MediaWiki  master
DeleteLocalPasswords.php
Go to the documentation of this file.
1 <?php
27 
28 require_once __DIR__ . '/../Maintenance.php';
29 
46  protected $user;
47 
49  protected $total;
50 
51  public function __construct() {
52  parent::__construct();
53  $this->addDescription( "Deletes local password for users." );
54  $this->setBatchSize( 1000 );
55 
56  $this->addOption( 'user', 'If specified, only checks the given user', false, true );
57  $this->addOption( 'delete', 'Really delete. To prevent accidents, you must provide this flag.' );
58  $this->addOption( 'prefix', "Instead of deleting, make passwords invalid by prefixing with "
59  . "':null:'. Make sure PasswordConfig has a 'null' entry. This is meant for testing before "
60  . "hard delete." );
61  $this->addOption( 'unprefix', 'Instead of deleting, undo the effect of --prefix.' );
62  }
63 
64  protected function initialize() {
65  if (
66  $this->hasOption( 'delete' ) + $this->hasOption( 'prefix' )
67  + $this->hasOption( 'unprefix' ) !== 1
68  ) {
69  $this->fatalError( "Exactly one of the 'delete', 'prefix', 'unprefix' options must be used\n" );
70  }
71  if ( $this->hasOption( 'prefix' ) || $this->hasOption( 'unprefix' ) ) {
72  $passwordHashTypes = MediaWikiServices::getInstance()->getPasswordFactory()->getTypes();
73  if (
74  !isset( $passwordHashTypes['null'] )
75  || $passwordHashTypes['null']['class'] !== InvalidPassword::class
76  ) {
77  $this->fatalError(
78 <<<'ERROR'
79 'null' password entry missing. To use password prefixing, add
80  $wgPasswordConfig['null'] = [ 'class' => InvalidPassword::class ];
81 to your configuration (and remove once the passwords were deleted).
82 ERROR
83  );
84  }
85  }
86 
87  $user = $this->getOption( 'user', false );
88  if ( $user !== false ) {
89  $this->user = User::getCanonicalName( $user );
90  if ( $this->user === false ) {
91  $this->fatalError( "Invalid user name\n" );
92  }
93  }
94  }
95 
96  public function execute() {
97  $this->initialize();
98 
99  foreach ( $this->getUserBatches() as $userBatch ) {
100  $this->processUsers( $userBatch, $this->getUserDB() );
101  }
102 
103  $this->output( "done. (wrote $this->total rows)\n" );
104  }
105 
111  protected function getUserDB() {
112  return $this->getDB( DB_MASTER );
113  }
114 
115  protected function processUsers( array $userBatch, IDatabase $dbw ) {
116  if ( !$userBatch ) {
117  return;
118  }
119  if ( $this->getOption( 'delete' ) ) {
120  $dbw->update( 'user',
121  [ 'user_password' => PasswordFactory::newInvalidPassword()->toString() ],
122  [ 'user_name' => $userBatch ],
123  __METHOD__
124  );
125  } elseif ( $this->getOption( 'prefix' ) ) {
126  $dbw->update( 'user',
127  [ 'user_password = ' . $dbw->buildConcat( [ $dbw->addQuotes( ':null:' ),
128  'user_password' ] ) ],
129  [
130  'NOT (user_password ' . $dbw->buildLike( ':null:', $dbw->anyString() ) . ')',
131  "user_password != " . $dbw->addQuotes( PasswordFactory::newInvalidPassword()->toString() ),
132  'user_password IS NOT NULL',
133  'user_name' => $userBatch,
134  ],
135  __METHOD__
136  );
137  } elseif ( $this->getOption( 'unprefix' ) ) {
138  $dbw->update( 'user',
139  [ 'user_password = ' . $dbw->buildSubString( 'user_password', strlen( ':null:' ) + 1 ) ],
140  [
141  'user_password ' . $dbw->buildLike( ':null:', $dbw->anyString() ),
142  'user_name' => $userBatch,
143  ],
144  __METHOD__
145  );
146  }
147  $this->total += $dbw->affectedRows();
148  MediaWikiServices::getInstance()->getDBLoadBalancerFactory()->waitForReplication();
149  }
150 
160  protected function getUserBatches() {
161  if ( !is_null( $this->user ) ) {
162  $this->output( "\t ... querying '$this->user'\n" );
163  yield [ [ $this->user ] ];
164  return;
165  }
166 
167  $lastUsername = '';
168  $dbw = $this->getDB( DB_MASTER );
169  do {
170  $this->output( "\t ... querying from '$lastUsername'\n" );
171  $users = $dbw->selectFieldValues(
172  'user',
173  'user_name',
174  [
175  'user_name > ' . $dbw->addQuotes( $lastUsername ),
176  ],
177  __METHOD__,
178  [
179  'LIMIT' => $this->getBatchSize(),
180  'ORDER BY' => 'user_name ASC',
181  ]
182  );
183  if ( $users ) {
184  yield $users;
185  $lastUsername = end( $users );
186  }
187  } while ( count( $users ) === $this->getBatchSize() );
188  }
189 }
affectedRows()
Get the number of rows affected by the last write query.
Apache License January AND DISTRIBUTION Definitions License shall mean the terms and conditions for use
getOption( $name, $default=null)
Get an option, or return the default.
Abstract maintenance class for quickly writing and churning out maintenance scripts with minimal effo...
Definition: maintenance.txt:39
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency MediaWikiServices
Definition: injection.txt:23
setBatchSize( $s=0)
Set the batch size.
getUserDB()
Get the master DB handle for the current user batch.
hasOption( $name)
Checks to see if a particular option exists.
const DB_MASTER
Definition: defines.php:26
anyString()
Returns a token for buildLike() that denotes a &#39;&#39; to be used in a LIKE query.
An extension or a local will often add custom code to the function with or without a global variable For someone wanting email notification when an article is shown may add
Definition: hooks.txt:51
static getCanonicalName( $name, $validate='valid')
Given unvalidated user input, return a canonical username, or false if the username is invalid...
Definition: User.php:1233
buildConcat( $stringList)
Build a concatenation list to feed into a SQL query.
addDescription( $text)
Set the description text.
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such and we might be restricted by PHP settings such as safe mode or open_basedir We cannot assume that the software even has read access anywhere useful Many shared hosts run all users web applications under the same user
Wikitext formatted, in the key only.
Definition: distributors.txt:9
and(b) You must cause any modified files to carry prominent notices stating that You changed the files
getDB( $db, $groups=[], $wiki=false)
Returns a database to be used by current maintenance script.
output( $out, $channel=null)
Throw some output to the user.
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition: distributors.txt:9
skin txt MediaWiki includes four core it has been set as the default in MediaWiki since the replacing Monobook it had been the default skin since before being replaced by Vector largely rewritten in while keeping its appearance Several legacy skins were removed in the as the burden of supporting them became too heavy to bear Those were
Definition: skin.txt:10
buildSubString( $input, $startPosition, $length=null)
Build a SUBSTRING function.
static newInvalidPassword()
Create an InvalidPassword.
$wgPasswordConfig
Configuration for built-in password types.
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition: injection.txt:35
processUsers(array $userBatch, IDatabase $dbw)
Basic database interface for live and lazy-loaded relation database handles.
Definition: IDatabase.php:38
you have access to all of the normal MediaWiki so you can get a DB use the etc For full docs on the Maintenance class
Definition: maintenance.txt:52
getBatchSize()
Returns batch size.
int $total
Number of deleted passwords.
addOption( $name, $description, $required=false, $withArg=false, $shortName=false, $multiOccurrence=false)
Add a parameter to the script.
getUserBatches()
This method iterates through the requested users and returns their names in batches of self::$mBatchS...
update( $table, $values, $conds, $fname=__METHOD__, $options=[])
UPDATE wrapper.
fatalError( $msg, $exitCode=1)
Output a message and terminate the current script.
string null $user
User to run on, or null for all.
addQuotes( $s)
Adds quotes and backslashes.
buildLike( $param)
LIKE statement wrapper, receives a variable-length argument list with parts of pattern to match conta...
Delete unused local passwords.