MediaWiki master
DeleteLocalPasswords.php
Go to the documentation of this file.
1<?php
24namespace MediaWiki\Maintenance;
25
32
33// @codeCoverageIgnoreStart
34require_once __DIR__ . '/../Maintenance.php';
35// @codeCoverageIgnoreEnd
36
53 protected $user;
54
56 protected $total;
57
58 public function __construct() {
59 parent::__construct();
60 $this->addDescription( "Deletes local password for users." );
61 $this->setBatchSize( 1000 );
62
63 $this->addOption( 'user', 'If specified, only checks the given user', false, true );
64 $this->addOption( 'delete', 'Really delete. To prevent accidents, you must provide this flag.' );
65 $this->addOption( 'prefix', "Instead of deleting, make passwords invalid by prefixing with "
66 . "':null:'. Make sure PasswordConfig has a 'null' entry. This is meant for testing before "
67 . "hard delete." );
68 $this->addOption( 'unprefix', 'Instead of deleting, undo the effect of --prefix.' );
69 }
70
71 protected function initialize() {
72 if (
73 (int)$this->hasOption( 'delete' ) + (int)$this->hasOption( 'prefix' )
74 + (int)$this->hasOption( 'unprefix' ) !== 1
75 ) {
76 $this->fatalError( "Exactly one of the 'delete', 'prefix', 'unprefix' options must be used\n" );
77 }
78 if ( $this->hasOption( 'prefix' ) || $this->hasOption( 'unprefix' ) ) {
79 $passwordHashTypes = $this->getServiceContainer()->getPasswordFactory()->getTypes();
80 if (
81 !isset( $passwordHashTypes['null'] )
82 || $passwordHashTypes['null']['class'] !== InvalidPassword::class
83 ) {
84 $this->fatalError(
85<<<'ERROR'
86'null' password entry missing. To use password prefixing, add
87 $wgPasswordConfig['null'] = [ 'class' => InvalidPassword::class ];
88to your configuration (and remove once the passwords were deleted).
89ERROR
90 );
91 }
92 }
93
94 $user = $this->getOption( 'user', false );
95 if ( $user !== false ) {
96 $userNameUtils = $this->getServiceContainer()->getUserNameUtils();
97 $this->user = $userNameUtils->getCanonical( $user );
98 if ( $this->user === false ) {
99 $this->fatalError( "Invalid user name\n" );
100 }
101 }
102 }
103
104 public function execute() {
105 $this->initialize();
106
107 foreach ( $this->getUserBatches() as $userBatch ) {
108 $this->processUsers( $userBatch, $this->getUserDB() );
109 }
110
111 $this->output( "done. (wrote $this->total rows)\n" );
112 }
113
119 protected function getUserDB() {
120 return $this->getPrimaryDB();
121 }
122
123 protected function processUsers( array $userBatch, IDatabase $dbw ) {
124 if ( !$userBatch ) {
125 return;
126 }
127 if ( $this->getOption( 'delete' ) ) {
129 ->update( 'user' )
130 ->set( [ 'user_password' => PasswordFactory::newInvalidPassword()->toString() ] )
131 ->where( [ 'user_name' => $userBatch ] )
132 ->caller( __METHOD__ )->execute();
133 } elseif ( $this->getOption( 'prefix' ) ) {
135 ->update( 'user' )
136 ->set( [
137 'user_password' => new RawSQLValue(
138 $dbw->buildConcat( [ $dbw->addQuotes( ':null:' ), 'user_password' ] )
139 )
140 ] )
141 ->where( [
142 $dbw->expr( 'user_password', IExpression::NOT_LIKE, new LikeValue( ':null:', $dbw->anyString() ) ),
143 $dbw->expr( 'user_password', '!=', PasswordFactory::newInvalidPassword()->toString() ),
144 $dbw->expr( 'user_password', '!=', null ),
145 'user_name' => $userBatch,
146 ] )
147 ->caller( __METHOD__ )->execute();
148 } elseif ( $this->getOption( 'unprefix' ) ) {
150 ->update( 'user' )
151 ->set( [
152 'user_password' => new RawSQLValue(
153 $dbw->buildSubString( 'user_password', strlen( ':null:' ) + 1 )
154 )
155 ] )
156 ->where( [
157 $dbw->expr( 'user_password', IExpression::LIKE, new LikeValue( ':null:', $dbw->anyString() ) ),
158 'user_name' => $userBatch,
159 ] )
160 ->caller( __METHOD__ )->execute();
161 }
162 $this->total += $dbw->affectedRows();
163 $this->waitForReplication();
164 }
165
175 protected function getUserBatches() {
176 if ( $this->user !== null ) {
177 $this->output( "\t ... querying '$this->user'\n" );
178 yield [ [ $this->user ] ];
179 return;
180 }
181
182 $lastUsername = '';
183 $dbw = $this->getPrimaryDB();
184 do {
185 $this->output( "\t ... querying from '$lastUsername'\n" );
186 $users = $dbw->newSelectQueryBuilder()
187 ->select( 'user_name' )
188 ->from( 'user' )
189 ->where( $dbw->expr( 'user_name', '>', $lastUsername ) )
190 ->orderBy( 'user_name ASC' )
191 ->limit( $this->getBatchSize() )
192 ->caller( __METHOD__ )->fetchFieldValues();
193 if ( $users ) {
194 yield $users;
195 $lastUsername = end( $users );
196 }
197 } while ( count( $users ) === $this->getBatchSize() );
198 }
199}
200
202class_alias( DeleteLocalPasswords::class, 'DeleteLocalPasswords' );
processUsers(array $userBatch, IDatabase $dbw)
getUserDB()
Get the primary DB handle for the current user batch.
string null $user
User to run on, or null for all.
getUserBatches()
This method iterates through the requested users and returns their names in batches of self::$mBatchS...
Abstract maintenance class for quickly writing and churning out maintenance scripts with minimal effo...
getBatchSize()
Returns batch size.
output( $out, $channel=null)
Throw some output to the user.
fatalError( $msg, $exitCode=1)
Output a message and terminate the current script.
addOption( $name, $description, $required=false, $withArg=false, $shortName=false, $multiOccurrence=false)
Add a parameter to the script.
waitForReplication()
Wait for replica DB servers to catch up.
hasOption( $name)
Checks to see if a particular option was set.
getOption( $name, $default=null)
Get an option, or return the default.
getServiceContainer()
Returns the main service container.
addDescription( $text)
Set the description text.
Represents an invalid password hash.
Factory class for creating and checking Password objects.
Content of like value.
Definition LikeValue.php:14
Raw SQL value to be used in query builders.
$wgPasswordConfig
Config variable stub for the PasswordConfig setting, for use by phpdoc and IDEs.
addQuotes( $s)
Escape and quote a raw value string for use in a SQL query.
Interface to a relational database.
Definition IDatabase.php:45
newUpdateQueryBuilder()
Get an UpdateQueryBuilder bound to this connection.
affectedRows()
Get the number of rows affected by the last query method call.
expr(string $field, string $op, $value)
See Expression::__construct()
buildSubString( $input, $startPosition, $length=null)
Build a SUBSTRING function.
anyString()
Returns a token for buildLike() that denotes a '' to be used in a LIKE query.
buildConcat( $stringList)
Build a concatenation list to feed into a SQL query.