A service class for checking blocks. More...

Public Member Functions
	__construct (ServiceOptions $options, PermissionManager $permissionManager, UserFactory $userFactory, UserIdentityUtils $userIdentityUtils, LoggerInterface $logger, HookContainer $hookContainer)

	getIpBlock (string $ip, bool $fromReplica)
	Get the blocks that apply to an IP address.

	getUserBlock (UserIdentity $user, $request, $fromReplica, $disableIpBlockExemptChecking=false)
	Get the blocks that apply to a user.

	isDnsBlacklisted ( $ip, $checkAllowed=false)
	Whether the given IP is in a DNS blacklist.

	trackBlockWithCookie (User $user, WebResponse $response)
	Set the 'BlockID' cookie depending on block type and user authentication status.

Static Public Member Functions
static	clearBlockCookie (WebResponse $response)
	Unset the 'BlockID' cookie.

Public Attributes
const	CONSTRUCTOR_OPTIONS

Protected Member Functions
	checkHost ( $hostname)
	Wrapper for mocking in tests.

	getBlocksForIPList (array $xff, bool $isAnon, bool $fromPrimary)
	Wrapper for mocking in tests.

Detailed Description

A service class for checking blocks.

To obtain an instance, use MediaWikiServices::getInstance()->getBlockManager().

Since: 1.34 Refactored from User and Block.

Definition at line 47 of file BlockManager.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Block\BlockManager::__construct	(	ServiceOptions	$options,
		PermissionManager	$permissionManager,
		UserFactory	$userFactory,
		UserIdentityUtils	$userIdentityUtils,
		LoggerInterface	$logger,
		HookContainer	$hookContainer )

Parameters

ServiceOptions	$options
PermissionManager	$permissionManager
UserFactory	$userFactory
UserIdentityUtils	$userIdentityUtils
LoggerInterface	$logger
HookContainer	$hookContainer

Definition at line 89 of file BlockManager.php.

References MediaWiki\Config\ServiceOptions\assertRequiredOptions().

Member Function Documentation

◆ checkHost()

MediaWiki\Block\BlockManager::checkHost ( $hostname )

protected

Wrapper for mocking in tests.

Parameters

string $hostname DNSBL query

Returns: string[]|false IPv4 array, or false if the IP is not blacklisted

Definition at line 541 of file BlockManager.php.

◆ clearBlockCookie()

static MediaWiki\Block\BlockManager::clearBlockCookie ( WebResponse $response )

static

Unset the 'BlockID' cookie.

Since: 1.34

Parameters

WebResponse $response

Definition at line 655 of file BlockManager.php.

References MediaWiki\Request\WebResponse\clearCookie().

◆ getBlocksForIPList()

MediaWiki\Block\BlockManager::getBlocksForIPList	(	array	$xff,
		bool	$isAnon,
		bool	$fromPrimary )

protected

Wrapper for mocking in tests.

Parameters

array	$xff
bool	$isAnon
bool	$fromPrimary

Returns: DatabaseBlock[]

Definition at line 346 of file BlockManager.php.

◆ getIpBlock()

MediaWiki\Block\BlockManager::getIpBlock	(	string	$ip,
		bool	$fromReplica )

Get the blocks that apply to an IP address.

If there is only one, return that, otherwise return a composite block that combines the strictest features of the applicable blocks.

Since: 1.38

Parameters

string	$ip
bool	$fromReplica

Returns: AbstractBlock|null

Definition at line 233 of file BlockManager.php.

◆ getUserBlock()

MediaWiki\Block\BlockManager::getUserBlock	(	UserIdentity	$user,
			$request,
			$fromReplica,
			$disableIpBlockExemptChecking = false )

Get the blocks that apply to a user.

If there is only one, return that, otherwise return a composite block that combines the strictest features of the applicable blocks.

