MediaWiki master
MediaWiki\Password\PasswordPolicyChecks Class Reference

Functions to check passwords against a policy requirement. More...

Static Public Member Functions

static checkMaximalPasswordLength ( $policyVal, UserIdentity $user, $password)
 Check password is shorter than the maximum, fatal.
 
static checkMinimalPasswordLength ( $policyVal, UserIdentity $user, $password)
 Check password is longer than the minimum, not fatal.
 
static checkMinimumPasswordLengthToLogin ( $policyVal, UserIdentity $user, $password)
 Check password is longer than the minimum, fatal.
 
static checkPasswordCannotBeSubstringInUsername ( $policyVal, UserIdentity $user, $password)
 Check if a password is a (case-insensitive) substring within the username.
 
static checkPasswordCannotMatchDefaults ( $policyVal, UserIdentity $user, $password)
 Check if username and password are on a list of past MediaWiki default passwords.
 
static checkPasswordNotInCommonList ( $policyVal, UserIdentity $user, $password)
 Ensure the password isn't in the list of common passwords by the wikimedia/common-passwords library, which contains (as of 0.2.0) the 100,000 top passwords from SecLists (as a Bloom filter, with an 0.000001 false positive ratio).
 

Detailed Description

Functions to check passwords against a policy requirement.

$policyVal is the value configured in $wgPasswordPolicy. If the return status is fatal, the user won't be allowed to log in. If the status is not good but not fatal, the user will not be allowed to set the given password (on registration or password change), but can still log in after bypassing a warning.

Since
1.26
See also
$wgPasswordPolicy

Definition at line 40 of file PasswordPolicyChecks.php.

Member Function Documentation

◆ checkMaximalPasswordLength()

static MediaWiki\Password\PasswordPolicyChecks::checkMaximalPasswordLength ( $policyVal,
UserIdentity $user,
$password )
static

Check password is shorter than the maximum, fatal.

Intended for preventing DoS attacks when using a more expensive password hash like PBKDF2.

Parameters
int$policyValmaximum length
UserIdentity$user
string$password
Returns
Status fatal if $password is shorter than $policyVal

Definition at line 82 of file PasswordPolicyChecks.php.

◆ checkMinimalPasswordLength()

static MediaWiki\Password\PasswordPolicyChecks::checkMinimalPasswordLength ( $policyVal,
UserIdentity $user,
$password )
static

Check password is longer than the minimum, not fatal.

Parameters
int$policyValminimal length
UserIdentity$user
string$password
Returns
Status error if $password is shorter than $policyVal

Definition at line 49 of file PasswordPolicyChecks.php.

◆ checkMinimumPasswordLengthToLogin()

static MediaWiki\Password\PasswordPolicyChecks::checkMinimumPasswordLengthToLogin ( $policyVal,
UserIdentity $user,
$password )
static

Check password is longer than the minimum, fatal.

Intended for locking out users with passwords too short to trust, requiring them to recover their account by some other means.

Parameters
int$policyValminimal length
UserIdentity$user
string$password
Returns
Status fatal if $password is shorter than $policyVal

Definition at line 66 of file PasswordPolicyChecks.php.

◆ checkPasswordCannotBeSubstringInUsername()

static MediaWiki\Password\PasswordPolicyChecks::checkPasswordCannotBeSubstringInUsername ( $policyVal,
UserIdentity $user,
$password )
static

Check if a password is a (case-insensitive) substring within the username.

Parameters
bool$policyValtrue to force compliance.
UserIdentity$user
string$password
Returns
Status error if the password is a substring within username, and the policy is true

Definition at line 97 of file PasswordPolicyChecks.php.

References MediaWiki\User\UserIdentity\getName().

◆ checkPasswordCannotMatchDefaults()

static MediaWiki\Password\PasswordPolicyChecks::checkPasswordCannotMatchDefaults ( $policyVal,
UserIdentity $user,
$password )
static

Check if username and password are on a list of past MediaWiki default passwords.

Parameters
bool$policyValtrue to force compliance.
UserIdentity$user
string$password
Returns
Status error if the username and password match, and policy is true

Definition at line 117 of file PasswordPolicyChecks.php.

References MediaWiki\User\UserIdentity\getName().

◆ checkPasswordNotInCommonList()

static MediaWiki\Password\PasswordPolicyChecks::checkPasswordNotInCommonList ( $policyVal,
UserIdentity $user,
$password )
static

Ensure the password isn't in the list of common passwords by the wikimedia/common-passwords library, which contains (as of 0.2.0) the 100,000 top passwords from SecLists (as a Bloom filter, with an 0.000001 false positive ratio).

Parameters
bool$policyValWhether to apply this policy
UserIdentity$user
string$password
Since
1.33
Returns
Status

Definition at line 159 of file PasswordPolicyChecks.php.


The documentation for this class was generated from the following file: