master/php/DeleteLocalPasswords_8php_source.html

 <?php

 use MediaWiki\MediaWikiServices;

 use Wikimedia\Rdbms\IDatabase;

 use Wikimedia\Rdbms\IMaintainableDatabase;


 require_once __DIR__ . '/../Maintenance.php';


 class DeleteLocalPasswords extends Maintenance {

     protected $user;


     protected $total;


     public function __construct() {

         parent::__construct();

         $this->addDescription( "Deletes local password for users." );

         $this->setBatchSize( 1000 );


         $this->addOption( 'user', 'If specified, only checks the given user', false, true );

         $this->addOption( 'delete', 'Really delete. To prevent accidents, you must provide this flag.' );

         $this->addOption( 'prefix', "Instead of deleting, make passwords invalid by prefixing with "

             . "':null:'. Make sure PasswordConfig has a 'null' entry. This is meant for testing before "

             . "hard delete." );

         $this->addOption( 'unprefix', 'Instead of deleting, undo the effect of --prefix.' );

     }


     protected function initialize() {

         if (

             (int)$this->hasOption( 'delete' ) + (int)$this->hasOption( 'prefix' )

             + (int)$this->hasOption( 'unprefix' ) !== 1

         ) {

             $this->fatalError( "Exactly one of the 'delete', 'prefix', 'unprefix' options must be used\n" );

         }

         if ( $this->hasOption( 'prefix' ) || $this->hasOption( 'unprefix' ) ) {

             $passwordHashTypes = MediaWikiServices::getInstance()->getPasswordFactory()->getTypes();

             if (

                 !isset( $passwordHashTypes['null'] )

                 || $passwordHashTypes['null']['class'] !== InvalidPassword::class

             ) {

                 $this->fatalError(

 <<<'ERROR'

 'null' password entry missing. To use password prefixing, add

     $wgPasswordConfig['null'] = [ 'class' => InvalidPassword::class ];

 to your configuration (and remove once the passwords were deleted).

 ERROR

                 );

             }

         }


         $user = $this->getOption( 'user', false );

         if ( $user !== false ) {

             $userNameUtils = MediaWikiServices::getInstance()->getUserNameUtils();

             $this->user = $userNameUtils->getCanonical( $user );

             if ( $this->user === false ) {

                 $this->fatalError( "Invalid user name\n" );

             }

         }

     }


     public function execute() {

         $this->initialize();


         foreach ( $this->getUserBatches() as $userBatch ) {

             $this->processUsers( $userBatch, $this->getUserDB() );

         }


         $this->output( "done. (wrote $this->total rows)\n" );

     }


     protected function getUserDB() {

         return $this->getDB( DB_PRIMARY );

     }


     protected function processUsers( array $userBatch, IDatabase $dbw ) {

         if ( !$userBatch ) {

             return;

         }

         if ( $this->getOption( 'delete' ) ) {

             $dbw->update( 'user',

                 [ 'user_password' => PasswordFactory::newInvalidPassword()->toString() ],

                 [ 'user_name' => $userBatch ],

                 __METHOD__

             );

         } elseif ( $this->getOption( 'prefix' ) ) {

             $dbw->update( 'user',

                 [ 'user_password = ' . $dbw->buildConcat( [ $dbw->addQuotes( ':null:' ),

                         'user_password' ] ) ],

                 [

                     'NOT (user_password ' . $dbw->buildLike( ':null:', $dbw->anyString() ) . ')',

                     "user_password != " . $dbw->addQuotes( PasswordFactory::newInvalidPassword()->toString() ),

                     'user_password IS NOT NULL',

                     'user_name' => $userBatch,

                 ],

                 __METHOD__

             );

         } elseif ( $this->getOption( 'unprefix' ) ) {

             $dbw->update( 'user',

                 [ 'user_password = ' . $dbw->buildSubString( 'user_password', strlen( ':null:' ) + 1 ) ],

                 [

                     'user_password ' . $dbw->buildLike( ':null:', $dbw->anyString() ),

                     'user_name' => $userBatch,

                 ],

                 __METHOD__

             );

         }

         $this->total += $dbw->affectedRows();

         $this->waitForReplication();

     }


     protected function getUserBatches() {

         if ( $this->user !== null ) {

             $this->output( "\t ... querying '$this->user'\n" );

             yield [ [ $this->user ] ];

             return;

         }


         $lastUsername = '';

         $dbw = $this->getDB( DB_PRIMARY );

         do {

             $this->output( "\t ... querying from '$lastUsername'\n" );

             $users = $dbw->selectFieldValues(

                 'user',

                 'user_name',

                 [

                     'user_name > ' . $dbw->addQuotes( $lastUsername ),

                 ],

                 __METHOD__,

                 [

                     'LIMIT' => $this->getBatchSize(),

                     'ORDER BY' => 'user_name ASC',

                 ]

             );

             if ( $users ) {

                 yield $users;

                 $lastUsername = end( $users );

             }

         } while ( count( $users ) === $this->getBatchSize() );

     }

 }

DeleteLocalPasswords
Delete unused local passwords.
Definition: DeleteLocalPasswords.php:44

DeleteLocalPasswords\execute
execute()
Do the actual work.
Definition: DeleteLocalPasswords.php:97

DeleteLocalPasswords\__construct
__construct()
Default constructor.
Definition: DeleteLocalPasswords.php:51

DeleteLocalPasswords\$user
string null $user
User to run on, or null for all.
Definition: DeleteLocalPasswords.php:46

DeleteLocalPasswords\$total
int $total
Number of deleted passwords.
Definition: DeleteLocalPasswords.php:49

DeleteLocalPasswords\processUsers
processUsers(array $userBatch, IDatabase $dbw)
Definition: DeleteLocalPasswords.php:116

DeleteLocalPasswords\getUserBatches
getUserBatches()
This method iterates through the requested users and returns their names in batches of self::$mBatchS...
Definition: DeleteLocalPasswords.php:161

DeleteLocalPasswords\initialize
initialize()
Definition: DeleteLocalPasswords.php:64

DeleteLocalPasswords\getUserDB
getUserDB()
Get the primary DB handle for the current user batch.
Definition: DeleteLocalPasswords.php:112

Maintenance
Abstract maintenance class for quickly writing and churning out maintenance scripts with minimal effo...
Definition: Maintenance.php:66

Maintenance\getDB
getDB( $db, $groups=[], $dbDomain=false)
Returns a database to be used by current maintenance script.
Definition: Maintenance.php:1137

Maintenance\output
output( $out, $channel=null)
Throw some output to the user.
Definition: Maintenance.php:466

Maintenance\waitForReplication
waitForReplication()
Wait for replica DBs to catch up.
Definition: Maintenance.php:1196

Maintenance\hasOption
hasOption( $name)
Checks to see if a particular option was set.
Definition: Maintenance.php:289

Maintenance\getBatchSize
getBatchSize()
Returns batch size.
Definition: Maintenance.php:399

Maintenance\addDescription
addDescription( $text)
Set the description text.
Definition: Maintenance.php:340

Maintenance\addOption
addOption( $name, $description, $required=false, $withArg=false, $shortName=false, $multiOccurrence=false)
Add a parameter to the script.
Definition: Maintenance.php:270

Maintenance\getOption
getOption( $name, $default=null)
Get an option, or return the default.
Definition: Maintenance.php:304

Maintenance\setBatchSize
setBatchSize( $s=0)
Definition: Maintenance.php:406

Maintenance\fatalError
fatalError( $msg, $exitCode=1)
Output a message and terminate the current script.
Definition: Maintenance.php:520

MediaWiki\MediaWikiServices
Service locator for MediaWiki core services.
Definition: MediaWikiServices.php:223

PasswordFactory\newInvalidPassword
static newInvalidPassword()
Create an InvalidPassword.
Definition: PasswordFactory.php:254

$wgPasswordConfig
$wgPasswordConfig
Config variable stub for the PasswordConfig setting, for use by phpdoc and IDEs.
Definition: config-vars.php:2548

Wikimedia\Rdbms\Database\DbQuoter\addQuotes
addQuotes( $s)
Escape and quote a raw value string for use in a SQL query.

Wikimedia\Rdbms\IDatabase
Basic database interface for live and lazy-loaded relation database handles.
Definition: IDatabase.php:36

Wikimedia\Rdbms\IDatabase\affectedRows
affectedRows()
Get the number of rows affected by the last attempted query statement.

Wikimedia\Rdbms\IDatabase\update
update( $table, $set, $conds, $fname=__METHOD__, $options=[])
Update all rows in a table that match a given condition.

Wikimedia\Rdbms\IMaintainableDatabase
Advanced database interface for IDatabase handles that include maintenance methods.
Definition: IMaintainableDatabase.php:34

Wikimedia\Rdbms\Platform\ISQLPlatform\buildSubString
buildSubString( $input, $startPosition, $length=null)
Build a SUBSTRING function.

Wikimedia\Rdbms\Platform\ISQLPlatform\buildLike
buildLike( $param,... $params)
LIKE statement wrapper.

Wikimedia\Rdbms\Platform\ISQLPlatform\anyString
anyString()
Returns a token for buildLike() that denotes a '' to be used in a LIKE query.

Wikimedia\Rdbms\Platform\ISQLPlatform\buildConcat
buildConcat( $stringList)
Build a concatenation list to feed into a SQL query.

DB_PRIMARY
const DB_PRIMARY
Definition: defines.php:28