gallery: Fix phan annotation for ImageGalleryBase::getImages
[mediawiki.git] / includes / auth / PreAuthenticationProvider.php
blob1a751d5d091b14130348b9d8c53f84f0f12646c9
1 <?php
2 /**
3 * Pre-authentication provider interface
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
20 * @file
21 * @ingroup Auth
24 namespace MediaWiki\Auth;
26 use MediaWiki\User\User;
27 use StatusValue;
29 /**
30 * A pre-authentication provider can prevent authentication early on.
32 * A PreAuthenticationProvider is used to supply arbitrary checks to be
33 * performed before the PrimaryAuthenticationProviders are consulted during the
34 * login / account creation / account linking process. Possible uses include
35 * checking that a per-IP throttle has not been reached or that a captcha has been solved.
37 * This interface also provides callbacks that are invoked after login / account creation
38 * / account linking succeeded or failed.
40 * @ingroup Auth
41 * @since 1.27
42 * @see https://www.mediawiki.org/wiki/Manual:SessionManager_and_AuthManager
44 interface PreAuthenticationProvider extends AuthenticationProvider {
46 /**
47 * Determine whether an authentication may begin
49 * Called from AuthManager::beginAuthentication()
51 * @param AuthenticationRequest[] $reqs
52 * @return StatusValue
54 public function testForAuthentication( array $reqs );
56 /**
57 * Post-login callback
59 * This will be called at the end of a login attempt. It will not be called for unfinished
60 * login attempts that fail by the session timing out.
62 * @note Under certain circumstances, this can be called even when testForAuthentication
63 * was not; see AuthenticationRequest::$loginRequest.
64 * @param User|null $user User that was attempted to be logged in, if known.
65 * This may become a "UserValue" in the future, or User may be refactored
66 * into such.
67 * @param AuthenticationResponse $response Authentication response that will be returned
68 * (PASS or FAIL)
70 public function postAuthentication( $user, AuthenticationResponse $response );
72 /**
73 * Determine whether an account creation may begin
75 * Called from AuthManager::beginAccountCreation()
77 * @note No need to test if the account exists, AuthManager checks that
78 * @param User $user User being created (not added to the database yet).
79 * This may become a "UserValue" in the future, or User may be refactored
80 * into such.
81 * @param User $creator User doing the creation. This may become a
82 * "UserValue" in the future, or User may be refactored into such.
83 * @param AuthenticationRequest[] $reqs
84 * @return StatusValue
86 public function testForAccountCreation( $user, $creator, array $reqs );
88 /**
89 * Determine whether an account may be created
91 * @param User $user User being created (not added to the database yet).
92 * This may become a "UserValue" in the future, or User may be refactored
93 * into such.
94 * @param bool|string $autocreate False if this is not an auto-creation, or
95 * the source of the auto-creation passed to AuthManager::autoCreateUser().
96 * @param array $options
97 * - flags: (int) Bitfield of IDBAccessObject::READ_* constants, default IDBAccessObject::READ_NORMAL
98 * - creating: (bool) If false (or missing), this call is only testing if
99 * a user could be created. If set, this (non-autocreation) is for
100 * actually creating an account and will be followed by a call to
101 * testForAccountCreation(). In this case, the provider might return
102 * StatusValue::newGood() here and let the later call to
103 * testForAccountCreation() do a more thorough test.
104 * - canAlwaysAutocreate: (bool) If true the session provider is exempt from
105 * autocreate user permissions checks.
106 * @return StatusValue
108 public function testUserForCreation( $user, $autocreate, array $options = [] );
111 * Post-creation callback
113 * This will be called at the end of an account creation attempt. It will not be called if
114 * the account creation process results in a session timeout (possibly after a successful
115 * user creation, while a secondary provider is waiting for a response).
117 * @param User $user User that was attempted to be created.
118 * This may become a "UserValue" in the future, or User may be refactored
119 * into such.
120 * @param User $creator User doing the creation. This may become a
121 * "UserValue" in the future, or User may be refactored into such.
122 * @param AuthenticationResponse $response Authentication response that will be returned
123 * (PASS or FAIL)
125 public function postAccountCreation( $user, $creator, AuthenticationResponse $response );
128 * Determine whether an account may linked to another authentication method
130 * @param User $user User being linked.
131 * This may become a "UserValue" in the future, or User may be refactored
132 * into such.
133 * @return StatusValue
135 public function testForAccountLink( $user );
138 * Post-link callback
140 * This will be called at the end of an account linking attempt.
142 * @param User $user User that was attempted to be linked.
143 * This may become a "UserValue" in the future, or User may be refactored
144 * into such.
145 * @param AuthenticationResponse $response Authentication response that will be returned
146 * (PASS or FAIL)
148 public function postAccountLink( $user, AuthenticationResponse $response );