MediaWiki  master
MediaWiki\Block\BlockManager Class Reference

A service class for checking blocks. More...

Collaboration diagram for MediaWiki\Block\BlockManager:

Public Member Functions

 __construct (ServiceOptions $options, PermissionManager $permissionManager, LoggerInterface $logger)
 
 getCookieValue (DatabaseBlock $block)
 Get the BlockID cookie's value for this block. More...
 
 getIdFromCookieValue ( $cookieValue)
 Get the stored ID from the 'BlockID' cookie. More...
 
 getUserBlock (User $user, $request, $fromReplica)
 Get the blocks that apply to a user. More...
 
 isDnsBlacklisted ( $ip, $checkWhitelist=false)
 Whether the given IP is in a DNS blacklist. More...
 
 setBlockCookie (DatabaseBlock $block, WebResponse $response)
 Set the 'BlockID' cookie to this block's ID and expiry time. More...
 
 trackBlockWithCookie (User $user, WebResponse $response)
 Set the 'BlockID' cookie depending on block type and user authentication status. More...
 

Static Public Member Functions

static clearBlockCookie (WebResponse $response)
 Unset the 'BlockID' cookie. More...
 

Protected Member Functions

 checkHost ( $hostname)
 Wrapper for mocking in tests. More...
 

Private Member Functions

 getAdditionalIpBlocks (&$blocks, WebRequest $request, $isAnon, $fromMaster)
 Check for any additional blocks against the IP address or any IPs in the XFF header. More...
 
 getBlockFromCookieValue (UserIdentity $user, WebRequest $request)
 Try to load a block from an ID given in a cookie value. More...
 
 getCookieBlock (&$blocks, UserIdentity $user, WebRequest $request)
 Get the cookie block, if there is one. More...
 
 getUniqueBlocks (array $blocks)
 Given a list of blocks, return a list of unique blocks. More...
 
 inDnsBlacklist ( $ip, array $bases)
 Whether the given IP is in a given DNS blacklist. More...
 
 isLocallyBlockedProxy ( $ip)
 Check if an IP address is in the local proxy list. More...
 
 shouldApplyCookieBlock (DatabaseBlock $block, $isAnon)
 Check if the block loaded from the cookie should be applied. More...
 
 shouldTrackBlockWithCookie (AbstractBlock $block, $isAnon)
 Check if the block should be tracked with a cookie. More...
 

Private Attributes

LoggerInterface $logger
 
ServiceOptions $options
 
PermissionManager $permissionManager
 

Detailed Description

A service class for checking blocks.

To obtain an instance, use MediaWikiServices::getInstance()->getBlockManager().

Since
1.34 Refactored from User and Block.

Definition at line 45 of file BlockManager.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Block\BlockManager::__construct ( ServiceOptions  $options,
PermissionManager  $permissionManager,
LoggerInterface  $logger 
)
Parameters
ServiceOptions$options
PermissionManager$permissionManager
LoggerInterface$logger

Definition at line 76 of file BlockManager.php.

References MediaWiki\Block\BlockManager\$logger, MediaWiki\Block\BlockManager\$options, MediaWiki\Block\BlockManager\$permissionManager, and MediaWiki\Config\ServiceOptions\assertRequiredOptions().

Member Function Documentation

◆ checkHost()

MediaWiki\Block\BlockManager::checkHost (   $hostname)
protected

Wrapper for mocking in tests.

Parameters
string$hostnameDNSBL query
Returns
string[]|bool IPv4 array, or false if the IP is not blacklisted

Definition at line 428 of file BlockManager.php.

Referenced by MediaWiki\Block\BlockManager\inDnsBlacklist().

◆ clearBlockCookie()

static MediaWiki\Block\BlockManager::clearBlockCookie ( WebResponse  $response)
static

Unset the 'BlockID' cookie.

Since
1.34
Parameters
WebResponse$response

Definition at line 557 of file BlockManager.php.

References WebResponse\clearCookie().

Referenced by MediaWiki\Block\BlockManager\trackBlockWithCookie().

◆ getAdditionalIpBlocks()

MediaWiki\Block\BlockManager::getAdditionalIpBlocks ( $blocks,
WebRequest  $request,
  $isAnon,
  $fromMaster 
)
private

Check for any additional blocks against the IP address or any IPs in the XFF header.

Parameters
AbstractBlock[]&$blocks Blocks found so far
WebRequest$request
bool$isAnonThe user is logged out
bool$fromMaster
Returns
void

Definition at line 197 of file BlockManager.php.

References MediaWiki\Block\DatabaseBlock\getBlocksForIPList(), WebRequest\getHeader(), WebRequest\getIP(), MediaWiki\Block\BlockManager\isDnsBlacklisted(), IP\isInRanges(), MediaWiki\Block\BlockManager\isLocallyBlockedProxy(), and wfMessage().

Referenced by MediaWiki\Block\BlockManager\getUserBlock().

