MediaWiki master
PasswordPolicyChecks.php
Go to the documentation of this file.
1<?php
23use MediaWiki\Status\Status;
24use MediaWiki\User\UserIdentity;
25use Wikimedia\CommonPasswords\CommonPasswords;
26
38class PasswordPolicyChecks {
39
47 public static function checkMinimalPasswordLength( $policyVal, UserIdentity $user, $password ) {
48 $status = Status::newGood();
49 if ( $policyVal > strlen( $password ) ) {
50 $status->error( 'passwordtooshort', $policyVal );
51 }
52 return $status;
53 }
54
64 public static function checkMinimumPasswordLengthToLogin( $policyVal, UserIdentity $user, $password ) {
65 $status = Status::newGood();
66 if ( $policyVal > strlen( $password ) ) {
67 $status->fatal( 'passwordtooshort', $policyVal );
68 }
69 return $status;
70 }
71
80 public static function checkMaximalPasswordLength( $policyVal, UserIdentity $user, $password ) {
81 $status = Status::newGood();
82 if ( $policyVal < strlen( $password ) ) {
83 $status->fatal( 'passwordtoolong', $policyVal );
84 }
85 return $status;
86 }
87
95 public static function checkPasswordCannotBeSubstringInUsername(
96 $policyVal,
97 UserIdentity $user,
98 $password
99 ) {
100 $status = Status::newGood();
101 $username = $user->getName();
102 if ( $policyVal && stripos( $username, $password ) !== false ) {
103 $status->error( 'password-substring-username-match' );
104 }
105 return $status;
106 }
107
115 public static function checkPasswordCannotMatchDefaults( $policyVal, UserIdentity $user, $password ) {
116 static $blockedLogins = [
117 // r75589
118 'Useruser' => 'Passpass',
119 'Useruser1' => 'Passpass1',
120 // r75605
121 'Apitestsysop' => 'testpass',
122 'Apitestuser' => 'testpass',
123 ];
124
125 $status = Status::newGood();
126 $username = $user->getName();
127 if ( $policyVal ) {
128 if (
129 isset( $blockedLogins[$username] ) &&
130 hash_equals( $blockedLogins[$username], $password )
131 ) {
132 $status->error( 'password-login-forbidden' );
133 }
134
135 // Example from ApiChangeAuthenticationRequest
136 if ( hash_equals( 'ExamplePassword', $password ) ) {
137 $status->error( 'password-login-forbidden' );
138 }
139 }
140 return $status;
141 }
142
157 public static function checkPasswordNotInCommonList( $policyVal, UserIdentity $user, $password ) {
158 $status = Status::newGood();
159 if ( $policyVal && CommonPasswords::isCommon( $password ) ) {
160 $status->error( 'passwordincommonlist' );
161 }
162
163 return $status;
164 }
165
166}
MediaWiki\Status\Status
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition Status.php:54
PasswordPolicyChecks
Functions to check passwords against a policy requirement.
Definition PasswordPolicyChecks.php:38
PasswordPolicyChecks\checkMinimumPasswordLengthToLogin
static checkMinimumPasswordLengthToLogin( $policyVal, UserIdentity $user, $password)
Check password is longer than minimum, fatal.
Definition PasswordPolicyChecks.php:64
PasswordPolicyChecks\checkPasswordNotInCommonList
static checkPasswordNotInCommonList( $policyVal, UserIdentity $user, $password)
Ensure the password isn't in the list of common passwords by the wikimedia/common-passwords library,...
Definition PasswordPolicyChecks.php:157
PasswordPolicyChecks\checkMaximalPasswordLength
static checkMaximalPasswordLength( $policyVal, UserIdentity $user, $password)
Check password is shorter than maximum, fatal.
Definition PasswordPolicyChecks.php:80
PasswordPolicyChecks\checkPasswordCannotBeSubstringInUsername
static checkPasswordCannotBeSubstringInUsername( $policyVal, UserIdentity $user, $password)
Check if password is a (case-insensitive) substring within the username.
Definition PasswordPolicyChecks.php:95
PasswordPolicyChecks\checkMinimalPasswordLength
static checkMinimalPasswordLength( $policyVal, UserIdentity $user, $password)
Check password is longer than minimum, not fatal.
Definition PasswordPolicyChecks.php:47
PasswordPolicyChecks\checkPasswordCannotMatchDefaults
static checkPasswordCannotMatchDefaults( $policyVal, UserIdentity $user, $password)
Check if username and password are on a list of past MediaWiki default passwords.
Definition PasswordPolicyChecks.php:115
MediaWiki\User\UserIdentity
Interface for objects representing user identity.
Definition UserIdentity.php:39