Jump to content

Příručka:$wgAuthManagerAutoConfig

From mediawiki.org
This page is a translated version of the page Manual:$wgAuthManagerAutoConfig and the translation is 100% complete.
Přihlášení: $wgAuthManagerAutoConfig
Zaregistruje poskytovatele ověřování k použití s AuthManager
Zavedeno od verze:1.27.0 (Gerrit change 195297; git #d245bd25)
Odstraněno od verze:stále se používá
Povolené hodnoty:viz níže
Výchozí hodnota:viz níže

Rozšíření potřebují zaregistrovat své implementace na AuthenticationProvider prostřednictvím tohoto nastavení na AuthManager , aby si je mohli vyzvednou.

Povolené hodnoty

Hash se třemi klíči, každý klíč obsahuje seznam specifikací ObjectFactory :

[
    'preauth' => [ /* seznam poskytovatelů předběžné autentizace */ ],
    'primaryauth' => [ /* seznam primárních poskytovatelů autentizace */ ],
    'secondaryauth' => [ /* seznam sekundárních poskytovatelů autentizace */ ],
]

Kromě obvyklých parametrů ObjectFactory je také rozpoznán speciální parametr sort. Tím se určí efektivní pořadí poskytovatelů (výchozí hodnota je 0; nejprve menší; řazení je stabilní). Konvencí je použít název třídy poskytovatele jako klíče pole (pro pohodlí administrátorů webu, kteří jej chtějí změnit. AuthManager klíče pole ignoruje).

Příklad

$wgAuthManagerAutoConfig['preauth'] = [
    'MyPreAuthenticationProvider' => [
        'class' => 'MyPreAuthenticationProvider',
        'args' => [ 'arg1', 'arg2' ],
    ],
];

nebo, pokud rozšíření používá registraci rozšíření (výhodně):

{
    //...
    "AuthManagerAutoConfig": {
        "preauth": {
            "MyPreAuthenticationProvider": {
                "class": "MyPreAuthenticationProvider",
                "args": [ "arg1", "arg2" ]
            }
        }
    },
    //...
}

Tím vytvoříte objekt poskytovatele předběžného ověření s new MyPreAuthenticationProvider( 'arg1', 'arg2' ) a zaregistrujete jej jako jednoho z poskytovatelů ověření.

Výchozí hodnota

Verze MediaWiki:
1.43
$wgAuthManagerAutoConfig = [
	'preauth' => [
		ThrottlePreAuthenticationProvider::class => [
			'class' => ThrottlePreAuthenticationProvider::class,
			'sort' => 0,
		],
	],
	'primaryauth' => [
		// TemporaryPasswordPrimaryAuthenticationProvider by měl následovat před jakýmkoli jiným PrimaryAuthenticationProvider založeným na PasswordAuthenticationRequest (nebo alespoň před každým, který by mohl vrátit FAIL místo ABSTAIN za špatné heslo), jinak nebude resetování hesla fungovat správně.
		// Toto neodstraňujte (ani neměňte klíč), jinak se automatická konfigurace jiných takových poskytovatelů v rozšířeních pravděpodobně automaticky vloží na nesprávné místo.
		TemporaryPasswordPrimaryAuthenticationProvider::class => [
			'class' => TemporaryPasswordPrimaryAuthenticationProvider::class,
			'services' => [
				'DBLoadBalancerFactory',
			],
			'args' => [ [
				// Přejde na LocalPasswordPrimaryAuthenticationProvider
				'authoritative' => false,
			] ],
			'sort' => 0,
		],
		LocalPasswordPrimaryAuthenticationProvider::class => [
			'class' => LocalPasswordPrimaryAuthenticationProvider::class,
			'services' => [
				'DBLoadBalancerFactory',
			],
			'args' => [ [
				// Poslední by měl být autoritativní, jinak se uživateli zobrazí méně než užitečná chybová zpráva (něco jako "dodané autentizační informace nejsou podporovány" spíše než "nesprávné heslo"), pokud selže.
				'authoritative' => true,
			] ],
			'sort' => 100,
		],
	],
	'secondaryauth' => [
		CheckBlocksSecondaryAuthenticationProvider::class => [
			'class' => CheckBlocksSecondaryAuthenticationProvider::class,
			'sort' => 0,
		],
		ResetPasswordSecondaryAuthenticationProvider::class => [
			'class' => ResetPasswordSecondaryAuthenticationProvider::class,
			'sort' => 100,
		],
		// Propojení během přihlašování je experimentální, povolte na vlastní nebezpečí - T134952
		// ConfirmLinkSecondaryAuthenticationProvider::class => [
		//   'class' => ConfirmLinkSecondaryAuthenticationProvider::class,
		//   'sort' => 100,
		// ],
		EmailNotificationSecondaryAuthenticationProvider::class => [
			'class' => EmailNotificationSecondaryAuthenticationProvider::class,
			'services' => [
				'DBLoadBalancerFactory',
			],
			'sort' => 200,
		],
	],
];
Verze MediaWiki:
1.41 – 1.42
$wgAuthManagerAutoConfig = [
	'preauth' => [
		\MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [
			'class' => \MediaWiki\Auth\ThrottlePreAuthenticationProvider::class,
			'sort' => 0,
		],
	],
	'primaryauth' => [
		// TemporaryPasswordPrimaryAuthenticationProvider should come before any other PasswordAuthenticationRequest-based PrimaryAuthenticationProvider (or at least any that might return FAIL rather than ABSTAIN for a wrong password), or password reset won't work right.
		// Do not remove this (or change the key) or auto-configuration of other such providers in extensions will probably auto-insert themselves in the wrong place.
		\MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [
			'class' => \MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class,
			'services' => [
				'DBLoadBalancerFactory',
			],
			'args' => [ [
				// Fall through to LocalPasswordPrimaryAuthenticationProvider
				'authoritative' => false,
			] ],
			'sort' => 0,
		],
		\MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [
			'class' => \MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class,
			'services' => [
				'DBLoadBalancerFactory',
			],
			'args' => [ [
				// Last one should be authoritative, or else the user will get a less-than-helpful error message (something like "supplied authentication info not supported" rather than "wrong password") if it too fails.
				'authoritative' => true,
			] ],
			'sort' => 100,
		],
	],
	'secondaryauth' => [
		\MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [
			'class' => \MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class,
			'sort' => 0,
		],
		\MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [
			'class' => \MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class,
			'sort' => 100,
		],
		// Linking during login is experimental, enable at your own risk - T134952
		// \MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class => [
		//   'class' => \MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class,
		//   'sort' => 100,
		// ],
		\MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [
			'class' => \MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class,
			'services' => [
				'DBLoadBalancerFactory',
			],
			'sort' => 200,
		],
	],
];
Verze MediaWiki:
1.39 – 1.40
$wgAuthManagerAutoConfig = [
	'preauth' => [
		\MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [
			'class' => \MediaWiki\Auth\ThrottlePreAuthenticationProvider::class,
			'sort' => 0,
		],
	],
	'primaryauth' => [
		// TemporaryPasswordPrimaryAuthenticationProvider should come before
		// any other PasswordAuthenticationRequest-based
		// PrimaryAuthenticationProvider (or at least any that might return
		// FAIL rather than ABSTAIN for a wrong password), or password reset
		// won't work right. Do not remove this (or change the key) or
		// auto-configuration of other such providers in extensions will
		// probably auto-insert themselves in the wrong place.
		\MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [
			'class' => \MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class,
			'services' => [
				'DBLoadBalancer',
			],
			'args' => [ [
				// Fall through to LocalPasswordPrimaryAuthenticationProvider
				'authoritative' => false,
			] ],
			'sort' => 0,
		],
		\MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [
			'class' => \MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class,
			'services' => [
				'DBLoadBalancer',
			],
			'args' => [ [
				// Last one should be authoritative, or else the user will get
				// a less-than-helpful error message (something like "supplied
				// authentication info not supported" rather than "wrong
				// password") if it too fails.
				'authoritative' => true,
			] ],
			'sort' => 100,
		],
	],
	'secondaryauth' => [
		\MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [
			'class' => \MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class,
			'sort' => 0,
		],
		\MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [
			'class' => \MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class,
			'sort' => 100,
		],
		// Linking during login is experimental, enable at your own risk - T134952
		// \MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class => [
		//   'class' => \MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class,
		//   'sort' => 100,
		// ],
		\MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [
			'class' => \MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class,
			'services' => [
				'DBLoadBalancer',
			],
			'sort' => 200,
		],
	],
];
Verze MediaWiki:
1.37 – 1.38
$wgAuthManagerAutoConfig = [
	'preauth' => [
		MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\ThrottlePreAuthenticationProvider::class,
			'sort' => 0,
		],
	],
	'primaryauth' => [
		// TemporaryPasswordPrimaryAuthenticationProvider should come before
		// any other PasswordAuthenticationRequest-based
		// PrimaryAuthenticationProvider (or at least any that might return
		// FAIL rather than ABSTAIN for a wrong password), or password reset
		// won't work right. Do not remove this (or change the key) or
		// auto-configuration of other such providers in extensions will
		// probably auto-insert themselves in the wrong place.
		MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class,
			'services' => [
				'DBLoadBalancer',
			],
			'args' => [ [
				// Fall through to LocalPasswordPrimaryAuthenticationProvider
				'authoritative' => false,
			] ],
			'sort' => 0,
		],
		MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class,
			'services' => [
				'DBLoadBalancer',
			],
			'args' => [ [
				// Last one should be authoritative, or else the user will get
				// a less-than-helpful error message (something like "supplied
				// authentication info not supported" rather than "wrong
				// password") if it too fails.
				'authoritative' => true,
			] ],
			'sort' => 100,
		],
	],
	'secondaryauth' => [
		MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class,
			'sort' => 0,
		],
		MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class,
			'sort' => 100,
		],
		// Linking during login is experimental, enable at your own risk - T134952
		// MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class => [
		//   'class' => MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class,
		//   'sort' => 100,
		// ],
		MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class,
			'services' => [
				'DBLoadBalancer',
			],
			'sort' => 200,
		],
	],
];
Verze MediaWiki:
1.33 – 1.36
$wgAuthManagerAutoConfig = [
	'preauth' => [
		MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\ThrottlePreAuthenticationProvider::class,
			'sort' => 0,
		],
	],
	'primaryauth' => [
		MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class,
			'args' => [ [
				'authoritative' => false,
			] ],
			'sort' => 0,
		],
		MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class,
			'args' => [ [
				'authoritative' => true,
			] ],
			'sort' => 100,
		],
	],
	'secondaryauth' => [
		MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class,
			'sort' => 0,
		],
		MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class,
			'sort' => 100,
		],
		MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class,
			'sort' => 200,
		],
	],
];
Verze MediaWiki:
1.27 – 1.32
$wgAuthManagerAutoConfig = [
	'preauth' => [
		MediaWiki\Auth\LegacyHookPreAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\LegacyHookPreAuthenticationProvider::class,
			'sort' => 0,
		],
		MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\ThrottlePreAuthenticationProvider::class,
			'sort' => 0,
		],
	],
	'primaryauth' => [
		MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class,
			'args' => [ [
				'authoritative' => false,
			] ],
			'sort' => 0,
		],
		MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class,
			'args' => [ [
				'authoritative' => true,
			] ],
			'sort' => 100,
		],
	],
	'secondaryauth' => [
		MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class,
			'sort' => 0,
		],
		MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class,
			'sort' => 100,
		],
		MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class,
			'sort' => 200,
		],
	],
];

Související odkazy