* @return bool
*/
public function submit() {
+ global $wgPasswordPolicy;
+
$retVal = true;
$this->parent->setVarsFromRequest( array( 'wgSitename', '_NamespaceType',
'_AdminName', '_AdminPassword', '_AdminPasswordConfirm', '_AdminEmail',
$pwd = $this->getVar( '_AdminPassword' );
$user = User::newFromName( $cname );
if ( $user ) {
- $valid = $user->getPasswordValidity( $pwd );
+ $upp = new UserPasswordPolicy(
+ $wgPasswordPolicy['policies'],
+ $wgPasswordPolicy['checks']
+ );
+ $status = $upp->checkUserPasswordForGroups(
+ $user,
+ $pwd,
+ array( 'sysop', 'bureaucrat' )
+ );
+ $valid = $status->isGood();
} else {
$valid = 'config-admin-name-invalid';
}
*/
public function checkUserPassword( User $user, $password ) {
$effectivePolicy = $this->getPoliciesForUser( $user );
- $status = Status::newGood();
+ return $this->checkPolicies(
+ $user,
+ $password,
+ $effectivePolicy,
+ $this->policyCheckFunctions
+ );
+ }
+
+ /**
+ * Check if a passwords meets the effective password policy for a User, using a set
+ * of groups they may or may not belong to. This function does not use the DB, so can
+ * be used in the installer.
+ * @param User $user who's policy we are checking
+ * @param string $password the password to check
+ * @param array $groups list of groups to which we assume the user belongs
+ * @return Status error to indicate the password didn't meet the policy, or fatal to
+ * indicate the user shouldn't be allowed to login.
+ */
+ public function checkUserPasswordForGroups( User $user, $password, array $groups ) {
+ $effectivePolicy = self::getPoliciesForGroups(
+ $this->policies,
+ $groups,
+ $this->policies['default']
+ );
+ return $this->checkPolicies(
+ $user,
+ $password,
+ $effectivePolicy,
+ $this->policyCheckFunctions
+ );
+ }
- foreach ( $effectivePolicy as $policy => $value ) {
- if ( !isset( $this->policyCheckFunctions[$policy] ) ) {
+ private function checkPolicies( User $user, $password, $policies, $policyCheckFunctions ) {
+ $status = Status::newGood();
+ foreach ( $policies as $policy => $value ) {
+ if ( !isset( $policyCheckFunctions[$policy] ) ) {
throw new DomainException( 'Invalid password policy config' );
}
$status->merge(
call_user_func(
- $this->policyCheckFunctions[$policy],
+ $policyCheckFunctions[$policy],
$value,
$user,
$password
)
);
}
-
return $status;
}