MediaWiki  master
UserPasswordPolicy Class Reference

Check if a user's password complies with any password policies that apply to that user, based on the user's group membership. More...

Public Member Functions

 __construct (array $policies, array $checks)
 
 checkUserPassword (User $user, $password)
 Check if a password meets the effective password policy for a User. More...
 
 checkUserPasswordForGroups (User $user, $password, array $groups)
 Check if a password meets the effective password policy for a User, using a set of groups they may or may not belong to. More...
 
 getPoliciesForUser (User $user)
 Get the policy for a user, based on their group membership. More...
 

Static Public Member Functions

static getPoliciesForGroups (array $policies, array $userGroups, array $defaultPolicy)
 Utility function to get the effective policy from a list of policies, based on a list of groups. More...
 
static maxOfPolicies (array $p1, array $p2)
 Utility function to get a policy that is the most restrictive of $p1 and $p2. More...
 

Private Member Functions

 checkPolicies (User $user, $password, $policies, $policyCheckFunctions)
 

Private Attributes

array $policies
 
array $policyCheckFunctions
 Mapping of statements to the function that will test the password for compliance. More...
 

Detailed Description

Check if a user's password complies with any password policies that apply to that user, based on the user's group membership.

Since
1.26

Definition at line 28 of file UserPasswordPolicy.php.

Constructor & Destructor Documentation

◆ __construct()

UserPasswordPolicy::__construct ( array  $policies,
array  $checks 
)
Parameters
array$policies
array$checksmapping statement to its checking function. Checking functions are called with the policy value for this user, the user object, and the password to check.

Definition at line 48 of file UserPasswordPolicy.php.

References $policies, and as.

Member Function Documentation

◆ checkPolicies()

UserPasswordPolicy::checkPolicies ( User  $user,
  $password,
  $policies,
  $policyCheckFunctions 
)
private
Parameters
User$user
string$password
array$policies
array$policyCheckFunctions
Returns
Status

Definition at line 120 of file UserPasswordPolicy.php.

References $value, as, and StatusValue\newGood().

Referenced by checkUserPassword(), and checkUserPasswordForGroups().

◆ checkUserPassword()

UserPasswordPolicy::checkUserPassword ( User  $user,
  $password 
)

Check if a password meets the effective password policy for a User.

Parameters
User$userwhose policy we are checking
string$passwordthe password to check
Returns
Status error to indicate the password didn't meet the policy, or fatal to indicate the user shouldn't be allowed to login. The status value will be an array, potentially with the following keys:
  • forceChange: do not allow the user to login without changing the password if invalid.
  • suggestChangeOnLogin: prompt for a password change on login if the password is invalid.

Definition at line 76 of file UserPasswordPolicy.php.

References checkPolicies(), and getPoliciesForUser().

◆ checkUserPasswordForGroups()

UserPasswordPolicy::checkUserPasswordForGroups ( User  $user,
  $password,
array  $groups 
)

Check if a password meets the effective password policy for a User, using a set of groups they may or may not belong to.

This function does not use the DB, so can be used in the installer.

Parameters
User$userwhose policy we are checking
string$passwordthe password to check
array$groupslist of groups to which we assume the user belongs
Returns
Status error to indicate the password didn't meet the policy, or fatal to indicate the user shouldn't be allowed to login. The status value will be an array, potentially with the following keys:
  • forceChange: do not allow the user to login without changing the password if invalid.
  • suggestChangeOnLogin: prompt for a password change on login if the password is invalid.

Definition at line 99 of file UserPasswordPolicy.php.

References checkPolicies().

◆ getPoliciesForGroups()

static UserPasswordPolicy::getPoliciesForGroups ( array  $policies,
array  $userGroups,
array  $defaultPolicy 
)
static

Utility function to get the effective policy from a list of policies, based on a list of groups.

Parameters
array$policieslist of policies to consider
array$userGroupsthe groups from which we calculate the effective policy
array$defaultPolicythe default policy to start from
Returns
array effective policy

Definition at line 193 of file UserPasswordPolicy.php.

References as.

Referenced by SpecialPasswordPolicies\formatPolicies(), and UserPasswordPolicyTest\testGetPoliciesForGroups().

◆ getPoliciesForUser()

UserPasswordPolicy::getPoliciesForUser ( User  $user)

Get the policy for a user, based on their group membership.

Public so UI elements can access and inform the user.

Parameters
User$user
Returns
array the effective policy for $user

Definition at line 173 of file UserPasswordPolicy.php.

References User\getEffectiveGroups(), and Hooks\run().

Referenced by checkUserPassword().

◆ maxOfPolicies()

static UserPasswordPolicy::maxOfPolicies ( array  $p1,
array  $p2 
)
static

Utility function to get a policy that is the most restrictive of $p1 and $p2.

For simplicity, we setup the policy values so the maximum value is always more restrictive. It is also used recursively to merge settings within the same policy.

Parameters
array$p1
array$p2
Returns
array containing the more restrictive values of $p1 and $p2

Definition at line 217 of file UserPasswordPolicy.php.

References $keys, $ret, and as.

Referenced by UserPasswordPolicyTest\testMaxOfPolicies().

Member Data Documentation

◆ $policies

array UserPasswordPolicy::$policies
private

Definition at line 33 of file UserPasswordPolicy.php.

Referenced by __construct().

◆ $policyCheckFunctions

array UserPasswordPolicy::$policyCheckFunctions
private

Mapping of statements to the function that will test the password for compliance.

The checking functions take the policy value, the user, and password, and return a Status object indicating compliance.

Definition at line 41 of file UserPasswordPolicy.php.


The documentation for this class was generated from the following file: