MediaWiki  master
DeleteLocalPasswords.php
Go to the documentation of this file.
1 <?php
27 
28 require_once __DIR__ . '/../Maintenance.php';
29 
46  protected $user;
47 
49  protected $total;
50 
51  public function __construct() {
52  parent::__construct();
53  $this->addDescription( "Deletes local password for users." );
54  $this->setBatchSize( 1000 );
55 
56  $this->addOption( 'user', 'If specified, only checks the given user', false, true );
57  $this->addOption( 'delete', 'Really delete. To prevent accidents, you must provide this flag.' );
58  $this->addOption( 'prefix', "Instead of deleting, make passwords invalid by prefixing with "
59  . "':null:'. Make sure PasswordConfig has a 'null' entry. This is meant for testing before "
60  . "hard delete." );
61  $this->addOption( 'unprefix', 'Instead of deleting, undo the effect of --prefix.' );
62  }
63 
64  protected function initialize() {
65  if (
66  $this->hasOption( 'delete' ) + $this->hasOption( 'prefix' )
67  + $this->hasOption( 'unprefix' ) !== 1
68  ) {
69  $this->fatalError( "Exactly one of the 'delete', 'prefix', 'unprefix' options must be used\n" );
70  }
71  if ( $this->hasOption( 'prefix' ) || $this->hasOption( 'unprefix' ) ) {
72  $passwordHashTypes = MediaWikiServices::getInstance()->getPasswordFactory()->getTypes();
73  if (
74  !isset( $passwordHashTypes['null'] )
75  || $passwordHashTypes['null']['class'] !== InvalidPassword::class
76  ) {
77  $this->fatalError(
78 <<<'ERROR'
79 'null' password entry missing. To use password prefixing, add
80  $wgPasswordConfig['null'] = [ 'class' => InvalidPassword::class ];
81 to your configuration (and remove once the passwords were deleted).
82 ERROR
83  );
84  }
85  }
86 
87  $user = $this->getOption( 'user', false );
88  if ( $user !== false ) {
89  $this->user = User::getCanonicalName( $user );
90  if ( $this->user === false ) {
91  $this->fatalError( "Invalid user name\n" );
92  }
93  }
94  }
95 
96  public function execute() {
97  $this->initialize();
98 
99  foreach ( $this->getUserBatches() as $userBatch ) {
100  $this->processUsers( $userBatch, $this->getUserDB() );
101  }
102 
103  $this->output( "done. (wrote $this->total rows)\n" );
104  }
105 
111  protected function getUserDB() {
112  return $this->getDB( DB_MASTER );
113  }
114 
115  protected function processUsers( array $userBatch, IDatabase $dbw ) {
116  if ( !$userBatch ) {
117  return;
118  }
119  if ( $this->getOption( 'delete' ) ) {
120  $dbw->update( 'user',
121  [ 'user_password' => PasswordFactory::newInvalidPassword()->toString() ],
122  [ 'user_name' => $userBatch ],
123  __METHOD__
124  );
125  } elseif ( $this->getOption( 'prefix' ) ) {
126  $dbw->update( 'user',
127  [ 'user_password = ' . $dbw->buildConcat( [ $dbw->addQuotes( ':null:' ),
128  'user_password' ] ) ],
129  [
130  'NOT (user_password ' . $dbw->buildLike( ':null:', $dbw->anyString() ) . ')',
131  "user_password != " . $dbw->addQuotes( PasswordFactory::newInvalidPassword()->toString() ),
132  'user_password IS NOT NULL',
133  'user_name' => $userBatch,
134  ],
135  __METHOD__
136  );
137  } elseif ( $this->getOption( 'unprefix' ) ) {
138  $dbw->update( 'user',
139  [ 'user_password = ' . $dbw->buildSubString( 'user_password', strlen( ':null:' ) + 1 ) ],
140  [
141  'user_password ' . $dbw->buildLike( ':null:', $dbw->anyString() ),
142  'user_name' => $userBatch,
143  ],
144  __METHOD__
145  );
146  }
147  $this->total += $dbw->affectedRows();
148  MediaWikiServices::getInstance()->getDBLoadBalancerFactory()->waitForReplication();
149  }
150 
160  protected function getUserBatches() {
161  if ( !is_null( $this->user ) ) {
162  $this->output( "\t ... querying '$this->user'\n" );
163  yield [ [ $this->user ] ];
164  return;
165  }
166 
167  $lastUsername = '';
168  $dbw = $this->getDB( DB_MASTER );
169  do {
170  $this->output( "\t ... querying from '$lastUsername'\n" );
171  $users = $dbw->selectFieldValues(
172  'user',
173  'user_name',
174  [
175  'user_name > ' . $dbw->addQuotes( $lastUsername ),
176  ],
177  __METHOD__,
178  [
179  'LIMIT' => $this->getBatchSize(),
180  'ORDER BY' => 'user_name ASC',
181  ]
182  );
183  if ( $users ) {
184  yield $users;
185  $lastUsername = end( $users );
186  }
187  } while ( count( $users ) === $this->getBatchSize() );
188  }
189 }
DeleteLocalPasswords\initialize
initialize()
Definition: DeleteLocalPasswords.php:64
Wikimedia\Rdbms\IDatabase\affectedRows
affectedRows()
Get the number of rows affected by the last write query.
DeleteLocalPasswords\getUserDB
getUserDB()
Get the master DB handle for the current user batch.
Definition: DeleteLocalPasswords.php:111
DeleteLocalPasswords
Delete unused local passwords.
Definition: DeleteLocalPasswords.php:44
MediaWiki\MediaWikiServices
MediaWikiServices is the service locator for the application scope of MediaWiki.
Definition: MediaWikiServices.php:129
Maintenance\fatalError
fatalError( $msg, $exitCode=1)
Output a message and terminate the current script.
Definition: Maintenance.php:508
Maintenance\addDescription
addDescription( $text)
Set the description text.
Definition: Maintenance.php:352
Maintenance
Abstract maintenance class for quickly writing and churning out maintenance scripts with minimal effo...
Definition: Maintenance.php:86
Wikimedia\Rdbms\IDatabase
Basic database interface for live and lazy-loaded relation database handles.
Definition: IDatabase.php:38
DeleteLocalPasswords\processUsers
processUsers(array $userBatch, IDatabase $dbw)
Definition: DeleteLocalPasswords.php:115
Maintenance\addOption
addOption( $name, $description, $required=false, $withArg=false, $shortName=false, $multiOccurrence=false)
Add a parameter to the script.
Definition: Maintenance.php:271
DeleteLocalPasswords\__construct
__construct()
Default constructor.
Definition: DeleteLocalPasswords.php:51
DB_MASTER
const DB_MASTER
Definition: defines.php:26
Wikimedia\Rdbms\IDatabase\buildSubString
buildSubString( $input, $startPosition, $length=null)
Build a SUBSTRING function.
Wikimedia\Rdbms\IDatabase\buildConcat
buildConcat( $stringList)
Build a concatenation list to feed into a SQL query.
Maintenance\getDB
getDB( $db, $groups=[], $dbDomain=false)
Returns a database to be used by current maintenance script.
Definition: Maintenance.php:1407
Wikimedia\Rdbms\IDatabase\anyString
anyString()
Returns a token for buildLike() that denotes a '' to be used in a LIKE query.
Wikimedia\Rdbms\IDatabase\update
update( $table, $values, $conds, $fname=__METHOD__, $options=[])
UPDATE wrapper.
DeleteLocalPasswords\getUserBatches
getUserBatches()
This method iterates through the requested users and returns their names in batches of self::$mBatchS...
Definition: DeleteLocalPasswords.php:160
PasswordFactory\newInvalidPassword
static newInvalidPassword()
Create an InvalidPassword.
Definition: PasswordFactory.php:242
Maintenance\getOption
getOption( $name, $default=null)
Get an option, or return the default.
Definition: Maintenance.php:306
Wikimedia\Rdbms\IDatabase\addQuotes
addQuotes( $s)
Escape and quote a raw value string for use in a SQL query.
User\getCanonicalName
static getCanonicalName( $name, $validate='valid')
Given unvalidated user input, return a canonical username, or false if the username is invalid.
Definition: User.php:1194
Maintenance\getBatchSize
getBatchSize()
Returns batch size.
Definition: Maintenance.php:390
DeleteLocalPasswords\$total
int $total
Number of deleted passwords.
Definition: DeleteLocalPasswords.php:49
Maintenance\output
output( $out, $channel=null)
Throw some output to the user.
Definition: Maintenance.php:457
DeleteLocalPasswords\$user
string null $user
User to run on, or null for all.
Definition: DeleteLocalPasswords.php:46
Maintenance\hasOption
hasOption( $name)
Checks to see if a particular option exists.
Definition: Maintenance.php:292
Wikimedia\Rdbms\IDatabase\buildLike
buildLike( $param,... $params)
LIKE statement wrapper.
$wgPasswordConfig
$wgPasswordConfig
Configuration for built-in password types.
Definition: DefaultSettings.php:4738
Wikimedia\Rdbms\IMaintainableDatabase
Advanced database interface for IDatabase handles that include maintenance methods.
Definition: IMaintainableDatabase.php:38
Maintenance\setBatchSize
setBatchSize( $s=0)
Set the batch size.
Definition: Maintenance.php:398
DeleteLocalPasswords\execute
execute()
Do the actual work.
Definition: DeleteLocalPasswords.php:96