MediaWiki  master
PasswordPolicyChecks.php
Go to the documentation of this file.
1 <?php
24 use Wikimedia\CommonPasswords\CommonPasswords;
25 
38 
46  public static function checkMinimalPasswordLength( $policyVal, UserIdentity $user, $password ) {
47  $status = Status::newGood();
48  if ( $policyVal > strlen( $password ) ) {
49  $status->error( 'passwordtooshort', $policyVal );
50  }
51  return $status;
52  }
53 
63  public static function checkMinimumPasswordLengthToLogin( $policyVal, UserIdentity $user, $password ) {
64  $status = Status::newGood();
65  if ( $policyVal > strlen( $password ) ) {
66  $status->fatal( 'passwordtooshort', $policyVal );
67  }
68  return $status;
69  }
70 
79  public static function checkMaximalPasswordLength( $policyVal, UserIdentity $user, $password ) {
80  $status = Status::newGood();
81  if ( $policyVal < strlen( $password ) ) {
82  $status->fatal( 'passwordtoolong', $policyVal );
83  }
84  return $status;
85  }
86 
95  $policyVal,
96  UserIdentity $user,
97  $password
98  ) {
99  $status = Status::newGood();
100  $username = $user->getName();
101  if ( $policyVal && stripos( $username, $password ) !== false ) {
102  $status->error( 'password-substring-username-match' );
103  }
104  return $status;
105  }
106 
114  public static function checkPasswordCannotMatchDefaults( $policyVal, UserIdentity $user, $password ) {
115  static $blockedLogins = [
116  // r75589
117  'Useruser' => 'Passpass',
118  'Useruser1' => 'Passpass1',
119  // r75605
120  'Apitestsysop' => 'testpass',
121  'Apitestuser' => 'testpass',
122  ];
123 
124  $status = Status::newGood();
125  $username = $user->getName();
126  if ( $policyVal ) {
127  if (
128  isset( $blockedLogins[$username] ) &&
129  hash_equals( $blockedLogins[$username], $password )
130  ) {
131  $status->error( 'password-login-forbidden' );
132  }
133 
134  // Example from ApiChangeAuthenticationRequest
135  if ( hash_equals( 'ExamplePassword', $password ) ) {
136  $status->error( 'password-login-forbidden' );
137  }
138  }
139  return $status;
140  }
141 
156  public static function checkPasswordNotInCommonList( $policyVal, UserIdentity $user, $password ) {
157  $status = Status::newGood();
158  if ( $policyVal && CommonPasswords::isCommon( $password ) ) {
159  $status->error( 'passwordincommonlist' );
160  }
161 
162  return $status;
163  }
164 
165 }
Functions to check passwords against a policy requirement.
static checkMinimumPasswordLengthToLogin( $policyVal, UserIdentity $user, $password)
Check password is longer than minimum, fatal.
static checkPasswordNotInCommonList( $policyVal, UserIdentity $user, $password)
Ensure the password isn't in the list of common passwords by the wikimedia/common-passwords library,...
static checkMaximalPasswordLength( $policyVal, UserIdentity $user, $password)
Check password is shorter than maximum, fatal.
static checkPasswordCannotBeSubstringInUsername( $policyVal, UserIdentity $user, $password)
Check if password is a (case-insensitive) substring within the username.
static checkMinimalPasswordLength( $policyVal, UserIdentity $user, $password)
Check password is longer than minimum, not fatal.
static checkPasswordCannotMatchDefaults( $policyVal, UserIdentity $user, $password)
Check if username and password are on a list of past MediaWiki default passwords.
static newGood( $value=null)
Factory function for good results.
Definition: StatusValue.php:85
Interface for objects representing user identity.