REL1_33/php/ThrottlePreAuthenticationProvider_8php_source.html

<?php

namespace MediaWiki\Auth;


use BagOStuff;

use Config;


class ThrottlePreAuthenticationProvider extends AbstractPreAuthenticationProvider {

    protected $throttleSettings;


    protected $accountCreationThrottle;


    protected $passwordAttemptThrottle;


    protected $cache;


    public function __construct( $params = [] ) {

        $this->throttleSettings = array_intersect_key( $params,

            [ 'accountCreationThrottle' => true, 'passwordAttemptThrottle' => true ] );

        $this->cache = $params['cache'] ?? \ObjectCache::getLocalClusterInstance();

    }


    public function setConfig( Config $config ) {

        parent::setConfig( $config );


        $accountCreationThrottle = $this->config->get( 'AccountCreationThrottle' );

        // Handle old $wgAccountCreationThrottle format (number of attempts per 24 hours)

        if ( !is_array( $accountCreationThrottle ) ) {

            $accountCreationThrottle = [ [

                'count' => $accountCreationThrottle,

                'seconds' => 86400,

            ] ];

        }


        // @codeCoverageIgnoreStart

        $this->throttleSettings += [

        // @codeCoverageIgnoreEnd

            'accountCreationThrottle' => $accountCreationThrottle,

            'passwordAttemptThrottle' => $this->config->get( 'PasswordAttemptThrottle' ),

        ];


        if ( !empty( $this->throttleSettings['accountCreationThrottle'] ) ) {

            $this->accountCreationThrottle = new Throttler(

                $this->throttleSettings['accountCreationThrottle'], [

                    'type' => 'acctcreate',

                    'cache' => $this->cache,

                ]

            );

        }

        if ( !empty( $this->throttleSettings['passwordAttemptThrottle'] ) ) {

            $this->passwordAttemptThrottle = new Throttler(

                $this->throttleSettings['passwordAttemptThrottle'], [

                    'type' => 'password',

                    'cache' => $this->cache,

                ]

            );

        }

    }


    public function testForAccountCreation( $user, $creator, array $reqs ) {

        if ( !$this->accountCreationThrottle || !$creator->isPingLimitable() ) {

            return \StatusValue::newGood();

        }


        $ip = $this->manager->getRequest()->getIP();


        if ( !\Hooks::run( 'ExemptFromAccountCreationThrottle', [ $ip ] ) ) {

            $this->logger->debug( __METHOD__ . ": a hook allowed account creation w/o throttle\n" );

            return \StatusValue::newGood();

        }


        $result = $this->accountCreationThrottle->increase( null, $ip, __METHOD__ );

        if ( $result ) {

            $message = wfMessage( 'acct_creation_throttle_hit' )->params( $result['count'] )

                ->durationParams( $result['wait'] );

            return \StatusValue::newFatal( $message );

        }


        return \StatusValue::newGood();

    }


    public function testForAuthentication( array $reqs ) {

        if ( !$this->passwordAttemptThrottle ) {

            return \StatusValue::newGood();

        }


        $ip = $this->manager->getRequest()->getIP();

        try {

            $username = AuthenticationRequest::getUsernameFromRequests( $reqs );

        } catch ( \UnexpectedValueException $e ) {

            $username = '';

        }


        // Get everything this username could normalize to, and throttle each one individually.

        // If nothing uses usernames, just throttle by IP.

        $usernames = $this->manager->normalizeUsername( $username );

        $result = false;

        foreach ( $usernames as $name ) {

            $r = $this->passwordAttemptThrottle->increase( $name, $ip, __METHOD__ );

            if ( $r && ( !$result || $result['wait'] < $r['wait'] ) ) {

                $result = $r;

            }

        }


        if ( $result ) {

            $message = wfMessage( 'login-throttled' )->durationParams( $result['wait'] );

            return \StatusValue::newFatal( $message );

        } else {

            $this->manager->setAuthenticationSessionData( 'LoginThrottle',

                [ 'users' => $usernames, 'ip' => $ip ] );

            return \StatusValue::newGood();

        }

    }


    public function postAuthentication( $user, AuthenticationResponse $response ) {

        if ( $response->status !== AuthenticationResponse::PASS ) {

            return;

        } elseif ( !$this->passwordAttemptThrottle ) {

            return;

        }


        $data = $this->manager->getAuthenticationSessionData( 'LoginThrottle' );

        if ( !$data ) {

            // this can occur when login is happening via AuthenticationRequest::$loginRequest

            // so testForAuthentication is skipped

            $this->logger->info( 'throttler data not found for {user}', [ 'user' => $user->getName() ] );

            return;

        }


        foreach ( $data['users'] as $name ) {

            $this->passwordAttemptThrottle->clear( $name, $data['ip'] );

