MediaWiki  master
AbstractPasswordPrimaryAuthenticationProvider.php
Go to the documentation of this file.
1 <?php
22 namespace MediaWiki\Auth;
23 
24 use Password;
25 use PasswordFactory;
26 use Status;
27 
37 {
39  protected $authoritative;
40 
41  private $passwordFactory = null;
42 
49  public function __construct( array $params = [] ) {
50  $this->authoritative = !isset( $params['authoritative'] ) || (bool)$params['authoritative'];
51  }
52 
56  protected function getPasswordFactory() {
57  if ( $this->passwordFactory === null ) {
58  $this->passwordFactory = new PasswordFactory(
59  $this->config->get( 'PasswordConfig' ),
60  $this->config->get( 'PasswordDefault' )
61  );
62  }
64  }
65 
71  protected function getPassword( $hash ) {
73  try {
74  return $passwordFactory->newFromCiphertext( $hash );
75  } catch ( \PasswordError $e ) {
76  $class = static::class;
77  $this->logger->debug( "Invalid password hash in {$class}::getPassword()" );
78  return $passwordFactory->newFromCiphertext( null );
79  }
80  }
81 
87  protected function failResponse( PasswordAuthenticationRequest $req ) {
88  if ( $this->authoritative ) {
90  wfMessage( $req->password === '' ? 'wrongpasswordempty' : 'wrongpassword' )
91  );
92  } else {
94  }
95  }
96 
107  protected function checkPasswordValidity( $username, $password ) {
108  return \User::newFromName( $username )->checkPasswordValidity( $password );
109  }
110 
122  protected function setPasswordResetFlag( $username, Status $status, $data = null ) {
123  $reset = $this->getPasswordResetData( $username, $data );
124 
125  if ( !$reset && $this->config->get( 'InvalidPasswordReset' ) && !$status->isGood() ) {
126  $hard = $status->getValue()['forceChange'] ?? false;
127 
128  if ( $hard || !empty( $status->getValue()['suggestChangeOnLogin'] ) ) {
129  $reset = (object)[
130  'msg' => $status->getMessage( $hard ? 'resetpass-validity' : 'resetpass-validity-soft' ),
131  'hard' => $hard,
132  ];
133  }
134  }
135 
136  if ( $reset ) {
137  $this->manager->setAuthenticationSessionData( 'reset-pass', $reset );
138  }
139  }
140 
149  protected function getPasswordResetData( $username, $data ) {
150  return null;
151  }
152 
160  protected function getNewPasswordExpiry( $username ) {
161  $days = $this->config->get( 'PasswordExpirationDays' );
162  $expires = $days ? wfTimestamp( TS_MW, time() + $days * 86400 ) : null;
163 
164  // Give extensions a chance to force an expiration
165  $this->getHookRunner()->onResetPasswordExpiration(
166  \User::newFromName( $username ), $expires );
167 
168  return $expires;
169  }
170 
178  public function getAuthenticationRequests( $action, array $options ) {
179  switch ( $action ) {
184  return [ new PasswordAuthenticationRequest() ];
185  default:
186  return [];
187  }
188  }
189 }
MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\__construct
__construct(array $params=[])
Definition: AbstractPasswordPrimaryAuthenticationProvider.php:49
MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\$authoritative
bool $authoritative
Whether this provider should ABSTAIN (false) or FAIL (true) on password failure.
Definition: AbstractPasswordPrimaryAuthenticationProvider.php:39
MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getPassword
getPassword( $hash)
Get a Password object from the hash.
Definition: AbstractPasswordPrimaryAuthenticationProvider.php:71
MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\failResponse
failResponse(PasswordAuthenticationRequest $req)
Return the appropriate response for failure.
Definition: AbstractPasswordPrimaryAuthenticationProvider.php:87
MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider
Basic framework for a primary authentication provider that uses passwords.
Definition: AbstractPasswordPrimaryAuthenticationProvider.php:37
wfTimestamp
wfTimestamp( $outputtype=TS_UNIX, $ts=0)
Get a timestamp string in one of various formats.
Definition: GlobalFunctions.php:1692
Status\getMessage
getMessage( $shortContext=false, $longContext=false, $lang=null)
Get a bullet list of the errors as a Message object.
Definition: Status.php:243
PasswordError
Show an error when any operation involving passwords fails to run.
Definition: PasswordError.php:29
User\newFromName
static newFromName( $name, $validate='valid')
Definition: User.php:602
wfMessage
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
Definition: GlobalFunctions.php:1182
Status
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition: Status.php:44
StatusValue\getValue
getValue()
Definition: StatusValue.php:138
MediaWiki\Auth\AuthenticationResponse\newAbstain
static newAbstain()
Definition: AuthenticationResponse.php:170
MediaWiki\Auth\PasswordAuthenticationRequest
This is a value object for authentication requests with a username and password.
Definition: PasswordAuthenticationRequest.php:30
StatusValue\isGood
isGood()
Returns whether the operation completed and didn't have any error or warnings.
Definition: StatusValue.php:122
MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getNewPasswordExpiry
getNewPasswordExpiry( $username)
Get expiration date for a new password, if any.
Definition: AbstractPasswordPrimaryAuthenticationProvider.php:160
MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\$passwordFactory
$passwordFactory
Definition: AbstractPasswordPrimaryAuthenticationProvider.php:41
MediaWiki\Auth\AuthManager\ACTION_CREATE
const ACTION_CREATE
Create a new user.
Definition: AuthManager.php:106
MediaWiki\Auth\AuthManager\ACTION_CHANGE
const ACTION_CHANGE
Change a user's credentials.
Definition: AuthManager.php:118
MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\setPasswordResetFlag
setPasswordResetFlag( $username, Status $status, $data=null)
Check if the password should be reset.
Definition: AbstractPasswordPrimaryAuthenticationProvider.php:122
MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\checkPasswordValidity
checkPasswordValidity( $username, $password)
Check that the password is valid.
Definition: AbstractPasswordPrimaryAuthenticationProvider.php:107
MediaWiki\Auth\AuthManager\ACTION_REMOVE
const ACTION_REMOVE
Remove a user's credentials.
Definition: AuthManager.php:120
MediaWiki\$action
string $action
Cache what action this request is.
Definition: MediaWiki.php:45
MediaWiki\Auth\AuthenticationResponse\newFail
static newFail(Message $msg)
Definition: AuthenticationResponse.php:146
MediaWiki\Auth\AuthManager\ACTION_LOGIN
const ACTION_LOGIN
Log in with an existing (not necessarily local) user.
Definition: AuthManager.php:100
MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getPasswordFactory
getPasswordFactory()
Definition: AbstractPasswordPrimaryAuthenticationProvider.php:56
MediaWiki\Auth\AbstractPrimaryAuthenticationProvider
A base class that implements some of the boilerplate for a PrimaryAuthenticationProvider.
Definition: AbstractPrimaryAuthenticationProvider.php:33
PasswordFactory
Factory class for creating and checking Password objects.
Definition: PasswordFactory.php:30
Password
Represents a password hash for use in authentication.
Definition: Password.php:61
MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getPasswordResetData
getPasswordResetData( $username, $data)
Get password reset data, if any.
Definition: AbstractPasswordPrimaryAuthenticationProvider.php:149
MediaWiki\Auth
Definition: AbstractAuthenticationProvider.php:22
MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getAuthenticationRequests
getAuthenticationRequests( $action, array $options)
Definition: AbstractPasswordPrimaryAuthenticationProvider.php:178
MediaWiki\Auth\AbstractAuthenticationProvider\getHookRunner
getHookRunner()
Definition: AbstractAuthenticationProvider.php:171