master/php/AbstractTemporaryPasswordPrimaryAuthenticationProvider_8php_source.html

<?php

namespace MediaWiki\Auth;


use MediaWiki\MainConfigNames;

use MediaWiki\Password\InvalidPassword;

use MediaWiki\Password\Password;

use MediaWiki\Password\PasswordFactory;

use MediaWiki\SpecialPage\SpecialPage;

use MediaWiki\Title\Title;

use MediaWiki\User\Options\UserOptionsLookup;

use MediaWiki\User\User;

use MediaWiki\User\UserRigorOptions;

use Wikimedia\IPUtils;

use Wikimedia\Rdbms\IConnectionProvider;

use Wikimedia\Rdbms\IDBAccessObject;

use Wikimedia\Timestamp\TimestampFormat as TS;


abstract class AbstractTemporaryPasswordPrimaryAuthenticationProvider

    extends AbstractPasswordPrimaryAuthenticationProvider

{

    protected $emailEnabled = null;


    protected $newPasswordExpiry = null;


    protected $passwordReminderResendTime = null;


    protected IConnectionProvider $dbProvider;

    protected UserOptionsLookup $userOptionsLookup;


    public function __construct(

        IConnectionProvider $dbProvider,

        UserOptionsLookup $userOptionsLookup,

        $params = []

    ) {

        parent::__construct( $params );


        if ( isset( $params['emailEnabled'] ) ) {

            $this->emailEnabled = (bool)$params['emailEnabled'];

        }

        if ( isset( $params['newPasswordExpiry'] ) ) {

            $this->newPasswordExpiry = (int)$params['newPasswordExpiry'];

        }

        if ( isset( $params['passwordReminderResendTime'] ) ) {

            $this->passwordReminderResendTime = $params['passwordReminderResendTime'];

        }

        $this->dbProvider = $dbProvider;

        $this->userOptionsLookup = $userOptionsLookup;

    }


    protected function postInitSetup() {

        $this->emailEnabled ??= $this->config->get( MainConfigNames::EnableEmail );

        $this->newPasswordExpiry ??= $this->config->get( MainConfigNames::NewPasswordExpiry );

        $this->passwordReminderResendTime ??=

            $this->config->get( MainConfigNames::PasswordReminderResendTime );

    }


    protected function getPasswordResetData( $username, $data ) {

        // Always reset

        return (object)[

            'msg' => wfMessage( 'resetpass-temp-emailed' ),

            'hard' => true,

        ];

    }


    public function getAuthenticationRequests( $action, array $options ) {

        switch ( $action ) {

            case AuthManager::ACTION_LOGIN:

                return [ new PasswordAuthenticationRequest() ];


            case AuthManager::ACTION_CHANGE:

                return [ TemporaryPasswordAuthenticationRequest::newRandom() ];


            case AuthManager::ACTION_CREATE:

                // Allow named users creating a new account to email a temporary password to a given address

                // in case they are creating an account for somebody else.

                // This isn't a likely scenario for account creations by anonymous or temporary users

                // and is therefore disabled for them (T328718).

                if (

                    isset( $options['username'] ) &&

                    !$this->userNameUtils->isTemp( $options['username'] ) &&

                    $this->emailEnabled

                ) {

                    return [ TemporaryPasswordAuthenticationRequest::newRandom() ];

                } else {

                    return [];

                }


            case AuthManager::ACTION_REMOVE:

                return [ new TemporaryPasswordAuthenticationRequest ];


            default:

                return [];

        }

    }


    public function beginPrimaryAuthentication( array $reqs ) {

        $req = AuthenticationRequest::getRequestByClass( $reqs, PasswordAuthenticationRequest::class );

        if ( !$req || $req->username === null || $req->password === null ) {

            return AuthenticationResponse::newAbstain();