Different blocks may be sought, depending on the user and their permissions. The user may be: (1) The global user (and can be affected by IP blocks). The global request object is needed for checking the IP address, the XFF header and the cookies. (2) The global user (and exempt from IP blocks). The global request object is available. (3) Another user (not the global user). No request object is available or needed; just look for a block against the user account.

Cases #1 and #2 check whether the global user is blocked in practice; the block may due to their user account being blocked or to an IP address block or cookie block (or multiple of these). Case #3 simply checks whether a user's account is blocked, and does not determine whether the person using that account is affected in practice by any IP address or cookie blocks.

Access: internal: This should only be called by User::getBlockedStatus

Parameters

UserIdentity	$user
WebRequest \| null	$request	The global request object if the user is the global user (cases #1 and #2), otherwise null (case #3). The IP address and information from the request header are needed to find some types of blocks.
bool	$fromReplica	Whether to check the replica DB first. To improve performance, non-critical checks are done against replica DBs. Check when actually saving should be done against primary.
bool	$disableIpBlockExemptChecking	This is used internally to prevent a infinite recursion with autopromote. See T270145.

Returns: AbstractBlock|null The most relevant block, or null if there is no block.

Definition at line 138 of file BlockManager.php.

References MediaWiki\Block\DatabaseBlock\newListFromTarget().

◆ isDnsBlacklisted()

MediaWiki\Block\BlockManager::isDnsBlacklisted	(		$ip,
			$checkAllowed = false )

Whether the given IP is in a DNS blacklist.

Parameters

string	$ip	IP to check
bool	$checkAllowed	Whether to check $wgProxyWhitelist first

Returns: bool True if blacklisted.

Definition at line 472 of file BlockManager.php.

◆ trackBlockWithCookie()

MediaWiki\Block\BlockManager::trackBlockWithCookie	(	User	$user,
		WebResponse	$response )

Set the 'BlockID' cookie depending on block type and user authentication status.

If a block cookie is already set, this will check the block that the cookie references and do the following:

If the block is a valid block that should be applied, do nothing and return early. This ensures that the cookie's expiry time is based on the time of the first page load or attempt. (See discussion on T233595.)
If the block is invalid (e.g. has expired), clear the cookie and continue to check whether there is another block that should be tracked.
If the block is a valid block, but should not be tracked by a cookie, clear the cookie and continue to check whether there is another block that should be tracked.

Since: 1.34

Parameters

User	$user
WebResponse	$response	The response on which to set the cookie.

Exceptions

LogicException	If called before the User object was loaded.
LogicException	If not called pre-send.

Definition at line 564 of file BlockManager.php.

References MediaWiki\User\User\getBlock(), MediaWiki\User\User\getRequest(), MediaWiki\Request\WebResponse\headersSent(), MediaWiki\User\User\isAnon(), and MediaWiki\User\User\isSafeToLoad().

Member Data Documentation

◆ CONSTRUCTOR_OPTIONS

const MediaWiki\Block\BlockManager::CONSTRUCTOR_OPTIONS

Initial value:

= [
        MainConfigNames::ApplyIpBlocksToXff,
        MainConfigNames::CookieSetOnAutoblock,
        MainConfigNames::CookieSetOnIpBlock,
        MainConfigNames::DnsBlacklistUrls,
        MainConfigNames::EnableDnsBlacklist,
        MainConfigNames::ProxyList,
        MainConfigNames::ProxyWhitelist,
        MainConfigNames::SecretKey,
        MainConfigNames::SoftBlockRanges,
    ]

Access: internal: For use by ServiceWiring

Definition at line 63 of file BlockManager.php.

The documentation for this class was generated from the following file:

includes/block/BlockManager.php

Public Member Functions

Static Public Member Functions

Public Attributes

Protected Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ __construct()

Member Function Documentation

◆ checkHost()

◆ clearBlockCookie()

◆ getBlocksForIPList()

◆ getIpBlock()

◆ getUserBlock()

◆ isDnsBlacklisted()

◆ trackBlockWithCookie()

Member Data Documentation

◆ CONSTRUCTOR_OPTIONS