MediaWiki  1.33.0
disableOATHAuthForUser.php
Go to the documentation of this file.
1 <?php
2 
3 use MediaWiki\Session\SessionManager;
4 
5 if ( getenv( 'MW_INSTALL_PATH' ) ) {
6  $IP = getenv( 'MW_INSTALL_PATH' );
7 } else {
8  $IP = __DIR__ . '/../../..';
9 }
10 require_once "$IP/maintenance/Maintenance.php";
11 
12 class DisableOATHAuthForUser extends Maintenance {
13  public function __construct() {
14  parent::__construct();
15  $this->mDescription = 'Remove OATHAuth from a specific user';
16  $this->addArg( 'user', 'The username to remove OATHAuth from.' );
17  $this->requireExtension( 'OATHAuth' );
18  }
19 
20  public function execute() {
21  $username = $this->getArg( 0 );
22 
23  $user = User::newFromName( $username );
24  if ( $user && $user->getId() === 0 ) {
25  $this->error( "User $username doesn't exist!", 1 );
26  }
27 
28  $repo = OATHAuthHooks::getOATHUserRepository();
29 
30  $oathUser = $repo->findByUser( $user );
31 
32  if ( $oathUser->getKey() === null ) {
33  $this->error( "User $username doesn't have OATHAuth enabled!", 1 );
34  }
35 
36  $repo->remove( $oathUser, 'Maintenance script' );
37  // Kill all existing sessions. If this disable was social-engineered by an attacker,
38  // the legitimate user will hopefully login again and notice that the second factor
39  // is missing or different, and alert the operators.
40  SessionManager::singleton()->invalidateSessionsForUser( $user );
41 
42  $this->output( "OATHAuth disabled for $username.\n" );
43  }
44 }
45 
46 $maintClass = DisableOATHAuthForUser::class;
47 require_once RUN_MAINTENANCE_IF_MAIN;
$user
return true to allow those checks to and false if checking is done & $user
Definition: hooks.txt:1476
RUN_MAINTENANCE_IF_MAIN
require_once RUN_MAINTENANCE_IF_MAIN
Definition: maintenance.txt:50
User\newFromName
static newFromName( $name, $validate='valid')
Static factory method for creation from username.
Definition: User.php:585
Maintenance
Abstract maintenance class for quickly writing and churning out maintenance scripts with minimal effo...
Definition: maintenance.txt:39
$maintClass
$maintClass
Definition: disableOATHAuthForUser.php:46
php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition: injection.txt:35
DisableOATHAuthForUser\execute
execute()
Do the actual work.
Definition: disableOATHAuthForUser.php:20
DisableOATHAuthForUser
Definition: disableOATHAuthForUser.php:12
$IP
$IP
Definition: update.php:3
Maintenance\requireExtension
requireExtension( $name)
Indicate that the specified extension must be loaded before the script can run.
Definition: Maintenance.php:619
use
as see the revision history and available at free of to any person obtaining a copy of this software and associated documentation to deal in the Software without including without limitation the rights to use
Definition: MIT-LICENSE.txt:10
null
this hook is for auditing only or null if authentication failed before getting that far or null if we can t even determine that When $user is not null
Definition: hooks.txt:780
MediaWiki\Session\SessionManager
This serves as the entry point to the MediaWiki session handling system.
Definition: SessionManager.php:50
DisableOATHAuthForUser\__construct
__construct()
Default constructor.
Definition: disableOATHAuthForUser.php:13
Maintenance\addArg
addArg( $arg, $description, $required=true)
Add some args that are needed.
Definition: Maintenance.php:300
Maintenance\error
error( $err, $die=0)
Throw an error to the user.
Definition: Maintenance.php:462
Maintenance\output
output( $out, $channel=null)
Throw some output to the user.
Definition: Maintenance.php:434
class
you have access to all of the normal MediaWiki so you can get a DB use the etc For full docs on the Maintenance class
Definition: maintenance.txt:52
OATHAuthHooks\getOATHUserRepository
static getOATHUserRepository()
Get the singleton OATH user repository.
Definition: OATHAuthHooks.php:34
Maintenance\getArg
getArg( $argId=0, $default=null)
Get an argument.
Definition: Maintenance.php:352
$username
this hook is for auditing only or null if authentication failed before getting that far $username
Definition: hooks.txt:780