|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* This program is free software; you can redistribute it and/or modify |
|
4
|
|
|
* it under the terms of the GNU General Public License as published by |
|
5
|
|
|
* the Free Software Foundation; either version 2 of the License, or |
|
6
|
|
|
* (at your option) any later version. |
|
7
|
|
|
* |
|
8
|
|
|
* This program is distributed in the hope that it will be useful, |
|
9
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
10
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
11
|
|
|
* GNU General Public License for more details. |
|
12
|
|
|
* |
|
13
|
|
|
* You should have received a copy of the GNU General Public License along |
|
14
|
|
|
* with this program; if not, write to the Free Software Foundation, Inc., |
|
15
|
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
16
|
|
|
* http://www.gnu.org/copyleft/gpl.html |
|
17
|
|
|
* |
|
18
|
|
|
* @file |
|
19
|
|
|
*/ |
|
20
|
|
|
|
|
21
|
|
|
namespace MediaWiki\Auth; |
|
22
|
|
|
|
|
23
|
|
|
use User; |
|
24
|
|
|
|
|
25
|
|
|
/** |
|
26
|
|
|
* Backwards-compatibility wrapper for AuthManager via $wgAuth |
|
27
|
|
|
* @since 1.27 |
|
28
|
|
|
* @deprecated since 1.27 |
|
29
|
|
|
*/ |
|
30
|
|
|
class AuthManagerAuthPlugin extends \AuthPlugin { |
|
|
|
|
|
|
31
|
|
|
/** @var string|null */ |
|
32
|
|
|
protected $domain = null; |
|
33
|
|
|
|
|
34
|
|
|
/** @var \\Psr\\Log\\LoggerInterface */ |
|
35
|
|
|
protected $logger = null; |
|
36
|
|
|
|
|
37
|
|
|
public function __construct() { |
|
38
|
|
|
$this->logger = \MediaWiki\Logger\LoggerFactory::getInstance( 'authentication' ); |
|
|
|
|
|
|
39
|
|
|
} |
|
40
|
|
|
|
|
41
|
|
|
public function userExists( $name ) { |
|
42
|
|
|
return AuthManager::singleton()->userExists( $name ); |
|
43
|
|
|
} |
|
44
|
|
|
|
|
45
|
|
|
public function authenticate( $username, $password ) { |
|
46
|
|
|
$data = [ |
|
47
|
|
|
'username' => $username, |
|
48
|
|
|
'password' => $password, |
|
49
|
|
|
]; |
|
50
|
|
View Code Duplication |
if ( $this->domain !== null && $this->domain !== '' ) { |
|
51
|
|
|
$data['domain'] = $this->domain; |
|
52
|
|
|
} |
|
53
|
|
|
$reqs = AuthManager::singleton()->getAuthenticationRequests( AuthManager::ACTION_LOGIN ); |
|
54
|
|
|
$reqs = AuthenticationRequest::loadRequestsFromSubmission( $reqs, $data ); |
|
55
|
|
|
|
|
56
|
|
|
$res = AuthManager::singleton()->beginAuthentication( $reqs, 'null:' ); |
|
57
|
|
|
switch ( $res->status ) { |
|
58
|
|
|
case AuthenticationResponse::PASS: |
|
59
|
|
|
return true; |
|
60
|
|
|
case AuthenticationResponse::FAIL: |
|
61
|
|
|
// Hope it's not a PreAuthenticationProvider that failed... |
|
62
|
|
|
$msg = $res->message instanceof \Message ? $res->message : new \Message( $res->message ); |
|
63
|
|
|
$this->logger->info( __METHOD__ . ': Authentication failed: ' . $msg->plain() ); |
|
64
|
|
|
return false; |
|
65
|
|
|
default: |
|
66
|
|
|
throw new \BadMethodCallException( |
|
67
|
|
|
'AuthManager does not support such simplified authentication' |
|
68
|
|
|
); |
|
69
|
|
|
} |
|
70
|
|
|
} |
|
71
|
|
|
|
|
72
|
|
|
public function modifyUITemplate( &$template, &$type ) { |
