master/php/CheckBlocksSecondaryAuthenticationProvider_8php_source.html

 <?php

 namespace MediaWiki\Auth;


 use MediaWiki\Block\AbstractBlock;

 use MediaWiki\MainConfigNames;

 use MediaWiki\MediaWikiServices;

 use StatusValue;


 class CheckBlocksSecondaryAuthenticationProvider extends AbstractSecondaryAuthenticationProvider {


     protected $blockDisablesLogin = null;


     public function __construct( $params = [] ) {

         if ( isset( $params['blockDisablesLogin'] ) ) {

             $this->blockDisablesLogin = (bool)$params['blockDisablesLogin'];

         }

     }


     protected function postInitSetup() {

         $this->blockDisablesLogin ??= $this->config->get( MainConfigNames::BlockDisablesLogin );

     }


     public function getAuthenticationRequests( $action, array $options ) {

         return [];

     }


     public function beginSecondaryAuthentication( $user, array $reqs ) {

         if ( !$this->blockDisablesLogin ) {

             return AuthenticationResponse::newAbstain();

         }

         $block = $user->getBlock();

         // Ignore IP blocks and partial blocks, $wgBlockDisablesLogin was meant for

         // blocks banning specific users.

         if ( $block && $block->isSitewide() && $block->isBlocking( $user ) ) {

             return AuthenticationResponse::newFail(

                 new \Message( 'login-userblocked', [ $user->getName() ] )

             );

         } else {

             return AuthenticationResponse::newPass();

         }

     }


     public function beginSecondaryAccountCreation( $user, $creator, array $reqs ) {

         return AuthenticationResponse::newAbstain();

     }


     public function testUserForCreation( $user, $autocreate, array $options = [] ) {

         // isBlockedFromCreateAccount() does not return non-accountcreation blocks, but we need them

         // in the $wgBlockDisablesLogin case; getBlock() is unreliable for IP blocks. So we need both.

         $blocks = [

             'local-createaccount' => $user->isBlockedFromCreateAccount(),

             'local' => $user->getBlock(),

         ];

         foreach ( $blocks as $block ) {

             if ( $block && $block->isSitewide()

                 // This method is for checking a given account/username, not the current user, so

                 // ignore IP blocks; they will be checked elsewhere via authorizeCreateAccount().

                 // FIXME: special-case autocreation which doesn't do that check. Should it?

                 && ( $block->isBlocking( $user ) || $autocreate )

                 && (

                     // Should blocks that prevent account creation also prevent autocreation?

                     // We'll go with yes here.

                     $block->isCreateAccountBlocked()

                     // A successful autocreation means the user is logged in, so we must make sure to

                     // honor $wgBlockDisablesLogin. If it's enabled, sitewide blocks are expected to

                     // prevent login regardless of their flags.

                     || ( $autocreate && $this->blockDisablesLogin )

                 )

                 // FIXME: ideally on autocreation we'd figure out if the user has the ipblock-exempt

                 //   or globalblock-exempt right via some central authorization system like

                 //   CentralAuth global groups. But at this point the local account doesn't exist

                 //   yet so there is no way to do that. There should probably be some separate hook

                 //   to fetch user rights for a central user.

                 // FIXME: T249444: there should probably be a way to force autocreation through blocks

             ) {

                 $formatter = MediaWikiServices::getInstance()->getBlockErrorFormatter();


                 $context = \RequestContext::getMain();


                 $language = $context->getUser()->isSafeToLoad() ?

                     \RequestContext::getMain()->getLanguage() :

                     MediaWikiServices::getInstance()->getContentLanguage();


                 $ip = $context->getRequest()->getIP();


                 return StatusValue::newFatal(

                     $formatter->getMessage( $block, $user, $language, $ip )

                 );

             }

         }

         return StatusValue::newGood();

     }


 }

MediaWiki\Auth\AbstractSecondaryAuthenticationProvider
A base class that implements some of the boilerplate for a SecondaryAuthenticationProvider.
Definition: AbstractSecondaryAuthenticationProvider.php:33

MediaWiki\Auth\AuthenticationResponse\newFail
static newFail(Message $msg, array $failReasons=[])
Definition: AuthenticationResponse.php:157

MediaWiki\Auth\AuthenticationResponse\newAbstain
static newAbstain()
Definition: AuthenticationResponse.php:182

MediaWiki\Auth\AuthenticationResponse\newPass
static newPass( $username=null)
Definition: AuthenticationResponse.php:144

MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider
Check if the user is blocked, and prevent authentication if so.
Definition: CheckBlocksSecondaryAuthenticationProvider.php:38

MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider\beginSecondaryAccountCreation
beginSecondaryAccountCreation( $user, $creator, array $reqs)
Start an account creation flow.There is no guarantee this will be called in a successful account crea...
Definition: CheckBlocksSecondaryAuthenticationProvider.php:82

MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider\testUserForCreation
testUserForCreation( $user, $autocreate, array $options=[])
Determine whether an account may be created.User being created (not added to the database yet)....
Definition: CheckBlocksSecondaryAuthenticationProvider.php:87

MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider\__construct
__construct( $params=[])
Definition: CheckBlocksSecondaryAuthenticationProvider.php:48

MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider\getAuthenticationRequests
getAuthenticationRequests( $action, array $options)
Return the applicable list of AuthenticationRequests.Possible values for $action depend on whether th...
Definition: CheckBlocksSecondaryAuthenticationProvider.php:60

MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider\beginSecondaryAuthentication
beginSecondaryAuthentication( $user, array $reqs)
Start an authentication flow.Note that this may be called for a user even if beginSecondaryAccountCre...
Definition: CheckBlocksSecondaryAuthenticationProvider.php:65

MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider\$blockDisablesLogin
bool $blockDisablesLogin
Definition: CheckBlocksSecondaryAuthenticationProvider.php:41

MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider\postInitSetup
postInitSetup()
A provider can override this to do any necessary setup after init() is called.1.37 Stability: stablet...
Definition: CheckBlocksSecondaryAuthenticationProvider.php:55

MediaWiki\Block\AbstractBlock
Definition: AbstractBlock.php:40

MediaWiki\MainConfigNames
A class containing constants representing the names of configuration variables.
Definition: MainConfigNames.php:22

MediaWiki\MainConfigNames\BlockDisablesLogin
const BlockDisablesLogin
Name constant for the BlockDisablesLogin setting, for use with Config::get()
Definition: MainConfigNames.php:2723

MediaWiki\MediaWikiServices
Service locator for MediaWiki core services.
Definition: MediaWikiServices.php:232

MediaWiki\MediaWikiServices\getInstance
static getInstance()
Returns the global default instance of the top level service locator.
Definition: MediaWikiServices.php:319

Message
The Message class deals with fetching and processing of interface message into a variety of formats.
Definition: Message.php:144

RequestContext\getMain
static getMain()
Get the RequestContext object associated with the main request.
Definition: RequestContext.php:593

StatusValue
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition: StatusValue.php:46

StatusValue\newFatal
static newFatal( $message,... $parameters)
Factory function for fatal errors.
Definition: StatusValue.php:73

StatusValue\newGood
static newGood( $value=null)
Factory function for good results.
Definition: StatusValue.php:85

MediaWiki\Auth
Definition: AbstractAuthenticationProvider.php:22