MediaWiki master
AbstractPasswordPrimaryAuthenticationProvider.php
Go to the documentation of this file.
1<?php
22namespace MediaWiki\Auth;
23
31use Wikimedia\Assert\Assert;
32
42{
44 protected $authoritative;
45
47 private $passwordFactory = null;
48
55 public function __construct( array $params = [] ) {
56 $this->authoritative = !isset( $params['authoritative'] ) || (bool)$params['authoritative'];
57 }
58
62 protected function getPasswordFactory() {
63 if ( $this->passwordFactory === null ) {
64 $this->passwordFactory = new PasswordFactory(
65 $this->config->get( MainConfigNames::PasswordConfig ),
66 $this->config->get( MainConfigNames::PasswordDefault )
67 );
68 }
69 return $this->passwordFactory;
70 }
71
77 protected function getPassword( $hash ) {
78 $passwordFactory = $this->getPasswordFactory();
79 try {
80 return $passwordFactory->newFromCiphertext( $hash );
81 } catch ( PasswordError $e ) {
82 $class = static::class;
83 $this->logger->debug( "Invalid password hash in {$class}::getPassword()" );
84 return $passwordFactory->newFromCiphertext( null );
85 }
86 }
87
93 protected function failResponse( PasswordAuthenticationRequest $req ) {
94 if ( $this->authoritative ) {
96 wfMessage( $req->password === '' ? 'wrongpasswordempty' : 'wrongpassword' )
97 );
98 } else {
100 }
101 }
102
113 protected function checkPasswordValidity( $username, $password ) {
114 return User::newFromName( $username )->checkPasswordValidity( $password );
115 }
116
126 string $username,
127 Status $status
129 Assert::precondition( !$status->isOK(), __METHOD__ . ' expects a fatal Status' );
130 $resetLinkUrl = SpecialPage::getTitleFor( 'PasswordReset' )
131 ->getFullURL( [ 'wpUsername' => $username ] );
132 return AuthenticationResponse::newFail( wfMessage( 'fatalpassworderror',
133 $status->getMessage(), $resetLinkUrl ) );
134 }
135
147 protected function setPasswordResetFlag( $username, Status $status, $data = null ) {
148 $reset = $this->getPasswordResetData( $username, $data );
149
150 if ( !$reset && $this->config->get( MainConfigNames::InvalidPasswordReset ) &&
151 !$status->isGood() ) {
152 $hard = $status->getValue()['forceChange'] ?? false;
153
154 if ( $hard || !empty( $status->getValue()['suggestChangeOnLogin'] ) ) {
155 $reset = (object)[
156 'msg' => $status->getMessage( $hard ? 'resetpass-validity' : 'resetpass-validity-soft' ),
157 'hard' => $hard,
158 ];
159 }
160 }
161
162 if ( $reset ) {
163 $this->manager->setAuthenticationSessionData( 'reset-pass', $reset );
164 }
165 }
166
175 protected function getPasswordResetData( $username, $data ) {
176 return null;
177 }
178
186 protected function getNewPasswordExpiry( $username ) {
187 $days = $this->config->get( MainConfigNames::PasswordExpirationDays );
188 $expires = $days ? wfTimestamp( TS_MW, time() + $days * 86400 ) : null;
189
190 // Give extensions a chance to force an expiration
191 $this->getHookRunner()->onResetPasswordExpiration(
192 User::newFromName( $username ), $expires );
193
194 return $expires;
195 }
196
204 public function getAuthenticationRequests( $action, array $options ) {
205 switch ( $action ) {
210 return [ new PasswordAuthenticationRequest() ];
211 default:
212 return [];
213 }
214 }
215}
wfTimestamp( $outputtype=TS_UNIX, $ts=0)
Get a timestamp string in one of various formats.
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
array $params
The job parameters.
Basic framework for a primary authentication provider that uses passwords.
failResponse(PasswordAuthenticationRequest $req)
Return the appropriate response for failure.
setPasswordResetFlag( $username, Status $status, $data=null)
Check if the password should be reset.
bool $authoritative
Whether this provider should ABSTAIN (false) or FAIL (true) on password failure.
getNewPasswordExpiry( $username)
Get expiration date for a new password, if any.
getFatalPasswordErrorResponse(string $username, Status $status)
Adds user-friendly description to a fatal password validity check error.
A base class that implements some of the boilerplate for a PrimaryAuthenticationProvider.
const ACTION_CHANGE
Change a user's credentials.
const ACTION_REMOVE
Remove a user's credentials.
const ACTION_LOGIN
Log in with an existing (not necessarily local) user.
const ACTION_CREATE
Create a new user.
This is a value object to hold authentication response data.
static newFail(Message $msg, array $failReasons=[])
This is a value object for authentication requests with a username and password.
A class containing constants representing the names of configuration variables.
const PasswordExpirationDays
Name constant for the PasswordExpirationDays setting, for use with Config::get()
const PasswordDefault
Name constant for the PasswordDefault setting, for use with Config::get()
const PasswordConfig
Name constant for the PasswordConfig setting, for use with Config::get()
const InvalidPasswordReset
Name constant for the InvalidPasswordReset setting, for use with Config::get()
Show an error when any operation involving passwords fails to run.
Factory class for creating and checking Password objects.
newFromCiphertext(?string $hash)
Create a new Password object from an existing string hash.
Represents a password hash for use in authentication.
Definition Password.php:66
Parent class for all special pages.
static getTitleFor( $name, $subpage=false, $fragment='')
Get a localised Title object for a specified special page name If you don't need a full Title object,...
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition Status.php:54
getMessage( $shortContext=false, $longContext=false, $lang=null)
Get a bullet list of the errors as a Message object.
Definition Status.php:256
internal since 1.36
Definition User.php:93
isGood()
Returns whether the operation completed and didn't have any error or warnings.