MediaWiki REL1_35
PasswordReset.php
Go to the documentation of this file.
1<?php
23use MediaWiki\Auth\AuthManager;
24use MediaWiki\Auth\TemporaryPasswordAuthenticationRequest;
25use MediaWiki\Config\ServiceOptions;
26use MediaWiki\HookContainer\HookContainer;
27use MediaWiki\HookContainer\HookRunner;
28use MediaWiki\Logger\LoggerFactory;
29use MediaWiki\MediaWikiServices;
30use MediaWiki\Permissions\PermissionManager;
31use Psr\Log\LoggerAwareInterface;
32use Psr\Log\LoggerAwareTrait;
33use Psr\Log\LoggerInterface;
34use Wikimedia\Rdbms\ILoadBalancer;
35
43class PasswordReset implements LoggerAwareInterface {
44 use LoggerAwareTrait;
45
47 protected $config;
48
50 protected $authManager;
51
53 protected $permissionManager;
54
56 protected $loadBalancer;
57
59 private $hookContainer;
60
62 private $hookRunner;
63
69 private $permissionCache;
70
71 public const CONSTRUCTOR_OPTIONS = [
72 'AllowRequiringEmailForResets',
73 'EnableEmail',
74 'PasswordResetRoutes',
75 ];
76
87 public function __construct(
88 $config,
89 AuthManager $authManager,
90 PermissionManager $permissionManager,
91 ILoadBalancer $loadBalancer = null,
92 LoggerInterface $logger = null,
93 HookContainer $hookContainer = null
94 ) {
95 $this->config = $config;
96 $this->authManager = $authManager;
97 $this->permissionManager = $permissionManager;
98
99 if ( !$loadBalancer ) {
100 wfDeprecatedMsg( 'Not passing LoadBalancer to ' . __METHOD__ .
101 ' was deprecated in MediaWiki 1.34', '1.34' );
102 $loadBalancer = MediaWikiServices::getInstance()->getDBLoadBalancer();
103 }
104 $this->loadBalancer = $loadBalancer;
105
106 if ( !$logger ) {
107 wfDeprecatedMsg( 'Not passing LoggerInterface to ' . __METHOD__ .
108 ' was deprecated in MediaWiki 1.34', '1.34' );
109 $logger = LoggerFactory::getInstance( 'authentication' );
110 }
111 $this->logger = $logger;
112
113 if ( !$hookContainer ) {
114 $hookContainer = MediaWikiServices::getInstance()->getHookContainer();
115 }
116 $this->hookContainer = $hookContainer;
117 $this->hookRunner = new HookRunner( $hookContainer );
118
119 $this->permissionCache = new MapCacheLRU( 1 );
120 }
121
128 public function isAllowed( User $user ) {
129 $status = $this->permissionCache->get( $user->getName() );
130 if ( !$status ) {
131 $resetRoutes = $this->config->get( 'PasswordResetRoutes' );
132 $status = StatusValue::newGood();
133
134 if ( !is_array( $resetRoutes ) || !in_array( true, $resetRoutes, true ) ) {
135 // Maybe password resets are disabled, or there are no allowable routes
136 $status = StatusValue::newFatal( 'passwordreset-disabled' );
137 } elseif (
138 ( $providerStatus = $this->authManager->allowsAuthenticationDataChange(
139 new TemporaryPasswordAuthenticationRequest(), false ) )
140 && !$providerStatus->isGood()
141 ) {
142 // Maybe the external auth plugin won't allow local password changes
143 $status = StatusValue::newFatal( 'resetpass_forbidden-reason',
144 $providerStatus->getMessage() );
145 } elseif ( !$this->config->get( 'EnableEmail' ) ) {
146 // Maybe email features have been disabled
147 $status = StatusValue::newFatal( 'passwordreset-emaildisabled' );
148 } elseif ( !$this->permissionManager->userHasRight( $user, 'editmyprivateinfo' ) ) {
149 // Maybe not all users have permission to change private data
150 $status = StatusValue::newFatal( 'badaccess' );
151 } elseif ( $this->isBlocked( $user ) ) {
152 // Maybe the user is blocked (check this here rather than relying on the parent
153 // method as we have a more specific error message to use here and we want to
154 // ignore some types of blocks)
155 $status = StatusValue::newFatal( 'blocked-mailpassword' );
156 }
157
158 $this->permissionCache->set( $user->getName(), $status );
159 }
160
161 return $status;
162 }
163
179 public function execute(
180 User $performingUser, $username = null, $email = null
181 ) {
182 if ( !$this->isAllowed( $performingUser )->isGood() ) {
183 throw new LogicException( 'User ' . $performingUser->getName()
184 . ' is not allowed to reset passwords' );
185 }
186
187 // Check against the rate limiter. If the $wgRateLimit is reached, we want to pretend
188 // that the request was good to avoid displaying an error message.
189 if ( $performingUser->pingLimiter( 'mailpassword' ) ) {
190 return StatusValue::newGood();
191 }
192
193 // We need to have a valid IP address for the hook 'User::mailPasswordInternal', but per T20347,
194 // we should send the user's name if they're logged in.
195 $ip = $performingUser->getRequest()->getIP();
196 if ( !$ip ) {
197 return StatusValue::newFatal( 'badipaddress' );
198 }
199
200 $username = $username ?? '';
201 $email = $email ?? '';
202
203 $resetRoutes = $this->config->get( 'PasswordResetRoutes' )
204 + [ 'username' => false, 'email' => false ];
205 if ( $resetRoutes['username'] && $username ) {
206 $method = 'username';
207 $users = [ $this->lookupUser( $username ) ];
208 } elseif ( $resetRoutes['email'] && $email ) {
209 if ( !Sanitizer::validateEmail( $email ) ) {
210 // Only email was supplied but not valid: pretend everything's fine.
211 return StatusValue::newGood();
212 }
213 // Only email was provided
214 $method = 'email';
215 $users = $this->getUsersByEmail( $email );
216 $username = null;
217 // Remove users whose preference 'requireemail' is on since username was not submitted
218 if ( $this->config->get( 'AllowRequiringEmailForResets' ) ) {
219 foreach ( $users as $index => $user ) {
220 if ( $user->getBoolOption( 'requireemail' ) ) {
221 unset( $users[$index] );
222 }
223 }
224 }
225 } else {
226 // The user didn't supply any data
227 return StatusValue::newFatal( 'passwordreset-nodata' );
228 }
229
230 // If the username is not valid, tell the user.
231 if ( $username && !User::getCanonicalName( $username ) ) {
232 return StatusValue::newFatal( 'noname' );
233 }
234
235 // Check for hooks (captcha etc), and allow them to modify the users list
236 $error = [];
237 $data = [
238 'Username' => $username,
239 // Email gets set to null for backward compatibility
240 'Email' => $method === 'email' ? $email : null,
241 ];
242
243 // Recreate the $users array with its values so that we reset the numeric keys since
244 // the key '0' might have been unset from $users array. 'SpecialPasswordResetOnSubmit'
245 // hook assumes that index '0' is defined if $users is not empty.
246 $users = array_values( $users );
247
248 if ( !$this->hookRunner->onSpecialPasswordResetOnSubmit( $users, $data, $error ) ) {
249 return StatusValue::newFatal( Message::newFromSpecifier( $error ) );
250 }
251
252 // Get the first element in $users by using `reset` function just in case $users is changed
253 // in 'SpecialPasswordResetOnSubmit' hook.
254 $firstUser = reset( $users );
255
256 $requireEmail = $this->config->get( 'AllowRequiringEmailForResets' )
257 && $method === 'username'
258 && $firstUser
259 && $firstUser->getBoolOption( 'requireemail' );
260 if ( $requireEmail && ( $email === '' || !Sanitizer::validateEmail( $email ) ) ) {
261 // Email is required, and not supplied or not valid: pretend everything's fine.
262 return StatusValue::newGood();
263 }
264
265 if ( !$users ) {
266 if ( $method === 'email' ) {
267 // Don't reveal whether or not an email address is in use
268 return StatusValue::newGood();
269 } else {
270 return StatusValue::newFatal( 'noname' );
271 }
272 }
273
274 // If the user doesn't exist, or if the user doesn't have an email address,
275 // don't disclose the information. We want to pretend everything is ok per T238961.
276 // Note that all the users will have the same email address (or none),
277 // so there's no need to check more than the first.
278 if ( !$firstUser instanceof User || !$firstUser->getId() || !$firstUser->getEmail() ) {
279 return StatusValue::newGood();
280 }
281
282 // Email is required but the email doesn't match: pretend everything's fine.
283 if ( $requireEmail && $firstUser->getEmail() !== $email ) {
284 return StatusValue::newGood();
285 }
286
287 $this->hookRunner->onUser__mailPasswordInternal( $performingUser, $ip, $firstUser );
288
289 $result = StatusValue::newGood();
290 $reqs = [];
291 foreach ( $users as $user ) {
292 $req = TemporaryPasswordAuthenticationRequest::newRandom();
293 $req->username = $user->getName();
294 $req->mailpassword = true;
295 $req->caller = $performingUser->getName();
296
297 $status = $this->authManager->allowsAuthenticationDataChange( $req, true );
298 // If status is good and the value is 'throttled-mailpassword', we want to pretend
299 // that the request was good to avoid displaying an error message and disclose
300 // if a reset password was previously sent.
301 if ( $status->isGood() && $status->getValue() === 'throttled-mailpassword' ) {
302 return StatusValue::newGood();
303 }
304
305 if ( $status->isGood() && $status->getValue() !== 'ignored' ) {
306 $reqs[] = $req;
307 } elseif ( $result->isGood() ) {
308 // only record the first error, to avoid exposing the number of users having the
309 // same email address
310 if ( $status->getValue() === 'ignored' ) {
311 $status = StatusValue::newFatal( 'passwordreset-ignored' );
312 }
313 $result->merge( $status );
314 }
315 }
316
317 $logContext = [
318 'requestingIp' => $ip,
319 'requestingUser' => $performingUser->getName(),
320 'targetUsername' => $username,
321 'targetEmail' => $email,
322 ];
323
324 if ( !$result->isGood() ) {
325 $this->logger->info(
326 "{requestingUser} attempted password reset of {actualUser} but failed",
327 $logContext + [ 'errors' => $result->getErrors() ]
328 );
329 return $result;
330 }
331
332 DeferredUpdates::addUpdate(
333 new SendPasswordResetEmailUpdate( $this->authManager, $reqs, $logContext ),
334 DeferredUpdates::POSTSEND
335 );
336
337 return StatusValue::newGood();
338 }
339
347 protected function isBlocked( User $user ) {
348 $block = $user->getBlock() ?: $user->getGlobalBlock();
349 if ( !$block ) {
350 return false;
351 }
352 return $block->appliesToPasswordReset();
353 }
354
360 protected function getUsersByEmail( $email ) {
361 $userQuery = User::getQueryInfo();
362 $res = $this->loadBalancer->getConnectionRef( DB_REPLICA )->select(
363 $userQuery['tables'],
364 $userQuery['fields'],
365 [ 'user_email' => $email ],
366 __METHOD__,
367 [],
368 $userQuery['joins']
369 );
370
371 if ( !$res ) {
372 // Some sort of database error, probably unreachable
373 throw new MWException( 'Unknown database error in ' . __METHOD__ );
374 }
375
376 $users = [];
377 foreach ( $res as $row ) {
378 $users[] = User::newFromRow( $row );
379 }
380 return $users;
381 }
382
390 protected function lookupUser( $username ) {
391 return User::newFromName( $username );
392 }
393}
wfDeprecatedMsg
wfDeprecatedMsg( $msg, $version=false, $component=false, $callerOffset=2)
Log a deprecation warning with arbitrary message text.
Definition GlobalFunctions.php:1059
MWException
MediaWiki exception.
Definition MWException.php:29
MapCacheLRU
Handles a simple LRU key/value map with a maximum number of entries.
Definition MapCacheLRU.php:38
MediaWiki\Auth\AuthManager
This serves as the entry point to the authentication system.
Definition AuthManager.php:88
MediaWiki\Auth\TemporaryPasswordAuthenticationRequest
This represents the intention to set a temporary password for the user.
Definition TemporaryPasswordAuthenticationRequest.php:32
MediaWiki\Config\ServiceOptions
A class for passing options to services.
Definition ServiceOptions.php:25
MediaWiki\HookContainer\HookRunner
This class provides an implementation of the core hook interfaces, forwarding hook calls to HookConta...
Definition HookRunner.php:566
MediaWiki\Logger\LoggerFactory
PSR-3 logger instance factory.
Definition LoggerFactory.php:45
MediaWiki\MediaWikiServices
MediaWikiServices is the service locator for the application scope of MediaWiki.
Definition MediaWikiServices.php:152
MediaWiki\Permissions\PermissionManager
A service class for checking permissions To obtain an instance, use MediaWikiServices::getInstance()-...
Definition PermissionManager.php:49
Message\newFromSpecifier
static newFromSpecifier( $value)
Transform a MessageSpecifier or a primitive value used interchangeably with specifiers (a message key...
Definition Message.php:452
PasswordReset
Helper class for the password reset functionality shared by the web UI and the API.
Definition PasswordReset.php:43
PasswordReset\isBlocked
isBlocked(User $user)
Check whether the user is blocked.
Definition PasswordReset.php:347
PasswordReset\isAllowed
isAllowed(User $user)
Check if a given user has permission to use this functionality.
Definition PasswordReset.php:128
PasswordReset\$hookRunner
HookRunner $hookRunner
Definition PasswordReset.php:62
PasswordReset\execute
execute(User $performingUser, $username=null, $email=null)
Do a password reset.
Definition PasswordReset.php:179
PasswordReset\$loadBalancer
ILoadBalancer $loadBalancer
Definition PasswordReset.php:56
PasswordReset\__construct
__construct( $config, AuthManager $authManager, PermissionManager $permissionManager, ILoadBalancer $loadBalancer=null, LoggerInterface $logger=null, HookContainer $hookContainer=null)
This class is managed by MediaWikiServices, don't instantiate directly.
Definition PasswordReset.php:87
PasswordReset\$authManager
AuthManager $authManager
Definition PasswordReset.php:50
PasswordReset\$config
ServiceOptions Config $config
Definition PasswordReset.php:47
PasswordReset\CONSTRUCTOR_OPTIONS
const CONSTRUCTOR_OPTIONS
Definition PasswordReset.php:71
PasswordReset\$permissionManager
PermissionManager $permissionManager
Definition PasswordReset.php:53
PasswordReset\$hookContainer
HookContainer $hookContainer
Definition PasswordReset.php:59
PasswordReset\$permissionCache
MapCacheLRU $permissionCache
In-process cache for isAllowed lookups, by username.
Definition PasswordReset.php:69
PasswordReset\getUsersByEmail
getUsersByEmail( $email)
Definition PasswordReset.php:360
PasswordReset\lookupUser
lookupUser( $username)
User object creation helper for testability.
Definition PasswordReset.php:390
SendPasswordResetEmailUpdate
Sends emails to all accounts associated with that email to reset the password.
Definition SendPasswordResetEmailUpdate.php:30
User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition User.php:60
User\getRequest
getRequest()
Get the WebRequest object to use with this object.
Definition User.php:3205
User\getName
getName()
Get the user name, or the IP of an anonymous user.
Definition User.php:2150
User\newFromName
static newFromName( $name, $validate='valid')
Static factory method for creation from username.
Definition User.php:541
User\getQueryInfo
static getQueryInfo()
Return the tables, fields, and join conditions to be selected to create a new user object.
Definition User.php:4505
User\getId
getId()
Get the user's ID.
Definition User.php:2121
User\getGlobalBlock
getGlobalBlock( $ip='')
Check if user is blocked on all wikis.
Definition User.php:2063
User\getCanonicalName
static getCanonicalName( $name, $validate='valid')
Given unvalidated user input, return a canonical username, or false if the username is invalid.
Definition User.php:1130
User\newFromRow
static newFromRow( $row, $data=null)
Create a new user object from a user row.
Definition User.php:717
User\pingLimiter
pingLimiter( $action='edit', $incrBy=1)
Primitive rate limits: enforce maximum actions per time period to put a brake on flooding.
Definition User.php:1747
User\getBlock
getBlock( $fromReplica=true, $disableIpBlockExemptChecking=false)
Get the block affecting the user, or null if the user is not blocked.
Definition User.php:1991
Config
Interface for configuration instances.
Definition Config.php:30
Wikimedia\Rdbms\ILoadBalancer
Database cluster connection, tracking, load balancing, and transaction manager interface.
Definition ILoadBalancer.php:81
DB_REPLICA
const DB_REPLICA
Definition defines.php:25