        }


        $username = $this->userNameUtils->getCanonical(

            $req->username, UserRigorOptions::RIGOR_USABLE );

        if ( $username === false ) {

            return AuthenticationResponse::newAbstain();

        }


        [ $tempPassHash, $tempPassTime ] = $this->getTemporaryPassword( $username, IDBAccessObject::READ_LATEST );

        if ( !$tempPassHash ) {

            return AuthenticationResponse::newAbstain();

        }


        $status = $this->checkPasswordValidity( $username, $req->password );

        if ( !$status->isOK() ) {

            return $this->getFatalPasswordErrorResponse( $username, $status );

        }


        if ( !$tempPassHash->verify( $req->password ) ||

            !$this->isTimestampValid( $tempPassTime )

        ) {

            return $this->failResponse( $req );

        }


        // Add an extra log entry since a temporary password is

        // an unusual way to log in, so its important to keep track

        // of in case of abuse.

        $this->logger->info( "{user} successfully logged in using temp password",

            [

                'provider' => static::class,

                'user' => $username,

                'requestIP' => $this->manager->getRequest()->getIP()

            ]

        );


        $this->setPasswordResetFlag( $username, $status );


        return AuthenticationResponse::newPass( $username );

    }


    public function testUserCanAuthenticate( $username ) {

        $username = $this->userNameUtils->getCanonical( $username, UserRigorOptions::RIGOR_USABLE );

        if ( $username === false ) {

            return false;

        }


        [ $tempPassHash, $tempPassTime ] = $this->getTemporaryPassword( $username );

        return $tempPassHash &&

            !( $tempPassHash instanceof InvalidPassword ) &&

            $this->isTimestampValid( $tempPassTime );

    }


    public function providerAllowsAuthenticationDataChange(

        AuthenticationRequest $req, $checkData = true

    ) {

        if ( get_class( $req ) !== TemporaryPasswordAuthenticationRequest::class ) {

            // We don't really ignore it, but this is what the caller expects.

            return \StatusValue::newGood( 'ignored' );

        }


        if ( !$checkData ) {

            return \StatusValue::newGood();

        }


        $username = $this->userNameUtils->getCanonical(

            $req->username, UserRigorOptions::RIGOR_USABLE );

        if ( $username === false ) {

            return \StatusValue::newGood( 'ignored' );

        }


        [ $tempPassHash, $tempPassTime ] = $this->getTemporaryPassword( $username, IDBAccessObject::READ_LATEST );

        if ( !$tempPassHash ) {

            return \StatusValue::newGood( 'ignored' );

        }


        $sv = \StatusValue::newGood();

        if ( $req->password !== null ) {

            $sv->merge( $this->checkPasswordValidity( $username, $req->password ) );


            if ( $req->mailpassword ) {

                if ( !$this->emailEnabled ) {

                    return \StatusValue::newFatal( 'passwordreset-emaildisabled' );

                }


                // We don't check whether the user has an email address;

                // that information should not be exposed to the caller.


                // do not allow temporary password creation within

                // $wgPasswordReminderResendTime from the last attempt

                if (

                    $this->passwordReminderResendTime

                    && $tempPassTime

                    && time() < (int)wfTimestamp( TS::UNIX, $tempPassTime )

                        + $this->passwordReminderResendTime * 3600

                ) {

                    // Round the time in hours to 3 d.p., in case someone is specifying

                    // minutes or seconds.

                    return \StatusValue::newFatal( 'throttled-mailpassword',

                        round( $this->passwordReminderResendTime, 3 ) );

                }


                if ( !$req->caller ) {

                    return \StatusValue::newFatal( 'passwordreset-nocaller' );

                }

                if ( !IPUtils::isValid( $req->caller ) ) {

                    $caller = User::newFromName( $req->caller );

                    if ( !$caller ) {

                        return \StatusValue::newFatal( 'passwordreset-nosuchcaller', $req->caller );

                    }

                }

            }

        }

        return $sv;

    }


    public function providerChangeAuthenticationData( AuthenticationRequest $req ) {

        $username = $req->username !== null ?

