master/php/AbstractPasswordPrimaryAuthenticationProvider_8php_source.html

<?php

namespace MediaWiki\Auth;


use MediaWiki\MainConfigNames;

use MediaWiki\Password\Password;

use MediaWiki\Password\PasswordError;

use MediaWiki\Password\PasswordFactory;

use MediaWiki\SpecialPage\SpecialPage;

use MediaWiki\Status\Status;

use MediaWiki\User\User;

use Wikimedia\Assert\Assert;

use Wikimedia\Timestamp\TimestampFormat as TS;


abstract class AbstractPasswordPrimaryAuthenticationProvider

    extends AbstractPrimaryAuthenticationProvider

{

    protected $authoritative;


    private $passwordFactory = null;


    public function __construct( array $params = [] ) {

        $this->authoritative = !isset( $params['authoritative'] ) || (bool)$params['authoritative'];

    }


    protected function getPasswordFactory() {

        if ( $this->passwordFactory === null ) {

            $this->passwordFactory = new PasswordFactory(

                $this->config->get( MainConfigNames::PasswordConfig ),

                $this->config->get( MainConfigNames::PasswordDefault )

            );

        }

        return $this->passwordFactory;

    }


    protected function getPassword( $hash ) {

        $passwordFactory = $this->getPasswordFactory();

        try {

            return $passwordFactory->newFromCiphertext( $hash );

        } catch ( PasswordError ) {

            $class = static::class;

            $this->logger->debug( "Invalid password hash in {$class}::getPassword()" );

            return $passwordFactory->newFromCiphertext( null );

        }

    }


    protected function failResponse( PasswordAuthenticationRequest $req ) {

        if ( $this->authoritative ) {

            return AuthenticationResponse::newFail(

                wfMessage( $req->password === '' ? 'wrongpasswordempty' : 'wrongpassword' )

            );

        } else {

            return AuthenticationResponse::newAbstain();

        }

    }


    protected function checkPasswordValidity( $username, $password ) {

        return User::newFromName( $username )->checkPasswordValidity( $password );

    }


    protected function getFatalPasswordErrorResponse(

        string $username,

        Status $status

    ): AuthenticationResponse {

        Assert::precondition( !$status->isOK(), __METHOD__ . ' expects a fatal Status' );

        $resetLinkUrl = SpecialPage::getTitleFor( 'PasswordReset' )

            ->getFullURL( [ 'wpUsername' => $username ] );

        return AuthenticationResponse::newFail( wfMessage( 'fatalpassworderror',

            $status->getMessage(), $resetLinkUrl ) );

    }


    protected function setPasswordResetFlag( $username, Status $status, $data = null ) {

        $reset = $this->getPasswordResetData( $username, $data );


        if ( !$reset && $this->config->get( MainConfigNames::InvalidPasswordReset ) &&

        !$status->isGood() ) {

            $hard = $status->getValue()['forceChange'] ?? false;


            if ( $hard || !empty( $status->getValue()['suggestChangeOnLogin'] ) ) {

                $reset = (object)[

                    'msg' => $status->getMessage( $hard ? 'resetpass-validity' : 'resetpass-validity-soft' ),

                    'hard' => $hard,

                ];

            }

        }


        if ( $reset ) {

            $this->manager->setAuthenticationSessionData( 'reset-pass', $reset );

        }

    }


    protected function getPasswordResetData( $username, $data ) {

        return null;

    }


    protected function getNewPasswordExpiry( $username ) {

        $days = $this->config->get( MainConfigNames::PasswordExpirationDays );

        $expires = $days ? wfTimestamp( TS::MW, time() + $days * 86400 ) : null;


        // Give extensions a chance to force an expiration

        $this->getHookRunner()->onResetPasswordExpiration(

            User::newFromName( $username ), $expires );


        return $expires;

    }


    public function getAuthenticationRequests( $action, array $options ) {

        switch ( $action ) {

            case AuthManager::ACTION_LOGIN:

            case AuthManager::ACTION_REMOVE:

            case AuthManager::ACTION_CREATE:

            case AuthManager::ACTION_CHANGE:

                return [ new PasswordAuthenticationRequest() ];

            default:

                return [];

        }

    }


}


wfTimestamp
wfTimestamp( $outputtype=TS::UNIX, $ts=0)
Get a timestamp string in one of various formats.
Definition GlobalFunctions.php:1297

wfMessage
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
Definition GlobalFunctions.php:821

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider
Basic framework for a primary authentication provider that uses passwords.
Definition AbstractPasswordPrimaryAuthenticationProvider.php:28

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\checkPasswordValidity
checkPasswordValidity( $username, $password)
Check that the password is valid.
Definition AbstractPasswordPrimaryAuthenticationProvider.php:99

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\failResponse
failResponse(PasswordAuthenticationRequest $req)
Return the appropriate response for failure.
Definition AbstractPasswordPrimaryAuthenticationProvider.php:79

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getPasswordResetData
getPasswordResetData( $username, $data)
Get password reset data, if any.
Definition AbstractPasswordPrimaryAuthenticationProvider.php:161

