MediaWiki  master
SpecialBotPasswords.php
Go to the documentation of this file.
1 <?php
26 
33 
35  private $userId = 0;
36 
38  private $botPassword = null;
39 
41  private $operation = null;
42 
44  private $password = null;
45 
47  private $logger = null;
48 
49  public function __construct() {
50  parent::__construct( 'BotPasswords', 'editmyprivateinfo' );
51  $this->logger = LoggerFactory::getInstance( 'authentication' );
52  }
53 
57  public function isListed() {
58  return $this->getConfig()->get( 'EnableBotPasswords' );
59  }
60 
61  protected function getLoginSecurityLevel() {
62  return $this->getName();
63  }
64 
69  function execute( $par ) {
70  $this->getOutput()->disallowUserJs();
71  $this->requireLogin();
72 
73  $par = trim( $par );
74  if ( strlen( $par ) === 0 ) {
75  $par = null;
76  } elseif ( strlen( $par ) > BotPassword::APPID_MAXLENGTH ) {
77  throw new ErrorPageError( 'botpasswords', 'botpasswords-bad-appid',
78  [ htmlspecialchars( $par ) ] );
79  }
80 
82  }
83 
84  protected function checkExecutePermissions( User $user ) {
85  parent::checkExecutePermissions( $user );
86 
87  if ( !$this->getConfig()->get( 'EnableBotPasswords' ) ) {
88  throw new ErrorPageError( 'botpasswords', 'botpasswords-disabled' );
89  }
90 
91  $this->userId = CentralIdLookup::factory()->centralIdFromLocalUser( $this->getUser() );
92  if ( !$this->userId ) {
93  throw new ErrorPageError( 'botpasswords', 'botpasswords-no-central-id' );
94  }
95  }
96 
97  protected function getFormFields() {
98  $fields = [];
99 
100  if ( $this->par !== null ) {
101  $this->botPassword = BotPassword::newFromCentralId( $this->userId, $this->par );
102  if ( !$this->botPassword ) {
103  $this->botPassword = BotPassword::newUnsaved( [
104  'centralId' => $this->userId,
105  'appId' => $this->par,
106  ] );
107  }
108 
109  $sep = BotPassword::getSeparator();
110  $fields[] = [
111  'type' => 'info',
112  'label-message' => 'username',
113  'default' => $this->getUser()->getName() . $sep . $this->par
114  ];
115 
116  if ( $this->botPassword->isSaved() ) {
117  $fields['resetPassword'] = [
118  'type' => 'check',
119  'label-message' => 'botpasswords-label-resetpassword',
120  ];
121  if ( $this->botPassword->isInvalid() ) {
122  $fields['resetPassword']['default'] = true;
123  }
124  }
125 
126  $lang = $this->getLanguage();
127  $showGrants = MWGrants::getValidGrants();
128  $fields['grants'] = [
129  'type' => 'checkmatrix',
130  'label-message' => 'botpasswords-label-grants',
131  'help-message' => 'botpasswords-help-grants',
132  'columns' => [
133  $this->msg( 'botpasswords-label-grants-column' )->escaped() => 'grant'
134  ],
135  'rows' => array_combine(
136  array_map( 'MWGrants::getGrantsLink', $showGrants ),
137  $showGrants
138  ),
139  'default' => array_map(
140  function ( $g ) {
141  return "grant-$g";
142  },
143  $this->botPassword->getGrants()
144  ),
145  'tooltips' => array_combine(
146  array_map( 'MWGrants::getGrantsLink', $showGrants ),
147  array_map(
148  function ( $rights ) use ( $lang ) {
149  return $lang->semicolonList( array_map( 'User::getRightDescription', $rights ) );
150  },
151  array_intersect_key( MWGrants::getRightsByGrant(), array_flip( $showGrants ) )
152  )
153  ),
154  'force-options-on' => array_map(
155  function ( $g ) {
156  return "grant-$g";
157  },
159  ),
160  ];
161 
162  $fields['restrictions'] = [
163  'class' => HTMLRestrictionsField::class,
164  'required' => true,
165  'default' => $this->botPassword->getRestrictions(),
166  ];
167 
168  } else {
169  $linkRenderer = $this->getLinkRenderer();
170  $passwordFactory = MediaWikiServices::getInstance()->getPasswordFactory();
171 
173  $res = $dbr->select(
174  'bot_passwords',
175  [ 'bp_app_id', 'bp_password' ],
176  [ 'bp_user' => $this->userId ],
177  __METHOD__
178  );
179  foreach ( $res as $row ) {
180  try {
181  $password = $passwordFactory->newFromCiphertext( $row->bp_password );
182  $passwordInvalid = $password instanceof InvalidPassword;
183  unset( $password );
184  } catch ( PasswordError $ex ) {
185  $passwordInvalid = true;
186  }
187 
188  $text = $linkRenderer->makeKnownLink(
189  $this->getPageTitle( $row->bp_app_id ),
190  $row->bp_app_id
191  );
192  if ( $passwordInvalid ) {
193  $text .= $this->msg( 'word-separator' )->escaped()
194  . $this->msg( 'botpasswords-label-needsreset' )->parse();
195  }
196 
197  $fields[] = [
198  'section' => 'existing',
199  'type' => 'info',
200  'raw' => true,
201  'default' => $text,
202  ];
203  }
204 
205  $fields['appId'] = [
206  'section' => 'createnew',
207  'type' => 'textwithbutton',
208  'label-message' => 'botpasswords-label-appid',
209  'buttondefault' => $this->msg( 'botpasswords-label-create' )->text(),
210  'buttonflags' => [ 'progressive', 'primary' ],
211  'required' => true,
213  'maxlength' => BotPassword::APPID_MAXLENGTH,
214  'validation-callback' => function ( $v ) {
215  $v = trim( $v );
216  return $v !== '' && strlen( $v ) <= BotPassword::APPID_MAXLENGTH;
217  },
218  ];
219 
220  $fields[] = [
221  'type' => 'hidden',
222  'default' => 'new',
223  'name' => 'op',
224  ];
225  }
226 
227  return $fields;
228  }
229 
230  protected function alterForm( HTMLForm $form ) {
231  $form->setId( 'mw-botpasswords-form' );
232  $form->setTableId( 'mw-botpasswords-table' );
233  $form->addPreText( $this->msg( 'botpasswords-summary' )->parseAsBlock() );
234  $form->suppressDefaultSubmit();
235 
236  if ( $this->par !== null ) {
237  if ( $this->botPassword->isSaved() ) {
238  $form->setWrapperLegendMsg( 'botpasswords-editexisting' );
239  $form->addButton( [
240  'name' => 'op',
241  'value' => 'update',
242  'label-message' => 'botpasswords-label-update',
243  'flags' => [ 'primary', 'progressive' ],
244  ] );
245  $form->addButton( [
246  'name' => 'op',
247  'value' => 'delete',
248  'label-message' => 'botpasswords-label-delete',
249  'flags' => [ 'destructive' ],
250  ] );
251  } else {
252  $form->setWrapperLegendMsg( 'botpasswords-createnew' );
253  $form->addButton( [
254  'name' => 'op',
255  'value' => 'create',
256  'label-message' => 'botpasswords-label-create',
257  'flags' => [ 'primary', 'progressive' ],
258  ] );
259  }
260 
261  $form->addButton( [
262  'name' => 'op',
263  'value' => 'cancel',
264  'label-message' => 'botpasswords-label-cancel'
265  ] );
266  }
267  }
268 
269  public function onSubmit( array $data ) {
270  $op = $this->getRequest()->getVal( 'op', '' );
271 
272  switch ( $op ) {
273  case 'new':
274  $this->getOutput()->redirect( $this->getPageTitle( $data['appId'] )->getFullURL() );
275  return false;
276 
277  case 'create':
278  $this->operation = 'insert';
279  return $this->save( $data );
280 
281  case 'update':
282  $this->operation = 'update';
283  return $this->save( $data );
284 
285  case 'delete':
286  $this->operation = 'delete';
287  $bp = BotPassword::newFromCentralId( $this->userId, $this->par );
288  if ( $bp ) {
289  $bp->delete();
290  $this->logger->info(
291  "Bot password {op} for {user}@{app_id}",
292  [
293  'app_id' => $this->par,
294  'user' => $this->getUser()->getName(),
295  'centralId' => $this->userId,
296  'op' => 'delete',
297  'client_ip' => $this->getRequest()->getIP()
298  ]
299  );
300  }
301  return Status::newGood();
302 
303  case 'cancel':
304  $this->getOutput()->redirect( $this->getPageTitle()->getFullURL() );
305  return false;
306  }
307 
308  return false;
309  }
310 
311  private function save( array $data ) {
312  $bp = BotPassword::newUnsaved( [
313  'centralId' => $this->userId,
314  'appId' => $this->par,
315  'restrictions' => $data['restrictions'],
316  'grants' => array_merge(
318  preg_replace( '/^grant-/', '', $data['grants'] )
319  )
320  ] );
321 
322  if ( $this->operation === 'insert' || !empty( $data['resetPassword'] ) ) {
323  $this->password = BotPassword::generatePassword( $this->getConfig() );
324  $passwordFactory = MediaWikiServices::getInstance()->getPasswordFactory();
325  $password = $passwordFactory->newFromPlaintext( $this->password );
326  } else {
327  $password = null;
328  }
329 
330  if ( $bp->save( $this->operation, $password ) ) {
331  $this->logger->info(
332  "Bot password {op} for {user}@{app_id}",
333  [
334  'op' => $this->operation,
335  'user' => $this->getUser()->getName(),
336  'app_id' => $this->par,
337  'centralId' => $this->userId,
338  'restrictions' => $data['restrictions'],
339  'grants' => $bp->getGrants(),
340  'client_ip' => $this->getRequest()->getIP()
341  ]
342  );
343  return Status::newGood();
344  } else {
345  // Messages: botpasswords-insert-failed, botpasswords-update-failed
346  return Status::newFatal( "botpasswords-{$this->operation}-failed", $this->par );
347  }
348  }
349 
350  public function onSuccess() {
351  $out = $this->getOutput();
352 
353  $username = $this->getUser()->getName();
354  switch ( $this->operation ) {
355  case 'insert':
356  $out->setPageTitle( $this->msg( 'botpasswords-created-title' )->text() );
357  $out->addWikiMsg( 'botpasswords-created-body', $this->par, $username );
358  break;
359 
360  case 'update':
361  $out->setPageTitle( $this->msg( 'botpasswords-updated-title' )->text() );
362  $out->addWikiMsg( 'botpasswords-updated-body', $this->par, $username );
363  break;
364 
365  case 'delete':
366  $out->setPageTitle( $this->msg( 'botpasswords-deleted-title' )->text() );
367  $out->addWikiMsg( 'botpasswords-deleted-body', $this->par, $username );
368  $this->password = null;
369  break;
370  }
371 
372  if ( $this->password !== null ) {
373  $sep = BotPassword::getSeparator();
374  $out->addWikiMsg(
375  'botpasswords-newpassword',
376  htmlspecialchars( $username . $sep . $this->par ),
377  htmlspecialchars( $this->password ),
378  htmlspecialchars( $username ),
379  htmlspecialchars( $this->par . $sep . $this->password )
380  );
381  $this->password = null;
382  }
383 
384  $out->addReturnTo( $this->getPageTitle() );
385  }
386 
387  protected function getGroupName() {
388  return 'users';
389  }
390 
391  protected function getDisplayFormat() {
392  return 'ooui';
393  }
394 }
The wiki should then use memcached to cache various data To use multiple just add more items to the array To increase the weight of a make its entry a array("192.168.0.1:11211", 2))
static getValidGrants()
List all known grants.
Definition: MWGrants.php:31
static getSeparator()
Get the separator for combined user name + app ID.
this hook is for auditing only or null if authentication failed before getting that far or null if we can t even determine that probably a stub it is not rendered in wiki pages or galleries in category pages allow injecting custom HTML after the section Any uses of the hook need to handle escaping see BaseTemplate::getToolbox and BaseTemplate::makeListItem for details on the format of individual items inside of this array or by returning and letting standard HTTP rendering take place modifiable or by returning false and taking over the output $out
Definition: hooks.txt:785
static generatePassword( $config)
Returns a (raw, unhashed) random password string.
$batch execute()
Apache License January AND DISTRIBUTION Definitions License shall mean the terms and conditions for use
if(!isset( $args[0])) $lang
const APPID_MAXLENGTH
Definition: BotPassword.php:31
addButton( $data)
Add a button to the form.
Definition: HTMLForm.php:961
Represents an invalid password hash.
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency MediaWikiServices
Definition: injection.txt:23
Psr Log LoggerInterface $logger
getOutput()
Get the OutputPage being used for this instance.
Special page which uses an HTMLForm to handle processing.
This list may contain false positives That usually means there is additional text with links below the first Each row contains links to the first and second as well as the first line of the second redirect text
static newUnsaved(array $data, $flags=self::READ_NORMAL)
Create an unsaved BotPassword.
setId( $id)
Definition: HTMLForm.php:1506
The User object encapsulates all of the user-specific settings (user_id, name, rights, email address, options, last login time).
Definition: User.php:47
static newFatal( $message)
Factory function for fatal errors.
Definition: StatusValue.php:68
static getDB( $db)
Get a database connection for the bot passwords database.
Definition: BotPassword.php:75
static getHiddenGrants()
Get the list of grants that are hidden and should always be granted.
Definition: MWGrants.php:159
An error page which can definitely be safely rendered using the OutputPage.
setTableId( $id)
Set the id of the <table> or outermost <div> element.
Definition: HTMLForm.php:1495
$res
Definition: database.txt:21
static newGood( $value=null)
Factory function for good results.
Definition: StatusValue.php:81
addPreText( $msg)
Add HTML to introductory message.
Definition: HTMLForm.php:750
string $operation
Operation being performed: create, update, delete.
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
Definition: distributors.txt:9
BotPassword null $botPassword
Bot password being edited, if any.
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition: injection.txt:35
this hook is for auditing only or null if authentication failed before getting that far $username
Definition: hooks.txt:785
static factory( $providerId=null)
Fetch a CentralIdLookup.
getName()
Get the name of this Special Page.
checkExecutePermissions(User $user)
execute( $par)
Main execution point.
Show an error when any operation involving passwords fails to run.
static getRightsByGrant()
Map all grants to corresponding user rights.
Definition: MWGrants.php:41
you have access to all of the normal MediaWiki so you can get a DB use the etc For full docs on the Maintenance class
Definition: maintenance.txt:52
requireLogin( $reasonMsg='exception-nologin-text', $titleMsg='exception-nologin')
If the user is not logged in, throws UserNotLoggedIn error.
getUser()
Shortcut to get the User executing this instance.
string $par
The sub-page of the special page.
getConfig()
Shortcut to get main config object.
getLanguage()
Shortcut to get user&#39;s language.
msg( $key)
Wrapper around wfMessage that sets the current context.
MediaWiki Logger LoggerFactory implements a PSR [0] compatible message logging system Named Psr Log LoggerInterface instances can be obtained from the MediaWiki Logger LoggerFactory::getInstance() static method. MediaWiki\Logger\LoggerFactory expects a class implementing the MediaWiki\Logger\Spi interface to act as a factory for new Psr\Log\LoggerInterface instances. The "Spi" in MediaWiki\Logger\Spi stands for "service provider interface". An SPI is an API intended to be implemented or extended by a third party. This software design pattern is intended to enable framework extension and replaceable components. It is specifically used in the MediaWiki\Logger\LoggerFactory service to allow alternate PSR-3 logging implementations to be easily integrated with MediaWiki. The service provider interface allows the backend logging library to be implemented in multiple ways. The $wgMWLoggerDefaultSpi global provides the classname of the default MediaWiki\Logger\Spi implementation to be loaded at runtime. This can either be the name of a class implementing the MediaWiki\Logger\Spi with a zero argument const ructor or a callable that will return an MediaWiki\Logger\Spi instance. Alternately the MediaWiki\Logger\LoggerFactory MediaWiki Logger LoggerFactory
Definition: logger.txt:5
static newFromCentralId( $centralId, $appId, $flags=self::READ_NORMAL)
Load a BotPassword from the database.
const DB_REPLICA
Definition: defines.php:25
setWrapperLegendMsg( $msg)
Prompt the whole form to be wrapped in a "<fieldset>", with this message as its "<legend>" element...
Definition: HTMLForm.php:1548
getRequest()
Get the WebRequest being used for this instance.
suppressDefaultSubmit( $suppressSubmit=true)
Stop a default submit button being shown for this form.
Definition: HTMLForm.php:1458
getPageTitle( $subpage=false)
Get a self-referential title object.
string $password
New password set, for communication between onSubmit() and onSuccess()
Let users manage bot passwords.
return true to allow those checks to and false if checking is done & $user
Definition: hooks.txt:1487
int $userId
Central user ID.
MediaWiki Linker LinkRenderer null $linkRenderer
Definition: SpecialPage.php:66