Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
73.87% covered (warning)
73.87%
82 / 111
50.00% covered (danger)
50.00%
3 / 6
 CRAP
0.00% covered (danger)
0.00%
0 / 1
ResetAuthenticationThrottle
73.87% covered (warning)
73.87%
82 / 111
50.00% covered (danger)
50.00%
3 / 6
 41.98
0.00% covered (danger)
0.00%
0 / 1
 __construct
100.00% covered (success)
100.00%
12 / 12
100.00% covered (success)
100.00%
1 / 1
 1
 execute
96.88% covered (success)
96.88%
31 / 32
0.00% covered (danger)
0.00%
0 / 1
 15
 clearLoginThrottle
54.17% covered (warning)
54.17%
13 / 24
0.00% covered (danger)
0.00%
0 / 1
 7.41
 clearSignupThrottle
0.00% covered (danger)
0.00%
0 / 17
0.00% covered (danger)
0.00%
0 / 1
 12
 clearTempAccountCreationThrottle
100.00% covered (success)
100.00%
12 / 12
100.00% covered (success)
100.00%
1 / 1
 2
 clearTempAccountNameAcquisitionThrottle
100.00% covered (success)
100.00%
14 / 14
100.00% covered (success)
100.00%
1 / 1
 2
1<?php
2/**
3 * Reset login/signup throttling for a specified user and/or IP.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 * @ingroup Maintenance
22 */
23
24use MediaWiki\Auth\Throttler;
25use MediaWiki\Logger\LoggerFactory;
26use MediaWiki\MainConfigNames;
27use Wikimedia\IPUtils;
28
29// @codeCoverageIgnoreStart
30require_once __DIR__ . '/Maintenance.php';
31// @codeCoverageIgnoreEnd
32
33/**
34 * Reset login/signup throttling for a specified user and/or IP.
35 *
36 * @ingroup Maintenance
37 * @since 1.32
38 */
39class ResetAuthenticationThrottle extends Maintenance {
40
41    public function __construct() {
42        parent::__construct();
43        $this->addDescription( 'Reset login/signup throttling for a specified user and/or IP. '
44            . "\n\n"
45            . 'When resetting signup or temp account, provide the IP. When resetting login (or both), provide '
46            . 'both username (as entered in login screen) and IP. An easy way to obtain them is '
47            . "the 'throttler' log channel." );
48        $this->addOption( 'login', 'Reset login throttle' );
49        $this->addOption( 'signup', 'Reset account creation throttle' );
50        $this->addOption( 'tempaccount', 'Reset temp account creation throttle' );
51        $this->addOption( 'tempaccountnameacquisition', 'Reset temp account name acquisition throttle' );
52        $this->addOption( 'user', 'Username to reset (when using --login)', false, true );
53        $this->addOption( 'ip', 'IP to reset', false, true );
54    }
55
56    public function execute() {
57        $forLogin = (bool)$this->getOption( 'login' );
58        $forSignup = (bool)$this->getOption( 'signup' );
59        $forTempAccount = (bool)$this->getOption( 'tempaccount' );
60        $forTempAccountNameAcquisition = (bool)$this->getOption( 'tempaccountnameacquisition' );
61        $username = $this->getOption( 'user' );
62        $ip = $this->getOption( 'ip' );
63
64        if ( !$forLogin && !$forSignup && !$forTempAccount && !$forTempAccountNameAcquisition ) {
65            $this->fatalError(
66                'At least one of --login, --signup, --tempaccount, or --tempaccountnameacquisition is required!'
67            );
68        } elseif ( $ip === null ) {
69            $this->fatalError( '--ip is required!' );
70        } elseif ( !IPUtils::isValid( $ip ) ) {
71            $this->fatalError( "Not a valid IP: $ip" );
72        }
73
74        if ( $forLogin ) {
75            $this->clearLoginThrottle( $username, $ip );
76        }
77        if ( $forSignup ) {
78            $this->clearSignupThrottle( $ip );
79        }
80        if ( $forTempAccount ) {
81            $this->clearTempAccountCreationThrottle( $ip );
82        }
83        if ( $forTempAccountNameAcquisition ) {
84            $this->clearTempAccountNameAcquisitionThrottle( $ip );
85        }
86
87        LoggerFactory::getInstance( 'throttler' )->info( 'Manually cleared {type} throttle', [
88            'type' => implode( ' and ', array_filter( [
89                $forLogin ? 'login' : null,
90                $forSignup ? 'signup' : null,
91                $forTempAccount ? 'tempaccount' : null,
92                $forTempAccountNameAcquisition ? 'tempaccountnameacquisition' : null,
93            ] ) ),
94            'username' => $username,
95            'ipKey' => $ip,
96        ] );
97    }
98
99    /**
100     * @param string|null $rawUsername
101     * @param string|null $ip
102     */
103    protected function clearLoginThrottle( $rawUsername, $ip ) {
104        $this->output( 'Clearing login throttle...' );
105
106        $passwordAttemptThrottle = $this->getConfig()->get( MainConfigNames::PasswordAttemptThrottle );
107        if ( !$passwordAttemptThrottle ) {
108            $this->output( "none set\n" );
109            return;
110        }
111
112        $objectCacheFactory = $this->getServiceContainer()->getInstance()->getObjectCacheFactory();
113
114        $throttler = new Throttler( $passwordAttemptThrottle, [
115            'type' => 'password',
116            'cache' => $objectCacheFactory->getLocalClusterInstance(),
117        ] );
118        if ( $rawUsername !== null ) {
119            $usernames = $this->getServiceContainer()->getAuthManager()
120                ->normalizeUsername( $rawUsername );
121            if ( !$usernames ) {
122                $this->fatalError( "Not a valid username: $rawUsername" );
123            }
124        } else {
125            $usernames = [ null ];
126        }
127        foreach ( $usernames as $username ) {
128            $throttler->clear( $username, $ip );
129        }
130
131        $botPasswordThrottler = new Throttler( $passwordAttemptThrottle, [
132            'type' => 'botpassword',
133            'cache' => $objectCacheFactory->getLocalClusterInstance(),
134        ] );
135        // @phan-suppress-next-line PhanPossiblyUndeclaredVariable T240141
136        $botPasswordThrottler->clear( $username, $ip );
137
138        $this->output( "done\n" );
139    }
140
141    /**
142     * @param string $ip
143     */
144    protected function clearSignupThrottle( $ip ) {
145        $this->output( 'Clearing signup throttle...' );
146
147        $accountCreationThrottle = $this->getConfig()->get( MainConfigNames::AccountCreationThrottle );
148        if ( !is_array( $accountCreationThrottle ) ) {
149            $accountCreationThrottle = [ [
150                'count' => $accountCreationThrottle,
151                'seconds' => 86400,
152            ] ];
153        }
154        if ( !$accountCreationThrottle ) {
155            $this->output( "none set\n" );
156            return;
157        }
158        $throttler = new Throttler( $accountCreationThrottle, [
159            'type' => 'acctcreate',
160            'cache' => $this->getServiceContainer()->getObjectCacheFactory()
161                ->getLocalClusterInstance(),
162        ] );
163
164        $throttler->clear( null, $ip );
165
166        $this->output( "done\n" );
167    }
168
169    protected function clearTempAccountCreationThrottle( string $ip ): void {
170        $this->output( 'Clearing temp account creation throttle...' );
171
172        $tempAccountCreationThrottle = $this->getConfig()->get( MainConfigNames::TempAccountCreationThrottle );
173        if ( !$tempAccountCreationThrottle ) {
174            $this->output( "none set\n" );
175            return;
176        }
177        $throttler = new Throttler( $tempAccountCreationThrottle, [
178            'type' => 'tempacctcreate',
179            'cache' => $this->getServiceContainer()->getObjectCacheFactory()
180                ->getLocalClusterInstance(),
181        ] );
182
183        $throttler->clear( null, $ip );
184
185        $this->output( "done\n" );
186    }
187
188    protected function clearTempAccountNameAcquisitionThrottle( string $ip ): void {
189        $this->output( 'Clearing temp account name acquisition throttle...' );
190
191        $tempAccountNameAcquisitionThrottle = $this->getConfig()->get(
192            MainConfigNames::TempAccountNameAcquisitionThrottle
193        );
194        if ( !$tempAccountNameAcquisitionThrottle ) {
195            $this->output( "none set\n" );
196            return;
197        }
198        $throttler = new Throttler( $tempAccountNameAcquisitionThrottle, [
199            'type' => 'tempacctnameacquisition',
200            'cache' => $this->getServiceContainer()->getObjectCacheFactory()
201                ->getLocalClusterInstance(),
202        ] );
203
204        $throttler->clear( null, $ip );
205
206        $this->output( "done\n" );
207    }
208
209}
210
211// @codeCoverageIgnoreStart
212$maintClass = ResetAuthenticationThrottle::class;
213require_once RUN_MAINTENANCE_IF_MAIN;
214// @codeCoverageIgnoreEnd