56 $this->throttleSettings = array_intersect_key( $params,
57 [
'accountCreationThrottle' =>
true,
'passwordAttemptThrottle' =>
true ] );
59 $this->cache = $params[
'cache'] ?? $services->getObjectCacheFactory()
60 ->getLocalClusterInstance();
74 $this->throttleSettings += [
77 'passwordAttemptThrottle' =>
81 if ( !empty( $this->throttleSettings[
'accountCreationThrottle'] ) ) {
82 $this->accountCreationThrottle =
new Throttler(
83 $this->throttleSettings[
'accountCreationThrottle'], [
84 'type' =>
'acctcreate',
85 'cache' => $this->cache,
89 if ( !empty( $this->throttleSettings[
'passwordAttemptThrottle'] ) ) {
90 $this->passwordAttemptThrottle =
new Throttler(
91 $this->throttleSettings[
'passwordAttemptThrottle'], [
93 'cache' => $this->cache,
101 if ( !$this->accountCreationThrottle || !$creator->isPingLimitable() ) {
102 return \StatusValue::newGood();
105 $ip = $this->manager->getRequest()->getIP();
107 if ( !$this->
getHookRunner()->onExemptFromAccountCreationThrottle( $ip ) ) {
108 $this->logger->debug( __METHOD__ .
": a hook allowed account creation w/o throttle" );
109 return \StatusValue::newGood();
112 $result = $this->accountCreationThrottle->increase(
null, $ip, __METHOD__ );
114 $message =
wfMessage(
'acct_creation_throttle_hit' )->params( $result[
'count'] )
115 ->durationParams( $result[
'wait'] );
116 return \StatusValue::newFatal( $message );
119 return \StatusValue::newGood();
124 if ( !$this->passwordAttemptThrottle ) {
125 return \StatusValue::newGood();
128 $ip = $this->manager->getRequest()->getIP();
131 }
catch ( \UnexpectedValueException ) {
137 if ( $username !==
null ) {
138 $usernames = $this->manager->normalizeUsername( $username );
140 $usernames = [ null ];
143 foreach ( $usernames as $name ) {
144 $r = $this->passwordAttemptThrottle->increase( $name, $ip, __METHOD__ );
145 if ( $r && ( !$result || $result[
'wait'] < $r[
'wait'] ) ) {
151 $message =
wfMessage(
'login-throttled' )->durationParams( $result[
'wait'] );
152 return \StatusValue::newFatal( $message );
154 $this->manager->setAuthenticationSessionData(
'LoginThrottle',
155 [
'users' => $usernames,
'ip' => $ip ] );
156 return \StatusValue::newGood();
167 } elseif ( !$this->passwordAttemptThrottle ) {
171 $data = $this->manager->getAuthenticationSessionData(
'LoginThrottle' );
175 $this->logger->info(
'throttler data not found for {user}', [
'user' => $user->getName() ] );
179 foreach ( $data[
'users'] as $name ) {
180 $this->passwordAttemptThrottle->clear( $name, $data[
'ip'] );
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
A class containing constants representing the names of configuration variables.
const AccountCreationThrottle
Name constant for the AccountCreationThrottle setting, for use with Config::get()
const PasswordAttemptThrottle
Name constant for the PasswordAttemptThrottle setting, for use with Config::get()