Manual:Hooks/AuthChangeFormFields

From MediaWiki.org
Jump to navigation Jump to search
AuthChangeFormFields
Available from version 1.27.0
Allows modification of AuthManager-based forms
Define function:
public static function onAuthChangeFormFields( $requests, $fieldInfo, &$formDescriptor, $action ) { ... }
Attach hook:

In extension.json:

{
	"Hooks": {
		"AuthChangeFormFields": "MyExtensionHooks::onAuthChangeFormFields"
	}
}

For MediaWiki ≤1.25:

$wgHooks['AuthChangeFormFields'][] = 'MyExtensionHooks::onAuthChangeFormFields';
Called from:File(s): AuthManagerSpecialPage.php

For more information about attaching hooks, see Manual:Hooks.
For examples of extensions using this hook, see Category:AuthChangeFormFields extensions.

Details[edit]

  • $requests: array of AuthenticationRequests the fields are created from
  • $fieldInfo: field information array (union of all AuthenticationRequest::getFieldInfo() responses).
  • &$formDescriptor: HTMLForm descriptor. The special key weight can be set to change the order of the fields.
  • $action: one of the AuthManager::ACTION_* constants.

$formDescriptor will contain the definition of the HTMLForm (the descriptor array that will be passed to the HTMLForm constructor); the hook allows modifying it. The form field names (array keys) will match the field names in the requests. $fieldInfo is the result of AuthenticationRequest::mergeFieldInfo( $requests ).

Caveats:

  • Changing the requests is not allowed.
  • Adding fields which take data is not allowed (adding info fields is fine). Use an authentication provider's getAuthenticationRequests() method to add new fields.
  • Any validation, permission check or other business logic in the hook can be trivially circumvented by using the API. Business logic should be in the providers.
  • Any vital information must be made available via the API as well. If it's for users (e.g. the text of a CAPTCHA) use a null field in AuthenticationRequest::getFieldInfo() (which can be hidden/changed for the web UI from this hook if needed). If it's for machines (e.g. the public API key for the CAPTCHA) use AuthenticationRequest::getMetadata().

The hook is primarily meant to enhance fields defined by a provider in the same extension (e.g. change a textfield into a typeahead or other interactive widget), change the position of the widget and provide help links or other extra information. Changing form fields belonging to core or other extensions is allowed but should preferably be avoided as it makes the code more fragile.