MediaWiki  master
MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider Class Reference

Check if the user is blocked, and prevent authentication if so. More...

Inheritance diagram for MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider:
Collaboration diagram for MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider:

Public Member Functions

 __construct ( $params=[])
 
 beginSecondaryAccountCreation ( $user, $creator, array $reqs)
 Start an account creation flow. More...
 
 beginSecondaryAuthentication ( $user, array $reqs)
 Start an authentication flow. More...
 
 getAuthenticationRequests ( $action, array $options)
 Return the applicable list of AuthenticationRequests. More...
 
 setConfig (Config $config)
 Set configuration. More...
 
 testUserForCreation ( $user, $autocreate, array $options=[])
 Determine whether an account may be created. More...
 
- Public Member Functions inherited from MediaWiki\Auth\AbstractSecondaryAuthenticationProvider
 autoCreatedAccount ( $user, $source)
 Post-auto-creation callback. More...
 
 continueSecondaryAccountCreation ( $user, $creator, array $reqs)
 Continue an authentication flow. More...
 
 continueSecondaryAuthentication ( $user, array $reqs)
 Continue an authentication flow. More...
 
 postAccountCreation ( $user, $creator, AuthenticationResponse $response)
 Post-creation callback. More...
 
 postAuthentication ( $user, AuthenticationResponse $response)
 Post-login callback. More...
 
 providerAllowsAuthenticationDataChange (AuthenticationRequest $req, $checkData=true)
 Validate a change of authentication data (e.g. More...
 
 providerAllowsPropertyChange ( $property)
 Determine whether a property can change. More...
 
 providerChangeAuthenticationData (AuthenticationRequest $req)
 Change or remove authentication data (e.g. More...
 
 providerRevokeAccessForUser ( $username)
 Revoke the user's credentials.This may cause the user to no longer exist for the provider, or the user may continue to exist in a "disabled" state.The intention is that the named account will never again be usable for normal login (i.e. there is no way to undo the revocation of access).
Parameters
string$username
More...
 
 testForAccountCreation ( $user, $creator, array $reqs)
 Determine whether an account creation may begin. More...
 
 testUserForCreation ( $user, $autocreate, array $options=[])
 Determine whether an account may be created. More...
 
- Public Member Functions inherited from MediaWiki\Auth\AbstractAuthenticationProvider
 getUniqueId ()
 Return a unique identifier for this instance.This must be the same across requests. If multiple instances return the same ID, exceptions will be thrown from AuthManager.
Returns
string
More...
 
 setConfig (Config $config)
 Set configuration. More...
 
 setLogger (LoggerInterface $logger)
 
 setManager (AuthManager $manager)
 Set AuthManager. More...
 

Protected Attributes

bool $blockDisablesLogin = null
 
- Protected Attributes inherited from MediaWiki\Auth\AbstractAuthenticationProvider
Config $config
 
LoggerInterface $logger
 
AuthManager $manager
 

Detailed Description

Check if the user is blocked, and prevent authentication if so.

Since
1.27

Definition at line 35 of file CheckBlocksSecondaryAuthenticationProvider.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::__construct (   $params = [])
Parameters
array$params
  • blockDisablesLogin: (bool) Whether blocked accounts can log in, defaults to $wgBlockDisablesLogin

Definition at line 45 of file CheckBlocksSecondaryAuthenticationProvider.php.

Member Function Documentation

◆ beginSecondaryAccountCreation()

MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::beginSecondaryAccountCreation (   $user,
  $creator,
array  $reqs 
)

Start an account creation flow.

Note
There is no guarantee this will be called in a successful account creation process as the user can just abandon the process at any time after the primary provider has issued a PASS and still have a valid account. Be prepared to handle any database inconsistencies that result from this or continueSecondaryAccountCreation() not being called.
Parameters
User$userUser being created (has been added to the database). This may become a "UserValue" in the future, or User may be refactored into such.
User$creatorUser doing the creation. This may become a "UserValue" in the future, or User may be refactored into such.
AuthenticationRequest[]$reqs
Returns
AuthenticationResponse Expected responses:
  • PASS: The user creation is ok. Additional secondary providers may run.
  • ABSTAIN: Additional secondary providers may run.
  • UI: Additional AuthenticationRequests are needed to complete the process.
  • REDIRECT: Redirection to a third party is needed to complete the process.

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Definition at line 77 of file CheckBlocksSecondaryAuthenticationProvider.php.

References MediaWiki\Auth\AuthenticationResponse\newAbstain().

◆ beginSecondaryAuthentication()

MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::beginSecondaryAuthentication (   $user,
array  $reqs 
)

Start an authentication flow.

Note that this may be called for a user even if beginSecondaryAccountCreation() was never called. The module should take the opportunity to do any necessary setup in that case.

Parameters
User$userUser being authenticated. This may become a "UserValue" in the future, or User may be refactored into such.
AuthenticationRequest[]$reqs
Returns
AuthenticationResponse Expected responses:
  • PASS: The user is authenticated. Additional secondary providers may run.
  • FAIL: The user is not authenticated. Fail the authentication process.
  • ABSTAIN: Additional secondary providers may run.
  • UI: Additional AuthenticationRequests are needed to complete the process.
  • REDIRECT: Redirection to a third party is needed to complete the process.

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Definition at line 63 of file CheckBlocksSecondaryAuthenticationProvider.php.

References MediaWiki\Auth\AuthenticationResponse\newAbstain(), MediaWiki\Auth\AuthenticationResponse\newFail(), and MediaWiki\Auth\AuthenticationResponse\newPass().

◆ getAuthenticationRequests()

MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::getAuthenticationRequests (   $action,
array  $options 
)

Return the applicable list of AuthenticationRequests.

Possible values for $action depend on whether the implementing class is also a PreAuthenticationProvider, PrimaryAuthenticationProvider, or SecondaryAuthenticationProvider.

  • ACTION_LOGIN: Valid for passing to beginAuthentication. Called on all providers.
  • ACTION_CREATE: Valid for passing to beginAccountCreation. Called on all providers.
  • ACTION_LINK: Valid for passing to beginAccountLink. Called on linking primary providers only.
  • ACTION_CHANGE: Valid for passing to AuthManager::changeAuthenticationData to change credentials. Called on primary and secondary providers.
  • ACTION_REMOVE: Valid for passing to AuthManager::changeAuthenticationData to remove credentials. Must work without additional user input (i.e. without calling loadFromSubmission). Called on primary and secondary providers.
See also
AuthManager::getAuthenticationRequests()
Parameters
string$action
array$optionsOptions are:
  • username: User name related to the action, or null/unset if anon.
    • ACTION_LOGIN: The currently logged-in user, if any.
    • ACTION_CREATE: The account creator, if non-anonymous.
    • ACTION_LINK: The local user being linked to.
    • ACTION_CHANGE: The user having data changed.
    • ACTION_REMOVE: The user having data removed. If you leave the username property of the returned requests empty, this will automatically be copied there (except for ACTION_CREATE where it wouldn't really make sense).
Returns
AuthenticationRequest[]

Implements MediaWiki\Auth\AuthenticationProvider.

Definition at line 59 of file CheckBlocksSecondaryAuthenticationProvider.php.

◆ setConfig()

MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::setConfig ( Config  $config)

Set configuration.

Parameters
Config$config

Implements MediaWiki\Auth\AuthenticationProvider.

Definition at line 51 of file CheckBlocksSecondaryAuthenticationProvider.php.

◆ testUserForCreation()

MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::testUserForCreation (   $user,
  $autocreate,
array  $options = [] 
)

Determine whether an account may be created.

Parameters
User$userUser being created (not added to the database yet). This may become a "UserValue" in the future, or User may be refactored into such.
bool | string$autocreateFalse if this is not an auto-creation, or the source of the auto-creation passed to AuthManager::autoCreateUser().
array$options
  • flags: (int) Bitfield of User:READ_* constants, default User::READ_NORMAL
  • creating: (bool) If false (or missing), this call is only testing if a user could be created. If set, this (non-autocreation) is for actually creating an account and will be followed by a call to testForAccountCreation(). In this case, the provider might return StatusValue::newGood() here and let the later call to testForAccountCreation() do a more thorough test.
Returns
StatusValue

Implements MediaWiki\Auth\SecondaryAuthenticationProvider.

Definition at line 81 of file CheckBlocksSecondaryAuthenticationProvider.php.

References MediaWiki\MediaWikiServices\getInstance(), RequestContext\getMain(), StatusValue\newFatal(), StatusValue\newGood(), and MediaWiki\Block\AbstractBlock\TYPE_RANGE.

Member Data Documentation

◆ $blockDisablesLogin

bool MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::$blockDisablesLogin = null
protected

The documentation for this class was generated from the following file: