MediaWiki  master
UserPasswordPolicy Class Reference

Check if a user's password complies with any password policies that apply to that user, based on the user's group membership. More...

Public Member Functions

 __construct (array $policies, array $checks)
 
 checkUserPassword (UserIdentity $user, $password)
 Check if a password meets the effective password policy for a User. More...
 
 checkUserPasswordForGroups (UserIdentity $user, $password, array $groups)
 Check if a password meets the effective password policy for a User, using a set of groups they may or may not belong to. More...
 
 getPoliciesForUser (UserIdentity $user)
 Get the policy for a user, based on their group membership. More...
 

Static Public Member Functions

static getPoliciesForGroups (array $policies, array $userGroups, array $defaultPolicy)
 Utility function to get the effective policy from a list of policies, based on a list of groups. More...
 
static maxOfPolicies (array $p1, array $p2)
 Utility function to get a policy that is the most restrictive of $p1 and $p2. More...
 

Detailed Description

Check if a user's password complies with any password policies that apply to that user, based on the user's group membership.

Since
1.26

Definition at line 31 of file UserPasswordPolicy.php.

Constructor & Destructor Documentation

◆ __construct()

UserPasswordPolicy::__construct ( array  $policies,
array  $checks 
)
Parameters
array[]$policiesList of lists of policies per user group
callable[]$checksmapping statement to its checking function. Checking functions are called with the policy value for this user, the user object, and the password to check.

Definition at line 51 of file UserPasswordPolicy.php.

Member Function Documentation

◆ checkUserPassword()

UserPasswordPolicy::checkUserPassword ( UserIdentity  $user,
  $password 
)

Check if a password meets the effective password policy for a User.

Parameters
UserIdentity$userwhose policy we are checking
string$passwordthe password to check
Returns
Status error to indicate the password didn't meet the policy, or fatal to indicate the user shouldn't be allowed to login. The status value will be an array, potentially with the following keys:
  • forceChange: do not allow the user to login without changing the password if invalid.
  • suggestChangeOnLogin: prompt for a password change on login if the password is invalid.

Definition at line 79 of file UserPasswordPolicy.php.

References getPoliciesForUser().

◆ checkUserPasswordForGroups()

UserPasswordPolicy::checkUserPasswordForGroups ( UserIdentity  $user,
  $password,
array  $groups 
)

Check if a password meets the effective password policy for a User, using a set of groups they may or may not belong to.

This function does not use the DB, so can be used in the installer.

Parameters
UserIdentity$userwhose policy we are checking
string$passwordthe password to check
string[]$groupslist of groups to which we assume the user belongs
Returns
Status error to indicate the password didn't meet the policy, or fatal to indicate the user shouldn't be allowed to login. The status value will be an array, potentially with the following keys:
  • forceChange: do not allow the user to login without changing the password if invalid.
  • suggestChangeOnLogin: prompt for a password change on login if the password is invalid.

Definition at line 102 of file UserPasswordPolicy.php.

References getPoliciesForGroups().

◆ getPoliciesForGroups()

static UserPasswordPolicy::getPoliciesForGroups ( array  $policies,
array  $userGroups,
array  $defaultPolicy 
)
static

Utility function to get the effective policy from a list of policies, based on a list of groups.

Parameters
array[]$policiesList of lists of policies per user group
string[]$userGroupsthe groups from which we calculate the effective policy
array$defaultPolicythe default policy to start from
Returns
array effective policy

Definition at line 204 of file UserPasswordPolicy.php.

References maxOfPolicies().

Referenced by checkUserPasswordForGroups(), and getPoliciesForUser().

◆ getPoliciesForUser()

UserPasswordPolicy::getPoliciesForUser ( UserIdentity  $user)

Get the policy for a user, based on their group membership.

Public so UI elements can access and inform the user.

Parameters
UserIdentity$user
Returns
array the effective policy for $user

Definition at line 179 of file UserPasswordPolicy.php.

References getPoliciesForGroups(), and Hooks\runner().

Referenced by checkUserPassword().

◆ maxOfPolicies()

static UserPasswordPolicy::maxOfPolicies ( array  $p1,
array  $p2 
)
static

Utility function to get a policy that is the most restrictive of $p1 and $p2.

For simplicity, we setup the policy values so the maximum value is always more restrictive. It is also used recursively to merge settings within the same policy.

Parameters
array$p1
array$p2
Returns
array containing the more restrictive values of $p1 and $p2

Definition at line 228 of file UserPasswordPolicy.php.

References $keys.

Referenced by getPoliciesForGroups().


The documentation for this class was generated from the following file: