This serves as the entry point to the authentication system. More...
Public Member Functions | |
| __construct (WebRequest $request, Config $config) | |
| forcePrimaryAuthenticationProviders (array $providers, $why) | |
| Force certain PrimaryAuthenticationProviders. More... | |
| getRequest () | |
| setLogger (LoggerInterface $logger) | |
Authentication | |
| canAuthenticateNow () | |
| Indicate whether user authentication is possible. More... | |
| beginAuthentication (array $reqs, $returnToUrl) | |
| Start an authentication flow. More... | |
| continueAuthentication (array $reqs) | |
| Continue an authentication flow. More... | |
| securitySensitiveOperationStatus ($operation) | |
| Whether security-sensitive operations should proceed. More... | |
| userCanAuthenticate ($username) | |
| Determine whether a username can authenticate. More... | |
| normalizeUsername ($username) | |
| Provide normalized versions of the username for security checks. More... | |
Authentication data changing | |
| revokeAccessForUser ($username) | |
| Revoke any authentication credentials for a user. More... | |
| allowsAuthenticationDataChange (AuthenticationRequest $req, $checkData=true) | |
| Validate a change of authentication data (e.g. More... | |
| changeAuthenticationData (AuthenticationRequest $req) | |
| Change authentication data (e.g. More... | |
Account creation | |
| canCreateAccounts () | |
| Determine whether accounts can be created. More... | |
| canCreateAccount ($username, $options=[]) | |
| Determine whether a particular account can be created. More... | |
| checkAccountCreatePermissions (User $creator) | |
| Basic permissions checks on whether a user can create accounts. More... | |
| beginAccountCreation (User $creator, array $reqs, $returnToUrl) | |
| Start an account creation flow. More... | |
| continueAccountCreation (array $reqs) | |
| Continue an account creation flow. More... | |
| autoCreateUser (User $user, $source, $login=true) | |
| Auto-create an account, and log into that account. More... | |
Account linking | |
| canLinkAccounts () | |
| Determine whether accounts can be linked. More... | |
| beginAccountLink (User $user, array $reqs, $returnToUrl) | |
| Start an account linking flow. More... | |
| continueAccountLink (array $reqs) | |
| Continue an account linking flow. More... | |
Static Public Member Functions | |
| static | callLegacyAuthPlugin ($method, array $params, $return=null) |
| Call a legacy AuthPlugin method, if necessary. More... | |
| static | singleton () |
| Get the global AuthManager. More... | |
Public Attributes | |
| const | ACTION_CHANGE = 'change' |
| Change a user's credentials. More... | |
| const | ACTION_CREATE = 'create' |
| Create a new user. More... | |
| const | ACTION_CREATE_CONTINUE = 'create-continue' |
| Continue a user creation process that was interrupted by the need for user input or communication with an external provider. More... | |
| const | ACTION_LINK = 'link' |
| Link an existing user to a third-party account. More... | |
| const | ACTION_LINK_CONTINUE = 'link-continue' |
| Continue a user linking process that was interrupted by the need for user input or communication with an external provider. More... | |
| const | ACTION_LOGIN = 'login' |
| Log in with an existing (not necessarily local) user. More... | |
| const | ACTION_LOGIN_CONTINUE = 'login-continue' |
| Continue a login process that was interrupted by the need for user input or communication with an external provider. More... | |
| const | ACTION_REMOVE = 'remove' |
| Remove a user's credentials. More... | |
| const | ACTION_UNLINK = 'unlink' |
| Like ACTION_REMOVE but for linking providers only. More... | |
| const | AUTOCREATE_SOURCE_SESSION = \MediaWiki\Session\SessionManager::class |
| Auto-creation is due to SessionManager. More... | |
| const | SEC_FAIL = 'fail' |
| Security-sensitive should not be performed. More... | |
| const | SEC_OK = 'ok' |
| Security-sensitive operations are ok. More... | |
| const | SEC_REAUTH = 'reauth' |
| Security-sensitive operations should re-authenticate. More... | |
Private Attributes | |
| AuthenticationProvider[] | $allAuthenticationProviders = [] |
| Config | $config |
| CreatedAccountAuthenticationRequest[] | $createdAccountAuthenticationRequests = [] |
| LoggerInterface | $logger |
| PreAuthenticationProvider[] | $preAuthenticationProviders = null |
| PrimaryAuthenticationProvider[] | $primaryAuthenticationProviders = null |
| WebRequest | $request |
| SecondaryAuthenticationProvider[] | $secondaryAuthenticationProviders = null |
Static Private Attributes | |
| static AuthManager null | $instance = null |
Information methods | |
| getAuthenticationRequests ($action, User $user=null) | |
| Return the applicable list of AuthenticationRequests. More... | |
| userExists ($username, $flags=User::READ_NORMAL) | |
| Determine whether a username exists. More... | |
| allowsPropertyChange ($property) | |
| Determine whether a user property should be allowed to be changed. More... | |
| getAuthenticationProvider ($id) | |
| Get a provider by ID. More... | |
| getAuthenticationRequestsInternal ($providerAction, array $options, array $providers, User $user=null) | |
| Internal request lookup for self::getAuthenticationRequests. More... | |
| fillRequests (array &$reqs, $action, $username, $forceAction=false) | |
| Set values in an array of requests. More... | |
Internal methods | |
| static | resetCache () |
| Reset the internal caching for unit testing. More... | |
| setAuthenticationSessionData ($key, $data) | |
| Store authentication in the current session. More... | |
| getAuthenticationSessionData ($key, $default=null) | |
| Fetch authentication data from the current session. More... | |
| removeAuthenticationSessionData ($key) | |
| Remove authentication data. More... | |
| getConfiguration () | |
| Get the configuration. More... | |
| setSessionDataForUser ($user, $remember=null) | |
| setDefaultUserOptions (User $user, $useContextLang) | |
| callMethodOnProviders ($which, $method, array $args) | |
| providerArrayFromSpecs ($class, array $specs) | |
| Create an array of AuthenticationProviders from an array of ObjectFactory specs. More... | |
| getPreAuthenticationProviders () | |
| Get the list of PreAuthenticationProviders. More... | |
| getPrimaryAuthenticationProviders () | |
| Get the list of PrimaryAuthenticationProviders. More... | |
| getSecondaryAuthenticationProviders () | |
| Get the list of SecondaryAuthenticationProviders. More... | |
Detailed Description
This serves as the entry point to the authentication system.
In the future, it may also serve as the entry point to the authorization system.
- Since
- 1.27
Definition at line 43 of file AuthManager.php.
Constructor & Destructor Documentation
| MediaWiki\Auth\AuthManager::__construct | ( | WebRequest | $request, |
| Config | $config | ||
| ) |
- Parameters
-
WebRequest $request Config $config
Definition at line 127 of file AuthManager.php.
References MediaWiki\Auth\AuthManager\$config, MediaWiki\Auth\AuthManager\$request, MediaWiki\Logger\LoggerFactory\getInstance(), request, and MediaWiki\Auth\AuthManager\setLogger().
Member Function Documentation
| MediaWiki\Auth\AuthManager::allowsAuthenticationDataChange | ( | AuthenticationRequest | $req, |
$checkData = true |
|||
| ) |
Validate a change of authentication data (e.g.
passwords)
- Parameters
-
AuthenticationRequest $req bool $checkData If false, $req hasn't been loaded from the submission so checks on user-submitted fields should be skipped. $req->username is considered user-submitted for this purpose, even if it cannot be changed via $req->loadFromSubmission.
- Returns
- Status
Definition at line 813 of file AuthManager.php.
References $status, as, MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders(), Status\newGood(), and Status\wrap().
Referenced by MediaWiki\Auth\AuthManager\getAuthenticationRequestsInternal().
| MediaWiki\Auth\AuthManager::allowsPropertyChange | ( | $property | ) |
Determine whether a user property should be allowed to be changed.
Supported properties are:
- emailaddress
- realname
- nickname
- Parameters
-
string $property
- Returns
- bool
Definition at line 2138 of file AuthManager.php.
References $property, as, MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), and MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders().
Auto-create an account, and log into that account.
- Parameters
-
User $user User to auto-create string $source What caused the auto-creation? This must be the ID of a PrimaryAuthenticationProvider or the constant self::AUTOCREATE_SOURCE_SESSION. bool $login Whether to also log the user in
- Returns
- Status Good if user was created, Ok if user already existed, otherwise Fatal
Definition at line 1489 of file AuthManager.php.
References $cache, $flags, $from, $options, $ret, $source, $status, $username, User\addToDatabase(), DeferredUpdates\addUpdate(), User\addWatch(), as, MediaWiki\Auth\AuthManager\callMethodOnProviders(), MediaWiki\Auth\AuthManager\getAuthenticationProvider(), User\getId(), ObjectCache\getLocalClusterInstance(), User\getName(), MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders(), User\getUserPage(), User\idFromName(), User\IGNORE_USER_RIGHTS, Profiler\instance(), User\isCreatableName(), User\loadFromId(), Status\newFatal(), Status\newGood(), IDBAccessObject\READ_LATEST, IDBAccessObject\READ_NORMAL, request, Hooks\run(), User\saveSettings(), MediaWiki\Auth\AuthManager\setDefaultUserOptions(), User\setId(), MediaWiki\Auth\AuthManager\setSessionDataForUser(), User, wfGetLB(), wfGetLBFactory(), wfMemcKey(), wfReadOnly(), wfReadOnlyReason(), and Status\wrap().
Referenced by MediaWiki\Auth\AuthManager\continueAuthentication().
Start an account creation flow.
In addition to the AuthenticationRequests returned by $this->getAuthenticationRequests(), a client might include a CreateFromLoginAuthenticationRequest from a previous login attempt. If $createFromLoginAuthenticationRequest->hasPrimaryStateForAction( AuthManager::ACTION_CREATE ) returns true, any AuthenticationRequest::PRIMARY_REQUIRED requests should be omitted. If the CreateFromLoginAuthenticationRequest has a username set, that username must be used for all other requests.
- Parameters
-
User $creator User doing the account creation AuthenticationRequest[] $reqs string $returnToUrl Url that REDIRECT responses should eventually return to.
- Returns
- AuthenticationResponse
Definition at line 996 of file AuthManager.php.
References $req, $status, $user, $username, as, MediaWiki\Auth\AuthManager\canCreateAccount(), MediaWiki\Auth\AuthManager\canCreateAccounts(), MediaWiki\Auth\AuthManager\checkAccountCreatePermissions(), class, MediaWiki\Auth\AuthManager\continueAccountCreation(), User\getId(), User\getName(), MediaWiki\Auth\AuthenticationRequest\getRequestByClass(), MediaWiki\Auth\AuthenticationRequest\getUsernameFromRequests(), MediaWiki\Auth\AuthenticationResponse\newFail(), User\newFromName(), IDBAccessObject\READ_LOCKING, MediaWiki\Auth\AuthManager\removeAuthenticationSessionData(), request, wfMessage(), and Status\wrap().
Start an account linking flow.
- Parameters
-
User $user User being linked AuthenticationRequest[] $reqs string $returnToUrl Url that REDIRECT responses should eventually return to.
- Returns
- AuthenticationResponse
Definition at line 1738 of file AuthManager.php.
References $req, $res, $ret, $status, MediaWiki\Auth\AuthenticationResponse\ABSTAIN, as, MediaWiki\Auth\AuthManager\callMethodOnProviders(), MediaWiki\Auth\AuthManager\canLinkAccounts(), MediaWiki\Auth\AuthenticationResponse\FAIL, MediaWiki\Auth\AuthManager\fillRequests(), User\getId(), User\getName(), MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), User\isUsableName(), MediaWiki\Auth\AuthenticationResponse\newFail(), MediaWiki\Auth\AuthenticationResponse\PASS, MediaWiki\Auth\AuthenticationResponse\REDIRECT, MediaWiki\Auth\AuthManager\removeAuthenticationSessionData(), request, MediaWiki\Auth\PrimaryAuthenticationProvider\TYPE_LINK, MediaWiki\Auth\AuthenticationResponse\UI, wfMessage(), and Status\wrap().
| MediaWiki\Auth\AuthManager::beginAuthentication | ( | array | $reqs, |
| $returnToUrl | |||
| ) |
Start an authentication flow.
In addition to the AuthenticationRequests returned by $this->getAuthenticationRequests(), a client might include a CreateFromLoginAuthenticationRequest from a previous login attempt to preserve state.
Instead of the AuthenticationRequests returned by $this->getAuthenticationRequests(), a client might pass a CreatedAccountAuthenticationRequest from an account creation that just succeeded to log in to the just-created account.
- Parameters
-
AuthenticationRequest[] $reqs string $returnToUrl Url that REDIRECT responses should eventually return to.
- Returns
- AuthenticationResponse See self::continueAuthentication()
Definition at line 250 of file AuthManager.php.
References $req, $ret, $status, $user, as, MediaWiki\Auth\AuthManager\callMethodOnProviders(), class, MediaWiki\Auth\AuthManager\continueAuthentication(), MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthenticationRequest\getRequestByClass(), MediaWiki\Auth\AuthenticationResponse\newFail(), User\newFromName(), MediaWiki\Auth\AuthenticationResponse\newPass(), MediaWiki\Auth\AuthManager\removeAuthenticationSessionData(), request, Hooks\run(), MediaWiki\Auth\AuthManager\setSessionDataForUser(), and Status\wrap().
|
static |
Call a legacy AuthPlugin method, if necessary.
- Deprecated:
- For backwards compatibility only, should be avoided in new code
- Parameters
-
string $method AuthPlugin method to call array $params Parameters to pass mixed $return Return value if AuthPlugin wasn't called
- Returns
- mixed Return value from the AuthPlugin method, or $return
Definition at line 205 of file AuthManager.php.
References $wgAuth, and global.
Referenced by SpecialChangeEmail\attemptChange(), UserrightsPage\doSaveUserGroups(), MediaWiki\Session\SessionManager\invalidateSessionsForUser(), and Preferences\tryFormSubmit().
|
private |
- Parameters
-
int $which Bitmask: 1 = pre, 2 = primary, 4 = secondary string $method array $args
Definition at line 2376 of file AuthManager.php.
References as, MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), and MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders().
Referenced by MediaWiki\Auth\AuthManager\autoCreateUser(), MediaWiki\Auth\AuthManager\beginAccountLink(), MediaWiki\Auth\AuthManager\beginAuthentication(), MediaWiki\Auth\AuthManager\changeAuthenticationData(), MediaWiki\Auth\AuthManager\continueAccountCreation(), MediaWiki\Auth\AuthManager\continueAccountLink(), MediaWiki\Auth\AuthManager\continueAuthentication(), and MediaWiki\Auth\AuthManager\revokeAccessForUser().
| MediaWiki\Auth\AuthManager::canAuthenticateNow | ( | ) |
Indicate whether user authentication is possible.
It may not be if the session is provided by something like OAuth for which each individual request includes authentication data.
- Returns
- bool
Definition at line 228 of file AuthManager.php.
References request.
Referenced by MediaWiki\Auth\AuthManager\securitySensitiveOperationStatus().
| MediaWiki\Auth\AuthManager::canCreateAccount | ( | $username, | |
$options = [] |
|||
| ) |
Determine whether a particular account can be created.
- Parameters
-
string $username array $options - flags: (int) Bitfield of User:READ_* constants, default User::READ_NORMAL
- creating: (bool) For internal use only. Never specify this.
- Returns
- Status
Definition at line 886 of file AuthManager.php.
References $flags, $options, $status, $user, $username, as, MediaWiki\Auth\AuthManager\canCreateAccounts(), MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders(), Status\newFatal(), User\newFromName(), Status\newGood(), IDBAccessObject\READ_NORMAL, MediaWiki\Auth\AuthManager\userExists(), and Status\wrap().
Referenced by MediaWiki\Auth\AuthManager\beginAccountCreation().
| MediaWiki\Auth\AuthManager::canCreateAccounts | ( | ) |
Determine whether accounts can be created.
- Returns
- bool
Definition at line 867 of file AuthManager.php.
References as, MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), MediaWiki\Auth\PrimaryAuthenticationProvider\TYPE_CREATE, and MediaWiki\Auth\PrimaryAuthenticationProvider\TYPE_LINK.
Referenced by MediaWiki\Auth\AuthManager\beginAccountCreation(), MediaWiki\Auth\AuthManager\canCreateAccount(), and MediaWiki\Auth\AuthManager\continueAccountCreation().
| MediaWiki\Auth\AuthManager::canLinkAccounts | ( | ) |
Determine whether accounts can be linked.
- Returns
- bool
Definition at line 1720 of file AuthManager.php.
References as, MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), and MediaWiki\Auth\PrimaryAuthenticationProvider\TYPE_LINK.
Referenced by MediaWiki\Auth\AuthManager\beginAccountLink(), and MediaWiki\Auth\AuthManager\continueAccountLink().
| MediaWiki\Auth\AuthManager::changeAuthenticationData | ( | AuthenticationRequest | $req | ) |
Change authentication data (e.g.
passwords)
If $req was returned for AuthManager::ACTION_CHANGE, using $req should result in a successful login in the future.
If $req was returned for AuthManager::ACTION_REMOVE, using $req should no longer result in a successful login.
- Parameters
-
AuthenticationRequest $req
Definition at line 843 of file AuthManager.php.
References MediaWiki\Auth\AuthManager\callMethodOnProviders(), and BotPassword\invalidateAllPasswordsForUser().
| MediaWiki\Auth\AuthManager::checkAccountCreatePermissions | ( | User | $creator | ) |
Basic permissions checks on whether a user can create accounts.
- Returns
- Status
Definition at line 934 of file AuthManager.php.
References $args, $status, as, MediaWiki\Auth\AuthManager\getRequest(), SpecialPage\getTitleFor(), User\isBlockedFromCreateAccount(), User\isDnsBlacklisted(), Status\newFatal(), Status\newGood(), Block\TYPE_RANGE, wfMessage(), wfReadOnly(), and wfReadOnlyReason().
Referenced by MediaWiki\Auth\AuthManager\beginAccountCreation(), and MediaWiki\Auth\AuthManager\continueAccountCreation().
| MediaWiki\Auth\AuthManager::continueAccountCreation | ( | array | $reqs | ) |
Continue an account creation flow.
- Parameters
-
AuthenticationRequest[] $reqs
- Returns
- AuthenticationResponse
Definition at line 1097 of file AuthManager.php.
References $cache, $name, $req, $res, $ret, $status, $user, MediaWiki\Auth\AuthenticationResponse\ABSTAIN, DeferredUpdates\addUpdate(), as, MediaWiki\Auth\AuthManager\callMethodOnProviders(), MediaWiki\Auth\AuthManager\canCreateAccounts(), MediaWiki\Auth\AuthManager\checkAccountCreatePermissions(), class, MediaWiki\Auth\AuthenticationResponse\FAIL, MediaWiki\Auth\AuthManager\fillRequests(), MediaWiki\Auth\AuthManager\getAuthenticationProvider(), ObjectCache\getLocalClusterInstance(), MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), MediaWiki\Auth\AuthenticationRequest\getRequestByClass(), MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders(), User\IGNORE_USER_RIGHTS, MediaWiki\Auth\AuthenticationResponse\newFail(), User\newFromId(), User\newFromName(), MediaWiki\Auth\AuthenticationResponse\newPass(), MediaWiki\Auth\AuthenticationResponse\PASS, IDBAccessObject\READ_LOCKING, MediaWiki\Auth\AuthenticationResponse\REDIRECT, MediaWiki\Auth\AuthManager\removeAuthenticationSessionData(), request, Hooks\run(), MediaWiki\Auth\AuthManager\setDefaultUserOptions(), MediaWiki\Auth\PrimaryAuthenticationProvider\TYPE_NONE, MediaWiki\Auth\AuthenticationResponse\UI, User, wfMessage(), and Status\wrap().
Referenced by MediaWiki\Auth\AuthManager\beginAccountCreation().
| MediaWiki\Auth\AuthManager::continueAccountLink | ( | array | $reqs | ) |
Continue an account linking flow.
- Parameters
-
AuthenticationRequest[] $reqs
- Returns
- AuthenticationResponse
Definition at line 1847 of file AuthManager.php.
References $req, $res, $ret, $user, as, MediaWiki\Auth\AuthManager\callMethodOnProviders(), MediaWiki\Auth\AuthManager\canLinkAccounts(), MediaWiki\Auth\AuthenticationResponse\FAIL, MediaWiki\Auth\AuthManager\fillRequests(), MediaWiki\Auth\AuthManager\getAuthenticationProvider(), MediaWiki\Auth\AuthenticationResponse\newFail(), User\newFromName(), MediaWiki\Auth\AuthenticationResponse\PASS, MediaWiki\Auth\AuthenticationResponse\REDIRECT, request, MediaWiki\Auth\AuthenticationResponse\UI, and wfMessage().
| MediaWiki\Auth\AuthManager::continueAuthentication | ( | array | $reqs | ) |
Continue an authentication flow.
Return values are interpreted as follows:
- status FAIL: Authentication failed. If $response->createRequest is set, that may be passed to self::beginAuthentication() or to self::beginAccountCreation() to preserve state.
- status REDIRECT: The client should be redirected to the contained URL, new AuthenticationRequests should be made (if any), then AuthManager::continueAuthentication() should be called.
- status UI: The client should be presented with a user interface for the fields in the specified AuthenticationRequests, then new AuthenticationRequests should be made, then AuthManager::continueAuthentication() should be called.
- status RESTART: The user logged in successfully with a third-party service, but the third-party credentials aren't attached to any local account. This could be treated as a UI or a FAIL.
- status PASS: Authentication was successful.
- Parameters
-
AuthenticationRequest[] $reqs
- Returns
- AuthenticationResponse
Definition at line 374 of file AuthManager.php.
References $req, $res, $ret, $status, $user, MediaWiki\Auth\AuthenticationResponse\ABSTAIN, as, MediaWiki\Auth\AuthManager\autoCreateUser(), MediaWiki\Auth\AuthManager\callMethodOnProviders(), class, MediaWiki\Auth\AuthenticationResponse\FAIL, MediaWiki\Auth\AuthManager\fillRequests(), MediaWiki\Auth\AuthManager\getAuthenticationProvider(), MediaWiki\Auth\AuthManager\getAuthenticationRequestsInternal(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), MediaWiki\Auth\AuthenticationRequest\getRequestByClass(), MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders(), MediaWiki\Auth\AuthenticationResponse\newFail(), User\newFromName(), MediaWiki\Auth\AuthenticationResponse\newPass(), MediaWiki\Auth\AuthenticationResponse\newRestart(), MediaWiki\Auth\AuthenticationResponse\PASS, MediaWiki\Auth\AuthenticationResponse\REDIRECT, MediaWiki\Auth\AuthManager\removeAuthenticationSessionData(), request, Hooks\run(), MediaWiki\Auth\AuthManager\setSessionDataForUser(), MediaWiki\Auth\PrimaryAuthenticationProvider\TYPE_LINK, MediaWiki\Auth\AuthenticationResponse\UI, wfMessage(), and Status\wrap().
Referenced by MediaWiki\Auth\AuthManager\beginAuthentication().
|
private |
Set values in an array of requests.
- Parameters
-
AuthenticationRequest[] &$reqs string $action string | null $username boolean $forceAction
Definition at line 2100 of file AuthManager.php.
References MediaWiki\$action, $req, $username, and as.
Referenced by MediaWiki\Auth\AuthManager\beginAccountLink(), MediaWiki\Auth\AuthManager\continueAccountCreation(), MediaWiki\Auth\AuthManager\continueAccountLink(), MediaWiki\Auth\AuthManager\continueAuthentication(), and MediaWiki\Auth\AuthManager\getAuthenticationRequestsInternal().
| MediaWiki\Auth\AuthManager::forcePrimaryAuthenticationProviders | ( | array | $providers, |
| $why | |||
| ) |
Force certain PrimaryAuthenticationProviders.
- Deprecated:
- For backwards compatibility only
- Parameters
-
PrimaryAuthenticationProvider[] $providers string $why
Definition at line 153 of file AuthManager.php.
| MediaWiki\Auth\AuthManager::getAuthenticationProvider | ( | $id | ) |
Get a provider by ID.
- Note
- This is public so extensions can check whether their own provider is installed and so they can read its configuration if necessary. Other uses are not recommended.
- Parameters
-
string $id
- Returns
- AuthenticationProvider|null
Definition at line 2157 of file AuthManager.php.
References MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), and MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders().
Referenced by MediaWiki\Auth\AuthManager\autoCreateUser(), MediaWiki\Auth\AuthManager\continueAccountCreation(), MediaWiki\Auth\AuthManager\continueAccountLink(), and MediaWiki\Auth\AuthManager\continueAuthentication().
| MediaWiki\Auth\AuthManager::getAuthenticationRequests | ( | $action, | |
| User | $user = null |
||
| ) |
Return the applicable list of AuthenticationRequests.
Possible values for $action:
- ACTION_LOGIN: Valid for passing to beginAuthentication
- ACTION_LOGIN_CONTINUE: Valid for passing to continueAuthentication in the current state
- ACTION_CREATE: Valid for passing to beginAccountCreation
- ACTION_CREATE_CONTINUE: Valid for passing to continueAccountCreation in the current state
- ACTION_LINK: Valid for passing to beginAccountLink
- ACTION_LINK_CONTINUE: Valid for passing to continueAccountLink in the current state
- ACTION_CHANGE: Valid for passing to changeAuthenticationData to change credentials
- ACTION_REMOVE: Valid for passing to changeAuthenticationData to remove credentials.
- ACTION_UNLINK: Same as ACTION_REMOVE, but limited to linked accounts.
- Parameters
-
string $action One of the AuthManager::ACTION_* constants User | null $user User being acted on, instead of the current user.
- Returns
- AuthenticationRequest[]
Definition at line 1959 of file AuthManager.php.
References MediaWiki\$action, $options, $user, MediaWiki\Auth\AuthManager\getAuthenticationRequestsInternal(), MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders(), request, and MediaWiki\Auth\PrimaryAuthenticationProvider\TYPE_LINK.
|
private |
Internal request lookup for self::getAuthenticationRequests.
- Parameters
-
string $providerAction Action to pass to providers array $options Options to pass to providers AuthenticationProvider[] $providers User | null $user
- Returns
- AuthenticationRequest[]
Definition at line 2023 of file AuthManager.php.
References $req, $user, MediaWiki\Auth\AuthManager\allowsAuthenticationDataChange(), array(), as, MediaWiki\Auth\AuthManager\fillRequests(), RequestContext\getMain(), MediaWiki\Auth\AuthenticationRequest\PRIMARY_REQUIRED, and MediaWiki\Auth\AuthenticationRequest\REQUIRED.
Referenced by MediaWiki\Auth\AuthManager\continueAuthentication(), and MediaWiki\Auth\AuthManager\getAuthenticationRequests().
| MediaWiki\Auth\AuthManager::getAuthenticationSessionData | ( | $key, | |
$default = null |
|||
| ) |
Fetch authentication data from the current session.
- Access:
- protected For use by AuthenticationProviders
- Parameters
-
string $key mixed $default
- Returns
- mixed
Definition at line 2210 of file AuthManager.php.
References request.
|
private |
Get the configuration.
- Returns
- array
Definition at line 2283 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), and MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders().
|
protected |
Get the list of PreAuthenticationProviders.
- Returns
- PreAuthenticationProvider[]
Definition at line 2291 of file AuthManager.php.
References MediaWiki\Auth\AuthManager\$preAuthenticationProviders, class, MediaWiki\Auth\AuthManager\getConfiguration(), and MediaWiki\Auth\AuthManager\providerArrayFromSpecs().
Referenced by MediaWiki\Auth\AuthManager\autoCreateUser(), MediaWiki\Auth\AuthManager\beginAccountLink(), MediaWiki\Auth\AuthManager\beginAuthentication(), MediaWiki\Auth\AuthManager\callMethodOnProviders(), MediaWiki\Auth\AuthManager\canCreateAccount(), MediaWiki\Auth\AuthManager\continueAccountCreation(), MediaWiki\Auth\AuthManager\getAuthenticationProvider(), and MediaWiki\Auth\AuthManager\getAuthenticationRequests().
|
protected |
Get the list of PrimaryAuthenticationProviders.
- Returns
- PrimaryAuthenticationProvider[]
Definition at line 2305 of file AuthManager.php.
References MediaWiki\Auth\AuthManager\$primaryAuthenticationProviders, class, MediaWiki\Auth\AuthManager\getConfiguration(), and MediaWiki\Auth\AuthManager\providerArrayFromSpecs().
Referenced by MediaWiki\Auth\AuthManager\allowsAuthenticationDataChange(), MediaWiki\Auth\AuthManager\allowsPropertyChange(), MediaWiki\Auth\AuthManager\autoCreateUser(), MediaWiki\Auth\AuthManager\beginAccountLink(), MediaWiki\Auth\AuthManager\callMethodOnProviders(), MediaWiki\Auth\AuthManager\canCreateAccount(), MediaWiki\Auth\AuthManager\canCreateAccounts(), MediaWiki\Auth\AuthManager\canLinkAccounts(), MediaWiki\Auth\AuthManager\continueAccountCreation(), MediaWiki\Auth\AuthManager\continueAuthentication(), MediaWiki\Auth\AuthManager\getAuthenticationProvider(), MediaWiki\Auth\AuthManager\getAuthenticationRequests(), MediaWiki\Auth\AuthManager\normalizeUsername(), MediaWiki\Auth\AuthManager\userCanAuthenticate(), and MediaWiki\Auth\AuthManager\userExists().
| MediaWiki\Auth\AuthManager::getRequest | ( | ) |
- Returns
- WebRequest
Definition at line 143 of file AuthManager.php.
References MediaWiki\Auth\AuthManager\$request.
Referenced by MediaWiki\Auth\AuthManager\checkAccountCreatePermissions().
|
protected |
Get the list of SecondaryAuthenticationProviders.
- Returns
- SecondaryAuthenticationProvider[]
Definition at line 2319 of file AuthManager.php.
References MediaWiki\Auth\AuthManager\$secondaryAuthenticationProviders, class, MediaWiki\Auth\AuthManager\getConfiguration(), and MediaWiki\Auth\AuthManager\providerArrayFromSpecs().
Referenced by MediaWiki\Auth\AuthManager\allowsAuthenticationDataChange(), MediaWiki\Auth\AuthManager\allowsPropertyChange(), MediaWiki\Auth\AuthManager\autoCreateUser(), MediaWiki\Auth\AuthManager\callMethodOnProviders(), MediaWiki\Auth\AuthManager\canCreateAccount(), MediaWiki\Auth\AuthManager\continueAccountCreation(), MediaWiki\Auth\AuthManager\continueAuthentication(), MediaWiki\Auth\AuthManager\getAuthenticationProvider(), and MediaWiki\Auth\AuthManager\getAuthenticationRequests().
| MediaWiki\Auth\AuthManager::normalizeUsername | ( | $username | ) |
Provide normalized versions of the username for security checks.
Since different providers can normalize the input in different ways, this returns an array of all the different ways the name might be normalized for authentication.
The returned strings should not be revealed to the user, as that might leak private information (e.g. an email address might be normalized to a username).
- Parameters
-
string $username
- Returns
- string[]
Definition at line 772 of file AuthManager.php.
References $ret, $username, as, and MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders().
|
protected |
Create an array of AuthenticationProviders from an array of ObjectFactory specs.
- Parameters
-
string $class array[] $specs
- Returns
- AuthenticationProvider[]
Definition at line 2243 of file AuthManager.php.
References $ret, as, and ObjectFactory\getObjectFromSpec().
Referenced by MediaWiki\Auth\AuthManager\getPreAuthenticationProviders(), MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders(), and MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders().
| MediaWiki\Auth\AuthManager::removeAuthenticationSessionData | ( | $key | ) |
Remove authentication data.
- Access:
- protected For use by AuthenticationProviders
- Parameters
-
string | null $key If null, all data is removed
Definition at line 2224 of file AuthManager.php.
References request.
Referenced by MediaWiki\Auth\AuthManager\beginAccountCreation(), MediaWiki\Auth\AuthManager\beginAccountLink(), MediaWiki\Auth\AuthManager\beginAuthentication(), MediaWiki\Auth\AuthManager\continueAccountCreation(), and MediaWiki\Auth\AuthManager\continueAuthentication().
|
static |
Reset the internal caching for unit testing.
Definition at line 2395 of file AuthManager.php.
Referenced by ApiTestCase\doApiRequest(), and MediaWikiTestCase\tearDown().
| MediaWiki\Auth\AuthManager::revokeAccessForUser | ( | $username | ) |
Revoke any authentication credentials for a user.
After this, the user should no longer be able to log in.
- Parameters
-
string $username
Definition at line 797 of file AuthManager.php.
References $username, and MediaWiki\Auth\AuthManager\callMethodOnProviders().
| MediaWiki\Auth\AuthManager::securitySensitiveOperationStatus | ( | $operation | ) |
Whether security-sensitive operations should proceed.
A "security-sensitive operation" is something like a password or email change, that would normally have a "reenter your password to confirm" box if we only supported password-based authentication.
- Parameters
-
string $operation Operation being checked. This should be a message-key-like string such as 'change-password' or 'change-email'.
- Returns
- string One of the SEC_* constants.
Definition at line 679 of file AuthManager.php.
References $last, $status, MediaWiki\Auth\AuthManager\canAuthenticateNow(), request, and Hooks\run().
| MediaWiki\Auth\AuthManager::setAuthenticationSessionData | ( | $key, | |
| $data | |||
| ) |
Store authentication in the current session.
- Access:
- protected For use by AuthenticationProviders
- Parameters
-
string $key mixed $data Must be serializable
Definition at line 2193 of file AuthManager.php.
References request.
|
private |
- Parameters
-
User $user bool $useContextLang Use 'uselang' to set the user's language
Definition at line 2358 of file AuthManager.php.
References $lang, $wgContLang, RequestContext\getMain(), global, User\setOption(), and User\setToken().
Referenced by MediaWiki\Auth\AuthManager\autoCreateUser(), and MediaWiki\Auth\AuthManager\continueAccountCreation().
| MediaWiki\Auth\AuthManager::setLogger | ( | LoggerInterface | $logger | ) |
- Parameters
-
LoggerInterface $logger
Definition at line 136 of file AuthManager.php.
References MediaWiki\Auth\AuthManager\$logger.
Referenced by MediaWiki\Auth\AuthManager\__construct().
|
private |
- Parameters
-
User $user bool | null $remember
Definition at line 2333 of file AuthManager.php.
References $user, ScopedCallback\consume(), request, and Hooks\run().
Referenced by MediaWiki\Auth\AuthManager\autoCreateUser(), MediaWiki\Auth\AuthManager\beginAuthentication(), and MediaWiki\Auth\AuthManager\continueAuthentication().
|
static |
Get the global AuthManager.
- Returns
- AuthManager
Definition at line 107 of file AuthManager.php.
References $wgDisableAuthManager, ConfigFactory\getDefaultInstance(), RequestContext\getMain(), and global.
Referenced by MediaWiki\Auth\AuthManagerAuthPlugin\allowPasswordChange(), MediaWiki\Auth\AuthManagerAuthPlugin\allowPropChange(), MediaWiki\Auth\AuthManagerAuthPlugin\authenticate(), MediaWiki\Auth\AuthManagerAuthPlugin\canCreateAccounts(), ApiQueryUsers\execute(), MediaWiki\Auth\AuthManagerAuthPlugin\setPassword(), MediaWiki\Auth\AbstractAuthenticationProviderTest\testAbstractAuthenticationProvider(), MediaWiki\Auth\ThrottlePreAuthenticationProviderTest\testDisabled(), MediaWiki\Auth\ThrottlePreAuthenticationProviderTest\testPostAuthentication(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\testRangeBlock(), MediaWiki\Auth\AuthManagerTest\testSingleton(), MediaWiki\Auth\ThrottlePreAuthenticationProviderTest\testTestForAccountCreation(), MediaWiki\Auth\ThrottlePreAuthenticationProviderTest\testTestForAuthentication(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\testTestUserForCreation(), and MediaWiki\Auth\AuthManagerAuthPlugin\userExists().
| MediaWiki\Auth\AuthManager::userCanAuthenticate | ( | $username | ) |
Determine whether a username can authenticate.
- Parameters
-
string $username
- Returns
- bool
Definition at line 749 of file AuthManager.php.
References $username, as, and MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders().
| MediaWiki\Auth\AuthManager::userExists | ( | $username, | |
$flags = User::READ_NORMAL |
|||
| ) |
Determine whether a username exists.
- Parameters
-
string $username int $flags Bitfield of User:READ_* constants
- Returns
- bool
Definition at line 2117 of file AuthManager.php.
References $flags, $username, as, and MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders().
Referenced by MediaWiki\Auth\AuthManager\canCreateAccount().
Member Data Documentation
|
private |
Definition at line 89 of file AuthManager.php.
|
private |
Definition at line 83 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\__construct().
|
private |
Definition at line 101 of file AuthManager.php.
|
staticprivate |
Definition at line 77 of file AuthManager.php.
|
private |
Definition at line 86 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\setLogger().
|
private |
Definition at line 92 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\getPreAuthenticationProviders().
|
private |
Definition at line 95 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\getPrimaryAuthenticationProviders().
|
private |
Definition at line 80 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\__construct(), and MediaWiki\Auth\AuthManager\getRequest().
|
private |
Definition at line 98 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManager\getSecondaryAuthenticationProviders().
| const MediaWiki\Auth\AuthManager::ACTION_CHANGE = 'change' |
Change a user's credentials.
Definition at line 60 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManagerAuthPlugin\allowPasswordChange(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider\beginLinkAttempt(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider\continueLinkAttempt(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\PasswordAuthenticationRequest\getFieldInfo(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\PasswordAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\PasswordAuthenticationRequestTest\provideLoadFromSubmission(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\provideLoadFromSubmission(), MediaWiki\Auth\AuthManagerAuthPlugin\setPassword(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProviderTest\testBasics(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\testBasics(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProviderTest\testBeginLinkAttempt(), MediaWiki\Auth\PasswordAuthenticationRequestTest\testGetFieldInfo2(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\testGetFieldInfo2(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProviderTest\testProviderAllowsAuthenticationDataChange(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\testProviderAllowsAuthenticationDataChange(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\testProviderAllowsAuthenticationDataChange(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\testProviderChangeAuthenticationData(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProviderTest\testProviderChangeAuthenticationData(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\testProviderChangeAuthenticationData(), MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProviderTest\testTryReset(), and MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider\tryReset().
| const MediaWiki\Auth\AuthManager::ACTION_CREATE = 'create' |
Create a new user.
Definition at line 50 of file AuthManager.php.
Referenced by MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\CreateFromLoginAuthenticationRequest\hasPrimaryStateForAction(), MediaWiki\Auth\CreateFromLoginAuthenticationRequest\hasStateForAction(), MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), MediaWiki\Auth\PasswordAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\TemporaryPasswordAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\TemporaryPasswordAuthenticationRequestTest\provideLoadFromSubmission(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProviderTest\testAccountCreation(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\testAccountCreation(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\testAccountCreation(), MediaWiki\Auth\AuthManagerTest\testAccountCreation(), MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequests(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\testGetFieldInfo2(), MediaWiki\Auth\PasswordAuthenticationRequestTest\testGetFieldInfo2(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\testProviderChangeAuthenticationData(), MediaWiki\Auth\CreateFromLoginAuthenticationRequestTest\testState(), and MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProviderTest\testTestForAccountCreation().
| const MediaWiki\Auth\AuthManager::ACTION_CREATE_CONTINUE = 'create-continue' |
Continue a user creation process that was interrupted by the need for user input or communication with an external provider.
Definition at line 53 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\testAccountCreation(), and MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequests().
| const MediaWiki\Auth\AuthManager::ACTION_LINK = 'link' |
Link an existing user to a third-party account.
Definition at line 55 of file AuthManager.php.
Referenced by MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\testAccountLink(), and MediaWiki\Auth\CreateFromLoginAuthenticationRequestTest\testState().
| const MediaWiki\Auth\AuthManager::ACTION_LINK_CONTINUE = 'link-continue' |
Continue a user linking process that was interrupted by the need for user input or communication with an external provider.
Definition at line 58 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\testAccountLink(), and MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequests().
| const MediaWiki\Auth\AuthManager::ACTION_LOGIN = 'login' |
Log in with an existing (not necessarily local) user.
Definition at line 45 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManagerAuthPlugin\authenticate(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\PasswordAuthenticationRequest\getFieldInfo(), MediaWiki\Auth\CreateFromLoginAuthenticationRequest\hasStateForAction(), MediaWiki\Auth\AuthManagerTest\provideAuthentication(), MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), MediaWiki\Auth\PasswordAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\PasswordAuthenticationRequestTest\provideLoadFromSubmission(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\provideLoadFromSubmission(), MediaWiki\Auth\AbstractPreAuthenticationProviderTest\testAbstractPreAuthenticationProvider(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\testAuthentication(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProviderTest\testAuthentication(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\testAuthentication(), MediaWiki\Auth\AuthManagerTest\testAuthentication(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\testConstruction(), MediaWiki\Auth\TemporaryPasswordAuthenticationRequestTest\testDescribeCredentials(), MediaWiki\Auth\PasswordAuthenticationRequestTest\testDescribeCredentials(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\testDescribeCredentials(), MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequestsRequired(), MediaWiki\Auth\PasswordAuthenticationRequestTest\testGetFieldInfo2(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\testGetFieldInfo2(), MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProviderTest\testProviderChangeAuthenticationData(), MediaWiki\Auth\CreateFromLoginAuthenticationRequestTest\testState(), MediaWiki\Auth\LegacyHookPreAuthenticationProviderTest\testTestForAuthentication(), and MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProviderTest\testTryReset().
| const MediaWiki\Auth\AuthManager::ACTION_LOGIN_CONTINUE = 'login-continue' |
Continue a login process that was interrupted by the need for user input or communication with an external provider.
Definition at line 48 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\testAuthentication(), and MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequests().
| const MediaWiki\Auth\AuthManager::ACTION_REMOVE = 'remove' |
Remove a user's credentials.
Definition at line 62 of file AuthManager.php.
Referenced by MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProvider\getAuthenticationRequests(), MediaWiki\Auth\PasswordAuthenticationRequest\getFieldInfo(), MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthPluginPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProviderTest\provideGetAuthenticationRequests(), MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), MediaWiki\Auth\TemporaryPasswordAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\PasswordAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\provideGetFieldInfo(), MediaWiki\Auth\TemporaryPasswordAuthenticationRequestTest\provideLoadFromSubmission(), MediaWiki\Auth\PasswordAuthenticationRequestTest\provideLoadFromSubmission(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\provideLoadFromSubmission(), MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider\providerChangeAuthenticationData(), MediaWiki\Auth\AbstractSecondaryAuthenticationProvider\providerRevokeAccessForUser(), MediaWiki\Auth\AbstractPrimaryAuthenticationProvider\providerRevokeAccessForUser(), MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequests(), MediaWiki\Auth\PasswordAuthenticationRequestTest\testGetFieldInfo2(), MediaWiki\Auth\PasswordDomainAuthenticationRequestTest\testGetFieldInfo2(), MediaWiki\Auth\AbstractSecondaryAuthenticationProviderTest\testProviderRevokeAccessForUser(), MediaWiki\Auth\AbstractPrimaryAuthenticationProviderTest\testProviderRevokeAccessForUser(), and MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProviderTest\testProviderRevokeAccessForUser().
| const MediaWiki\Auth\AuthManager::ACTION_UNLINK = 'unlink' |
Like ACTION_REMOVE but for linking providers only.
Definition at line 64 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManagerTest\provideGetAuthenticationRequests(), and MediaWiki\Auth\AuthManagerTest\testGetAuthenticationRequests().
| const MediaWiki\Auth\AuthManager::AUTOCREATE_SOURCE_SESSION = \MediaWiki\Session\SessionManager::class |
Auto-creation is due to SessionManager.
Definition at line 74 of file AuthManager.php.
Referenced by MediaWiki\Auth\AbstractPreAuthenticationProviderTest\testAbstractPreAuthenticationProvider(), MediaWiki\Auth\AbstractPrimaryAuthenticationProviderTest\testAbstractPrimaryAuthenticationProvider(), MediaWiki\Auth\AbstractSecondaryAuthenticationProviderTest\testAbstractSecondaryAuthenticationProvider(), MediaWiki\Auth\AuthManagerTest\testAutoAccountCreation(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\testRangeBlock(), MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProviderTest\testTestUserForCreation(), and MediaWiki\Auth\LegacyHookPreAuthenticationProviderTest\testTestUserForCreation().
| const MediaWiki\Auth\AuthManager::SEC_FAIL = 'fail' |
Security-sensitive should not be performed.
Definition at line 71 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManagerTest\testSecuritySensitiveOperationStatus().
| const MediaWiki\Auth\AuthManager::SEC_OK = 'ok' |
Security-sensitive operations are ok.
Definition at line 67 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManagerTest\testSecuritySensitiveOperationStatus().
| const MediaWiki\Auth\AuthManager::SEC_REAUTH = 'reauth' |
Security-sensitive operations should re-authenticate.
Definition at line 69 of file AuthManager.php.
Referenced by MediaWiki\Auth\AuthManagerTest\testSecuritySensitiveOperationStatus().
The documentation for this class was generated from the following file:
- includes/auth/AuthManager.php
