Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
0.00% |
0 / 108 |
|
0.00% |
0 / 3 |
CRAP | |
0.00% |
0 / 1 |
CreateAndPromote | |
0.00% |
0 / 105 |
|
0.00% |
0 / 3 |
930 | |
0.00% |
0 / 1 |
__construct | |
0.00% |
0 / 22 |
|
0.00% |
0 / 1 |
6 | |||
execute | |
0.00% |
0 / 73 |
|
0.00% |
0 / 1 |
756 | |||
addLogEntry | |
0.00% |
0 / 10 |
|
0.00% |
0 / 1 |
2 |
1 | <?php |
2 | /** |
3 | * Creates an account and grants it rights. |
4 | * |
5 | * This program is free software; you can redistribute it and/or modify |
6 | * it under the terms of the GNU General Public License as published by |
7 | * the Free Software Foundation; either version 2 of the License, or |
8 | * (at your option) any later version. |
9 | * |
10 | * This program is distributed in the hope that it will be useful, |
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
13 | * GNU General Public License for more details. |
14 | * |
15 | * You should have received a copy of the GNU General Public License along |
16 | * with this program; if not, write to the Free Software Foundation, Inc., |
17 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
18 | * http://www.gnu.org/copyleft/gpl.html |
19 | * |
20 | * @file |
21 | * @ingroup Maintenance |
22 | * @author Rob Church <robchur@gmail.com> |
23 | * @author Pablo Castellano <pablo@anche.no> |
24 | */ |
25 | |
26 | require_once __DIR__ . '/Maintenance.php'; |
27 | |
28 | use MediaWiki\Deferred\SiteStatsUpdate; |
29 | use MediaWiki\User\User; |
30 | use MediaWiki\WikiMap\WikiMap; |
31 | |
32 | /** |
33 | * Maintenance script to create an account and grant it rights. |
34 | * |
35 | * @ingroup Maintenance |
36 | */ |
37 | class CreateAndPromote extends Maintenance { |
38 | private static $permitRoles = [ 'sysop', 'bureaucrat', 'interface-admin', 'bot' ]; |
39 | |
40 | public function __construct() { |
41 | parent::__construct(); |
42 | $this->addDescription( 'Create a new user account and/or grant it additional rights' ); |
43 | $this->addOption( |
44 | 'force', |
45 | 'If account exists already, just grant it rights or change password.' |
46 | ); |
47 | foreach ( self::$permitRoles as $role ) { |
48 | $this->addOption( $role, "Add the account to the {$role} group" ); |
49 | } |
50 | |
51 | $this->addOption( |
52 | 'custom-groups', |
53 | 'Comma-separated list of groups to add the user to', |
54 | false, |
55 | true |
56 | ); |
57 | |
58 | $this->addOption( |
59 | 'reason', |
60 | 'Reason for account creation and user rights assignment to log to wiki', |
61 | false, |
62 | true |
63 | ); |
64 | |
65 | $this->addArg( 'username', 'Username of new user' ); |
66 | $this->addArg( 'password', 'Password to set', false ); |
67 | } |
68 | |
69 | public function execute() { |
70 | $username = $this->getArg( 0 ); |
71 | $password = $this->getArg( 1 ); |
72 | $force = $this->hasOption( 'force' ); |
73 | $inGroups = []; |
74 | $services = $this->getServiceContainer(); |
75 | |
76 | $user = $services->getUserFactory()->newFromName( $username ); |
77 | if ( !is_object( $user ) ) { |
78 | $this->fatalError( 'invalid username.' ); |
79 | } |
80 | |
81 | $exists = ( $user->idForName() !== 0 ); |
82 | |
83 | if ( $exists && !$force ) { |
84 | $this->fatalError( 'Account exists. Perhaps you want the --force option?' ); |
85 | } elseif ( !$exists && !$password ) { |
86 | $this->error( 'Argument <password> required!' ); |
87 | $this->maybeHelp( true ); |
88 | } elseif ( $exists ) { |
89 | $inGroups = $services->getUserGroupManager()->getUserGroups( $user ); |
90 | } |
91 | |
92 | $groups = array_filter( self::$permitRoles, [ $this, 'hasOption' ] ); |
93 | if ( $this->hasOption( 'custom-groups' ) ) { |
94 | $allGroups = array_fill_keys( $services->getUserGroupManager()->listAllGroups(), true ); |
95 | $customGroupsText = $this->getOption( 'custom-groups' ); |
96 | if ( $customGroupsText !== '' ) { |
97 | $customGroups = explode( ',', $customGroupsText ); |
98 | foreach ( $customGroups as $customGroup ) { |
99 | if ( isset( $allGroups[$customGroup] ) ) { |
100 | $groups[] = trim( $customGroup ); |
101 | } else { |
102 | $this->output( "$customGroup is not a valid group, ignoring!\n" ); |
103 | } |
104 | } |
105 | } |
106 | } |
107 | |
108 | $promotions = array_diff( |
109 | $groups, |
110 | $inGroups |
111 | ); |
112 | |
113 | if ( $exists && !$password && count( $promotions ) === 0 ) { |
114 | $this->output( "Account exists and nothing to do.\n" ); |
115 | |
116 | return; |
117 | } elseif ( count( $promotions ) !== 0 ) { |
118 | $dbDomain = WikiMap::getCurrentWikiDbDomain()->getId(); |
119 | $promoText = "User:{$username} into " . implode( ', ', $promotions ) . "...\n"; |
120 | if ( $exists ) { |
121 | $this->output( "$dbDomain: Promoting $promoText" ); |
122 | } else { |
123 | $this->output( "$dbDomain: Creating and promoting $promoText" ); |
124 | } |
125 | } |
126 | |
127 | if ( !$exists ) { |
128 | // Verify the password meets the password requirements before creating. |
129 | // This check is repeated below to account for differences between |
130 | // the password policy for regular users and for users in certain groups. |
131 | if ( $password ) { |
132 | $status = $user->checkPasswordValidity( $password ); |
133 | |
134 | if ( !$status->isGood() ) { |
135 | $this->fatalError( $status->getMessage( false, false, 'en' )->text() ); |
136 | } |
137 | } |
138 | |
139 | // Create the user via AuthManager as there may be various side |
140 | // effects that are performed by the configured AuthManager chain. |
141 | $status = $this->getServiceContainer()->getAuthManager()->autoCreateUser( |
142 | $user, |
143 | MediaWiki\Auth\AuthManager::AUTOCREATE_SOURCE_MAINT, |
144 | false |
145 | ); |
146 | if ( !$status->isGood() ) { |
147 | $this->fatalError( $status->getMessage( false, false, 'en' )->text() ); |
148 | } |
149 | } |
150 | |
151 | if ( $promotions ) { |
152 | // Add groups before changing password, as the password policy for certain groups has |
153 | // stricter requirements. |
154 | $userGroupManager = $services->getUserGroupManager(); |
155 | $userGroupManager->addUserToMultipleGroups( $user, $promotions ); |
156 | $reason = $this->getOption( 'reason' ) ?: ''; |
157 | $this->addLogEntry( $user, $inGroups, array_merge( $inGroups, $promotions ), $reason ); |
158 | } |
159 | |
160 | if ( $password ) { |
161 | # Try to set the password |
162 | try { |
163 | $status = $user->changeAuthenticationData( [ |
164 | 'username' => $user->getName(), |
165 | 'password' => $password, |
166 | 'retype' => $password, |
167 | ] ); |
168 | if ( !$status->isGood() ) { |
169 | throw new PasswordError( $status->getMessage( false, false, 'en' )->text() ); |
170 | } |
171 | if ( $exists ) { |
172 | $this->output( "Password set.\n" ); |
173 | $user->saveSettings(); |
174 | } |
175 | } catch ( PasswordError $pwe ) { |
176 | $this->fatalError( 'Setting the password failed: ' . $pwe->getMessage() ); |
177 | } |
178 | } |
179 | |
180 | if ( !$exists ) { |
181 | # Increment site_stats.ss_users |
182 | $ssu = SiteStatsUpdate::factory( [ 'users' => 1 ] ); |
183 | $ssu->doUpdate(); |
184 | } |
185 | |
186 | $this->output( "done.\n" ); |
187 | } |
188 | |
189 | /** |
190 | * Add a rights log entry for an action. |
191 | * |
192 | * @param User $user |
193 | * @param array $oldGroups |
194 | * @param array $newGroups |
195 | * @param string $reason |
196 | */ |
197 | private function addLogEntry( $user, array $oldGroups, array $newGroups, string $reason ) { |
198 | $logEntry = new ManualLogEntry( 'rights', 'rights' ); |
199 | $logEntry->setPerformer( User::newSystemUser( User::MAINTENANCE_SCRIPT_USER, [ 'steal' => true ] ) ); |
200 | $logEntry->setTarget( $user->getUserPage() ); |
201 | $logEntry->setComment( $reason ); |
202 | $logEntry->setParameters( [ |
203 | '4::oldgroups' => $oldGroups, |
204 | '5::newgroups' => $newGroups |
205 | ] ); |
206 | $logid = $logEntry->insert(); |
207 | $logEntry->publish( $logid ); |
208 | } |
209 | } |
210 | |
211 | $maintClass = CreateAndPromote::class; |
212 | require_once RUN_MAINTENANCE_IF_MAIN; |