REL1_33/php/Throttler_8php_source.html

<?php

namespace MediaWiki\Auth;


use BagOStuff;

use MediaWiki\Logger\LoggerFactory;

use MediaWiki\MediaWikiServices;

use Psr\Log\LoggerAwareInterface;

use Psr\Log\LoggerInterface;

use Psr\Log\LogLevel;


class Throttler implements LoggerAwareInterface {

    protected $type;

    protected $conditions;

    protected $cache;

    protected $logger;

    protected $warningLimit;


    public function __construct( array $conditions = null, array $params = [] ) {

        $invalidParams = array_diff_key( $params,

            array_fill_keys( [ 'type', 'cache', 'warningLimit' ], true ) );

        if ( $invalidParams ) {

            throw new \InvalidArgumentException( 'unrecognized parameters: '

                . implode( ', ', array_keys( $invalidParams ) ) );

        }


        if ( $conditions === null ) {

            $config = MediaWikiServices::getInstance()->getMainConfig();

            $conditions = $config->get( 'PasswordAttemptThrottle' );

            $params += [

                'type' => 'password',

                'cache' => \ObjectCache::getLocalClusterInstance(),

                'warningLimit' => 50,

            ];

        } else {

            $params += [

                'type' => 'custom',

                'cache' => \ObjectCache::getLocalClusterInstance(),

                'warningLimit' => INF,

            ];

        }


        $this->type = $params['type'];

        $this->conditions = static::normalizeThrottleConditions( $conditions );

        $this->cache = $params['cache'];

        $this->warningLimit = $params['warningLimit'];


        $this->setLogger( LoggerFactory::getInstance( 'throttler' ) );

    }


    public function setLogger( LoggerInterface $logger ) {

        $this->logger = $logger;

    }


    public function increase( $username = null, $ip = null, $caller = null ) {

        if ( $username === null && $ip === null ) {

            throw new \InvalidArgumentException( 'Either username or IP must be set for throttling' );

        }


        $userKey = $username ? md5( $username ) : null;

        foreach ( $this->conditions as $index => $throttleCondition ) {

            $ipKey = isset( $throttleCondition['allIPs'] ) ? null : $ip;

            $count = $throttleCondition['count'];

            $expiry = $throttleCondition['seconds'];


            // a limit of 0 is used as a disable flag in some throttling configuration settings

            // throttling the whole world is probably a bad idea

            if ( !$count || $userKey === null && $ipKey === null ) {

                continue;

            }


            $throttleKey = $this->cache->makeGlobalKey( 'throttler', $this->type, $index, $ipKey, $userKey );

            $throttleCount = $this->cache->get( $throttleKey );


            if ( !$throttleCount ) { // counter not started yet

                $this->cache->add( $throttleKey, 1, $expiry );

            } elseif ( $throttleCount < $count ) { // throttle limited not yet reached

                $this->cache->incr( $throttleKey );

            } else { // throttled

                $this->logRejection( [

                    'throttle' => $this->type,

                    'index' => $index,

                    'ipKey' => $ipKey,

                    'username' => $username,

                    'count' => $count,

                    'expiry' => $expiry,

                    // @codeCoverageIgnoreStart

                    'method' => $caller ?: __METHOD__,

                    // @codeCoverageIgnoreEnd

                ] );


                return [

                    'throttleIndex' => $index,

                    'count' => $count,

                    'wait' => $expiry,

                ];

            }

        }

        return false;

    }


    public function clear( $username = null, $ip = null ) {

        $userKey = $username ? md5( $username ) : null;

        foreach ( $this->conditions as $index => $specificThrottle ) {

            $ipKey = isset( $specificThrottle['allIPs'] ) ? null : $ip;

            $throttleKey = $this->cache->makeGlobalKey( 'throttler', $this->type, $index, $ipKey, $userKey );

            $this->cache->delete( $throttleKey );

        }

    }


    protected static function normalizeThrottleConditions( $throttleConditions ) {

        if ( !is_array( $throttleConditions ) ) {

            return [];

        }

        if ( isset( $throttleConditions['count'] ) ) { // old style

            $throttleConditions = [ $throttleConditions ];

        }

        return $throttleConditions;

    }


    protected function logRejection( array $context ) {

        $logMsg = 'Throttle {throttle} hit, throttled for {expiry} seconds due to {count} attempts '

            . 'from username {username} and IP {ipKey}';


        // If we are hitting a throttle for >= warningLimit attempts, it is much more likely to be

        // an attack than someone simply forgetting their password, so log it at a higher level.

        $level = $context['count'] >= $this->warningLimit ? LogLevel::WARNING : LogLevel::INFO;


        // It should be noted that once the throttle is hit, every attempt to login will

        // generate the log message until the throttle expires, not just the attempt that

        // puts the throttle over the top.

        $this->logger->log( $level, $logMsg, $context );

    }


}


and
and that you know you can do these things To protect your we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights These restrictions translate to certain responsibilities for you if you distribute copies of the or if you modify it For if you distribute copies of such a whether gratis or for a you must give the recipients all the rights that you have You must make sure that receive or can get the source code And you must show them these terms so they know their rights We protect your rights with two and(2) offer you this license which gives you legal permission to copy

BagOStuff
Class representing a cache/ephemeral data store.
Definition BagOStuff.php:58

MediaWiki\Auth\Throttler
Definition Throttler.php:37

MediaWiki\Auth\Throttler\increase
increase( $username=null, $ip=null, $caller=null)
Increase the throttle counter and return whether the attempt should be throttled.
Definition Throttler.php:113

MediaWiki\Auth\Throttler\clear
clear( $username=null, $ip=null)
Clear the throttle counter.
Definition Throttler.php:169

MediaWiki\Auth\Throttler\$conditions
array $conditions
See documentation of $wgPasswordAttemptThrottle for format.
Definition Throttler.php:46

MediaWiki\Auth\Throttler\$warningLimit
int float $warningLimit
Definition Throttler.php:52

MediaWiki\Auth\Throttler\$type
string $type
Definition Throttler.php:39

MediaWiki\Auth\Throttler\setLogger
setLogger(LoggerInterface $logger)
Definition Throttler.php:95

MediaWiki\Auth\Throttler\__construct
__construct(array $conditions=null, array $params=[])
Definition Throttler.php:63

MediaWiki\Auth\Throttler\$cache
BagOStuff $cache
Definition Throttler.php:48

MediaWiki\Auth\Throttler\logRejection
logRejection(array $context)
Definition Throttler.php:194

MediaWiki\Auth\Throttler\normalizeThrottleConditions
static normalizeThrottleConditions( $throttleConditions)
Handles B/C for $wgPasswordAttemptThrottle.
Definition Throttler.php:184

MediaWiki\Auth\Throttler\$logger
LoggerInterface $logger
Definition Throttler.php:50

MediaWiki\Logger\LoggerFactory
PSR-3 logger instance factory.
Definition LoggerFactory.php:45

MediaWiki\MediaWikiServices
MediaWikiServices is the service locator for the application scope of MediaWiki.
Definition MediaWikiServices.php:103

MediaWiki\MediaWikiServices\getInstance
static getInstance()
Returns the global default instance of the top level service locator.
Definition MediaWikiServices.php:124

$context
do that in ParserLimitReportFormat instead use this to modify the parameters of the image all existing parser cache entries will be invalid To avoid you ll need to handle that somehow(e.g. with the RejectParserCacheValue hook) because MediaWiki won 't do it for you. & $defaults also a ContextSource after deleting those rows but within the same transaction you ll probably need to make sure the header is varied on and they can depend only on the ResourceLoaderContext $context
Definition hooks.txt:2848

null
this hook is for auditing only or null if authentication failed before getting that far or null if we can t even determine that When $user is not null
Definition hooks.txt:783

$username
this hook is for auditing only or null if authentication failed before getting that far $username
Definition hooks.txt:782

cache
you have access to all of the normal MediaWiki so you can get a DB use the cache
Definition maintenance.txt:55

array
The wiki should then use memcached to cache various data To use multiple just add more items to the array To increase the weight of a make its entry a array("192.168.0.1:11211", 2))

MediaWiki\Auth
Definition AbstractAuthenticationProvider.php:22

type
This document describes the state of Postgres support in and is fairly well maintained The main code is very well while extensions are very hit and miss it is probably the most supported database after MySQL Much of the work in making MediaWiki database agnostic came about through the work of creating Postgres but without copying over all the usage comments General notes on the but these can almost always be programmed around *Although Postgres has a true BOOLEAN type
Definition postgres.txt:30

$params
$params
Definition styleTest.css.php:44