MediaWiki master
MediaWiki\Auth\Hook\AuthManagerVerifyAuthenticationHook Interface Reference

This is a hook handler interface, see docs/Hooks.md. More...

Inherited by MediaWiki\HookContainer\HookRunner.

Public Member Functions

 onAuthManagerVerifyAuthentication (?UserIdentity $user, AuthenticationResponse &$response, AuthManager $authManager, array $info)
 This hook is called before the end of a successful login or account creation attempt.
 

Detailed Description

This is a hook handler interface, see docs/Hooks.md.

Use the hook name "AuthManagerVerifyAuthentication" to register handlers implementing this interface.

Stability: stable
to implement

Definition at line 16 of file AuthManagerVerifyAuthenticationHook.php.

Member Function Documentation

◆ onAuthManagerVerifyAuthentication()

MediaWiki\Auth\Hook\AuthManagerVerifyAuthenticationHook::onAuthManagerVerifyAuthentication ( ?UserIdentity $user,
AuthenticationResponse & $response,
AuthManager $authManager,
array $info )

This hook is called before the end of a successful login or account creation attempt.

It can be used to deny authentication. (For account creation, "before end" means after the primary provider returned PASS. For login, it is after all secondaries have passed or abstained.)

The hook is only called during AuthManager workflows (i.e. not when using the action=login API). After an account creation (which is implemented internally by AuthManager as a separate account creation + login), it is only called for the account creation part. It is not called at all for account linking (where AuthManager does not do any work).

Parameters
UserIdentity | null$userThe user who has successfully authenticated. For login, the user will exist at this point (possibly autocreated during the authentication process). For account creation, the user will not exist yet, and returning false will prevent its creation. (There is no guarantee it will prevent the primary provider from creating some sort of central account, though - that probably happened already by the time the hook is called.) Null is only possible during a login attempt, when the response did not contain a username (i.e. the primary provider identified the user via their remote account, but did not suggest any local username). When not interrupted by the hook, such a login attempt will be treated as a failure but the following login or signup might result in the identified remote account being linked to a local one.
AuthenticationResponse&$responseFor login, the final response returned by AuthManager. For account creation, the response returned by the primary provider. Always a PASS or (when $user is null) a RESTART. When the hook handler returns false, it must replace this with a FAIL response that describes the reason for the failure.
AuthManager$authManagerThe AuthManager instance that is handling the request. This can be used to access the request object, or to access authentication session data (the hook is guaranteed to be called when the authentication session still exists).
array$infoAdditional information:
  • 'action': (string) The action being performed, one of the AuthManager::ACTION_* constants (LOGIN or CREATE).
  • 'primaryId': (string) The unique ID of the primary authentication provider that processed the request.
Returns
bool|void True or no return value to continue or false to abort authentication (in which case $response must be updated).
Since
1.43

Implemented in MediaWiki\HookContainer\HookRunner.


The documentation for this interface was generated from the following file: