MediaWiki  master
PasswordReset Class Reference

Helper class for the password reset functionality shared by the web UI and the API. More...

Inheritance diagram for PasswordReset:
Collaboration diagram for PasswordReset:

Public Member Functions

 __construct ( $config, AuthManager $authManager, PermissionManager $permissionManager, ILoadBalancer $loadBalancer=null, LoggerInterface $logger=null)
 This class is managed by MediaWikiServices, don't instantiate directly. More...
 
 execute (User $performingUser, $username=null, $email=null)
 Do a password reset. More...
 
 isAllowed (User $user)
 Check if a given user has permission to use this functionality. More...
 

Public Attributes

const CONSTRUCTOR_OPTIONS
 

Protected Member Functions

 getUsersByEmail ( $email)
 
 isBlocked (User $user)
 Check whether the user is blocked. More...
 
 lookupUser ( $username)
 User object creation helper for testability. More...
 

Protected Attributes

AuthManager $authManager
 
ServiceOptions Config $config
 
ILoadBalancer $loadBalancer
 
PermissionManager $permissionManager
 

Private Attributes

MapCacheLRU $permissionCache
 In-process cache for isAllowed lookups, by username. More...
 

Detailed Description

Helper class for the password reset functionality shared by the web UI and the API.

Requires the TemporaryPasswordPrimaryAuthenticationProvider and the EmailNotificationSecondaryAuthenticationProvider (or something providing equivalent functionality) to be enabled.

Definition at line 41 of file PasswordReset.php.

Constructor & Destructor Documentation

◆ __construct()

PasswordReset::__construct (   $config,
AuthManager  $authManager,
PermissionManager  $permissionManager,
ILoadBalancer  $loadBalancer = null,
LoggerInterface  $logger = null 
)

This class is managed by MediaWikiServices, don't instantiate directly.

Parameters
ServiceOptions | Config$config
AuthManager$authManager
PermissionManager$permissionManager
ILoadBalancer | null$loadBalancer
LoggerInterface | null$logger

Definition at line 78 of file PasswordReset.php.

References $authManager, $config, $loadBalancer, $permissionManager, and wfDeprecated().

Member Function Documentation

◆ execute()

PasswordReset::execute ( User  $performingUser,
  $username = null,
  $email = null 
)

Do a password reset.

Authorization is the caller's responsibility.

Process the form. At this point we know that the user passes all the criteria in userCanExecute(), and if the data array contains 'Username', etc, then Username resets are allowed.

Since
1.29 Fourth argument for displayPassword removed.
Parameters
User$performingUserThe user that does the password reset
string | null$usernameThe user whose password is reset
string | null$emailAlternative way to specify the user
Returns
StatusValue Will contain the passwords as a username => password array if the $displayPassword flag was set
Exceptions
LogicExceptionWhen the user is not allowed to perform the action
MWExceptionOn unexpected DB errors

Definition at line 162 of file PasswordReset.php.

References User\getId(), User\getName(), User\getRequest(), getUsersByEmail(), isAllowed(), lookupUser(), StatusValue\newFatal(), Message\newFromSpecifier(), StatusValue\newGood(), User\pingLimiter(), Hooks\run(), Sanitizer\validateEmail(), wfEscapeWikiText(), and wfMessage().

◆ getUsersByEmail()

PasswordReset::getUsersByEmail (   $email)
protected
Parameters
string$email
Returns
User[]
Exceptions
MWExceptionOn unexpected database errors

Definition at line 337 of file PasswordReset.php.

References $res, DB_REPLICA, User\getQueryInfo(), and User\newFromRow().

Referenced by execute().

◆ isAllowed()

PasswordReset::isAllowed ( User  $user)

Check if a given user has permission to use this functionality.

Parameters
User$user
Since
1.29 Second argument for displayPassword removed.
Returns
StatusValue

Definition at line 110 of file PasswordReset.php.

References User\getName(), isBlocked(), StatusValue\newFatal(), and StatusValue\newGood().

Referenced by execute().

◆ isBlocked()

PasswordReset::isBlocked ( User  $user)
protected

Check whether the user is blocked.

Ignores certain types of system blocks that are only meant to force users to log in.

Parameters
User$user
Returns
bool
Since
1.30

Definition at line 324 of file PasswordReset.php.

References User\getBlock(), and User\getGlobalBlock().

Referenced by isAllowed().

◆ lookupUser()

PasswordReset::lookupUser (   $username)
protected

User object creation helper for testability.

Parameters
string$username
Returns
User|false

Definition at line 367 of file PasswordReset.php.

References User\newFromName().

Referenced by execute().

Member Data Documentation

◆ $authManager

AuthManager PasswordReset::$authManager
protected

Definition at line 48 of file PasswordReset.php.

Referenced by __construct().

◆ $config

ServiceOptions Config PasswordReset::$config
protected

Definition at line 45 of file PasswordReset.php.

Referenced by __construct().

◆ $loadBalancer

ILoadBalancer PasswordReset::$loadBalancer
protected

Definition at line 54 of file PasswordReset.php.

Referenced by __construct().

◆ $permissionCache

MapCacheLRU PasswordReset::$permissionCache
private

In-process cache for isAllowed lookups, by username.

Contains a StatusValue object

Definition at line 61 of file PasswordReset.php.

◆ $permissionManager

PermissionManager PasswordReset::$permissionManager
protected

Definition at line 51 of file PasswordReset.php.

Referenced by __construct().

◆ CONSTRUCTOR_OPTIONS

const PasswordReset::CONSTRUCTOR_OPTIONS
Initial value:
= [
'AllowRequiringEmailForResets',
'EnableEmail',
'PasswordResetRoutes',
]

Definition at line 63 of file PasswordReset.php.


The documentation for this class was generated from the following file: