MediaWiki master
MediaWiki\Auth\AbstractSecondaryAuthenticationProvider Class Reference

A base class that implements some of the boilerplate for a SecondaryAuthenticationProvider. More...

Inherits MediaWiki\Auth\AbstractAuthenticationProvider, and MediaWiki\Auth\SecondaryAuthenticationProvider.

Inherited by MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider, MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider, MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider, and MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider.

Collaboration diagram for MediaWiki\Auth\AbstractSecondaryAuthenticationProvider:

Public Member Functions

 autoCreatedAccount ( $user, $source)
 Post-auto-creation callback.
Parameters
User$userUser being created (has been added to the database now). This may become a "UserValue" in the future, or User may be refactored into such.
string$sourceThe source of the auto-creation passed to AuthManager::autoCreateUser().

 
 continueSecondaryAccountCreation ( $user, $creator, array $reqs)
 Continue an authentication flow.
Parameters
User$userUser being created (has been added to the database). This may become a "UserValue" in the future, or User may be refactored into such.
User$creatorUser doing the creation. This may become a "UserValue" in the future, or User may be refactored into such.
AuthenticationRequest[]$reqs
Returns
AuthenticationResponse Expected responses:
  • PASS: The user creation is ok. Additional secondary providers may run.
  • ABSTAIN: Additional secondary providers may run.
  • UI: Additional AuthenticationRequests are needed to complete the process.
  • REDIRECT: Redirection to a third party is needed to complete the process.

 
 continueSecondaryAuthentication ( $user, array $reqs)
 Continue an authentication flow.
Parameters
User$userUser being authenticated. This may become a "UserValue" in the future, or User may be refactored into such.
AuthenticationRequest[]$reqs
Returns
AuthenticationResponse Expected responses:
  • PASS: The user is authenticated. Additional secondary providers may run.
  • FAIL: The user is not authenticated. Fail the authentication process.
  • ABSTAIN: Additional secondary providers may run.
  • UI: Additional AuthenticationRequests are needed to complete the process.
  • REDIRECT: Redirection to a third party is needed to complete the process.

 
 postAccountCreation ( $user, $creator, AuthenticationResponse $response)
 Post-creation callback.This will be called at the end of an account creation attempt. It will not be called if the account creation process results in a session timeout (possibly after a successful user creation, while a secondary provider is waiting for a response).
Parameters
User$userUser that was attempted to be created. This may become a "UserValue" in the future, or User may be refactored into such.
User$creatorUser doing the creation. This may become a "UserValue" in the future, or User may be refactored into such.
AuthenticationResponse$responseAuthentication response that will be returned (PASS or FAIL)

 
 postAuthentication ( $user, AuthenticationResponse $response)
 Post-login callback.This will be called at the end of a login attempt. It will not be called for unfinished login attempts that fail by the session timing out.
Parameters
User | null$userUser that was attempted to be logged in, if known. This may become a "UserValue" in the future, or User may be refactored into such.
AuthenticationResponse$responseAuthentication response that will be returned (PASS or FAIL)

 
 providerAllowsAuthenticationDataChange (AuthenticationRequest $req, $checkData=true)
 Validate a change of authentication data (e.g.passwords)Return StatusValue::newGood( 'ignored' ) if you don't support this AuthenticationRequest type.
Parameters
AuthenticationRequest$req
bool$checkDataIf false, $req hasn't been loaded from the submission so checks on user-submitted fields should be skipped. $req->username is considered user-submitted for this purpose, even if it cannot be changed via $req->loadFromSubmission.
Returns
StatusValue

 
 providerAllowsPropertyChange ( $property)
 Determine whether a property can change.
See also
AuthManager::allowsPropertyChange()
Parameters
string$property
Returns
bool

 
 providerChangeAuthenticationData (AuthenticationRequest $req)
 Change or remove authentication data (e.g.passwords)If $req was returned for AuthManager::ACTION_CHANGE, the corresponding credentials should result in a successful login in the future.If $req was returned for AuthManager::ACTION_REMOVE, the corresponding credentials should no longer result in a successful login.It can be assumed that providerAllowsAuthenticationDataChange with $checkData === true was called before this, and passed. This method should never fail (other than throwing an exception).
Parameters
AuthenticationRequest$req

 
 providerRevokeAccessForUser ( $username)
 Revoke the user's credentials.This may cause the user to no longer exist for the provider, or the user may continue to exist in a "disabled" state.The intention is that the named account will never again be usable for normal login (i.e. there is no way to undo the revocation of access).
Parameters
string$username

 
 testForAccountCreation ( $user, $creator, array $reqs)
 Determine whether an account creation may begin.Called from AuthManager::beginAccountCreation()
Note
No need to test if the account exists, AuthManager checks that
Parameters
User$userUser being created (not added to the database yet). This may become a "UserValue" in the future, or User may be refactored into such.
User$creatorUser doing the creation. This may become a "UserValue" in the future, or User may be refactored into such.
AuthenticationRequest[]$reqs
Returns
StatusValue

 
 testUserForCreation ( $user, $autocreate, array $options=[])
 Determine whether an account may be created.
Parameters
User$userUser being created (not added to the database yet). This may become a "UserValue" in the future, or User may be refactored into such.
bool | string$autocreateFalse if this is not an auto-creation, or the source of the auto-creation passed to AuthManager::autoCreateUser().
array$options
  • flags: (int) Bitfield of IDBAccessObject::READ_* constants, default IDBAccessObject::READ_NORMAL
  • creating: (bool) If false (or missing), this call is only testing if a user could be created. If set, this (non-autocreation) is for actually creating an account and will be followed by a call to testForAccountCreation(). In this case, the provider might return StatusValue::newGood() here and let the later call to testForAccountCreation() do a more thorough test.
Returns
StatusValue

 
- Public Member Functions inherited from MediaWiki\Auth\AbstractAuthenticationProvider
 getUniqueId ()
 Return a unique identifier for this instance.This must be the same across requests. If multiple instances return the same ID, exceptions will be thrown from AuthManager.
Returns
string

 
 init (LoggerInterface $logger, AuthManager $manager, HookContainer $hookContainer, Config $config, UserNameUtils $userNameUtils)
 Initialise with dependencies of an AuthenticationProvider.
 
- Public Member Functions inherited from MediaWiki\Auth\AuthenticationProvider
 getAuthenticationRequests ( $action, array $options)
 Return the applicable list of AuthenticationRequests.
 
- Public Member Functions inherited from MediaWiki\Auth\SecondaryAuthenticationProvider
 beginSecondaryAccountCreation ( $user, $creator, array $reqs)
 Start an account creation flow.
 
 beginSecondaryAuthentication ( $user, array $reqs)
 Start an authentication flow.
 

Additional Inherited Members

- Protected Member Functions inherited from MediaWiki\Auth\AbstractAuthenticationProvider
 getHookContainer ()
 
 getHookRunner ()
 
 postInitSetup ()
 A provider can override this to do any necessary setup after init() is called.
 
- Protected Attributes inherited from MediaWiki\Auth\AbstractAuthenticationProvider
Config $config
 
LoggerInterface $logger
 
AuthManager $manager
 
UserNameUtils $userNameUtils
 

Detailed Description

A base class that implements some of the boilerplate for a SecondaryAuthenticationProvider.

Stability: stable
to extend
Since
1.27

Definition at line 31 of file AbstractSecondaryAuthenticationProvider.php.

Member Function Documentation

◆ autoCreatedAccount()

MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::autoCreatedAccount (   $user,
  $source 
)

Post-auto-creation callback.

Parameters
User$userUser being created (has been added to the database now). This may become a "UserValue" in the future, or User may be refactored into such.
string$sourceThe source of the auto-creation passed to AuthManager::autoCreateUser().

Stability: stable
to override

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Definition at line 126 of file AbstractSecondaryAuthenticationProvider.php.

◆ continueSecondaryAccountCreation()

MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::continueSecondaryAccountCreation (   $user,
  $creator,
array  $reqs 
)

Continue an authentication flow.

Parameters
User$userUser being created (has been added to the database). This may become a "UserValue" in the future, or User may be refactored into such.
User$creatorUser doing the creation. This may become a "UserValue" in the future, or User may be refactored into such.
AuthenticationRequest[]$reqs
Returns
AuthenticationResponse Expected responses:
  • PASS: The user creation is ok. Additional secondary providers may run.
  • ABSTAIN: Additional secondary providers may run.
  • UI: Additional AuthenticationRequests are needed to complete the process.
  • REDIRECT: Redirection to a third party is needed to complete the process.

Stability: stable
to override

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Reimplemented in MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider, and MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider.

Definition at line 103 of file AbstractSecondaryAuthenticationProvider.php.

◆ continueSecondaryAuthentication()

MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::continueSecondaryAuthentication (   $user,
array  $reqs 
)

Continue an authentication flow.

Parameters
User$userUser being authenticated. This may become a "UserValue" in the future, or User may be refactored into such.
AuthenticationRequest[]$reqs
Returns
AuthenticationResponse Expected responses:
  • PASS: The user is authenticated. Additional secondary providers may run.
  • FAIL: The user is not authenticated. Fail the authentication process.
  • ABSTAIN: Additional secondary providers may run.
  • UI: Additional AuthenticationRequests are needed to complete the process.
  • REDIRECT: Redirection to a third party is needed to complete the process.

Stability: stable
to override

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Reimplemented in MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider, and MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider.

Definition at line 39 of file AbstractSecondaryAuthenticationProvider.php.

◆ postAccountCreation()

MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::postAccountCreation (   $user,
  $creator,
AuthenticationResponse  $response 
)

Post-creation callback.This will be called at the end of an account creation attempt. It will not be called if the account creation process results in a session timeout (possibly after a successful user creation, while a secondary provider is waiting for a response).

Parameters
User$userUser that was attempted to be created. This may become a "UserValue" in the future, or User may be refactored into such.
User$creatorUser doing the creation. This may become a "UserValue" in the future, or User may be refactored into such.
AuthenticationResponse$responseAuthentication response that will be returned (PASS or FAIL)

Stability: stable
to override

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Definition at line 111 of file AbstractSecondaryAuthenticationProvider.php.

◆ postAuthentication()

MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::postAuthentication (   $user,
AuthenticationResponse  $response 
)

Post-login callback.This will be called at the end of a login attempt. It will not be called for unfinished login attempts that fail by the session timing out.

Parameters
User | null$userUser that was attempted to be logged in, if known. This may become a "UserValue" in the future, or User may be refactored into such.
AuthenticationResponse$responseAuthentication response that will be returned (PASS or FAIL)

Stability: stable
to override

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Definition at line 47 of file AbstractSecondaryAuthenticationProvider.php.

◆ providerAllowsAuthenticationDataChange()

MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::providerAllowsAuthenticationDataChange ( AuthenticationRequest  $req,
  $checkData = true 
)

Validate a change of authentication data (e.g.passwords)Return StatusValue::newGood( 'ignored' ) if you don't support this AuthenticationRequest type.

Parameters
AuthenticationRequest$req
bool$checkDataIf false, $req hasn't been loaded from the submission so checks on user-submitted fields should be skipped. $req->username is considered user-submitted for this purpose, even if it cannot be changed via $req->loadFromSubmission.
Returns
StatusValue

Stability: stable
to override

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Definition at line 78 of file AbstractSecondaryAuthenticationProvider.php.

◆ providerAllowsPropertyChange()

MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::providerAllowsPropertyChange (   $property)

Determine whether a property can change.

See also
AuthManager::allowsPropertyChange()
Parameters
string$property
Returns
bool

Stability: stable
to override

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Definition at line 54 of file AbstractSecondaryAuthenticationProvider.php.

◆ providerChangeAuthenticationData()

MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::providerChangeAuthenticationData ( AuthenticationRequest  $req)

Change or remove authentication data (e.g.passwords)If $req was returned for AuthManager::ACTION_CHANGE, the corresponding credentials should result in a successful login in the future.If $req was returned for AuthManager::ACTION_REMOVE, the corresponding credentials should no longer result in a successful login.It can be assumed that providerAllowsAuthenticationDataChange with $checkData === true was called before this, and passed. This method should never fail (other than throwing an exception).

Parameters
AuthenticationRequest$req

Stability: stable
to override

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Definition at line 88 of file AbstractSecondaryAuthenticationProvider.php.

Referenced by MediaWiki\Auth\AbstractSecondaryAuthenticationProvider\providerRevokeAccessForUser().

◆ providerRevokeAccessForUser()

MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::providerRevokeAccessForUser (   $username)

Revoke the user's credentials.This may cause the user to no longer exist for the provider, or the user may continue to exist in a "disabled" state.The intention is that the named account will never again be usable for normal login (i.e. there is no way to undo the revocation of access).

Parameters
string$username

Stability: stable
to override
Note
Reimplement this if self::getAuthenticationRequests( AuthManager::ACTION_REMOVE ) doesn't return requests that will revoke all access for the user.

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Definition at line 64 of file AbstractSecondaryAuthenticationProvider.php.

References MediaWiki\Auth\AuthManager\ACTION_REMOVE, MediaWiki\Auth\AuthenticationProvider\getAuthenticationRequests(), and MediaWiki\Auth\AbstractSecondaryAuthenticationProvider\providerChangeAuthenticationData().

◆ testForAccountCreation()

MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::testForAccountCreation (   $user,
  $creator,
array  $reqs 
)

Determine whether an account creation may begin.Called from AuthManager::beginAccountCreation()

Note
No need to test if the account exists, AuthManager checks that
Parameters
User$userUser being created (not added to the database yet). This may become a "UserValue" in the future, or User may be refactored into such.
User$creatorUser doing the creation. This may become a "UserValue" in the future, or User may be refactored into such.
AuthenticationRequest[]$reqs
Returns
StatusValue

Stability: stable
to override

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Definition at line 95 of file AbstractSecondaryAuthenticationProvider.php.

◆ testUserForCreation()

MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::testUserForCreation (   $user,
  $autocreate,
array  $options = [] 
)

Determine whether an account may be created.

Parameters
User$userUser being created (not added to the database yet). This may become a "UserValue" in the future, or User may be refactored into such.
bool | string$autocreateFalse if this is not an auto-creation, or the source of the auto-creation passed to AuthManager::autoCreateUser().
array$options
  • flags: (int) Bitfield of IDBAccessObject::READ_* constants, default IDBAccessObject::READ_NORMAL
  • creating: (bool) If false (or missing), this call is only testing if a user could be created. If set, this (non-autocreation) is for actually creating an account and will be followed by a call to testForAccountCreation(). In this case, the provider might return StatusValue::newGood() here and let the later call to testForAccountCreation() do a more thorough test.
Returns
StatusValue

Stability: stable
to override

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Definition at line 118 of file AbstractSecondaryAuthenticationProvider.php.


The documentation for this class was generated from the following file: