A base class that implements some of the boilerplate for a SecondaryAuthenticationProvider. More...
Public Member Functions | ||||
| autoCreatedAccount ($user, $source) | ||||
| Post-auto-creation callback. More... | ||||
| continueSecondaryAccountCreation ($user, $creator, array $reqs) | ||||
| Continue an authentication flow. More... | ||||
| continueSecondaryAuthentication ($user, array $reqs) | ||||
| Continue an authentication flow. More... | ||||
| postAccountCreation ($user, $creator, AuthenticationResponse $response) | ||||
| Post-creation callback. More... | ||||
| postAuthentication ($user, AuthenticationResponse $response) | ||||
| Post-login callback. More... | ||||
| providerAllowsAuthenticationDataChange (AuthenticationRequest $req, $checkData=true) | ||||
| Validate a change of authentication data (e.g. More... | ||||
| providerAllowsPropertyChange ($property) | ||||
| Determine whether a property can change. More... | ||||
| providerChangeAuthenticationData (AuthenticationRequest $req) | ||||
| Change or remove authentication data (e.g. More... | ||||
| providerRevokeAccessForUser ($username) | ||||
Revoke the user's credentials.This may cause the user to no longer exist for the provider, or the user may continue to exist in a "disabled" state.The intention is that the named account will never again be usable for normal login (i.e. there is no way to undo the revocation of access).
| ||||
| testForAccountCreation ($user, $creator, array $reqs) | ||||
| Determine whether an account creation may begin. More... | ||||
| testUserForCreation ($user, $autocreate, array $options=[]) | ||||
| Determine whether an account may be created. More... | ||||
 Public Member Functions inherited from MediaWiki\Auth\AbstractAuthenticationProvider | ||||
| getUniqueId () | ||||
Return a unique identifier for this instance.This must be the same across requests. If multiple instances return the same ID, exceptions will be thrown from AuthManager.
| ||||
| setConfig (Config $config) | ||||
| Set configuration. More... | ||||
| setLogger (LoggerInterface $logger) | ||||
| setManager (AuthManager $manager) | ||||
| Set AuthManager. More... | ||||
| Public Member Functions inherited from MediaWiki\Auth\AuthenticationProvider | ||||
| getAuthenticationRequests ($action, array $options) | ||||
| Return the applicable list of AuthenticationRequests. More... | ||||
| Public Member Functions inherited from MediaWiki\Auth\SecondaryAuthenticationProvider | ||||
| beginSecondaryAccountCreation ($user, $creator, array $reqs) | ||||
| Start an account creation flow. More... | ||||
| beginSecondaryAuthentication ($user, array $reqs) | ||||
| Start an authentication flow. More... | ||||
Additional Inherited Members | |
| Protected Attributes inherited from MediaWiki\Auth\AbstractAuthenticationProvider | |
| Config | $config |
| LoggerInterface | $logger |
| AuthManager | $manager |
Detailed Description
A base class that implements some of the boilerplate for a SecondaryAuthenticationProvider.
- Since
- 1.27
Definition at line 30 of file AbstractSecondaryAuthenticationProvider.php.
Member Function Documentation
| MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::autoCreatedAccount | ( | $user, | |
| $source | |||
| ) |
Post-auto-creation callback.
- Parameters
-
User $user User being created (has been added to the database now). This may become a "UserValue" in the future, or User may be refactored into such. string $source The source of the auto-creation passed to AuthManager::autoCreateUser().
Implements MediaWiki\Auth\SecondaryAuthenticationProvider.
Definition at line 84 of file AbstractSecondaryAuthenticationProvider.php.
| MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::continueSecondaryAccountCreation | ( | $user, | |
| $creator, | |||
| array | $reqs | ||
| ) |
Continue an authentication flow.
- Parameters
-
User $user User being created (has been added to the database). This may become a "UserValue" in the future, or User may be refactored into such. User $creator User doing the creation. This may become a "UserValue" in the future, or User may be refactored into such. AuthenticationRequest[] $reqs
- Returns
- AuthenticationResponse Expected responses:
- PASS: The user creation is ok. Additional secondary providers may run.
- ABSTAIN: Additional secondary providers may run.
- UI: Additional AuthenticationRequests are needed to complete the process.
- REDIRECT: Redirection to a third party is needed to complete the process.
Implements MediaWiki\Auth\SecondaryAuthenticationProvider.
Definition at line 73 of file AbstractSecondaryAuthenticationProvider.php.
| MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::continueSecondaryAuthentication | ( | $user, | |
| array | $reqs | ||
| ) |
Continue an authentication flow.
- Parameters
-
User $user User being authenticated. This may become a "UserValue" in the future, or User may be refactored into such. AuthenticationRequest[] $reqs
- Returns
- AuthenticationResponse Expected responses:
- PASS: The user is authenticated. Additional secondary providers may run.
- FAIL: The user is not authenticated. Fail the authentication process.
- ABSTAIN: Additional secondary providers may run.
- UI: Additional AuthenticationRequests are needed to complete the process.
- REDIRECT: Redirection to a third party is needed to complete the process.
Implements MediaWiki\Auth\SecondaryAuthenticationProvider.
Definition at line 34 of file AbstractSecondaryAuthenticationProvider.php.
| MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::postAccountCreation | ( | $user, | |
| $creator, | |||
| AuthenticationResponse | $response | ||
| ) |
Post-creation callback.
- Parameters
-
User $user User that was attempted to be created. This may become a "UserValue" in the future, or User may be refactored into such. User $creator User doing the creation. This may become a "UserValue" in the future, or User may be refactored into such. AuthenticationResponse $response Authentication response that will be returned
Implements MediaWiki\Auth\SecondaryAuthenticationProvider.
Definition at line 77 of file AbstractSecondaryAuthenticationProvider.php.
| MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::postAuthentication | ( | $user, | |
| AuthenticationResponse | $response | ||
| ) |
Post-login callback.
- Parameters
-
User | null $user User that was attempted to be logged in, if known. This may become a "UserValue" in the future, or User may be refactored into such. AuthenticationResponse $response Authentication response that will be returned
Implements MediaWiki\Auth\SecondaryAuthenticationProvider.
Definition at line 38 of file AbstractSecondaryAuthenticationProvider.php.
| MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::providerAllowsAuthenticationDataChange | ( | AuthenticationRequest | $req, |
$checkData = true |
|||
| ) |
Validate a change of authentication data (e.g.
passwords)
Return StatusValue::newGood( 'ignored' ) if you don't support this AuthenticationRequest type.
- Parameters
-
AuthenticationRequest $req bool $checkData If false, $req hasn't been loaded from the submission so checks on user-submitted fields should be skipped. $req->username is considered user-submitted for this purpose, even if it cannot be changed via $req->loadFromSubmission.
- Returns
- StatusValue
Implements MediaWiki\Auth\SecondaryAuthenticationProvider.
Definition at line 60 of file AbstractSecondaryAuthenticationProvider.php.
| MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::providerAllowsPropertyChange | ( | $property | ) |
Determine whether a property can change.
- Parameters
-
string $property
- Returns
- bool
Implements MediaWiki\Auth\SecondaryAuthenticationProvider.
Definition at line 41 of file AbstractSecondaryAuthenticationProvider.php.
| MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::providerChangeAuthenticationData | ( | AuthenticationRequest | $req | ) |
Change or remove authentication data (e.g.
passwords)
If $req was returned for AuthManager::ACTION_CHANGE, the corresponding credentials should result in a successful login in the future.
If $req was returned for AuthManager::ACTION_REMOVE, the corresponding credentials should no longer result in a successful login.
- Parameters
-
AuthenticationRequest $req
Implements MediaWiki\Auth\SecondaryAuthenticationProvider.
Definition at line 66 of file AbstractSecondaryAuthenticationProvider.php.
Referenced by MediaWiki\Auth\AbstractSecondaryAuthenticationProvider\providerRevokeAccessForUser().
| MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::providerRevokeAccessForUser | ( | $username | ) |
Revoke the user's credentials.This may cause the user to no longer exist for the provider, or the user may continue to exist in a "disabled" state.The intention is that the named account will never again be usable for normal login (i.e. there is no way to undo the revocation of access).
- Parameters
-
string $username
- Note
- Reimplement this if self::getAuthenticationRequests( AuthManager::ACTION_REMOVE ) doesn't return requests that will revoke all access for the user.
Implements MediaWiki\Auth\SecondaryAuthenticationProvider.
Definition at line 50 of file AbstractSecondaryAuthenticationProvider.php.
References $req, $username, MediaWiki\Auth\AuthManager\ACTION_REMOVE, as, MediaWiki\Auth\AuthenticationProvider\getAuthenticationRequests(), and MediaWiki\Auth\AbstractSecondaryAuthenticationProvider\providerChangeAuthenticationData().
| MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::testForAccountCreation | ( | $user, | |
| $creator, | |||
| array | $reqs | ||
| ) |
Determine whether an account creation may begin.
Called from AuthManager::beginAccountCreation()
- Note
- No need to test if the account exists, AuthManager checks that
- Parameters
-
User $user User being created (not added to the database yet). This may become a "UserValue" in the future, or User may be refactored into such. User $creator User doing the creation. This may become a "UserValue" in the future, or User may be refactored into such. AuthenticationRequest[] $reqs
- Returns
- StatusValue
Implements MediaWiki\Auth\SecondaryAuthenticationProvider.
Definition at line 69 of file AbstractSecondaryAuthenticationProvider.php.
| MediaWiki\Auth\AbstractSecondaryAuthenticationProvider::testUserForCreation | ( | $user, | |
| $autocreate, | |||
| array | $options = [] |
||
| ) |
Determine whether an account may be created.
- Parameters
-
User $user User being created (not added to the database yet). This may become a "UserValue" in the future, or User may be refactored into such. bool | string $autocreate False if this is not an auto-creation, or the source of the auto-creation passed to AuthManager::autoCreateUser(). array $options - flags: (int) Bitfield of User:READ_* constants, default User::READ_NORMAL
- creating: (bool) If false (or missing), this call is only testing if a user could be created. If set, this (non-autocreation) is for actually creating an account and will be followed by a call to testForAccountCreation(). In this case, the provider might return StatusValue::newGood() here and let the later call to testForAccountCreation() do a more thorough test.
- Returns
- StatusValue
Implements MediaWiki\Auth\SecondaryAuthenticationProvider.
Definition at line 80 of file AbstractSecondaryAuthenticationProvider.php.
The documentation for this class was generated from the following file:
- includes/auth/AbstractSecondaryAuthenticationProvider.php