            $this->userNameUtils->getCanonical( $req->username, UserRigorOptions::RIGOR_USABLE ) : false;

        if ( $username === false ) {

            return;

        }


        $sendMail = false;

        if ( $req->action !== AuthManager::ACTION_REMOVE &&

            get_class( $req ) === TemporaryPasswordAuthenticationRequest::class

        ) {

            $tempPassHash = $this->getPasswordFactory()->newFromPlaintext( $req->password );

            $tempPassTime = wfTimestampNow();

            $sendMail = $req->mailpassword;

            // Prevent other temp password providers from sending duplicate emails

            $req->mailpassword = false;

        } else {

            // Invalidate the temporary password when any other auth is reset, or when removing

            $tempPassHash = PasswordFactory::newInvalidPassword();

            $tempPassTime = null;

        }


        $this->setTemporaryPassword( $username, $tempPassHash, $tempPassTime );


        if ( $sendMail ) {

            $this->maybeSendPasswordResetEmail( $req );

        }

    }


    public function accountCreationType() {

        return self::TYPE_CREATE;

    }


    public function testForAccountCreation( $user, $creator, array $reqs ) {

        $req = AuthenticationRequest::getRequestByClass(

            $reqs, TemporaryPasswordAuthenticationRequest::class

        );


        $ret = \StatusValue::newGood();

        if ( $req ) {

            if ( $req->mailpassword ) {

                if ( !$this->emailEnabled ) {

                    $ret->merge( \StatusValue::newFatal( 'emaildisabled' ) );

                } elseif ( !$user->getEmail() ) {

                    $ret->merge( \StatusValue::newFatal( 'noemailcreate' ) );

                }

            }


            $ret->merge(

                $this->checkPasswordValidity( $user->getName(), $req->password )

            );

        }

        return $ret;

    }


    public function beginPrimaryAccountCreation( $user, $creator, array $reqs ) {

        $req = AuthenticationRequest::getRequestByClass(

            $reqs, TemporaryPasswordAuthenticationRequest::class

        );

        if ( $req && $req->username !== null && $req->password !== null ) {

            // Nothing we can do yet, because the user isn't in the DB yet

            if ( $req->username !== $user->getName() ) {

                $req = clone $req;

                $req->username = $user->getName();

            }


            if ( $req->mailpassword ) {

                // prevent EmailNotificationSecondaryAuthenticationProvider from sending another mail

                $this->manager->setAuthenticationSessionData( 'no-email', true );

            }


            $ret = AuthenticationResponse::newPass( $req->username );

            $ret->createRequest = $req;

            return $ret;

        }

        return AuthenticationResponse::newAbstain();

    }


    public function finishAccountCreation( $user, $creator, AuthenticationResponse $res ) {

        $req = $res->createRequest;

        $mailpassword = $req->mailpassword;

        // Prevent providerChangeAuthenticationData() from sending the wrong email

        $req->mailpassword = false;


        // Now that the user is in the DB, set the password on it.

        $this->providerChangeAuthenticationData( $req );


        if ( $mailpassword ) {

            $this->maybeSendNewAccountEmail( $user, $creator, $req->password );

        }


        return $mailpassword ? 'byemail' : null;

    }


    protected function isTimestampValid( $timestamp ) {

        $time = wfTimestampOrNull( TS::MW, $timestamp );

        if ( $time !== null ) {

            $expiry = (int)wfTimestamp( TS::UNIX, $time ) + $this->newPasswordExpiry;

            if ( time() >= $expiry ) {

                return false;

            }

        }

        return true;

    }


    protected function maybeSendNewAccountEmail( User $user, User $creatingUser, $password ): void {

        // Send email after DB commit (the callback does not run in case of DB rollback)

        $this->dbProvider->getPrimaryDatabase()->onTransactionCommitOrIdle(

            function () use ( $user, $creatingUser, $password ) {

                $this->sendNewAccountEmail( $user, $creatingUser, $password );

            },

            __METHOD__

        );

    }


    protected function sendNewAccountEmail( User $user, User $creatingUser, $password ): void {

        $ip = $creatingUser->getRequest()->getIP();

        // @codeCoverageIgnoreStart

        if ( !$ip ) {

            return;

        }

        // @codeCoverageIgnoreEnd


        $this->getHookRunner()->onUser__mailPasswordInternal( $creatingUser, $ip, $user );


        $mainPageUrl = Title::newMainPage()->getCanonicalURL();

        $userLanguage = $this->userOptionsLookup->getOption( $user, 'language' );

        $subjectMessage = wfMessage( 'createaccount-title' )->inLanguage( $userLanguage );

        $bodyMessage = wfMessage( 'createaccount-text', $ip, $user->getName(), $password,

            '<' . $mainPageUrl . '>', round( $this->newPasswordExpiry / 86400 ) )

            ->inLanguage( $userLanguage );


        $status = $user->sendMail( $subjectMessage->text(), $bodyMessage->text() );


        // @codeCoverageIgnoreStart

        if ( !$status->isGood() ) {

            $this->logger->warning( 'Could not send account creation email: ' .

                $status->getWikiText( false, false, 'en' ) );

        }

        // @codeCoverageIgnoreEnd

    }


    protected function maybeSendPasswordResetEmail( TemporaryPasswordAuthenticationRequest $req ): void {

        // Send email after DB commit (the callback does not run in case of DB rollback)

        $this->dbProvider->getPrimaryDatabase()->onTransactionCommitOrIdle(

            function () use ( $req ) {

                $this->sendPasswordResetEmail( $req );

            },

            __METHOD__

        );

    }


    protected function sendPasswordResetEmail( TemporaryPasswordAuthenticationRequest $req ): void {

        $user = User::newFromName( $req->username );

        if ( !$user ) {

            return;

        }

        $userLanguage = $this->userOptionsLookup->getOption( $user, 'language' );

        $callerIsAnon = IPUtils::isValid( $req->caller );

        $callerName = $callerIsAnon ? $req->caller : User::newFromName( $req->caller )->getName();

        $passwordMessage = wfMessage( 'passwordreset-emailelement', $user->getName(),

            $req->password )->inLanguage( $userLanguage );

        $emailMessage = wfMessage( $callerIsAnon ? 'passwordreset-emailtext-ip'

            : 'passwordreset-emailtext-user' )->inLanguage( $userLanguage );

        $body = $emailMessage->params( $callerName, $passwordMessage->text(), 1,

            '<' . Title::newMainPage()->getCanonicalURL() . '>',

            round( $this->newPasswordExpiry / 86400 ) )->text();


        // Hint that the user can choose to require email address to request a temporary password

        if (

            !$this->userOptionsLookup->getBoolOption( $user, 'requireemail' )

        ) {

            $url = SpecialPage::getTitleFor( 'Preferences', false, 'mw-prefsection-personal-email' )

                ->getCanonicalURL();

            $body .= "\n\n" . wfMessage( 'passwordreset-emailtext-require-email' )

                ->inLanguage( $userLanguage )

                ->params( "<$url>" )

                ->text();

        }


        $emailTitle = wfMessage( 'passwordreset-emailtitle' )->inLanguage( $userLanguage );

        $user->sendMail( $emailTitle->text(), $body );

    }


    abstract protected function getTemporaryPassword( string $username, $flags = IDBAccessObject::READ_NORMAL ): array;


    abstract protected function setTemporaryPassword( string $username, Password $tempPassHash, $tempPassTime ): void;

}


wfTimestampOrNull
wfTimestampOrNull( $outputtype=TS::UNIX, $ts=null)
Return a formatted timestamp, or null if input is null.
Definition GlobalFunctions.php:1315

wfTimestampNow
wfTimestampNow()
Convenience function; returns MediaWiki timestamp for the present time.
Definition GlobalFunctions.php:1328

wfTimestamp
wfTimestamp( $outputtype=TS::UNIX, $ts=0)
Get a timestamp string in one of various formats.
Definition GlobalFunctions.php:1296

wfMessage
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
Definition GlobalFunctions.php:820

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider
Basic framework for a primary authentication provider that uses passwords.
Definition AbstractPasswordPrimaryAuthenticationProvider.php:28

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\checkPasswordValidity
checkPasswordValidity( $username, $password)
Check that the password is valid.
Definition AbstractPasswordPrimaryAuthenticationProvider.php:99

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\failResponse
failResponse(PasswordAuthenticationRequest $req)
Return the appropriate response for failure.
Definition AbstractPasswordPrimaryAuthenticationProvider.php:79

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\setPasswordResetFlag
setPasswordResetFlag( $username, Status $status, $data=null)
Check if the password should be reset.
Definition AbstractPasswordPrimaryAuthenticationProvider.php:133

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getPasswordFactory
getPasswordFactory()
Definition AbstractPasswordPrimaryAuthenticationProvider.php:48

MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getFatalPasswordErrorResponse
getFatalPasswordErrorResponse(string $username, Status $status)
Adds user-friendly description to a fatal password validity check error.
Definition AbstractPasswordPrimaryAuthenticationProvider.php:111

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider
A primary authentication provider that uses a temporary password.
Definition AbstractTemporaryPasswordPrimaryAuthenticationProvider.php:36

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider\testForAccountCreation
testForAccountCreation( $user, $creator, array $reqs)
Determine whether an account creation may begin.Called from AuthManager::beginAccountCreation()No nee...
Definition AbstractTemporaryPasswordPrimaryAuthenticationProvider.php:283

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider\providerChangeAuthenticationData
providerChangeAuthenticationData(AuthenticationRequest $req)
Change or remove authentication data (e.g.
Definition AbstractTemporaryPasswordPrimaryAuthenticationProvider.php:248

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider\accountCreationType
accountCreationType()
Fetch the account-creation type.string One of the TYPE_* constants
Definition AbstractTemporaryPasswordPrimaryAuthenticationProvider.php:278

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider\sendPasswordResetEmail
sendPasswordResetEmail(TemporaryPasswordAuthenticationRequest $req)
Send an email about the new temporary password.
Definition AbstractTemporaryPasswordPrimaryAuthenticationProvider.php:446

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider\$newPasswordExpiry
int $newPasswordExpiry
Definition AbstractTemporaryPasswordPrimaryAuthenticationProvider.php:41

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider\getAuthenticationRequests
getAuthenticationRequests( $action, array $options)
to override AuthenticationRequest[]
Definition AbstractTemporaryPasswordPrimaryAuthenticationProvider.php:95

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider\$userOptionsLookup
UserOptionsLookup $userOptionsLookup
Definition AbstractTemporaryPasswordPrimaryAuthenticationProvider.php:47

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider\$emailEnabled
bool $emailEnabled
Definition AbstractTemporaryPasswordPrimaryAuthenticationProvider.php:38

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider\__construct
__construct(IConnectionProvider $dbProvider, UserOptionsLookup $userOptionsLookup, $params=[])
Definition AbstractTemporaryPasswordPrimaryAuthenticationProvider.php:58

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider\isTimestampValid
isTimestampValid( $timestamp)
Check that a temporary password is still valid (hasn't expired).
Definition AbstractTemporaryPasswordPrimaryAuthenticationProvider.php:355

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider\$passwordReminderResendTime
int $passwordReminderResendTime
Definition AbstractTemporaryPasswordPrimaryAuthenticationProvider.php:44

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider\getPasswordResetData
getPasswordResetData( $username, $data)
Get password reset data, if any.to override \stdClass|null { 'hard' => bool, 'msg' => Message }
Definition AbstractTemporaryPasswordPrimaryAuthenticationProvider.php:86

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider\finishAccountCreation
finishAccountCreation( $user, $creator, AuthenticationResponse $res)
Post-creation callback.Called after the user is added to the database, before secondary authenticatio...
Definition AbstractTemporaryPasswordPrimaryAuthenticationProvider.php:332

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider\maybeSendPasswordResetEmail
maybeSendPasswordResetEmail(TemporaryPasswordAuthenticationRequest $req)
Wait for the new temporary password to be recorded, and if successful, send an email about it.
Definition AbstractTemporaryPasswordPrimaryAuthenticationProvider.php:430

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider\setTemporaryPassword
setTemporaryPassword(string $username, Password $tempPassHash, $tempPassTime)
Set a temporary password and the time when it was generated.

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider\beginPrimaryAuthentication
beginPrimaryAuthentication(array $reqs)
Start an authentication flow.AuthenticationResponse Expected responses:PASS: The user is authenticate...
Definition AbstractTemporaryPasswordPrimaryAuthenticationProvider.php:127

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider\postInitSetup
postInitSetup()
A provider can override this to do any necessary setup after init() is called.
Definition AbstractTemporaryPasswordPrimaryAuthenticationProvider.php:78

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider\sendNewAccountEmail
sendNewAccountEmail(User $user, User $creatingUser, $password)
Send an email about the new account creation and the temporary password.
Definition AbstractTemporaryPasswordPrimaryAuthenticationProvider.php:395

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider\providerAllowsAuthenticationDataChange
providerAllowsAuthenticationDataChange(AuthenticationRequest $req, $checkData=true)
Validate a change of authentication data (e.g.passwords)Return StatusValue::newGood( 'ignored' ) if y...
Definition AbstractTemporaryPasswordPrimaryAuthenticationProvider.php:185

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider\maybeSendNewAccountEmail
maybeSendNewAccountEmail(User $user, User $creatingUser, $password)
Wait for the new account to be recorded, and if successful, send an email about the new account creat...
Definition AbstractTemporaryPasswordPrimaryAuthenticationProvider.php:377

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider\beginPrimaryAccountCreation
beginPrimaryAccountCreation( $user, $creator, array $reqs)
Start an account creation flow.AuthenticationResponse Expected responses:PASS: The user may be create...
Definition AbstractTemporaryPasswordPrimaryAuthenticationProvider.php:307

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider\testUserCanAuthenticate
testUserCanAuthenticate( $username)
Test whether the named user can authenticate with this provider.Should return true if the provider ha...
Definition AbstractTemporaryPasswordPrimaryAuthenticationProvider.php:172

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider\getTemporaryPassword
getTemporaryPassword(string $username, $flags=IDBAccessObject::READ_NORMAL)
Return a tuple of temporary password and the time when it was generated.

MediaWiki\Auth\AbstractTemporaryPasswordPrimaryAuthenticationProvider\$dbProvider
IConnectionProvider $dbProvider
Definition AbstractTemporaryPasswordPrimaryAuthenticationProvider.php:46

MediaWiki\Auth\AuthManager\ACTION_CHANGE
const ACTION_CHANGE
Change a user's credentials.
Definition AuthManager.php:154

MediaWiki\Auth\AuthManager\ACTION_REMOVE
const ACTION_REMOVE
Remove a user's credentials.
Definition AuthManager.php:156

MediaWiki\Auth\AuthManager\ACTION_LOGIN
const ACTION_LOGIN
Log in with an existing (not necessarily local) user.
Definition AuthManager.php:136

MediaWiki\Auth\AuthManager\ACTION_CREATE
const ACTION_CREATE
Create a new user.
Definition AuthManager.php:142

MediaWiki\Auth\AuthenticationRequest
This is a value object for authentication requests.
Definition AuthenticationRequest.php:28

MediaWiki\Auth\AuthenticationRequest\getRequestByClass
static getRequestByClass(array $reqs, $class, $allowSubclasses=false)
Select a request by class name.
Definition AuthenticationRequest.php:287

MediaWiki\Auth\AuthenticationResponse
This is a value object to hold authentication response data.
Definition AuthenticationResponse.php:21

MediaWiki\Auth\AuthenticationResponse\newAbstain
static newAbstain()
Definition AuthenticationResponse.php:166

MediaWiki\Auth\AuthenticationResponse\newPass
static newPass( $username=null)
Definition AuthenticationResponse.php:128

MediaWiki\Auth\PasswordAuthenticationRequest
This is a value object for authentication requests with a username and password.
Definition PasswordAuthenticationRequest.php:18

MediaWiki\Auth\TemporaryPasswordAuthenticationRequest
This represents the intention to set a temporary password for the user.
Definition TemporaryPasswordAuthenticationRequest.php:21

MediaWiki\Auth\TemporaryPasswordAuthenticationRequest\newRandom
static newRandom()
Return an instance with a new, random password.
Definition TemporaryPasswordAuthenticationRequest.php:60

MediaWiki\MainConfigNames
A class containing constants representing the names of configuration variables.
Definition MainConfigNames.php:22

MediaWiki\MainConfigNames\PasswordReminderResendTime
const PasswordReminderResendTime
Name constant for the PasswordReminderResendTime setting, for use with Config::get()
Definition MainConfigNames.php:966

MediaWiki\MainConfigNames\EnableEmail
const EnableEmail
Name constant for the EnableEmail setting, for use with Config::get()
Definition MainConfigNames.php:936

MediaWiki\MainConfigNames\NewPasswordExpiry
const NewPasswordExpiry
Name constant for the NewPasswordExpiry setting, for use with Config::get()
Definition MainConfigNames.php:972

MediaWiki\Password\InvalidPassword
Represents an invalid password hash.
Definition InvalidPassword.php:22

MediaWiki\Password\PasswordFactory
Factory class for creating and checking Password objects.
Definition PasswordFactory.php:22

MediaWiki\Password\Password
Represents a password hash for use in authentication.
Definition Password.php:52

MediaWiki\SpecialPage\SpecialPage
Parent class for all special pages.
Definition SpecialPage.php:51

MediaWiki\Title\Title
Represents a title within MediaWiki.
Definition Title.php:69

MediaWiki\User\Options\UserOptionsLookup
Provides access to user options.
Definition UserOptionsLookup.php:17

MediaWiki\User\User
User class for the MediaWiki software.
Definition User.php:130

MediaWiki\User\User\sendMail
sendMail( $subject, $body, $from=null, $replyto=null)
Send an e-mail to this user's account.
Definition User.php:2833

MediaWiki\User\User\getEmail
getEmail()
Get the user's e-mail address.
Definition User.php:1861

MediaWiki\User\User\getName
getName()
Get the user name, or the IP of an anonymous user.
Definition User.php:1524

MediaWiki\Auth\PrimaryAuthenticationProvider\TYPE_CREATE
const TYPE_CREATE
Provider can create accounts.
Definition PrimaryAuthenticationProvider.php:60

MediaWiki\User\UserRigorOptions
Shared interface for rigor levels when dealing with User methods.
Definition UserRigorOptions.php:16

Wikimedia\Rdbms\IConnectionProvider
Provide primary and replica IDatabase connections.
Definition IConnectionProvider.php:21

Wikimedia\Rdbms\IDBAccessObject
Interface for database access objects.
Definition IDBAccessObject.php:45

MediaWiki\Auth
Definition AbstractAuthenticationProvider.php:7

$url
$url
Definition opensearch_desc.php:23