|
73
|
|
|
// AuthManager does not support direct UI screwing-around-with |
|
74
|
|
|
} |
|
75
|
|
|
|
|
76
|
|
|
public function setDomain( $domain ) { |
|
77
|
|
|
$this->domain = $domain; |
|
78
|
|
|
} |
|
79
|
|
|
|
|
80
|
|
|
public function getDomain() { |
|
81
|
|
|
if ( isset( $this->domain ) ) { |
|
82
|
|
|
return $this->domain; |
|
83
|
|
|
} else { |
|
84
|
|
|
return 'invaliddomain'; |
|
85
|
|
|
} |
|
86
|
|
|
} |
|
87
|
|
|
|
|
88
|
|
|
public function validDomain( $domain ) { |
|
89
|
|
|
$domainList = $this->domainList(); |
|
90
|
|
|
return $domainList ? in_array( $domain, $domainList, true ) : $domain === ''; |
|
91
|
|
|
} |
|
92
|
|
|
|
|
93
|
|
|
public function updateUser( &$user ) { |
|
94
|
|
|
\Hooks::run( 'UserLoggedIn', [ $user ] ); |
|
95
|
|
|
return true; |
|
96
|
|
|
} |
|
97
|
|
|
|
|
98
|
|
|
public function autoCreate() { |
|
99
|
|
|
return true; |
|
100
|
|
|
} |
|
101
|
|
|
|
|
102
|
|
|
public function allowPropChange( $prop = '' ) { |
|
103
|
|
|
return AuthManager::singleton()->allowsPropertyChange( $prop ); |
|
104
|
|
|
} |
|
105
|
|
|
|
|
106
|
|
|
public function allowPasswordChange() { |
|
107
|
|
|
$reqs = AuthManager::singleton()->getAuthenticationRequests( AuthManager::ACTION_CHANGE ); |
|
108
|
|
|
foreach ( $reqs as $req ) { |
|
109
|
|
|
if ( $req instanceof PasswordAuthenticationRequest ) { |
|
110
|
|
|
return true; |
|
111
|
|
|
} |
|
112
|
|
|
} |
|
113
|
|
|
|
|
114
|
|
|
return false; |
|
115
|
|
|
} |
|
116
|
|
|
|
|
117
|
|
|
public function allowSetLocalPassword() { |
|
118
|
|
|
// There should be a PrimaryAuthenticationProvider that does this, if necessary |
|
119
|
|
|
return false; |
|
120
|
|
|
} |
|
121
|
|
|
|
|
122
|
|
|
public function setPassword( $user, $password ) { |
|
123
|
|
|
$data = [ |
|
124
|
|
|
'username' => $user->getName(), |
|
125
|
|
|
'password' => $password, |
|
126
|
|
|
]; |
|
127
|
|
View Code Duplication |
if ( $this->domain !== null && $this->domain !== '' ) { |
|
128
|
|
|
$data['domain'] = $this->domain; |
|
129
|
|
|
} |
|
130
|
|
|
$reqs = AuthManager::singleton()->getAuthenticationRequests( AuthManager::ACTION_CHANGE ); |
|
131
|
|
|
$reqs = AuthenticationRequest::loadRequestsFromSubmission( $reqs, $data ); |
|
132
|
|
|
foreach ( $reqs as $req ) { |
|
133
|
|
|
$status = AuthManager::singleton()->allowsAuthenticationDataChange( $req ); |
|
134
|
|
|
if ( !$status->isGood() ) { |
|
135
|
|
|
$this->logger->info( __METHOD__ . ': Password change rejected: {reason}', [ |
|
136
|
|
|
'username' => $data['username'], |
|
137
|
|
|
'reason' => $status->getWikiText( null, null, 'en' ), |
|
138
|
|
|
] ); |
|
139
|
|
|
return false; |
|
140
|
|
|
} |
|
141
|
|
|
} |
|
142
|
|
|
foreach ( $reqs as $req ) { |
|
143
|
|
|
AuthManager::singleton()->changeAuthenticationData( $req ); |
|
144
|
|
|
} |
|
145
|
|
|
return true; |
|
146
|
|
|
} |
|
147
|
|
|
|
|
148
|
|
|
public function updateExternalDB( $user ) { |
|
149
|
|
|
// This fires the necessary hook |
|
150
|
|
|
$user->saveSettings(); |
|
151
|
|
|
return true; |
|
152
|
|
|
} |
|
153
|
|
|
|
|
154
|
|
|
public function updateExternalDBGroups( $user, $addgroups, $delgroups = [] ) { |
