aboutsummaryrefslogtreecommitdiffstats
path: root/includes/auth/AuthManagerAuthPlugin.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/auth/AuthManagerAuthPlugin.php')
-rw-r--r--includes/auth/AuthManagerAuthPlugin.php251
1 files changed, 251 insertions, 0 deletions
diff --git a/includes/auth/AuthManagerAuthPlugin.php b/includes/auth/AuthManagerAuthPlugin.php
new file mode 100644
index 000000000000..bf1e0215bc8e
--- /dev/null
+++ b/includes/auth/AuthManagerAuthPlugin.php
@@ -0,0 +1,251 @@
+<?php
+/**
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
+ * @file
+ */
+
+namespace MediaWiki\Auth;
+
+use User;
+
+/**
+ * Backwards-compatibility wrapper for AuthManager via $wgAuth
+ * @since 1.27
+ * @deprecated since 1.27
+ */
+class AuthManagerAuthPlugin extends \AuthPlugin {
+ /** @var string|null */
+ protected $domain = null;
+
+ /** @var \\Psr\\Log\\LoggerInterface */
+ protected $logger = null;
+
+ public function __construct() {
+ $this->logger = \MediaWiki\Logger\LoggerFactory::getInstance( 'authentication' );
+ }
+
+ public function userExists( $name ) {
+ return AuthManager::singleton()->userExists( $name );
+ }
+
+ public function authenticate( $username, $password ) {
+ $data = [
+ 'username' => $username,
+ 'password' => $password,
+ ];
+ if ( $this->domain !== null && $this->domain !== '' ) {
+ $data['domain'] = $this->domain;
+ }
+ $reqs = AuthManager::singleton()->getAuthenticationRequests( AuthManager::ACTION_LOGIN );
+ $reqs = AuthenticationRequest::loadRequestsFromSubmission( $reqs, $data );
+
+ $res = AuthManager::singleton()->beginAuthentication( $reqs, 'null:' );
+ switch ( $res->status ) {
+ case AuthenticationResponse::PASS:
+ return true;
+ case AuthenticationResponse::FAIL:
+ // Hope it's not a PreAuthenticationProvider that failed...
+ $msg = $res->message instanceof \Message ? $res->message : new \Message( $res->message );
+ $this->logger->info( __METHOD__ . ': Authentication failed: ' . $msg->plain() );
+ return false;
+ default:
+ throw new \BadMethodCallException(
+ 'AuthManager does not support such simplified authentication'
+ );
+ }
+ }
+
+ public function modifyUITemplate( &$template, &$type ) {
+ // AuthManager does not support direct UI screwing-around-with
+ }
+
+ public function setDomain( $domain ) {
+ $this->domain = $domain;
+ }
+
+ public function getDomain() {
+ if ( isset( $this->domain ) ) {
+ return $this->domain;
+ } else {
+ return 'invaliddomain';
+ }
+ }
+
+ public function validDomain( $domain ) {
+ $domainList = $this->domainList();
+ return $domainList ? in_array( $domain, $domainList, true ) : $domain === '';
+ }
+
+ public function updateUser( &$user ) {
+ \Hooks::run( 'UserLoggedIn', [ $user ] );
+ return true;
+ }
+
+ public function autoCreate() {
+ return true;
+ }
+
+ public function allowPropChange( $prop = '' ) {
+ return AuthManager::singleton()->allowsPropertyChange( $prop );
+ }
+
+ public function allowPasswordChange() {
+ $reqs = AuthManager::singleton()->getAuthenticationRequests( AuthManager::ACTION_CHANGE );
+ foreach ( $reqs as $req ) {
+ if ( $req instanceof PasswordAuthenticationRequest ) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ public function allowSetLocalPassword() {
+ // There should be a PrimaryAuthenticationProvider that does this, if necessary
+ return false;
+ }
+
+ public function setPassword( $user, $password ) {
+ $data = [
+ 'username' => $user->getName(),
+ 'password' => $password,
+ ];
+ if ( $this->domain !== null && $this->domain !== '' ) {
