MediaWiki  master
AbstractPasswordPrimaryAuthenticationProvider.php
Go to the documentation of this file.
1 <?php
22 namespace MediaWiki\Auth;
23 
24 use Password;
25 use PasswordFactory;
26 use Status;
27 
35 {
37  protected $authoritative;
38 
39  private $passwordFactory = null;
40 
46  public function __construct( array $params = [] ) {
47  $this->authoritative = !isset( $params['authoritative'] ) || (bool)$params['authoritative'];
48  }
49 
54  protected function getPasswordFactory() {
55  if ( $this->passwordFactory === null ) {
56  $this->passwordFactory = new PasswordFactory(
57  $this->config->get( 'PasswordConfig' ),
58  $this->config->get( 'PasswordDefault' )
59  );
60  }
62  }
63 
69  protected function getPassword( $hash ) {
71  try {
72  return $passwordFactory->newFromCiphertext( $hash );
73  } catch ( \PasswordError $e ) {
74  $class = static::class;
75  $this->logger->debug( "Invalid password hash in {$class}::getPassword()" );
76  return $passwordFactory->newFromCiphertext( null );
77  }
78  }
79 
85  protected function failResponse( PasswordAuthenticationRequest $req ) {
86  if ( $this->authoritative ) {
88  wfMessage( $req->password === '' ? 'wrongpasswordempty' : 'wrongpassword' )
89  );
90  } else {
92  }
93  }
94 
105  protected function checkPasswordValidity( $username, $password ) {
106  return \User::newFromName( $username )->checkPasswordValidity( $password );
107  }
108 
120  protected function setPasswordResetFlag( $username, Status $status, $data = null ) {
121  $reset = $this->getPasswordResetData( $username, $data );
122 
123  if ( !$reset && $this->config->get( 'InvalidPasswordReset' ) && !$status->isGood() ) {
124  $hard = $status->getValue()['forceChange'] ?? false;
125 
126  if ( $hard || !empty( $status->getValue()['suggestChangeOnLogin'] ) ) {
127  $reset = (object)[
128  'msg' => $status->getMessage( $hard ? 'resetpass-validity' : 'resetpass-validity-soft' ),
129  'hard' => $hard,
130  ];
131  }
132  }
133 
134  if ( $reset ) {
135  $this->manager->setAuthenticationSessionData( 'reset-pass', $reset );
136  }
137  }
138 
146  protected function getPasswordResetData( $username, $data ) {
147  return null;
148  }
149 
156  protected function getNewPasswordExpiry( $username ) {
157  $days = $this->config->get( 'PasswordExpirationDays' );
158  $expires = $days ? wfTimestamp( TS_MW, time() + $days * 86400 ) : null;
159 
160  // Give extensions a chance to force an expiration
161  \Hooks::run( 'ResetPasswordExpiration', [ \User::newFromName( $username ), &$expires ] );
162 
163  return $expires;
164  }
165 
166  public function getAuthenticationRequests( $action, array $options ) {
167  switch ( $action ) {
172  return [ new PasswordAuthenticationRequest() ];
173  default:
174  return [];
175  }
176  }
177 }
checkPasswordValidity( $username, $password)
Check that the password is valid.
getAuthenticationRequests( $action, array $options)
Return the applicable list of AuthenticationRequests.Possible values for $action depend on whether th...
isGood()
Returns whether the operation completed and didn&#39;t have any error or warnings.
getNewPasswordExpiry( $username)
Get expiration date for a new password, if any.
string $action
Cache what action this request is.
Definition: MediaWiki.php:42
setPasswordResetFlag( $username, Status $status, $data=null)
Check if the password should be reset.
getMessage( $shortContext=false, $longContext=false, $lang=null)
Get a bullet list of the errors as a Message object.
Definition: Status.php:232
wfTimestamp( $outputtype=TS_UNIX, $ts=0)
Get a timestamp string in one of various formats.
const ACTION_CHANGE
Change a user&#39;s credentials.
Basic framework for a primary authentication provider that uses passwords.
bool $authoritative
Whether this provider should ABSTAIN (false) or FAIL (true) on password failure.
This is a value object for authentication requests with a username and password.
A base class that implements some of the boilerplate for a PrimaryAuthenticationProvider.
Show an error when any operation involving passwords fails to run.
const ACTION_REMOVE
Remove a user&#39;s credentials.
const ACTION_CREATE
Create a new user.
Definition: AuthManager.php:92
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
failResponse(PasswordAuthenticationRequest $req)
Return the appropriate response for failure.
static newFromName( $name, $validate='valid')
Static factory method for creation from username.
Definition: User.php:533
const ACTION_LOGIN
Log in with an existing (not necessarily local) user.
Definition: AuthManager.php:86
static run( $event, array $args=[], $deprecatedVersion=null)
Call hook functions defined in Hooks::register and $wgHooks.
Definition: Hooks.php:200