* indicate the user shouldn't be allowed to login. The status value will be an array,
* potentially with the following keys:
* - forceChange: do not allow the user to login without changing the password if invalid.
+ * - suggestChangeOnLogin: prompt for a password change on login if the password is invalid.
*/
public function checkUserPassword( User $user, $password ) {
$effectivePolicy = $this->getPoliciesForUser( $user );
* indicate the user shouldn't be allowed to login. The status value will be an array,
* potentially with the following keys:
* - forceChange: do not allow the user to login without changing the password if invalid.
+ * - suggestChangeOnLogin: prompt for a password change on login if the password is invalid.
*/
public function checkUserPasswordForGroups( User $user, $password, array $groups ) {
$effectivePolicy = self::getPoliciesForGroups(
private function checkPolicies( User $user, $password, $policies, $policyCheckFunctions ) {
$status = Status::newGood( [] );
$forceChange = false;
+ $suggestChangeOnLogin = false;
foreach ( $policies as $policy => $settings ) {
if ( !isset( $policyCheckFunctions[$policy] ) ) {
throw new DomainException( "Invalid password policy config. No check defined for '$policy'." );
$user,
$password
);
- if ( !$policyStatus->isGood() && !empty( $settings['forceChange'] ) ) {
- $forceChange = true;
+
+ if ( !$policyStatus->isGood() ) {
+ if ( !empty( $settings['forceChange'] ) ) {
+ $forceChange = true;
+ }
+
+ if ( !empty( $settings['suggestChangeOnLogin'] ) ) {
+ $suggestChangeOnLogin = true;
+ }
}
$status->merge( $policyStatus );
}
- if ( $status->isOK() && $forceChange ) {
- $status->value['forceChange'] = true;
+
+ if ( $status->isOK() ) {
+ if ( $forceChange ) {
+ $status->value['forceChange'] = true;
+ } elseif ( $suggestChangeOnLogin ) {
+ $status->value['suggestChangeOnLogin'] = true;
+ }
}
+
return $status;
}
dépôts / lhc / web / wiklou.git / blobdiff