+ $data['domain'] = $this->domain;
+ }
+ $reqs = AuthManager::singleton()->getAuthenticationRequests( AuthManager::ACTION_CHANGE );
+ $reqs = AuthenticationRequest::loadRequestsFromSubmission( $reqs, $data );
+ foreach ( $reqs as $req ) {
+ $status = AuthManager::singleton()->allowsAuthenticationDataChange( $req );
+ if ( !$status->isOk() ) {
+ $this->logger->info( __METHOD__ . ': Password change rejected: {reason}', [
+ 'username' => $data['username'],
+ 'reason' => $status->getWikiText( null, null, 'en' ),
+ ] );
+ return false;
+ }
+ }
+ foreach ( $reqs as $req ) {
+ AuthManager::singleton()->changeAuthenticationData( $req );
+ }
+ return true;
+ }
+
+ public function updateExternalDB( $user ) {
+ // This fires the necessary hook
+ $user->saveSettings();
+ return true;
+ }
+
+ public function updateExternalDBGroups( $user, $addgroups, $delgroups = [] ) {
+ \Hooks::run( 'UserGroupsChanged', [ $user, $addgroups, $delgroups ] );
+ return true;
+ }
+
+ public function canCreateAccounts() {
+ return AuthManager::singleton()->canCreateAccounts();
+ }
+
+ public function addUser( $user, $password, $email = '', $realname = '' ) {
+ global $wgUser;
+
+ $data = [
+ 'username' => $user->getName(),
+ 'password' => $password,
+ 'retype' => $password,
+ 'email' => $email,
+ 'realname' => $realname,
+ ];
+ if ( $this->domain !== null && $this->domain !== '' ) {
+ $data['domain'] = $this->domain;
+ }
+ $reqs = AuthManager::singleton()->getAuthenticationRequests( AuthManager::ACTION_CREATE );
+ $reqs = AuthenticationRequest::loadRequestsFromSubmission( $reqs, $data );
+
+ $res = AuthManager::singleton()->beginAccountCreation( $wgUser, $reqs, 'null:' );
+ switch ( $res->status ) {
+ case AuthenticationResponse::PASS:
+ return true;
+ case AuthenticationResponse::FAIL:
+ // Hope it's not a PreAuthenticationProvider that failed...
+ $msg = $res->message instanceof \Message ? $res->message : new \Message( $res->message );
+ $this->logger->info( __METHOD__ . ': Authentication failed: ' . $msg->plain() );
+ return false;
+ default:
+ throw new \BadMethodCallException(
+ 'AuthManager does not support such simplified account creation'
+ );
+ }
+ }
+
+ public function strict() {
+ // There should be a PrimaryAuthenticationProvider that does this, if necessary
+ return true;
+ }
+
+ public function strictUserAuth( $username ) {
+ // There should be a PrimaryAuthenticationProvider that does this, if necessary
+ return true;
+ }
+
+ public function initUser( &$user, $autocreate = false ) {
+ \Hooks::run( 'LocalUserCreated', [ $user, $autocreate ] );
+ }
+
+ public function getCanonicalName( $username ) {
+ // AuthManager doesn't support restrictions beyond MediaWiki's
+ return $username;
+ }
+
+ public function getUserInstance( User &$user ) {
+ return new AuthManagerAuthPluginUser( $user );
+ }
+
+ public function domainList() {
+ return [];
+ }
+}
+
+/**
+ * @since 1.27
+ * @deprecated since 1.27
+ */
+class AuthManagerAuthPluginUser extends \AuthPluginUser {
+ /** @var User */
+ private $user;
+
+ function __construct( $user ) {
+ $this->user = $user;
+ }
+
+ public function getId() {
+ return $this->user->getId();
+ }
+
+ public function isLocked() {
+ return $this->user->isLocked();
+ }
+
+ public function isHidden() {
+ return $this->user->isHidden();
+ }
+
+ public function resetAuthToken() {
+ \MediaWiki\Session\SessionManager::singleton()->invalidateSessionsForUser( $this->user );
+ return true;
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-25 12:17:18 +0000