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\setPasswordResetFlag
setPasswordResetFlag( $username, Status $status, $data=null)
Check if the password should be reset.
Definition AbstractPasswordPrimaryAuthenticationProvider.php:133

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getPasswordFactory
getPasswordFactory()
Definition AbstractPasswordPrimaryAuthenticationProvider.php:48

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\$authoritative
bool $authoritative
Whether this provider should ABSTAIN (false) or FAIL (true) on password failure.
Definition AbstractPasswordPrimaryAuthenticationProvider.php:30

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\__construct
__construct(array $params=[])
Definition AbstractPasswordPrimaryAuthenticationProvider.php:41

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getNewPasswordExpiry
getNewPasswordExpiry( $username)
Get expiration date for a new password, if any.
Definition AbstractPasswordPrimaryAuthenticationProvider.php:172

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getPassword
getPassword( $hash)
Get a Password object from the hash.
Definition AbstractPasswordPrimaryAuthenticationProvider.php:63

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getFatalPasswordErrorResponse
getFatalPasswordErrorResponse(string $username, Status $status)
Adds user-friendly description to a fatal password validity check error.
Definition AbstractPasswordPrimaryAuthenticationProvider.php:111

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getAuthenticationRequests
getAuthenticationRequests( $action, array $options)
Definition AbstractPasswordPrimaryAuthenticationProvider.php:190

MediaWiki\Auth\AbstractPrimaryAuthenticationProvider
A base class that implements some of the boilerplate for a PrimaryAuthenticationProvider.
Definition AbstractPrimaryAuthenticationProvider.php:18

MediaWiki\Auth\AuthManager\ACTION_CHANGE
const ACTION_CHANGE
Change a user's credentials.
Definition AuthManager.php:154

MediaWiki\Auth\AuthManager\ACTION_REMOVE
const ACTION_REMOVE
Remove a user's credentials.
Definition AuthManager.php:156

MediaWiki\Auth\AuthManager\ACTION_LOGIN
const ACTION_LOGIN
Log in with an existing (not necessarily local) user.
Definition AuthManager.php:136

MediaWiki\Auth\AuthManager\ACTION_CREATE
const ACTION_CREATE
Create a new user.
Definition AuthManager.php:142

MediaWiki\Auth\AuthenticationResponse
This is a value object to hold authentication response data.
Definition AuthenticationResponse.php:21

MediaWiki\Auth\AuthenticationResponse\newFail
static newFail(Message $msg, array $failReasons=[])
Definition AuthenticationResponse.php:141

MediaWiki\Auth\AuthenticationResponse\newAbstain
static newAbstain()
Definition AuthenticationResponse.php:166

MediaWiki\Auth\PasswordAuthenticationRequest
This is a value object for authentication requests with a username and password.
Definition PasswordAuthenticationRequest.php:18

MediaWiki\MainConfigNames
A class containing constants representing the names of configuration variables.
Definition MainConfigNames.php:22

MediaWiki\MainConfigNames\PasswordExpirationDays
const PasswordExpirationDays
Name constant for the PasswordExpirationDays setting, for use with Config::get()
Definition MainConfigNames.php:990

MediaWiki\MainConfigNames\PasswordDefault
const PasswordDefault
Name constant for the PasswordDefault setting, for use with Config::get()
Definition MainConfigNames.php:2613

MediaWiki\MainConfigNames\PasswordConfig
const PasswordConfig
Name constant for the PasswordConfig setting, for use with Config::get()
Definition MainConfigNames.php:2619

MediaWiki\MainConfigNames\InvalidPasswordReset
const InvalidPasswordReset
Name constant for the InvalidPasswordReset setting, for use with Config::get()
Definition MainConfigNames.php:2607

MediaWiki\Password\PasswordError
Show an error when any operation involving passwords fails to run.
Definition PasswordError.php:19

MediaWiki\Password\PasswordFactory
Factory class for creating and checking Password objects.
Definition PasswordFactory.php:22

MediaWiki\Password\PasswordFactory\newFromCiphertext
newFromCiphertext(?string $hash)
Create a new Password object from an existing string hash.
Definition PasswordFactory.php:118

MediaWiki\Password\Password
Represents a password hash for use in authentication.
Definition Password.php:52

MediaWiki\SpecialPage\SpecialPage
Parent class for all special pages.
Definition SpecialPage.php:51

MediaWiki\SpecialPage\SpecialPage\getTitleFor
static getTitleFor( $name, $subpage=false, $fragment='')
Get a localised Title object for a specified special page name If you don't need a full Title object,...
Definition SpecialPage.php:139

MediaWiki\Status\Status
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition Status.php:44

MediaWiki\Status\Status\getMessage
getMessage( $shortContext=false, $longContext=false, $lang=null)
Get a bullet list of the errors as a Message object.
Definition Status.php:241

MediaWiki\User\User
User class for the MediaWiki software.
Definition User.php:130

StatusValue\getValue
getValue()
Definition StatusValue.php:153

StatusValue\isGood
isGood()
Returns whether the operation completed and didn't have any error or warnings.
Definition StatusValue.php:137

MediaWiki\Auth
Definition AbstractAuthenticationProvider.php:7