|
155
|
|
|
\Hooks::run( 'UserGroupsChanged', [ $user, $addgroups, $delgroups ] ); |
|
156
|
|
|
return true; |
|
157
|
|
|
} |
|
158
|
|
|
|
|
159
|
|
|
public function canCreateAccounts() { |
|
160
|
|
|
return AuthManager::singleton()->canCreateAccounts(); |
|
161
|
|
|
} |
|
162
|
|
|
|
|
163
|
|
|
public function addUser( $user, $password, $email = '', $realname = '' ) { |
|
164
|
|
|
throw new \BadMethodCallException( |
|
165
|
|
|
'Creation of users via AuthPlugin is not supported with ' |
|
166
|
|
|
. 'AuthManager. Generally, user creation should be left to either ' |
|
167
|
|
|
. 'Special:CreateAccount, auto-creation when triggered by a ' |
|
168
|
|
|
. 'SessionProvider or PrimaryAuthenticationProvider, or ' |
|
169
|
|
|
. 'User::newSystemUser().' |
|
170
|
|
|
); |
|
171
|
|
|
} |
|
172
|
|
|
|
|
173
|
|
|
public function strict() { |
|
174
|
|
|
// There should be a PrimaryAuthenticationProvider that does this, if necessary |
|
175
|
|
|
return true; |
|
176
|
|
|
} |
|
177
|
|
|
|
|
178
|
|
|
public function strictUserAuth( $username ) { |
|
179
|
|
|
// There should be a PrimaryAuthenticationProvider that does this, if necessary |
|
180
|
|
|
return true; |
|
181
|
|
|
} |
|
182
|
|
|
|
|
183
|
|
|
public function initUser( &$user, $autocreate = false ) { |
|
184
|
|
|
\Hooks::run( 'LocalUserCreated', [ $user, $autocreate ] ); |
|
185
|
|
|
} |
|
186
|
|
|
|
|
187
|
|
|
public function getCanonicalName( $username ) { |
|
188
|
|
|
// AuthManager doesn't support restrictions beyond MediaWiki's |
|
189
|
|
|
return $username; |
|
190
|
|
|
} |
|
191
|
|
|
|
|
192
|
|
|
public function getUserInstance( User &$user ) { |
|
193
|
|
|
return new AuthManagerAuthPluginUser( $user ); |
|
|
|
|
|
|
194
|
|
|
} |
|
195
|
|
|
|
|
196
|
|
|
public function domainList() { |
|
197
|
|
|
return []; |
|
198
|
|
|
} |
|
199
|
|
|
} |
|
200
|
|
|
|
|
201
|
|
|
/** |
|
202
|
|
|
* @since 1.27 |
|
203
|
|
|
* @deprecated since 1.27 |
|
204
|
|
|
*/ |
|
205
|
|
|
class AuthManagerAuthPluginUser extends \AuthPluginUser { |
|
|
|
|
|
|
206
|
|
|
/** @var User */ |
|
207
|
|
|
private $user; |
|
208
|
|
|
|
|
209
|
|
|
function __construct( $user ) { |
|
210
|
|
|
$this->user = $user; |
|
211
|
|
|
} |
|
212
|
|
|
|
|
213
|
|
|
public function getId() { |
|
214
|
|
|
return $this->user->getId(); |
|
215
|
|
|
} |
|
216
|
|
|
|
|
217
|
|
|
public function isLocked() { |
|
218
|
|
|
return $this->user->isLocked(); |
|
219
|
|
|
} |
|
220
|
|
|
|
|
221
|
|
|
public function isHidden() { |
|
222
|
|
|
return $this->user->isHidden(); |
|
223
|
|
|
} |
|
224
|
|
|
|
|
225
|
|
|
public function resetAuthToken() { |
|
226
|
|
|
\MediaWiki\Session\SessionManager::singleton()->invalidateSessionsForUser( $this->user ); |
|
227
|
|
|
return true; |
|
228
|
|
|
} |
|
229
|
|
|
} |
|
230
|
|
|
|
wikimedia /
mediawiki
Loading history...
This class, trait or interface has been deprecated. The supplier of the file has supplied an explanatory message.
The explanatory message should give you some clue as to whether and when the type will be removed from the class and what other constant to use instead.