        }

    }


}


and
and that you know you can do these things To protect your we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights These restrictions translate to certain responsibilities for you if you distribute copies of the or if you modify it For if you distribute copies of such a whether gratis or for a you must give the recipients all the rights that you have You must make sure that receive or can get the source code And you must show them these terms so they know their rights We protect your rights with two and(2) offer you this license which gives you legal permission to copy

BagOStuff
Class representing a cache/ephemeral data store.
Definition BagOStuff.php:58

MediaWiki\Auth\AbstractAuthenticationProvider\$config
Config $config
Definition AbstractAuthenticationProvider.php:38

MediaWiki\Auth\AbstractPreAuthenticationProvider
A base class that implements some of the boilerplate for a PreAuthenticationProvider.
Definition AbstractPreAuthenticationProvider.php:31

MediaWiki\Auth\AuthenticationRequest\getUsernameFromRequests
static getUsernameFromRequests(array $reqs)
Get the username from the set of requests.
Definition AuthenticationRequest.php:273

MediaWiki\Auth\AuthenticationResponse
This is a value object to hold authentication response data.
Definition AuthenticationResponse.php:37

MediaWiki\Auth\AuthenticationResponse\PASS
const PASS
Indicates that the authentication succeeded.
Definition AuthenticationResponse.php:39

MediaWiki\Auth\ThrottlePreAuthenticationProvider
A pre-authentication provider to throttle authentication actions.
Definition ThrottlePreAuthenticationProvider.php:37

MediaWiki\Auth\ThrottlePreAuthenticationProvider\$cache
BagOStuff $cache
Definition ThrottlePreAuthenticationProvider.php:48

MediaWiki\Auth\ThrottlePreAuthenticationProvider\$accountCreationThrottle
Throttler $accountCreationThrottle
Definition ThrottlePreAuthenticationProvider.php:42

MediaWiki\Auth\ThrottlePreAuthenticationProvider\setConfig
setConfig(Config $config)
Set configuration.
Definition ThrottlePreAuthenticationProvider.php:64

MediaWiki\Auth\ThrottlePreAuthenticationProvider\testForAccountCreation
testForAccountCreation( $user, $creator, array $reqs)
Determine whether an account creation may begin.
Definition ThrottlePreAuthenticationProvider.php:101

MediaWiki\Auth\ThrottlePreAuthenticationProvider\$passwordAttemptThrottle
Throttler $passwordAttemptThrottle
Definition ThrottlePreAuthenticationProvider.php:45

MediaWiki\Auth\ThrottlePreAuthenticationProvider\postAuthentication
postAuthentication( $user, AuthenticationResponse $response)
Definition ThrottlePreAuthenticationProvider.php:160

MediaWiki\Auth\ThrottlePreAuthenticationProvider\$throttleSettings
array $throttleSettings
Definition ThrottlePreAuthenticationProvider.php:39

MediaWiki\Auth\ThrottlePreAuthenticationProvider\__construct
__construct( $params=[])
Definition ThrottlePreAuthenticationProvider.php:58

MediaWiki\Auth\ThrottlePreAuthenticationProvider\testForAuthentication
testForAuthentication(array $reqs)
Determine whether an authentication may begin.
Definition ThrottlePreAuthenticationProvider.php:123

MediaWiki\Auth\Throttler
Definition Throttler.php:37

wfMessage
either a unescaped string or a HtmlArmor object after in associative array form externallinks including delete and has completed for all link tables whether this was an auto creation use $formDescriptor instead default is conds Array Extra conditions for the No matching items in log is displayed if loglist is empty msgKey Array If you want a nice box with a set this to the key of the message First element is the message additional optional elements are parameters for the key that are processed with wfMessage() -> params() ->parseAsBlock() - offset Set to overwrite offset parameter in $wgRequest set to '' to unset offset - wrap String Wrap the message in html(usually something like "&lt;div ...>$1&lt;/div>"). - flags Integer display flags(NO_ACTION_LINK, NO_EXTRA_USER_LINKS) 'LogException':Called before an exception(or PHP error) is logged. This is meant for integration with external error aggregation services

$username
this hook is for auditing only or null if authentication failed before getting that far $username
Definition hooks.txt:782

$response
this hook is for auditing only $response
Definition hooks.txt:780

$e
returning false will NOT prevent logging $e
Definition hooks.txt:2175

$data
$data
Utility to generate mapping file used in mw.Title (phpCharToUpper.json)
Definition generatePhpCharToUpperMappings.php:13

Config
Interface for configuration instances.
Definition Config.php:28

cache
you have access to all of the normal MediaWiki so you can get a DB use the cache
Definition maintenance.txt:55

array
The wiki should then use memcached to cache various data To use multiple just add more items to the array To increase the weight of a make its entry a array("192.168.0.1:11211", 2))

MediaWiki\Auth
Definition AbstractAuthenticationProvider.php:22

$params
$params
Definition styleTest.css.php:44