3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License as published by
5 * the Free Software Foundation; either version 2 of the License, or
6 * (at your option) any later version.
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
13 * You should have received a copy of the GNU General Public License along
14 * with this program; if not, write to the Free Software Foundation, Inc.,
15 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 * http://www.gnu.org/copyleft/gpl.html
21 namespace MediaWiki\Auth
;
23 use Psr\Log\LoggerInterface
;
27 * Backwards-compatibility wrapper for AuthManager via $wgAuth
29 * @deprecated since 1.27
31 class AuthManagerAuthPlugin
extends \AuthPlugin
{
32 /** @var string|null */
33 protected $domain = null;
35 /** @var LoggerInterface */
36 protected $logger = null;
38 public function __construct() {
39 $this->logger
= \MediaWiki\Logger\LoggerFactory
::getInstance( 'authentication' );
42 public function userExists( $name ) {
43 return AuthManager
::singleton()->userExists( $name );
46 public function authenticate( $username, $password ) {
48 'username' => $username,
49 'password' => $password,
51 if ( $this->domain
!== null && $this->domain
!== '' ) {
52 $data['domain'] = $this->domain
;
54 $reqs = AuthManager
::singleton()->getAuthenticationRequests( AuthManager
::ACTION_LOGIN
);
55 $reqs = AuthenticationRequest
::loadRequestsFromSubmission( $reqs, $data );
57 $res = AuthManager
::singleton()->beginAuthentication( $reqs, 'null:' );
58 switch ( $res->status
) {
59 case AuthenticationResponse
::PASS
:
61 case AuthenticationResponse
::FAIL
:
62 // Hope it's not a PreAuthenticationProvider that failed...
63 $msg = $res->message
instanceof \Message ?
$res->message
: new \
Message( $res->message
);
64 $this->logger
->info( __METHOD__
. ': Authentication failed: ' . $msg->plain() );
67 throw new \
BadMethodCallException(
68 'AuthManager does not support such simplified authentication'
73 public function modifyUITemplate( &$template, &$type ) {
74 // AuthManager does not support direct UI screwing-around-with
77 public function setDomain( $domain ) {
78 $this->domain
= $domain;
81 public function getDomain() {
82 if ( isset( $this->domain
) ) {
85 return 'invaliddomain';
89 public function validDomain( $domain ) {
90 $domainList = $this->domainList();
91 return $domainList ?
in_array( $domain, $domainList, true ) : $domain === '';
94 public function updateUser( &$user ) {
95 \Hooks
::run( 'UserLoggedIn', [ $user ] );
99 public function autoCreate() {
103 public function allowPropChange( $prop = '' ) {
104 return AuthManager
::singleton()->allowsPropertyChange( $prop );
107 public function allowPasswordChange() {
108 $reqs = AuthManager
::singleton()->getAuthenticationRequests( AuthManager
::ACTION_CHANGE
);
109 foreach ( $reqs as $req ) {
110 if ( $req instanceof PasswordAuthenticationRequest
) {
118 public function allowSetLocalPassword() {
119 // There should be a PrimaryAuthenticationProvider that does this, if necessary
123 public function setPassword( $user, $password ) {
125 'username' => $user->getName(),
126 'password' => $password,
128 if ( $this->domain
!== null && $this->domain
!== '' ) {
129 $data['domain'] = $this->domain
;
131 $reqs = AuthManager
::singleton()->getAuthenticationRequests( AuthManager
::ACTION_CHANGE
);
132 $reqs = AuthenticationRequest
::loadRequestsFromSubmission( $reqs, $data );
133 foreach ( $reqs as $req ) {
134 $status = AuthManager
::singleton()->allowsAuthenticationDataChange( $req );
135 if ( !$status->isGood() ) {
136 $this->logger
->info( __METHOD__
. ': Password change rejected: {reason}', [
137 'username' => $data['username'],
138 'reason' => $status->getWikiText( null, null, 'en' ),
143 foreach ( $reqs as $req ) {
144 AuthManager
::singleton()->changeAuthenticationData( $req );
149 public function updateExternalDB( $user ) {
150 // This fires the necessary hook
151 $user->saveSettings();
155 public function updateExternalDBGroups( $user, $addgroups, $delgroups = [] ) {
156 throw new \
BadMethodCallException(
157 'Update of user groups via AuthPlugin is not supported with AuthManager.'
161 public function canCreateAccounts() {
162 return AuthManager
::singleton()->canCreateAccounts();
165 public function addUser( $user, $password, $email = '', $realname = '' ) {
166 throw new \
BadMethodCallException(
167 'Creation of users via AuthPlugin is not supported with '
168 . 'AuthManager. Generally, user creation should be left to either '
169 . 'Special:CreateAccount, auto-creation when triggered by a '
170 . 'SessionProvider or PrimaryAuthenticationProvider, or '
171 . 'User::newSystemUser().'
175 public function strict() {
176 // There should be a PrimaryAuthenticationProvider that does this, if necessary
180 public function strictUserAuth( $username ) {
181 // There should be a PrimaryAuthenticationProvider that does this, if necessary
185 public function initUser( &$user, $autocreate = false ) {
186 \Hooks
::run( 'LocalUserCreated', [ $user, $autocreate ] );
189 public function getCanonicalName( $username ) {
190 // AuthManager doesn't support restrictions beyond MediaWiki's
194 public function getUserInstance( User
&$user ) {
195 return new AuthManagerAuthPluginUser( $user );
198 public function domainList() {
205 * @deprecated since 1.27
207 class AuthManagerAuthPluginUser
extends \AuthPluginUser
{
211 function __construct( $user ) {
215 public function getId() {
216 return $this->user
->getId();
219 public function isLocked() {
220 return $this->user
->isLocked();
223 public function isHidden() {
224 return $this->user
->isHidden();
227 public function resetAuthToken() {
228 \MediaWiki\Session\SessionManager
::singleton()->invalidateSessionsForUser( $this->user
);