dépôts
/
lhc
/
web
/
wiklou.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge "Add namespace restrictions to `meta=siteinfo&siprop=namespaces` API result"
[lhc/web/wiklou.git]
/
includes
/
password
/
UserPasswordPolicy.php
diff --git
a/includes/password/UserPasswordPolicy.php
b/includes/password/UserPasswordPolicy.php
index
c61c795
..
79a5539
100644
(file)
--- a/
includes/password/UserPasswordPolicy.php
+++ b/
includes/password/UserPasswordPolicy.php
@@
-71,6
+71,7
@@
class UserPasswordPolicy {
* indicate the user shouldn't be allowed to login. The status value will be an array,
* potentially with the following keys:
* - forceChange: do not allow the user to login without changing the password if invalid.
* indicate the user shouldn't be allowed to login. The status value will be an array,
* potentially with the following keys:
* - forceChange: do not allow the user to login without changing the password if invalid.
+ * - suggestChangeOnLogin: prompt for a password change on login if the password is invalid.
*/
public function checkUserPassword( User $user, $password ) {
$effectivePolicy = $this->getPoliciesForUser( $user );
*/
public function checkUserPassword( User $user, $password ) {
$effectivePolicy = $this->getPoliciesForUser( $user );
@@
-93,6
+94,7
@@
class UserPasswordPolicy {
* indicate the user shouldn't be allowed to login. The status value will be an array,
* potentially with the following keys:
* - forceChange: do not allow the user to login without changing the password if invalid.
* indicate the user shouldn't be allowed to login. The status value will be an array,
* potentially with the following keys:
* - forceChange: do not allow the user to login without changing the password if invalid.
+ * - suggestChangeOnLogin: prompt for a password change on login if the password is invalid.
*/
public function checkUserPasswordForGroups( User $user, $password, array $groups ) {
$effectivePolicy = self::getPoliciesForGroups(
*/
public function checkUserPasswordForGroups( User $user, $password, array $groups ) {
$effectivePolicy = self::getPoliciesForGroups(
@@
-118,6
+120,7
@@
class UserPasswordPolicy {
private function checkPolicies( User $user, $password, $policies, $policyCheckFunctions ) {
$status = Status::newGood( [] );
$forceChange = false;
private function checkPolicies( User $user, $password, $policies, $policyCheckFunctions ) {
$status = Status::newGood( [] );
$forceChange = false;
+ $suggestChangeOnLogin = false;
foreach ( $policies as $policy => $settings ) {
if ( !isset( $policyCheckFunctions[$policy] ) ) {
throw new DomainException( "Invalid password policy config. No check defined for '$policy'." );
foreach ( $policies as $policy => $settings ) {
if ( !isset( $policyCheckFunctions[$policy] ) ) {
throw new DomainException( "Invalid password policy config. No check defined for '$policy'." );
@@
-137,14
+140,27
@@
class UserPasswordPolicy {
$user,
$password
);
$user,
$password
);
- if ( !$policyStatus->isGood() && !empty( $settings['forceChange'] ) ) {
- $forceChange = true;
+
+ if ( !$policyStatus->isGood() ) {
+ if ( !empty( $settings['forceChange'] ) ) {
+ $forceChange = true;
+ }
+
+ if ( !empty( $settings['suggestChangeOnLogin'] ) ) {
+ $suggestChangeOnLogin = true;
+ }
}
$status->merge( $policyStatus );
}
}
$status->merge( $policyStatus );
}
- if ( $status->isOK() && $forceChange ) {
- $status->value['forceChange'] = true;
+
+ if ( $status->isOK() ) {
+ if ( $forceChange ) {
+ $status->value['forceChange'] = true;
+ } elseif ( $suggestChangeOnLogin ) {
+ $status->value['suggestChangeOnLogin'] = true;
+ }
}
}
+
return $status;
}
return $status;
}