* Check if a passwords meets the effective password policy for a User.
* @param User $user who's policy we are checking
* @param string $password the password to check
+ * @param string $purpose one of 'login', 'create', 'reset'
* @return Status error to indicate the password didn't meet the policy, or fatal to
* indicate the user shouldn't be allowed to login.
*/
- public function checkUserPassword( User $user, $password ) {
- $effectivePolicy = $this->getPoliciesForUser( $user );
- $status = Status::newGood();
+ public function checkUserPassword( User $user, $password, $purpose = 'login' ) {
+ $effectivePolicy = $this->getPoliciesForUser( $user, $purpose );
+ return $this->checkPolicies(
+ $user,
+ $password,
+ $effectivePolicy,
+ $this->policyCheckFunctions
+ );
+ }
+
+ /**
+ * Check if a passwords meets the effective password policy for a User, using a set
+ * of groups they may or may not belong to. This function does not use the DB, so can
+ * be used in the installer.
+ * @param User $user who's policy we are checking
+ * @param string $password the password to check
+ * @param array $groups list of groups to which we assume the user belongs
+ * @return Status error to indicate the password didn't meet the policy, or fatal to
+ * indicate the user shouldn't be allowed to login.
+ */
+ public function checkUserPasswordForGroups( User $user, $password, array $groups ) {
+ $effectivePolicy = self::getPoliciesForGroups(
+ $this->policies,
+ $groups,
+ $this->policies['default']
+ );
+ return $this->checkPolicies(
+ $user,
+ $password,
+ $effectivePolicy,
+ $this->policyCheckFunctions
+ );
+ }
- foreach ( $effectivePolicy as $policy => $value ) {
- if ( !isset( $this->policyCheckFunctions[$policy] ) ) {
+ private function checkPolicies( User $user, $password, $policies, $policyCheckFunctions ) {
+ $status = Status::newGood();
+ foreach ( $policies as $policy => $value ) {
+ if ( !isset( $policyCheckFunctions[$policy] ) ) {
throw new DomainException( 'Invalid password policy config' );
}
$status->merge(
call_user_func(
- $this->policyCheckFunctions[$policy],
+ $policyCheckFunctions[$policy],
$value,
$user,
$password
)
);
}
-
return $status;
}
* Get the policy for a user, based on their group membership. Public so
* UI elements can access and inform the user.
* @param User $user
+ * @param string $purpose one of 'login', 'create', 'reset'
* @return array the effective policy for $user
*/
- public function getPoliciesForUser( User $user ) {
- $effectivePolicy = self::getPoliciesForGroups(
- $this->policies,
- $user->getEffectiveGroups(),
- $this->policies['default']
- );
+ public function getPoliciesForUser( User $user, $purpose = 'login' ) {
+ $effectivePolicy = $this->policies['default'];
+ if ( $purpose !== 'create' ) {
+ $effectivePolicy = self::getPoliciesForGroups(
+ $this->policies,
+ $user->getEffectiveGroups(),
+ $this->policies['default']
+ );
+ }
- Hooks::run( 'PasswordPoliciesForUser', array( $user, &$effectivePolicy ) );
+ Hooks::run( 'PasswordPoliciesForUser', array( $user, &$effectivePolicy, $purpose ) );
return $effectivePolicy;
}
dépôts / lhc / web / wiklou.git / blobdiff