-
Notifications
You must be signed in to change notification settings - Fork 18
/
ForumAuthManager.php
113 lines (106 loc) · 3.36 KB
/
ForumAuthManager.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
<?php
/**
* Forum SSO Provider for MediaWiki
*
* @package ForumAuthManager
* @author Simple Machines https://www.simplemachines.org
* @author SleePy ([email protected])
* @author Vekseid ([email protected])
* @copyright 2022 Simple Machines
* @license BSD https://opensource.org/licenses/BSD-3-Clause
* (See LICENCE.md file)
*
*/
/**
* This extends MediaWiki's ForumAuthManager and prevents changes to selected fields now
* managed by the SSO provider.
*
* @class ForumAuthManager
* @parent \MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider
* @access public
*/
class ForumAuthManager extends \MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider
{
/**
* @param array $params
* - emailEnabled: (bool) must be true for the option to email passwords to be present
* - newPasswordExpiry: (int) expiraton time of temporary passwords, in seconds
* - passwordReminderResendTime: (int) cooldown period in hours until a password reminder can
* be sent to the same user again
*/
public function __construct( /*array*/ $params = [] ) {
$loadBalancer = \MediaWiki\MediaWikiServices::getInstance()->getDBLoadBalancerFactory();
$userOptionsLookup = \MediaWiki\MediaWikiServices::getInstance()->getUserOptionsLookup();
parent::__construct( $loadBalancer, $userOptionsLookup, $params );
}
/**
* @deprecated since 1.37. For extension-defined authentication providers
* that were using this method to trigger other work, please override
* AbstractAuthenticationProvider::postInitSetup instead. If your extension
* was using this to explicitly change the Config of an existing
* AuthenticationProvider object, please file a report on phabricator -
* there is no non-deprecated way to do this anymore.
* @param Config $config
*/
public function setConfig( \Config $config )
{
parent::setConfig( $config );
}
/**
* Get password reset data, if any
*
* @stable to override
* @param string $username
* @param \stdClass|null $data
* @return \stdClass|null { 'hard' => bool, 'msg' => Message }
*/
protected function getPasswordResetData( /*string */ $username, $data ): bool
{
return false;
}
/**
* @param string $action
* @param array $options
*
* @return array
*/
public function getAuthenticationRequests( $action, array $options ): array
{
return [];
}
/*
* This is implanted just to disable password changes.
* Return StatusValue::newGood( 'ignored' ) if you don't support this
* AuthenticationRequest type.
*
* @param AuthenticationRequest $req
* @param bool $checkData If false, $req hasn't been loaded from the
* submission so checks on user-submitted fields should be skipped.
* $req->username is considered user-submitted for this purpose, even
* if it cannot be changed via $req->loadFromSubmission.
* @return StatusValue
*/
public function providerAllowsAuthenticationDataChange(
\MediaWiki\Auth\AuthenticationRequest $req, /*bool*/ $checkData = true
)
{
$rest = \StatusValue::newGood();
$rest->setOK(false);
return $rest;
}
/*
* This one disables any other properties we need to block
* @see AuthManager::allowsPropertyChange()
* @param string $property
* @return bool
*/
public function providerAllowsPropertyChange( /*string*/ $property ): bool
{
if (in_array($property, array(
'realname',
'emailaddress'
)))
return false;
return true;
}
}