MediaWiki REL1_34
PasswordReset.php
Go to the documentation of this file.
1<?php
23use MediaWiki\Auth\AuthManager;
24use MediaWiki\Auth\TemporaryPasswordAuthenticationRequest;
25use MediaWiki\Config\ServiceOptions;
26use MediaWiki\Logger\LoggerFactory;
27use MediaWiki\MediaWikiServices;
28use MediaWiki\Permissions\PermissionManager;
29use Psr\Log\LoggerAwareInterface;
30use Psr\Log\LoggerAwareTrait;
31use Psr\Log\LoggerInterface;
32use Wikimedia\Rdbms\ILoadBalancer;
33
41class PasswordReset implements LoggerAwareInterface {
42 use LoggerAwareTrait;
43
45 protected $config;
46
48 protected $authManager;
49
51 protected $permissionManager;
52
54 protected $loadBalancer;
55
61 private $permissionCache;
62
63 public const CONSTRUCTOR_OPTIONS = [
64 'AllowRequiringEmailForResets',
65 'EnableEmail',
66 'PasswordResetRoutes',
67 ];
68
78 public function __construct(
79 $config,
80 AuthManager $authManager,
81 PermissionManager $permissionManager,
82 ILoadBalancer $loadBalancer = null,
83 LoggerInterface $logger = null
84 ) {
85 $this->config = $config;
86 $this->authManager = $authManager;
87 $this->permissionManager = $permissionManager;
88
89 if ( !$loadBalancer ) {
90 wfDeprecated( 'Not passing LoadBalancer to ' . __METHOD__, '1.34' );
91 $loadBalancer = MediaWikiServices::getInstance()->getDBLoadBalancer();
92 }
93 $this->loadBalancer = $loadBalancer;
94
95 if ( !$logger ) {
96 wfDeprecated( 'Not passing LoggerInterface to ' . __METHOD__, '1.34' );
97 $logger = LoggerFactory::getInstance( 'authentication' );
98 }
99 $this->logger = $logger;
100
101 $this->permissionCache = new MapCacheLRU( 1 );
102 }
103
110 public function isAllowed( User $user ) {
111 $status = $this->permissionCache->get( $user->getName() );
112 if ( !$status ) {
113 $resetRoutes = $this->config->get( 'PasswordResetRoutes' );
114 $status = StatusValue::newGood();
115
116 if ( !is_array( $resetRoutes ) || !in_array( true, $resetRoutes, true ) ) {
117 // Maybe password resets are disabled, or there are no allowable routes
118 $status = StatusValue::newFatal( 'passwordreset-disabled' );
119 } elseif (
120 ( $providerStatus = $this->authManager->allowsAuthenticationDataChange(
121 new TemporaryPasswordAuthenticationRequest(), false ) )
122 && !$providerStatus->isGood()
123 ) {
124 // Maybe the external auth plugin won't allow local password changes
125 $status = StatusValue::newFatal( 'resetpass_forbidden-reason',
126 $providerStatus->getMessage() );
127 } elseif ( !$this->config->get( 'EnableEmail' ) ) {
128 // Maybe email features have been disabled
129 $status = StatusValue::newFatal( 'passwordreset-emaildisabled' );
130 } elseif ( !$this->permissionManager->userHasRight( $user, 'editmyprivateinfo' ) ) {
131 // Maybe not all users have permission to change private data
132 $status = StatusValue::newFatal( 'badaccess' );
133 } elseif ( $this->isBlocked( $user ) ) {
134 // Maybe the user is blocked (check this here rather than relying on the parent
135 // method as we have a more specific error message to use here and we want to
136 // ignore some types of blocks)
137 $status = StatusValue::newFatal( 'blocked-mailpassword' );
138 }
139
140 $this->permissionCache->set( $user->getName(), $status );
141 }
142
143 return $status;
144 }
145
161 public function execute(
162 User $performingUser, $username = null, $email = null
163 ) {
164 if ( !$this->isAllowed( $performingUser )->isGood() ) {
165 throw new LogicException( 'User ' . $performingUser->getName()
166 . ' is not allowed to reset passwords' );
167 }
168
169 // Check against the rate limiter. If the $wgRateLimit is reached, we want to pretend
170 // that the request was good to avoid displaying an error message.
171 if ( $performingUser->pingLimiter( 'mailpassword' ) ) {
172 return StatusValue::newGood();
173 }
174
175 $username = $username ?? '';
176 $email = $email ?? '';
177
178 $resetRoutes = $this->config->get( 'PasswordResetRoutes' )
179 + [ 'username' => false, 'email' => false ];
180 if ( $resetRoutes['username'] && $username ) {
181 $method = 'username';
182 $users = [ $this->lookupUser( $username ) ];
183 } elseif ( $resetRoutes['email'] && $email ) {
184 if ( !Sanitizer::validateEmail( $email ) ) {
185 // Only email was supplied but not valid: pretend everything's fine.
186 return StatusValue::newGood();
187 }
188 // Only email was provided
189 $method = 'email';
190 $users = $this->getUsersByEmail( $email );
191 $username = null;
192 // Remove users whose preference 'requireemail' is on since username was not submitted
193 if ( $this->config->get( 'AllowRequiringEmailForResets' ) ) {
194 foreach ( $users as $index => $user ) {
195 if ( $user->getBoolOption( 'requireemail' ) ) {
196 unset( $users[$index] );
197 }
198 }
199 }
200 } else {
201 // The user didn't supply any data
202 return StatusValue::newFatal( 'passwordreset-nodata' );
203 }
204
205 // Check for hooks (captcha etc), and allow them to modify the users list
206 $error = [];
207 $data = [
208 'Username' => $username,
209 // Email gets set to null for backward compatibility
210 'Email' => $method === 'email' ? $email : null,
211 ];
212
213 // Recreate the $users array with its values so that we reset the numeric keys since
214 // the key '0' might have been unset from $users array. 'SpecialPasswordResetOnSubmit'
215 // hook assumes that index '0' is defined if $users is not empty.
216 $users = array_values( $users );
217
218 if ( !Hooks::run( 'SpecialPasswordResetOnSubmit', [ &$users, $data, &$error ] ) ) {
219 return StatusValue::newFatal( Message::newFromSpecifier( $error ) );
220 }
221
222 // Get the first element in $users by using `reset` function just in case $users is changed
223 // in 'SpecialPasswordResetOnSubmit' hook.
224 $firstUser = reset( $users ) ?? null;
225
226 $requireEmail = $this->config->get( 'AllowRequiringEmailForResets' )
227 && $method === 'username'
228 && $firstUser
229 && $firstUser->getBoolOption( 'requireemail' );
230 if ( $requireEmail && ( $email === '' || !Sanitizer::validateEmail( $email ) ) ) {
231 // Email is required, and not supplied or not valid: pretend everything's fine.
232 return StatusValue::newGood();
233 }
234
235 if ( !$users ) {
236 if ( $method === 'email' ) {
237 // Don't reveal whether or not an email address is in use
238 return StatusValue::newGood();
239 } else {
240 return StatusValue::newFatal( 'noname' );
241 }
242 }
243
244 // If the username is not valid, tell the user.
245 if ( $username && !User::getCanonicalName( $username ) ) {
246 return StatusValue::newFatal( 'noname' );
247 }
248
249 // If the username doesn't exist, don't tell the user.
250 // This is not to avoid disclosure, as this information is available elsewhere,
251 // but it simplifies the password reset UX. T238961.
252 if ( !$firstUser instanceof User || !$firstUser->getId() ) {
253 return StatusValue::newGood();
254 }
255
256 // The user doesn't have an email address, but pretend everything's fine to avoid
257 // disclosing this fact. Note that all the users will have the same email address (or none),
258 // so there's no need to check more than the first.
259 if ( !$firstUser->getEmail() ) {
260 return StatusValue::newGood();
261 }
262
263 // Email is required but the email doesn't match: pretend everything's fine.
264 if ( $requireEmail && $firstUser->getEmail() !== $email ) {
265 return StatusValue::newGood();
266 }
267
268 // We need to have a valid IP address for the hook, but per T20347, we should
269 // send the user's name if they're logged in.
270 $ip = $performingUser->getRequest()->getIP();
271 if ( !$ip ) {
272 return StatusValue::newFatal( 'badipaddress' );
273 }
274
275 Hooks::run( 'User::mailPasswordInternal', [ &$performingUser, &$ip, &$firstUser ] );
276
277 $result = StatusValue::newGood();
278 $reqs = [];
279 foreach ( $users as $user ) {
280 $req = TemporaryPasswordAuthenticationRequest::newRandom();
281 $req->username = $user->getName();
282 $req->mailpassword = true;
283 $req->caller = $performingUser->getName();
284
285 $status = $this->authManager->allowsAuthenticationDataChange( $req, true );
286 // If status is good and the value is 'throttled-mailpassword', we want to pretend
287 // that the request was good to avoid displaying an error message and disclose
288 // if a reset password was previously sent.
289 if ( $status->isGood() && $status->getValue() === 'throttled-mailpassword' ) {
290 return StatusValue::newGood();
291 }
292
293 if ( $status->isGood() && $status->getValue() !== 'ignored' ) {
294 $reqs[] = $req;
295 } elseif ( $result->isGood() ) {
296 // only record the first error, to avoid exposing the number of users having the
297 // same email address
298 if ( $status->getValue() === 'ignored' ) {
299 $status = StatusValue::newFatal( 'passwordreset-ignored' );
300 }
301 $result->merge( $status );
302 }
303 }
304
305 $logContext = [
306 'requestingIp' => $ip,
307 'requestingUser' => $performingUser->getName(),
308 'targetUsername' => $username,
309 'targetEmail' => $email,
310 ];
311
312 if ( !$result->isGood() ) {
313 $this->logger->info(
314 "{requestingUser} attempted password reset of {actualUser} but failed",
315 $logContext + [ 'errors' => $result->getErrors() ]
316 );
317 return $result;
318 }
319
320 DeferredUpdates::addUpdate(
321 new SendPasswordResetEmailUpdate( $this->authManager, $reqs, $logContext ),
322 DeferredUpdates::POSTSEND
323 );
324
325 return StatusValue::newGood();
326 }
327
335 protected function isBlocked( User $user ) {
336 $block = $user->getBlock() ?: $user->getGlobalBlock();
337 if ( !$block ) {
338 return false;
339 }
340 return $block->appliesToPasswordReset();
341 }
342
348 protected function getUsersByEmail( $email ) {
349 $userQuery = User::getQueryInfo();
350 $res = $this->loadBalancer->getConnectionRef( DB_REPLICA )->select(
351 $userQuery['tables'],
352 $userQuery['fields'],
353 [ 'user_email' => $email ],
354 __METHOD__,
355 [],
356 $userQuery['joins']
357 );
358
359 if ( !$res ) {
360 // Some sort of database error, probably unreachable
361 throw new MWException( 'Unknown database error in ' . __METHOD__ );
362 }
363
364 $users = [];
365 foreach ( $res as $row ) {
366 $users[] = User::newFromRow( $row );
367 }
368 return $users;
369 }
370
378 protected function lookupUser( $username ) {
379 return User::newFromName( $username );
380 }
381}
wfDeprecated
wfDeprecated( $function, $version=false, $component=false, $callerOffset=2)
Throws a warning that $function is deprecated.
Definition GlobalFunctions.php:1044
MWException
MediaWiki exception.
Definition MWException.php:26
MapCacheLRU
Handles a simple LRU key/value map with a maximum number of entries.
Definition MapCacheLRU.php:37
MediaWiki\Auth\AuthManager
This serves as the entry point to the authentication system.
Definition AuthManager.php:85
MediaWiki\Auth\TemporaryPasswordAuthenticationRequest
This represents the intention to set a temporary password for the user.
Definition TemporaryPasswordAuthenticationRequest.php:31
MediaWiki\Config\ServiceOptions
A class for passing options to services.
Definition ServiceOptions.php:25
MediaWiki\Logger\LoggerFactory
PSR-3 logger instance factory.
Definition LoggerFactory.php:45
MediaWiki\MediaWikiServices
MediaWikiServices is the service locator for the application scope of MediaWiki.
Definition MediaWikiServices.php:117
MediaWiki\Permissions\PermissionManager
A service class for checking permissions To obtain an instance, use MediaWikiServices::getInstance()-...
Definition PermissionManager.php:47
Message\newFromSpecifier
static newFromSpecifier( $value)
Transform a MessageSpecifier or a primitive value used interchangeably with specifiers (a message key...
Definition Message.php:427
PasswordReset
Helper class for the password reset functionality shared by the web UI and the API.
Definition PasswordReset.php:41
PasswordReset\isBlocked
isBlocked(User $user)
Check whether the user is blocked.
Definition PasswordReset.php:335
PasswordReset\isAllowed
isAllowed(User $user)
Check if a given user has permission to use this functionality.
Definition PasswordReset.php:110
PasswordReset\__construct
__construct( $config, AuthManager $authManager, PermissionManager $permissionManager, ILoadBalancer $loadBalancer=null, LoggerInterface $logger=null)
This class is managed by MediaWikiServices, don't instantiate directly.
Definition PasswordReset.php:78
PasswordReset\execute
execute(User $performingUser, $username=null, $email=null)
Do a password reset.
Definition PasswordReset.php:161
PasswordReset\$loadBalancer
ILoadBalancer $loadBalancer
Definition PasswordReset.php:54
PasswordReset\$authManager
AuthManager $authManager
Definition PasswordReset.php:48
PasswordReset\$config
ServiceOptions Config $config
Definition PasswordReset.php:45
PasswordReset\CONSTRUCTOR_OPTIONS
const CONSTRUCTOR_OPTIONS
Definition PasswordReset.php:63
PasswordReset\$permissionManager
PermissionManager $permissionManager
Definition PasswordReset.php:51
PasswordReset\$permissionCache
MapCacheLRU $permissionCache
In-process cache for isAllowed lookups, by username.
Definition PasswordReset.php:61
PasswordReset\getUsersByEmail
getUsersByEmail( $email)
Definition PasswordReset.php:348
PasswordReset\lookupUser
lookupUser( $username)
User object creation helper for testability.
Definition PasswordReset.php:378
SendPasswordResetEmailUpdate
Sends emails to all accounts associated with that email to reset the password.
Definition SendPasswordResetEmailUpdate.php:30
User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition User.php:51
User\getRequest
getRequest()
Get the WebRequest object to use with this object.
Definition User.php:3737
User\getName
getName()
Get the user name, or the IP of an anonymous user.
Definition User.php:2364
User\newFromName
static newFromName( $name, $validate='valid')
Static factory method for creation from username.
Definition User.php:518
User\getQueryInfo
static getQueryInfo()
Return the tables, fields, and join conditions to be selected to create a new user object.
Definition User.php:5358
User\getId
getId()
Get the user's ID.
Definition User.php:2335
User\getGlobalBlock
getGlobalBlock( $ip='')
Check if user is blocked on all wikis.
Definition User.php:2270
User\getCanonicalName
static getCanonicalName( $name, $validate='valid')
Given unvalidated user input, return a canonical username, or false if the username is invalid.
Definition User.php:1180
User\newFromRow
static newFromRow( $row, $data=null)
Create a new user object from a user row.
Definition User.php:699
User\pingLimiter
pingLimiter( $action='edit', $incrBy=1)
Primitive rate limits: enforce maximum actions per time period to put a brake on flooding.
Definition User.php:1954
User\getBlock
getBlock( $fromReplica=true)
Get the block affecting the user, or null if the user is not blocked.
Definition User.php:2200
Config
Interface for configuration instances.
Definition Config.php:28
Wikimedia\Rdbms\ILoadBalancer
Database cluster connection, tracking, load balancing, and transaction manager interface.
Definition ILoadBalancer.php:81
DB_REPLICA
const DB_REPLICA
Definition defines.php:25