MediaWiki  master
AbstractPasswordPrimaryAuthenticationProvider.php
Go to the documentation of this file.
1 <?php
22 namespace MediaWiki\Auth;
23 
25 use Password;
26 use PasswordFactory;
27 use Status;
28 
38 {
40  protected $authoritative;
41 
42  private $passwordFactory = null;
43 
50  public function __construct( array $params = [] ) {
51  $this->authoritative = !isset( $params['authoritative'] ) || (bool)$params['authoritative'];
52  }
53 
57  protected function getPasswordFactory() {
58  if ( $this->passwordFactory === null ) {
59  $this->passwordFactory = new PasswordFactory(
60  $this->config->get( MainConfigNames::PasswordConfig ),
61  $this->config->get( MainConfigNames::PasswordDefault )
62  );
63  }
64  return $this->passwordFactory;
65  }
66 
72  protected function getPassword( $hash ) {
73  $passwordFactory = $this->getPasswordFactory();
74  try {
75  return $passwordFactory->newFromCiphertext( $hash );
76  } catch ( \PasswordError $e ) {
77  $class = static::class;
78  $this->logger->debug( "Invalid password hash in {$class}::getPassword()" );
79  return $passwordFactory->newFromCiphertext( null );
80  }
81  }
82 
88  protected function failResponse( PasswordAuthenticationRequest $req ) {
89  if ( $this->authoritative ) {
91  wfMessage( $req->password === '' ? 'wrongpasswordempty' : 'wrongpassword' )
92  );
93  } else {
95  }
96  }
97 
108  protected function checkPasswordValidity( $username, $password ) {
109  return \User::newFromName( $username )->checkPasswordValidity( $password );
110  }
111 
123  protected function setPasswordResetFlag( $username, Status $status, $data = null ) {
124  $reset = $this->getPasswordResetData( $username, $data );
125 
126  if ( !$reset && $this->config->get( MainConfigNames::InvalidPasswordReset ) &&
127  !$status->isGood() ) {
128  $hard = $status->getValue()['forceChange'] ?? false;
129 
130  if ( $hard || !empty( $status->getValue()['suggestChangeOnLogin'] ) ) {
131  $reset = (object)[
132  'msg' => $status->getMessage( $hard ? 'resetpass-validity' : 'resetpass-validity-soft' ),
133  'hard' => $hard,
134  ];
135  }
136  }
137 
138  if ( $reset ) {
139  $this->manager->setAuthenticationSessionData( 'reset-pass', $reset );
140  }
141  }
142 
151  protected function getPasswordResetData( $username, $data ) {
152  return null;
153  }
154 
162  protected function getNewPasswordExpiry( $username ) {
163  $days = $this->config->get( MainConfigNames::PasswordExpirationDays );
164  $expires = $days ? wfTimestamp( TS_MW, time() + $days * 86400 ) : null;
165 
166  // Give extensions a chance to force an expiration
167  $this->getHookRunner()->onResetPasswordExpiration(
168  \User::newFromName( $username ), $expires );
169 
170  return $expires;
171  }
172 
180  public function getAuthenticationRequests( $action, array $options ) {
181  switch ( $action ) {
186  return [ new PasswordAuthenticationRequest() ];
187  default:
188  return [];
189  }
190  }
191 }
wfTimestamp( $outputtype=TS_UNIX, $ts=0)
Get a timestamp string in one of various formats.
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
Basic framework for a primary authentication provider that uses passwords.
failResponse(PasswordAuthenticationRequest $req)
Return the appropriate response for failure.
setPasswordResetFlag( $username, Status $status, $data=null)
Check if the password should be reset.
bool $authoritative
Whether this provider should ABSTAIN (false) or FAIL (true) on password failure.
getNewPasswordExpiry( $username)
Get expiration date for a new password, if any.
A base class that implements some of the boilerplate for a PrimaryAuthenticationProvider.
const ACTION_CHANGE
Change a user's credentials.
const ACTION_REMOVE
Remove a user's credentials.
const ACTION_LOGIN
Log in with an existing (not necessarily local) user.
const ACTION_CREATE
Create a new user.
static newFail(Message $msg, array $failReasons=[])
This is a value object for authentication requests with a username and password.
A class containing constants representing the names of configuration variables.
const PasswordExpirationDays
Name constant for the PasswordExpirationDays setting, for use with Config::get()
const PasswordDefault
Name constant for the PasswordDefault setting, for use with Config::get()
const PasswordConfig
Name constant for the PasswordConfig setting, for use with Config::get()
const InvalidPasswordReset
Name constant for the InvalidPasswordReset setting, for use with Config::get()
Show an error when any operation involving passwords fails to run.
Factory class for creating and checking Password objects.
Represents a password hash for use in authentication.
Definition: Password.php:61
isGood()
Returns whether the operation completed and didn't have any error or warnings.
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition: Status.php:46
getMessage( $shortContext=false, $longContext=false, $lang=null)
Get a bullet list of the errors as a Message object.
Definition: Status.php:245
static newFromName( $name, $validate='valid')
Definition: User.php:592