◆ getBlockFromCookieValue()

MediaWiki\Block\BlockManager::getBlockFromCookieValue ( UserIdentity  $user,
WebRequest  $request 
)
private

Try to load a block from an ID given in a cookie value.

If the block is invalid, doesn't exist, or the cookie value is malformed, no block will be loaded. In these cases the cookie will either (1) be replaced with a valid cookie or (2) removed, next time trackBlockWithCookie is called.

Parameters
UserIdentity$user
WebRequest$request
Returns
DatabaseBlock|bool The block object, or false if none could be loaded.

Definition at line 286 of file BlockManager.php.

References WebRequest\getCookie(), MediaWiki\Block\BlockManager\getIdFromCookieValue(), MediaWiki\User\UserIdentity\isRegistered(), MediaWiki\Block\DatabaseBlock\newFromID(), and MediaWiki\Block\BlockManager\shouldApplyCookieBlock().

Referenced by MediaWiki\Block\BlockManager\getCookieBlock(), and MediaWiki\Block\BlockManager\trackBlockWithCookie().

◆ getCookieBlock()

MediaWiki\Block\BlockManager::getCookieBlock ( $blocks,
UserIdentity  $user,
WebRequest  $request 
)
private

Get the cookie block, if there is one.

Parameters
AbstractBlock[]&$blocks
UserIdentity$user
WebRequest$request
Returns
void

Definition at line 181 of file BlockManager.php.

References MediaWiki\Block\BlockManager\getBlockFromCookieValue().

Referenced by MediaWiki\Block\BlockManager\getUserBlock().

◆ getCookieValue()

MediaWiki\Block\BlockManager::getCookieValue ( DatabaseBlock  $block)

Get the BlockID cookie's value for this block.

This is usually the block ID concatenated with an HMAC in order to avoid spoofing (T152951), but if wgSecretKey is not set will just be the block ID.

Since
1.34

Definition at line 604 of file BlockManager.php.

References MediaWiki\Block\DatabaseBlock\getId(), and MWCryptHash\hmac().

Referenced by MediaWiki\Block\BlockManager\setBlockCookie().

◆ getIdFromCookieValue()

MediaWiki\Block\BlockManager::getIdFromCookieValue (   $cookieValue)

Get the stored ID from the 'BlockID' cookie.

The cookie's value is usually a combination of the ID and a HMAC (see DatabaseBlock::setCookie), but will sometimes only be the ID.

Since
1.34

Definition at line 571 of file BlockManager.php.

References MWCryptHash\hmac().

Referenced by MediaWiki\Block\BlockManager\getBlockFromCookieValue().

◆ getUniqueBlocks()

MediaWiki\Block\BlockManager::getUniqueBlocks ( array  $blocks)
private

Given a list of blocks, return a list of unique blocks.

This usually means that each block has a unique ID. For a block with ID null, if it's an autoblock, it will be filtered out if the parent block is present; if not, it is assumed to be a unique system block, and kept.

Parameters
AbstractBlock[]$blocks
Returns
AbstractBlock[]

Definition at line 254 of file BlockManager.php.

References MediaWiki\Block\AbstractBlock\TYPE_AUTO.

Referenced by MediaWiki\Block\BlockManager\getUserBlock().

◆ getUserBlock()

MediaWiki\Block\BlockManager::getUserBlock ( User  $user,
  $request,
  $fromReplica 
)

Get the blocks that apply to a user.

If there is only one, return that, otherwise return a composite block that combines the strictest features of the applicable blocks.

Different blocks may be sought, depending on the user and their permissions. The user may be: (1) The global user (and can be affected by IP blocks). The global request object is needed for checking the IP address, the XFF header and the cookies. (2) The global user (and exempt from IP blocks). The global request object is needed for checking the cookies. (3) Another user (not the global user). No request object is available or needed; just look for a block against the user account.

Cases #1 and #2 check whether the global user is blocked in practice; the block may due to their user account being blocked or to an IP address block or cookie block (or multiple of these). Case #3 simply checks whether a user's account is blocked, and does not determine whether the person using that account is affected in practice by any IP address or cookie blocks.

Definition at line 117 of file BlockManager.php.

References MediaWiki\Block\BlockManager\getAdditionalIpBlocks(), MediaWiki\Block\BlockManager\getCookieBlock(), MediaWiki\Block\BlockManager\getUniqueBlocks(), User\isRegistered(), MediaWiki\Block\DatabaseBlock\newListFromTarget(), and Hooks\run().

◆ inDnsBlacklist()

MediaWiki\Block\BlockManager::inDnsBlacklist (   $ip,
array  $bases 
)
private

Whether the given IP is in a given DNS blacklist.

Parameters
string$ipIP to check
array$basesArray of Strings: URL of the DNS blacklist
Returns
bool True if blacklisted.

Definition at line 381 of file BlockManager.php.

References $base, MediaWiki\Block\BlockManager\checkHost(), and IP\isIPv4().

Referenced by MediaWiki\Block\BlockManager\isDnsBlacklisted().

◆ isDnsBlacklisted()

MediaWiki\Block\BlockManager::isDnsBlacklisted (   $ip,
  $checkWhitelist = false 
)

Whether the given IP is in a DNS blacklist.

Parameters
string$ipIP to check
bool$checkWhitelistWhether to check the whitelist first
Returns
bool True if blacklisted.

Definition at line 364 of file BlockManager.php.

References MediaWiki\Block\BlockManager\inDnsBlacklist().

Referenced by MediaWiki\Block\BlockManager\getAdditionalIpBlocks().

◆ isLocallyBlockedProxy()

MediaWiki\Block\BlockManager::isLocallyBlockedProxy (   $ip)
private

Check if an IP address is in the local proxy list.

Parameters
string$ip
Returns
bool

Definition at line 342 of file BlockManager.php.

Referenced by MediaWiki\Block\BlockManager\getAdditionalIpBlocks().

◆ setBlockCookie()

MediaWiki\Block\BlockManager::setBlockCookie ( DatabaseBlock  $block,
WebResponse  $response 
)

Set the 'BlockID' cookie to this block's ID and expiry time.

The cookie's expiry will be the same as the block's, to a maximum of 24 hours.

Since
1.34

Definition at line 506 of file BlockManager.php.

References $expiryTime, MediaWiki\Block\BlockManager\getCookieValue(), MediaWiki\Block\AbstractBlock\getExpiry(), WebResponse\setCookie(), and wfTimestamp().

Referenced by MediaWiki\Block\BlockManager\trackBlockWithCookie().

◆ shouldApplyCookieBlock()

MediaWiki\Block\BlockManager::shouldApplyCookieBlock ( DatabaseBlock  $block,
  $isAnon 
)
private

◆ shouldTrackBlockWithCookie()

MediaWiki\Block\BlockManager::shouldTrackBlockWithCookie ( AbstractBlock  $block,
  $isAnon 
)
private

Check if the block should be tracked with a cookie.

Parameters
AbstractBlock$block
bool$isAnonThe user is logged out
Returns
bool The block sould be tracked with a cookie

Definition at line 534 of file BlockManager.php.

References MediaWiki\Block\AbstractBlock\getType(), MediaWiki\Block\AbstractBlock\TYPE_IP, MediaWiki\Block\AbstractBlock\TYPE_RANGE, and MediaWiki\Block\AbstractBlock\TYPE_USER.

Referenced by MediaWiki\Block\BlockManager\trackBlockWithCookie().

◆ trackBlockWithCookie()

MediaWiki\Block\BlockManager::trackBlockWithCookie ( User  $user,
WebResponse  $response 
)

Set the 'BlockID' cookie depending on block type and user authentication status.

If a block cookie is already set, this will check the block that the cookie references and do the following:

  • If the block is a valid block that should be applied, do nothing and return early. This ensures that the cookie's expiry time is based on the time of the first page load or attempt. (See discussion on T233595.)
  • If the block is invalid (e.g. has expired), clear the cookie and continue to check whether there is another block that should be tracked.
  • If the block is a valid block, but should not be tracked by a cookie, clear the cookie and continue to check whether there is another block that should be tracked.
Since
1.34
Parameters
User$user
WebResponse$responseThe response on which to set the cookie.
Exceptions
LogicExceptionIf called before the User object was loaded.
LogicExceptionIf not called pre-send.

Definition at line 451 of file BlockManager.php.

References MediaWiki\Block\BlockManager\clearBlockCookie(), User\getBlock(), MediaWiki\Block\BlockManager\getBlockFromCookieValue(), User\getRequest(), WebResponse\headersSent(), User\isAnon(), User\isSafeToLoad(), MediaWiki\Block\BlockManager\setBlockCookie(), MediaWiki\Block\BlockManager\shouldApplyCookieBlock(), and MediaWiki\Block\BlockManager\shouldTrackBlockWithCookie().

Member Data Documentation

◆ $logger

LoggerInterface MediaWiki\Block\BlockManager::$logger
private
Initial value:
=[,,,,,,,,,]
public const CONSTRUCTOR_OPTIONS
'ApplyIpBlocksToXff'
'CookieSetOnAutoblock'
'CookieSetOnIpBlock'
'DnsBlacklistUrls'
'EnableDnsBlacklist'
'ProxyList'
'ProxyWhitelist'
'SecretKey'
'SoftBlockRanges'

Definition at line 52 of file BlockManager.php.

Referenced by MediaWiki\Block\BlockManager\__construct().

◆ $options

ServiceOptions MediaWiki\Block\BlockManager::$options
private

Definition at line 50 of file BlockManager.php.

Referenced by MediaWiki\Block\BlockManager\__construct().

◆ $permissionManager

PermissionManager MediaWiki\Block\BlockManager::$permissionManager
private

Definition at line 47 of file BlockManager.php.

Referenced by MediaWiki\Block\BlockManager\__construct().


The documentation for this class was generated from the following file: