master/php/DeleteLocalPasswords_8php_source.html

<?php

use MediaWiki\Password\InvalidPassword;

use MediaWiki\Password\PasswordFactory;

use Wikimedia\Rdbms\IDatabase;

use Wikimedia\Rdbms\IExpression;

use Wikimedia\Rdbms\LikeValue;

use Wikimedia\Rdbms\RawSQLValue;


require_once __DIR__ . '/../Maintenance.php';


class DeleteLocalPasswords extends Maintenance {

    protected $user;


    protected $total;


    public function __construct() {

        parent::__construct();

        $this->addDescription( "Deletes local password for users." );

        $this->setBatchSize( 1000 );


        $this->addOption( 'user', 'If specified, only checks the given user', false, true );

        $this->addOption( 'delete', 'Really delete. To prevent accidents, you must provide this flag.' );

        $this->addOption( 'prefix', "Instead of deleting, make passwords invalid by prefixing with "

            . "':null:'. Make sure PasswordConfig has a 'null' entry. This is meant for testing before "

            . "hard delete." );

        $this->addOption( 'unprefix', 'Instead of deleting, undo the effect of --prefix.' );

    }


    protected function initialize() {

        if (

            (int)$this->hasOption( 'delete' ) + (int)$this->hasOption( 'prefix' )

            + (int)$this->hasOption( 'unprefix' ) !== 1

        ) {

            $this->fatalError( "Exactly one of the 'delete', 'prefix', 'unprefix' options must be used\n" );

        }

        if ( $this->hasOption( 'prefix' ) || $this->hasOption( 'unprefix' ) ) {

            $passwordHashTypes = $this->getServiceContainer()->getPasswordFactory()->getTypes();

            if (

                !isset( $passwordHashTypes['null'] )

                || $passwordHashTypes['null']['class'] !== InvalidPassword::class

            ) {

                $this->fatalError(

<<<'ERROR'

'null' password entry missing. To use password prefixing, add

    $wgPasswordConfig['null'] = [ 'class' => InvalidPassword::class ];

to your configuration (and remove once the passwords were deleted).

ERROR

                );

            }

        }


        $user = $this->getOption( 'user', false );

        if ( $user !== false ) {

            $userNameUtils = $this->getServiceContainer()->getUserNameUtils();

            $this->user = $userNameUtils->getCanonical( $user );

            if ( $this->user === false ) {

                $this->fatalError( "Invalid user name\n" );

            }

        }

    }


    public function execute() {

        $this->initialize();


        foreach ( $this->getUserBatches() as $userBatch ) {

            $this->processUsers( $userBatch, $this->getUserDB() );

        }


        $this->output( "done. (wrote $this->total rows)\n" );

    }


    protected function getUserDB() {

        return $this->getPrimaryDB();

    }


    protected function processUsers( array $userBatch, IDatabase $dbw ) {

        if ( !$userBatch ) {

            return;

        }

        if ( $this->getOption( 'delete' ) ) {

            $dbw->newUpdateQueryBuilder()

                ->update( 'user' )

                ->set( [ 'user_password' => PasswordFactory::newInvalidPassword()->toString() ] )

                ->where( [ 'user_name' => $userBatch ] )

                ->caller( __METHOD__ )->execute();

        } elseif ( $this->getOption( 'prefix' ) ) {

            $dbw->newUpdateQueryBuilder()

                ->update( 'user' )

                ->set( [

                    'user_password' => new RawSQLValue(

                        $dbw->buildConcat( [ $dbw->addQuotes( ':null:' ), 'user_password' ] )

                    )

                ] )

                ->where( [

                    $dbw->expr( 'user_password', IExpression::NOT_LIKE, new LikeValue( ':null:', $dbw->anyString() ) ),

                    $dbw->expr( 'user_password', '!=', PasswordFactory::newInvalidPassword()->toString() ),

                    $dbw->expr( 'user_password', '!=', null ),

                    'user_name' => $userBatch,

                ] )

                ->caller( __METHOD__ )->execute();

        } elseif ( $this->getOption( 'unprefix' ) ) {

            $dbw->newUpdateQueryBuilder()

                ->update( 'user' )

                ->set( [

                    'user_password' => new RawSQLValue(

                        $dbw->buildSubString( 'user_password', strlen( ':null:' ) + 1 )

                    )

                ] )

                ->where( [

                    $dbw->expr( 'user_password', IExpression::LIKE, new LikeValue( ':null:', $dbw->anyString() ) ),

                    'user_name' => $userBatch,

                ] )

                ->caller( __METHOD__ )->execute();

        }

        $this->total += $dbw->affectedRows();

        $this->waitForReplication();

    }


    protected function getUserBatches() {

        if ( $this->user !== null ) {

            $this->output( "\t ... querying '$this->user'\n" );

            yield [ [ $this->user ] ];

            return;

        }


        $lastUsername = '';

        $dbw = $this->getPrimaryDB();

        do {

            $this->output( "\t ... querying from '$lastUsername'\n" );

            $users = $dbw->newSelectQueryBuilder()

                ->select( 'user_name' )

                ->from( 'user' )

                ->where( $dbw->expr( 'user_name', '>', $lastUsername ) )

                ->orderBy( 'user_name ASC' )

                ->limit( $this->getBatchSize() )

                ->caller( __METHOD__ )->fetchFieldValues();

            if ( $users ) {

                yield $users;

                $lastUsername = end( $users );

            }

        } while ( count( $users ) === $this->getBatchSize() );

    }


}


DeleteLocalPasswords
Delete unused local passwords.
Definition DeleteLocalPasswords.php:47

DeleteLocalPasswords\execute
execute()
Do the actual work.
Definition DeleteLocalPasswords.php:100

DeleteLocalPasswords\__construct
__construct()
Default constructor.
Definition DeleteLocalPasswords.php:54

DeleteLocalPasswords\$user
string null $user
User to run on, or null for all.
Definition DeleteLocalPasswords.php:49

DeleteLocalPasswords\$total
int $total
Number of deleted passwords.
Definition DeleteLocalPasswords.php:52

DeleteLocalPasswords\processUsers
processUsers(array $userBatch, IDatabase $dbw)
Definition DeleteLocalPasswords.php:119

DeleteLocalPasswords\getUserBatches
getUserBatches()
This method iterates through the requested users and returns their names in batches of self::$mBatchS...
Definition DeleteLocalPasswords.php:171

DeleteLocalPasswords\initialize
initialize()
Definition DeleteLocalPasswords.php:67

DeleteLocalPasswords\getUserDB
getUserDB()
Get the primary DB handle for the current user batch.
Definition DeleteLocalPasswords.php:115

Maintenance
Abstract maintenance class for quickly writing and churning out maintenance scripts with minimal effo...
Definition Maintenance.php:68

Maintenance\output
output( $out, $channel=null)
Throw some output to the user.
Definition Maintenance.php:479

Maintenance\waitForReplication
waitForReplication()
Wait for replica DBs to catch up.
Definition Maintenance.php:1172

Maintenance\hasOption
hasOption( $name)
Checks to see if a particular option was set.
Definition Maintenance.php:278

Maintenance\getServiceContainer
getServiceContainer()
Returns the main service container.
Definition Maintenance.php:666

Maintenance\getBatchSize
getBatchSize()
Returns batch size.
Definition Maintenance.php:412

Maintenance\addDescription
addDescription( $text)
Set the description text.
Definition Maintenance.php:329

Maintenance\addOption
addOption( $name, $description, $required=false, $withArg=false, $shortName=false, $multiOccurrence=false)
Add a parameter to the script.
Definition Maintenance.php:259

Maintenance\getOption
getOption( $name, $default=null)
Get an option, or return the default.
Definition Maintenance.php:293

Maintenance\getPrimaryDB
getPrimaryDB()
Definition Maintenance.php:1118

Maintenance\setBatchSize
setBatchSize( $s=0)
Definition Maintenance.php:419

Maintenance\fatalError
fatalError( $msg, $exitCode=1)
Output a message and terminate the current script.
Definition Maintenance.php:546

MediaWiki\Password\InvalidPassword
Represents an invalid password hash.
Definition InvalidPassword.php:36

MediaWiki\Password\PasswordFactory
Factory class for creating and checking Password objects.
Definition PasswordFactory.php:38

Wikimedia\Rdbms\LikeValue
Content of like value.
Definition LikeValue.php:14

Wikimedia\Rdbms\RawSQLValue
Raw SQL value to be used in query builders.
Definition RawSQLValue.php:13

$wgPasswordConfig
$wgPasswordConfig
Config variable stub for the PasswordConfig setting, for use by phpdoc and IDEs.
Definition config-vars.php:2574

Wikimedia\Rdbms\Database\DbQuoter\addQuotes
addQuotes( $s)
Escape and quote a raw value string for use in a SQL query.

Wikimedia\Rdbms\IDatabase
Basic database interface for live and lazy-loaded relation database handles.
Definition IDatabase.php:39

Wikimedia\Rdbms\IDatabase\newUpdateQueryBuilder
newUpdateQueryBuilder()
Get an UpdateQueryBuilder bound to this connection.

Wikimedia\Rdbms\IDatabase\affectedRows
affectedRows()
Get the number of rows affected by the last query method call.

Wikimedia\Rdbms\IExpression
Definition IExpression.php:10

Wikimedia\Rdbms\IReadableDatabase\expr
expr(string $field, string $op, $value)
See Expression::__construct()

Wikimedia\Rdbms\Platform\ISQLPlatform\buildSubString
buildSubString( $input, $startPosition, $length=null)
Build a SUBSTRING function.

Wikimedia\Rdbms\Platform\ISQLPlatform\anyString
anyString()
Returns a token for buildLike() that denotes a '' to be used in a LIKE query.

Wikimedia\Rdbms\Platform\ISQLPlatform\buildConcat
buildConcat( $stringList)
Build a concatenation list to feed into a SQL query.