diff options
author | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-05-01 15:32:59 -0400 |
---|---|---|
committer | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-05-01 15:32:59 -0400 |
commit | 6dc1997577fab2c366781fd7048144935afa0012 (patch) | |
tree | 8918d28c7ab4342f0738985e37af1dfc42d0e93a /includes/password/PasswordPolicyChecks.php | |
parent | 150f94f051128f367bc89f6b7e5f57eb2a69fc62 (diff) | |
parent | fa89acd685cb09cdbe1c64cbb721ec64975bbbc1 (diff) |
Merge commit 'fa89acd'
# Conflicts:
# .gitignore
# extensions/ArchInterWiki.sql
Diffstat (limited to 'includes/password/PasswordPolicyChecks.php')
-rw-r--r-- | includes/password/PasswordPolicyChecks.php | 115 |
1 files changed, 115 insertions, 0 deletions
diff --git a/includes/password/PasswordPolicyChecks.php b/includes/password/PasswordPolicyChecks.php new file mode 100644 index 00000000..eb4a9582 --- /dev/null +++ b/includes/password/PasswordPolicyChecks.php @@ -0,0 +1,115 @@ +<?php +/** + * Password policy checks + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * http://www.gnu.org/copyleft/gpl.html + * + * @file + */ + +/** + * Functions to check passwords against a policy requirement + * @since 1.26 + */ +class PasswordPolicyChecks { + + /** + * Check password is longer than minimum, not fatal + * @param int $policyVal minimal length + * @param User $user + * @param string $password + * @return Status error if $password is shorter than $policyVal + */ + public static function checkMinimalPasswordLength( $policyVal, User $user, $password ) { + $status = Status::newGood(); + if ( $policyVal > strlen( $password ) ) { + $status->error( 'passwordtooshort', $policyVal ); + } + return $status; + } + + /** + * Check password is longer than minimum, fatal + * @param int $policyVal minimal length + * @param User $user + * @param string $password + * @return Status fatal if $password is shorter than $policyVal + */ + public static function checkMinimumPasswordLengthToLogin( $policyVal, User $user, $password ) { + $status = Status::newGood(); + if ( $policyVal > strlen( $password ) ) { + $status->fatal( 'passwordtooshort', $policyVal ); + } + return $status; + } + + /** + * Check password is shorter than maximum, fatal + * @param int $policyVal maximum length + * @param User $user + * @param string $password + * @return Status fatal if $password is shorter than $policyVal + */ + public static function checkMaximalPasswordLength( $policyVal, User $user, $password ) { + $status = Status::newGood(); + if ( $policyVal < strlen( $password ) ) { + $status->fatal( 'passwordtoolong', $policyVal ); + } + return $status; + } + + /** + * Check if username and password match + * @param bool $policyVal true to force compliance. + * @param User $user + * @param string $password + * @return Status error if username and password match, and policy is true + */ + public static function checkPasswordCannotMatchUsername( $policyVal, User $user, $password ) { + global $wgContLang; + $status = Status::newGood(); + $username = $user->getName(); + if ( $policyVal && $wgContLang->lc( $password ) === $wgContLang->lc( $username ) ) { + $status->error( 'password-name-match' ); + } + return $status; + } + + /** + * Check if username and password are on a blacklist + * @param bool $policyVal true to force compliance. + * @param User $user + * @param string $password + * @return Status error if username and password match, and policy is true + */ + public static function checkPasswordCannotMatchBlacklist( $policyVal, User $user, $password ) { + static $blockedLogins = array( + 'Useruser' => 'Passpass', 'Useruser1' => 'Passpass1', # r75589 + 'Apitestsysop' => 'testpass', 'Apitestuser' => 'testpass' # r75605 + ); + + $status = Status::newGood(); + $username = $user->getName(); + if ( $policyVal + && isset( $blockedLogins[$username] ) + && $password == $blockedLogins[$username] + ) { + $status->error( 'password-login-forbidden' ); + } + return $status; + } + +} |