Jump to content

Manuel:$wgAuthManagerAutoConfig

From mediawiki.org
This page is a translated version of the page Manual:$wgAuthManagerAutoConfig and the translation is 100% complete.
Authentification: $wgAuthManagerAutoConfig
Enregistre avec AuthManager les fournisseurs d'authentification à utiliser
Introduit dans la version :1.27.0 (Gerrit change 195297; git #d245bd25)
Retiré dans la version :Encore utilisé
Valeurs autorisées :voir ci-dessous
Valeur par défaut :voir ci-dessous

Les extensions doivent enregistrer leurs implémentations de AuthenticationProvider via ce paramètre pour que AuthManager les récupère.

Valeurs autorisées

Un code de hachage avec trois clés, chacune d'elles étant une liste de spécifications ObjectFactory  :

[
    'preauth' => [ /* liste des fournisseurs de pré-authentification */ ],
    'primaryauth' => [ /* liste des fournisseurs d'authentification primaires */ ],
    'secondaryauth' => [ /* liste des fournisseurs d'authentification secondaires */ ],
]

Au-delà des paramètres habituels ObjectFactory, un paramètre spécial sort est également reconnu; il déterminera l'ordre effectif des fournisseurs (valeur par défaut : 0; plus petit d'abord; le tri est stable). La convention est d'utiliser le nom de la classe du fournisseur pour la clé du tableau (comme commodité pour les administrateurs de site qui veulent le changer; AuthManager ignore les clés du tableau).

Exemple

$wgAuthManagerAutoConfig['preauth'] = [
    'MyPreAuthenticationProvider' => [
        'class' => 'MyPreAuthenticationProvider',
        'args' => [ 'arg1', 'arg2' ],
    ],
];

ou si l'extension utilise l'enregistrement des extensions (ce qui est préférable) :

{
    //...
    "AuthManagerAutoConfig": {
        "preauth": {
            "MyPreAuthenticationProvider": {
                "class": "MyPreAuthenticationProvider",
                "args": [ "arg1", "arg2" ]
            }
        }
    },
    //...
}

Ceci va créer un objet fournisseur de pré-authentification avec new MyPreAuthenticationProvider( 'arg1', 'arg2' ), et l'enregistrer comme l'un des fournisseurs d'authentification.

Valeur par défaut

Version de MediaWiki :
1.43
$wgAuthManagerAutoConfig = [
	'preauth' => [
		ThrottlePreAuthenticationProvider::class => [
			'class' => ThrottlePreAuthenticationProvider::class,
			'sort' => 0,
		],
	],
	'primaryauth' => [
		// TemporaryPasswordPrimaryAuthenticationProvider doit être avant tout autre PrimaryAuthenticationProvider basé sur PasswordAuthenticationRequest (ou au moins pouvant renvoyer FAIL plutôt que ABSTAIN si le mot de passe est  incorrect) sinon la réinitialisation du mot de passe ne se fait pas correctement.
		// Ne supprimez pas ceci (ni modifiez la clé) sinon l'auto-configuration d'autres fournisseurs semblables dans les extensions risque de les insérer automatiquement au mauvais endroit.
		TemporaryPasswordPrimaryAuthenticationProvider::class => [
			'class' => TemporaryPasswordPrimaryAuthenticationProvider::class,
			'services' => [
				'DBLoadBalancerFactory',
			],
			'args' => [ [
				// Passer par le LocalPasswordPrimaryAuthenticationProvider
				'authoritative' => false,
			] ],
			'sort' => 0,
		],
		LocalPasswordPrimaryAuthenticationProvider::class => [
			'class' => LocalPasswordPrimaryAuthenticationProvider::class,
			'services' => [
				'DBLoadBalancerFactory',
			],
			'args' => [ [
				// Le dernier doit faire autorité, sinon l'utilisateur recevra un message d'erreur pas très utile (quelque chose comme « l'information d'authentification fournie n'est pas prise en charge » plutôt que « mot de passe erroné ») si ce dernier échoue également.
				'authoritative' => true,
			] ],
			'sort' => 100,
		],
	],
	'secondaryauth' => [
		CheckBlocksSecondaryAuthenticationProvider::class => [
			'class' => CheckBlocksSecondaryAuthenticationProvider::class,
			'sort' => 0,
		],
		ResetPasswordSecondaryAuthenticationProvider::class => [
			'class' => ResetPasswordSecondaryAuthenticationProvider::class,
			'sort' => 100,
		],
		// Le lien lors de la connexion est expérimental, activez-le à vos risques et périls - T134952
		// ConfirmLinkSecondaryAuthenticationProvider::class => [
		//   'class' => ConfirmLinkSecondaryAuthenticationProvider::class,
		//   'sort' => 100,
		// ],
		EmailNotificationSecondaryAuthenticationProvider::class => [
			'class' => EmailNotificationSecondaryAuthenticationProvider::class,
			'services' => [
				'DBLoadBalancerFactory',
			],
			'sort' => 200,
		],
	],
];
Versions de MediaWiki :
1.41 – 1.42
$wgAuthManagerAutoConfig = [
	'preauth' => [
		\MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [
			'class' => \MediaWiki\Auth\ThrottlePreAuthenticationProvider::class,
			'sort' => 0,
		],
	],
	'primaryauth' => [
		// TemporaryPasswordPrimaryAuthenticationProvider should come before any other PasswordAuthenticationRequest-based PrimaryAuthenticationProvider (or at least any that might return FAIL rather than ABSTAIN for a wrong password), or password reset won't work right.
		// Do not remove this (or change the key) or auto-configuration of other such providers in extensions will probably auto-insert themselves in the wrong place.
		\MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [
			'class' => \MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class,
			'services' => [
				'DBLoadBalancerFactory',
			],
			'args' => [ [
				// Fall through to LocalPasswordPrimaryAuthenticationProvider
				'authoritative' => false,
			] ],
			'sort' => 0,
		],
		\MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [
			'class' => \MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class,
			'services' => [
				'DBLoadBalancerFactory',
			],
			'args' => [ [
				// Last one should be authoritative, or else the user will get a less-than-helpful error message (something like "supplied authentication info not supported" rather than "wrong password") if it too fails.
				'authoritative' => true,
			] ],
			'sort' => 100,
		],
	],
	'secondaryauth' => [
		\MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [
			'class' => \MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class,
			'sort' => 0,
		],
		\MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [
			'class' => \MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class,
			'sort' => 100,
		],
		// Linking during login is experimental, enable at your own risk - T134952
		// \MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class => [
		//   'class' => \MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class,
		//   'sort' => 100,
		// ],
		\MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [
			'class' => \MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class,
			'services' => [
				'DBLoadBalancerFactory',
			],
			'sort' => 200,
		],
	],
];
Versions de MediaWiki :
1.39 – 1.40
$wgAuthManagerAutoConfig = [
	'preauth' => [
		\MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [
			'class' => \MediaWiki\Auth\ThrottlePreAuthenticationProvider::class,
			'sort' => 0,
		],
	],
	'primaryauth' => [
		// TemporaryPasswordPrimaryAuthenticationProvider should come before
		// any other PasswordAuthenticationRequest-based
		// PrimaryAuthenticationProvider (or at least any that might return
		// FAIL rather than ABSTAIN for a wrong password), or password reset
		// won't work right. Do not remove this (or change the key) or
		// auto-configuration of other such providers in extensions will
		// probably auto-insert themselves in the wrong place.
		\MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [
			'class' => \MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class,
			'services' => [
				'DBLoadBalancer',
			],
			'args' => [ [
				// Fall through to LocalPasswordPrimaryAuthenticationProvider
				'authoritative' => false,
			] ],
			'sort' => 0,
		],
		\MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [
			'class' => \MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class,
			'services' => [
				'DBLoadBalancer',
			],
			'args' => [ [
				// Last one should be authoritative, or else the user will get
				// a less-than-helpful error message (something like "supplied
				// authentication info not supported" rather than "wrong
				// password") if it too fails.
				'authoritative' => true,
			] ],
			'sort' => 100,
		],
	],
	'secondaryauth' => [
		\MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [
			'class' => \MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class,
			'sort' => 0,
		],
		\MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [
			'class' => \MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class,
			'sort' => 100,
		],
		// Linking during login is experimental, enable at your own risk - T134952
		// \MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class => [
		//   'class' => \MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class,
		//   'sort' => 100,
		// ],
		\MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [
			'class' => \MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class,
			'services' => [
				'DBLoadBalancer',
			],
			'sort' => 200,
		],
	],
];
Versions de MediaWiki :
1.37 – 1.38
$wgAuthManagerAutoConfig = [
	'preauth' => [
		MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\ThrottlePreAuthenticationProvider::class,
			'sort' => 0,
		],
	],
	'primaryauth' => [
		// TemporaryPasswordPrimaryAuthenticationProvider should come before
		// any other PasswordAuthenticationRequest-based
		// PrimaryAuthenticationProvider (or at least any that might return
		// FAIL rather than ABSTAIN for a wrong password), or password reset
		// won't work right. Do not remove this (or change the key) or
		// auto-configuration of other such providers in extensions will
		// probably auto-insert themselves in the wrong place.
		MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class,
			'services' => [
				'DBLoadBalancer',
			],
			'args' => [ [
				// Fall through to LocalPasswordPrimaryAuthenticationProvider
				'authoritative' => false,
			] ],
			'sort' => 0,
		],
		MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class,
			'services' => [
				'DBLoadBalancer',
			],
			'args' => [ [
				// Last one should be authoritative, or else the user will get
				// a less-than-helpful error message (something like "supplied
				// authentication info not supported" rather than "wrong
				// password") if it too fails.
				'authoritative' => true,
			] ],
			'sort' => 100,
		],
	],
	'secondaryauth' => [
		MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class,
			'sort' => 0,
		],
		MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class,
			'sort' => 100,
		],
		// Linking during login is experimental, enable at your own risk - T134952
		// MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class => [
		//   'class' => MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class,
		//   'sort' => 100,
		// ],
		MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class,
			'services' => [
				'DBLoadBalancer',
			],
			'sort' => 200,
		],
	],
];
Versions de MediaWiki :
1.33 – 1.36
$wgAuthManagerAutoConfig = [
	'preauth' => [
		MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\ThrottlePreAuthenticationProvider::class,
			'sort' => 0,
		],
	],
	'primaryauth' => [
		MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class,
			'args' => [ [
				'authoritative' => false,
			] ],
			'sort' => 0,
		],
		MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class,
			'args' => [ [
				'authoritative' => true,
			] ],
			'sort' => 100,
		],
	],
	'secondaryauth' => [
		MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class,
			'sort' => 0,
		],
		MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class,
			'sort' => 100,
		],
		MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class,
			'sort' => 200,
		],
	],
];
Versions de MediaWiki :
1.27 – 1.32
$wgAuthManagerAutoConfig = [
	'preauth' => [
		MediaWiki\Auth\LegacyHookPreAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\LegacyHookPreAuthenticationProvider::class,
			'sort' => 0,
		],
		MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\ThrottlePreAuthenticationProvider::class,
			'sort' => 0,
		],
	],
	'primaryauth' => [
		MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class,
			'args' => [ [
				'authoritative' => false,
			] ],
			'sort' => 0,
		],
		MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class,
			'args' => [ [
				'authoritative' => true,
			] ],
			'sort' => 100,
		],
	],
	'secondaryauth' => [
		MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class,
			'sort' => 0,
		],
		MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class,
			'sort' => 100,
		],
		MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class,
			'sort' => 200,
		],
	],
];

Voir aussi