usually a combination of the ID and a HMAC (see DatabaseBlock::setCookie), but will sometimes only be the ID.

Since
1.34
Access: internal
Should be private. Left public for backwards compatibility, until DatabaseBlock::getIdFromCookieValue is removed.
Parameters
string$cookieValueThe string in which to find the ID.
Returns
int|null The block ID, or null if the HMAC is present and invalid.

Definition at line 645 of file BlockManager.php.

◆ getIpBlock()

MediaWiki\Block\BlockManager::getIpBlock ( string  $ip,
bool  $fromReplica 
)

Get the blocks that apply to an IP address.

If there is only one, return that, otherwise return a composite block that combines the strictest features of the applicable blocks.

Since
1.38
Parameters
string$ip
bool$fromReplica
Returns
AbstractBlock|null

Definition at line 215 of file BlockManager.php.

◆ getUserBlock()

MediaWiki\Block\BlockManager::getUserBlock ( UserIdentity  $user,
  $request,
  $fromReplica,
  $disableIpBlockExemptChecking = false 
)

Get the blocks that apply to a user.

If there is only one, return that, otherwise return a composite block that combines the strictest features of the applicable blocks.

Different blocks may be sought, depending on the user and their permissions. The user may be: (1) The global user (and can be affected by IP blocks). The global request object is needed for checking the IP address, the XFF header and the cookies. (2) The global user (and exempt from IP blocks). The global request object is available. (3) Another user (not the global user). No request object is available or needed; just look for a block against the user account.

Cases #1 and #2 check whether the global user is blocked in practice; the block may due to their user account being blocked or to an IP address block or cookie block (or multiple of these). Case #3 simply checks whether a user's account is blocked, and does not determine whether the person using that account is affected in practice by any IP address or cookie blocks.

Access: internal
This should only be called by User::getBlockedStatus
Parameters
UserIdentity$user
WebRequest | null$requestThe global request object if the user is the global user (cases #1 and #2), otherwise null (case #3). The IP address and information from the request header are needed to find some types of blocks.
bool$fromReplicaWhether to check the replica DB first. To improve performance, non-critical checks are done against replica DBs. Check when actually saving should be done against primary.
bool$disableIpBlockExemptCheckingThis is used internally to prevent a infinite recursion with autopromote. See T270145.
Returns
AbstractBlock|null The most relevant block, or null if there is no block.

Definition at line 131 of file BlockManager.php.

References MediaWiki\User\UserIdentity\isRegistered(), and MediaWiki\Block\DatabaseBlock\newListFromTarget().

◆ isDnsBlacklisted()

MediaWiki\Block\BlockManager::isDnsBlacklisted (   $ip,
  $checkAllowed = false 
)

Whether the given IP is in a DNS blacklist.

Parameters
string$ipIP to check
bool$checkAllowedWhether to check $wgProxyWhitelist first
Returns
bool True if blacklisted.

Definition at line 437 of file BlockManager.php.

◆ setBlockCookie()

MediaWiki\Block\BlockManager::setBlockCookie ( DatabaseBlock  $block,
WebResponse  $response 
)

Set the 'BlockID' cookie to this block's ID and expiry time.

The cookie's expiry will be the same as the block's, to a maximum of 24 hours.

Since
1.34
Access: internal
Should be private. Left public for backwards compatibility, until DatabaseBlock::setCookie is removed.
Parameters
DatabaseBlock$block
WebResponse$responseThe response on which to set the cookie.

Definition at line 584 of file BlockManager.php.

References MediaWiki\Block\AbstractBlock\getExpiry(), WebResponse\setCookie(), and wfTimestamp().

◆ trackBlockWithCookie()

MediaWiki\Block\BlockManager::trackBlockWithCookie ( User  $user,
WebResponse  $response 
)

Set the 'BlockID' cookie depending on block type and user authentication status.

If a block cookie is already set, this will check the block that the cookie references and do the following:

  • If the block is a valid block that should be applied, do nothing and return early. This ensures that the cookie's expiry time is based on the time of the first page load or attempt. (See discussion on T233595.)
  • If the block is invalid (e.g. has expired), clear the cookie and continue to check whether there is another block that should be tracked.
  • If the block is a valid block, but should not be tracked by a cookie, clear the cookie and continue to check whether there is another block that should be tracked.
Since
1.34
Parameters
User$user
WebResponse$responseThe response on which to set the cookie.
Exceptions
LogicExceptionIf called before the User object was loaded.
LogicExceptionIf not called pre-send.

Definition at line 529 of file BlockManager.php.

References User\getBlock(), WebRequest\getCookie(), User\getRequest(), WebResponse\headersSent(), User\isAnon(), and User\isSafeToLoad().

Member Data Documentation

◆ CONSTRUCTOR_OPTIONS

const MediaWiki\Block\BlockManager::CONSTRUCTOR_OPTIONS
Initial value:
= [
]
const DnsBlacklistUrls
Name constant for the DnsBlacklistUrls setting, for use with Config::get()
const SoftBlockRanges
Name constant for the SoftBlockRanges setting, for use with Config::get()
const CookieSetOnAutoblock
Name constant for the CookieSetOnAutoblock setting, for use with Config::get()
const EnableDnsBlacklist
Name constant for the EnableDnsBlacklist setting, for use with Config::get()
const ApplyIpBlocksToXff
Name constant for the ApplyIpBlocksToXff setting, for use with Config::get()
const ProxyList
Name constant for the ProxyList setting, for use with Config::get()
const ProxyWhitelist
Name constant for the ProxyWhitelist setting, for use with Config::get()
const CookieSetOnIpBlock
Name constant for the CookieSetOnIpBlock setting, for use with Config::get()
const SecretKey
Name constant for the SecretKey setting, for use with Config::get()
Access: internal
For use by ServiceWiring

Definition at line 59 of file BlockManager.php.


The documentation for this class was generated from the following file: