MediaWiki  master
PasswordPolicyChecks.php
Go to the documentation of this file.
1 <?php
24 use Wikimedia\CommonPasswords\CommonPasswords;
25 
38 
46  public static function checkMinimalPasswordLength( $policyVal, User $user, $password ) {
47  $status = Status::newGood();
48  if ( $policyVal > strlen( $password ) ) {
49  $status->error( 'passwordtooshort', $policyVal );
50  }
51  return $status;
52  }
53 
63  public static function checkMinimumPasswordLengthToLogin( $policyVal, User $user, $password ) {
64  $status = Status::newGood();
65  if ( $policyVal > strlen( $password ) ) {
66  $status->fatal( 'passwordtooshort', $policyVal );
67  }
68  return $status;
69  }
70 
79  public static function checkMaximalPasswordLength( $policyVal, User $user, $password ) {
80  $status = Status::newGood();
81  if ( $policyVal < strlen( $password ) ) {
82  $status->fatal( 'passwordtoolong', $policyVal );
83  }
84  return $status;
85  }
86 
94  public static function checkPasswordCannotMatchUsername( $policyVal, User $user, $password ) {
95  $status = Status::newGood();
96  $username = $user->getName();
97  $contLang = MediaWikiServices::getInstance()->getContentLanguage();
98  if (
99  $policyVal && hash_equals( $contLang->lc( $username ), $contLang->lc( $password ) )
100  ) {
101  $status->error( 'password-name-match' );
102  }
103  return $status;
104  }
105 
114  $policyVal,
115  User $user,
116  $password
117  ) {
118  $status = Status::newGood();
119  $username = $user->getName();
120  if ( $policyVal && stripos( $username, $password ) !== false ) {
121  $status->error( 'password-substring-username-match' );
122  }
123  return $status;
124  }
125 
133  public static function checkPasswordCannotMatchDefaults( $policyVal, User $user, $password ) {
134  static $blockedLogins = [
135  // r75589
136  'Useruser' => 'Passpass',
137  'Useruser1' => 'Passpass1',
138  // r75605
139  'Apitestsysop' => 'testpass',
140  'Apitestuser' => 'testpass',
141  ];
142 
143  $status = Status::newGood();
144  $username = $user->getName();
145  if ( $policyVal ) {
146  if (
147  isset( $blockedLogins[$username] ) &&
148  hash_equals( $blockedLogins[$username], $password )
149  ) {
150  $status->error( 'password-login-forbidden' );
151  }
152 
153  // Example from ApiChangeAuthenticationRequest
154  if ( hash_equals( 'ExamplePassword', $password ) ) {
155  $status->error( 'password-login-forbidden' );
156  }
157  }
158  return $status;
159  }
160 
175  public static function checkPasswordNotInCommonList( $policyVal, User $user, $password ) {
176  $status = Status::newGood();
177  if ( $policyVal && CommonPasswords::isCommon( $password ) ) {
178  $status->error( 'passwordincommonlist' );
179  }
180 
181  return $status;
182  }
183 
184 }
MediaWiki\MediaWikiServices
MediaWikiServices is the service locator for the application scope of MediaWiki.
Definition: MediaWikiServices.php:155
PasswordPolicyChecks\checkMinimalPasswordLength
static checkMinimalPasswordLength( $policyVal, User $user, $password)
Check password is longer than minimum, not fatal.
Definition: PasswordPolicyChecks.php:46
PasswordPolicyChecks\checkPasswordCannotBeSubstringInUsername
static checkPasswordCannotBeSubstringInUsername( $policyVal, User $user, $password)
Check if password is a (case-insensitive) substring within the username.
Definition: PasswordPolicyChecks.php:113
PasswordPolicyChecks\checkPasswordCannotMatchUsername
static checkPasswordCannotMatchUsername( $policyVal, User $user, $password)
Check if username and password are a (case-insensitive) match.
Definition: PasswordPolicyChecks.php:94
PasswordPolicyChecks\checkMinimumPasswordLengthToLogin
static checkMinimumPasswordLengthToLogin( $policyVal, User $user, $password)
Check password is longer than minimum, fatal.
Definition: PasswordPolicyChecks.php:63
StatusValue\newGood
static newGood( $value=null)
Factory function for good results.
Definition: StatusValue.php:82
PasswordPolicyChecks\checkPasswordNotInCommonList
static checkPasswordNotInCommonList( $policyVal, User $user, $password)
Ensure the password isn't in the list of common passwords by the wikimedia/common-passwords library,...
Definition: PasswordPolicyChecks.php:175
PasswordPolicyChecks\checkPasswordCannotMatchDefaults
static checkPasswordCannotMatchDefaults( $policyVal, User $user, $password)
Check if username and password are on a list of past MediaWiki default passwords.
Definition: PasswordPolicyChecks.php:133
PasswordPolicyChecks\checkMaximalPasswordLength
static checkMaximalPasswordLength( $policyVal, User $user, $password)
Check password is shorter than maximum, fatal.
Definition: PasswordPolicyChecks.php:79
User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition: User.php:55
User\getName
getName()
Get the user name, or the IP of an anonymous user.
Definition: User.php:1954
PasswordPolicyChecks
Functions to check passwords against a policy requirement.
Definition: PasswordPolicyChecks.php:37