| blob | d57adb8e152b01ab598144fbcc2054455c49ee35 |
1 <?php
2 /**
3 * Password policy checking for a user
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
23 /**
24 * Check if a user's password complies with any password policies that apply to that
25 * user, based on the user's group membership.
26 * @since 1.26
27 */
30 /**
31 * @var array
32 */
35 /**
36 * Mapping of statements to the function that will test the password for compliance. The
37 * checking functions take the policy value, the user, and password, and return a Status
38 * object indicating compliance.
39 * @var array
40 */
43 /**
44 * @param array $policies
45 * @param array $checks mapping statement to its checking function. Checking functions are
46 * called with the policy value for this user, the user object, and the password to check.
47 */
52 );
53 }
60 );
61 }
63 }
64 }
66 /**
67 * Check if a passwords meets the effective password policy for a User.
68 * @param User $user who's policy we are checking
69 * @param string $password the password to check
70 * @param string $purpose one of 'login', 'create', 'reset'
71 * @return Status error to indicate the password didn't meet the policy, or fatal to
72 * indicate the user shouldn't be allowed to login.
73 */
81 );
82 }
84 /**
85 * Check if a passwords meets the effective password policy for a User, using a set
86 * of groups they may or may not belong to. This function does not use the DB, so can
87 * be used in the installer.
88 * @param User $user who's policy we are checking
89 * @param string $password the password to check
90 * @param array $groups list of groups to which we assume the user belongs
91 * @return Status error to indicate the password didn't meet the policy, or fatal to
92 * indicate the user shouldn't be allowed to login.
93 */
99 );
105 );
106 }
108 /**
109 * @param User $user
110 * @param string $password
111 * @param array $policies
112 * @param array $policyCheckFunctions
113 * @return Status
114 */
120 }
126 $password
127 )
128 );
129 }
131 }
133 /**
134 * Get the policy for a user, based on their group membership. Public so
135 * UI elements can access and inform the user.
136 * @param User $user
137 * @param string $purpose one of 'login', 'create', 'reset'
138 * @return array the effective policy for $user
139 */
147 );
148 }
153 }
155 /**
156 * Utility function to get the effective policy from a list of policies, based
157 * on a list of groups.
158 * @param array $policies list of policies to consider
159 * @param array $userGroups the groups from which we calculate the effective policy
160 * @param array $defaultPolicy the default policy to start from
161 * @return array effective policy
162 */
165 ) {
172 );
173 }
174 }
177 }
179 /**
180 * Utility function to get a policy that is the most restrictive of $p1 and $p2. For
181 * simplicity, we setup the policy values so the maximum value is always more restrictive.
182 * @param array $p1
183 * @param array $p2
184 * @return array containing the more restrictive values of $p1 and $p2
185 */
196 }
197 }
199 }
201 }