'PasswordPoliciesForUser': Alter the effective password policy for a user.
$user: User object whose policy you are modifying
&$effectivePolicy: Array of policy statements that apply to this user
+$purpose: string indicating purpose of the check, one of 'login', 'create',
+ or 'reset'
'PerformRetroactiveAutoblock': Called before a retroactive autoblock is applied
to a user.
* able to set their password to this.
*
* @param string $password Desired password
+ * @param string $purpose one of 'login', 'create', 'reset'
* @return Status
* @since 1.23
*/
- public function checkPasswordValidity( $password ) {
+ public function checkPasswordValidity( $password, $purpose = 'login' ) {
global $wgPasswordPolicy;
$upp = new UserPasswordPolicy(
}
if ( $result === false ) {
- $status->merge( $upp->checkUserPassword( $this, $password ) );
+ $status->merge( $upp->checkUserPassword( $this, $password, $purpose ) );
return $status;
} elseif ( $result === true ) {
return $status;
$pwd = $this->getVar( '_AdminPassword' );
$user = User::newFromName( $cname );
if ( $user ) {
- $upp = new UserPasswordPolicy(
- $wgPasswordPolicy['policies'],
- $wgPasswordPolicy['checks']
- );
- $status = $upp->checkUserPasswordForGroups(
- $user,
- $pwd,
- array( 'sysop', 'bureaucrat' )
- );
- $valid = $status->isGood();
+ $status = $user->checkPasswordValidity( $pwd, 'create' );
+ $valid = $status->isGood() ? true : $status->getMessage()->escaped();
} else {
$valid = 'config-admin-name-invalid';
}
* Check if a passwords meets the effective password policy for a User.
* @param User $user who's policy we are checking
* @param string $password the password to check
+ * @param string $purpose one of 'login', 'create', 'reset'
* @return Status error to indicate the password didn't meet the policy, or fatal to
* indicate the user shouldn't be allowed to login.
*/
- public function checkUserPassword( User $user, $password ) {
- $effectivePolicy = $this->getPoliciesForUser( $user );
+ public function checkUserPassword( User $user, $password, $purpose = 'login' ) {
+ $effectivePolicy = $this->getPoliciesForUser( $user, $purpose );
return $this->checkPolicies(
$user,
$password,
* Get the policy for a user, based on their group membership. Public so
* UI elements can access and inform the user.
* @param User $user
+ * @param string $purpose one of 'login', 'create', 'reset'
* @return array the effective policy for $user
*/
- public function getPoliciesForUser( User $user ) {
- $effectivePolicy = self::getPoliciesForGroups(
- $this->policies,
- $user->getEffectiveGroups(),
- $this->policies['default']
- );
+ public function getPoliciesForUser( User $user, $purpose = 'login' ) {
+ $effectivePolicy = $this->policies['default'];
+ if ( $purpose !== 'create' ) {
+ $effectivePolicy = self::getPoliciesForGroups(
+ $this->policies,
+ $user->getEffectiveGroups(),
+ $this->policies['default']
+ );
+ }
- Hooks::run( 'PasswordPoliciesForUser', array( $user, &$effectivePolicy ) );
+ Hooks::run( 'PasswordPoliciesForUser', array( $user, &$effectivePolicy, $purpose ) );
return $effectivePolicy;
}
}
# check for password validity, return a fatal Status if invalid
- $validity = $u->checkPasswordValidity( $this->mPassword );
+ $validity = $u->checkPasswordValidity( $this->mPassword, 'create' );
if ( !$validity->isGood() ) {
$validity->ok = false; // make sure this Status is fatal
return $validity;
} elseif ( $wgInvalidPasswordReset
&& !$user->isValidPassword( $this->mPassword )
) {
- $status = $user->checkPasswordValidity( $this->mPassword );
+ $status = $user->checkPasswordValidity(
+ $this->mPassword,
+ 'login'
+ );
$this->resetLoginForm(
$status->getMessage( 'resetpass-validity-soft' )
);