| SecuritySensitiveOperationStatus | |
|---|---|
| Available fromversion 1.27.0 Affect the return value from AuthManager::securitySensitiveOperationStatus(). | |
| Define function: | publicstaticfunctiononSecuritySensitiveOperationStatus(&$status,$operation,$session,$timeSinceAuth){...} |
| Attach hook: | Inextension.json:{"Hooks":{"SecuritySensitiveOperationStatus":"MediaWiki\\Extension\\MyExtension\\Hooks::onSecuritySensitiveOperationStatus"}} |
| Called from: | File(s):auth/AuthManager.php Function(s):securitySensitiveOperationStatus |
| Interface: | SecuritySensitiveOperationStatusHook.php |
For more information about attaching hooks, seeManual:Hooks.
For examples of extensions using this hook, seeCategory:SecuritySensitiveOperationStatus extensions.
AuthManager::SEC_* constants.SEC_REAUTH will be automatically changed toSEC_FAIL if authentication isn't possible for the current session type.$session->getUser().PHP_INT_MAX if the time of last auth is unknown, or -1 if authentication is not possible.By default, when some operation requires elevated security (e.g. some special page requests it viaSpecialPage::getLoginSecurityLevel()) MediaWiki checks when the user logged in and forces them to log in again if it was more than$wgReauthenticateTime seconds ago. This hook can be used to implement more complex logic (e.g. require reauthentication if the request is coming from a different IP then the one the user logged in from).
Extensions implementing this should take care not to override more strict requirements coming from other extensions (e.g. don't return false if you are setting the status toSEC_REAUTH because some other hook handler might want to set it toSEC_FAIL).