Manual:$wgAuthManagerAutoConfig
From Linux Web Expert
| <translate> Authentication</translate>: $wgAuthManagerAutoConfig | |
|---|---|
| Register authentication providers to use with AuthManager |
|
| <translate> Introduced in version:</translate> | 1.27.0 (Gerrit change 195297; git #d245bd25) |
| <translate> Removed in version:</translate> | <translate> still in use</translate> |
| <translate> Allowed values:</translate> | see below |
| <translate> Default value:</translate> | see below |
| <translate> Other settings:</translate> <translate> Alphabetical</translate> | <translate> By function</translate> | |
Extensions need to register their AuthenticationProvider implementations via this setting for AuthManager to pick it up.
Allowed values
A hash with three keys, each key a list of ObjectFactory specifications:
[
'preauth' => [ /* list of pre-authentication providers */ ],
'primaryauth' => [ /* list of primary authentication providers */ ],
'secondaryauth' => [ /* list of secondary authentication providers */ ],
]
Beyond the usual ObjectFactory parameters, a special sort parameter is also recognized; this will determine the effective order of the providers (defaults to 0; smaller first; sorting is stable).
The convention is to use the provider's class name as its array key (as a convenience for site admins wanting to change it; AuthManager ignores array keys).
Example
$wgAuthManagerAutoConfig['preauth'] = [
'MyPreAuthenticationProvider' => [
'class' => 'MyPreAuthenticationProvider',
'args' => [ 'arg1', 'arg2' ],
],
];
or, if the extension uses extension registration (preferable):
{
//...
"AuthManagerAutoConfig": {
"preauth": {
"MyPreAuthenticationProvider": {
"class": "MyPreAuthenticationProvider",
"args": [ "arg1", "arg2" ]
}
}
},
//...
}
This will create a pre-authentication provider object with new MyPreAuthenticationProvider( 'arg1', 'arg2' ), and register it as one of the authentication providers.
Default value
<td class="mw-version-versionbox" title="<translate nowrap> The latest stable version is <tvar name=1>1.41</tvar></translate>"><translate> ≥</translate> 1.41
| <translate> MediaWiki version:</translate> |
$wgAuthManagerAutoConfig = [
'preauth' => [
\MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [
'class' => \MediaWiki\Auth\ThrottlePreAuthenticationProvider::class,
'sort' => 0,
],
],
'primaryauth' => [
// TemporaryPasswordPrimaryAuthenticationProvider should come before any other PasswordAuthenticationRequest-based PrimaryAuthenticationProvider (or at least any that might return FAIL rather than ABSTAIN for a wrong password), or password reset won't work right.
// Do not remove this (or change the key) or auto-configuration of other such providers in extensions will probably auto-insert themselves in the wrong place.
\MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [
'class' => \MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class,
'services' => [
'DBLoadBalancerFactory',
],
'args' => [ [
// Fall through to LocalPasswordPrimaryAuthenticationProvider
'authoritative' => false,
] ],
'sort' => 0,
],
\MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [
'class' => \MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class,
'services' => [
'DBLoadBalancerFactory',
],
'args' => [ [
// Last one should be authoritative, or else the user will get a less-than-helpful error message (something like "supplied authentication info not supported" rather than "wrong password") if it too fails.
'authoritative' => true,
] ],
'sort' => 100,
],
],
'secondaryauth' => [
\MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [
'class' => \MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class,
'sort' => 0,
],
\MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [
'class' => \MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class,
'sort' => 100,
],
// Linking during login is experimental, enable at your own risk - T134952
// \MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class => [
// 'class' => \MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class,
// 'sort' => 100,
// ],
\MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [
'class' => \MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class,
'services' => [
'DBLoadBalancerFactory',
],
'sort' => 200,
],
],
];
1.39 – 1.40
| <translate> MediaWiki versions:</translate> |
$wgAuthManagerAutoConfig = [
'preauth' => [
\MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [
'class' => \MediaWiki\Auth\ThrottlePreAuthenticationProvider::class,
'sort' => 0,
],
],
'primaryauth' => [
// TemporaryPasswordPrimaryAuthenticationProvider should come before
// any other PasswordAuthenticationRequest-based
// PrimaryAuthenticationProvider (or at least any that might return
// FAIL rather than ABSTAIN for a wrong password), or password reset
// won't work right. Do not remove this (or change the key) or
// auto-configuration of other such providers in extensions will
// probably auto-insert themselves in the wrong place.
\MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [
'class' => \MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class,
'services' => [
'DBLoadBalancer',
],
'args' => [ [
// Fall through to LocalPasswordPrimaryAuthenticationProvider
'authoritative' => false,
] ],
'sort' => 0,
],
\MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [
'class' => \MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class,
'services' => [
'DBLoadBalancer',
],
'args' => [ [
// Last one should be authoritative, or else the user will get
// a less-than-helpful error message (something like "supplied
// authentication info not supported" rather than "wrong
// password") if it too fails.
'authoritative' => true,
] ],
'sort' => 100,
],
],
'secondaryauth' => [
\MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [
'class' => \MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class,
'sort' => 0,
],
\MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [
'class' => \MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class,
'sort' => 100,
],
// Linking during login is experimental, enable at your own risk - T134952
// \MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class => [
// 'class' => \MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class,
// 'sort' => 100,
// ],
\MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [
'class' => \MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class,
'services' => [
'DBLoadBalancer',
],
'sort' => 200,
],
],
];
1.37 – 1.38
| <translate> MediaWiki versions:</translate> |
$wgAuthManagerAutoConfig = [
'preauth' => [
MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [
'class' => MediaWiki\Auth\ThrottlePreAuthenticationProvider::class,
'sort' => 0,
],
],
'primaryauth' => [
// TemporaryPasswordPrimaryAuthenticationProvider should come before
// any other PasswordAuthenticationRequest-based
// PrimaryAuthenticationProvider (or at least any that might return
// FAIL rather than ABSTAIN for a wrong password), or password reset
// won't work right. Do not remove this (or change the key) or
// auto-configuration of other such providers in extensions will
// probably auto-insert themselves in the wrong place.
MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class,
'services' => [
'DBLoadBalancer',
],
'args' => [ [
// Fall through to LocalPasswordPrimaryAuthenticationProvider
'authoritative' => false,
] ],
'sort' => 0,
],
MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class,
'services' => [
'DBLoadBalancer',
],
'args' => [ [
// Last one should be authoritative, or else the user will get
// a less-than-helpful error message (something like "supplied
// authentication info not supported" rather than "wrong
// password") if it too fails.
'authoritative' => true,
] ],
'sort' => 100,
],
],
'secondaryauth' => [
MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class,
'sort' => 0,
],
MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class,
'sort' => 100,
],
// Linking during login is experimental, enable at your own risk - T134952
// MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class => [
// 'class' => MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class,
// 'sort' => 100,
// ],
MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class,
'services' => [
'DBLoadBalancer',
],
'sort' => 200,
],
],
];
1.33 – 1.36
| <translate> MediaWiki versions:</translate> |
$wgAuthManagerAutoConfig = [
'preauth' => [
MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [
'class' => MediaWiki\Auth\ThrottlePreAuthenticationProvider::class,
'sort' => 0,
],
],
'primaryauth' => [
MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class,
'args' => [ [
'authoritative' => false,
] ],
'sort' => 0,
],
MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class,
'args' => [ [
'authoritative' => true,
] ],
'sort' => 100,
],
],
'secondaryauth' => [
MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class,
'sort' => 0,
],
MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class,
'sort' => 100,
],
MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class,
'sort' => 200,
],
],
];
1.27 – 1.32
| <translate> MediaWiki versions:</translate> |
$wgAuthManagerAutoConfig = [
'preauth' => [
MediaWiki\Auth\LegacyHookPreAuthenticationProvider::class => [
'class' => MediaWiki\Auth\LegacyHookPreAuthenticationProvider::class,
'sort' => 0,
],
MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [
'class' => MediaWiki\Auth\ThrottlePreAuthenticationProvider::class,
'sort' => 0,
],
],
'primaryauth' => [
MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class,
'args' => [ [
'authoritative' => false,
] ],
'sort' => 0,
],
MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class,
'args' => [ [
'authoritative' => true,
] ],
'sort' => 100,
],
],
'secondaryauth' => [
MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class,
'sort' => 0,
],
MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class,
'sort' => 100,
],
MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class,
'sort' => 200,
],
],
];
