MediaWiki master
createAndPromote.php
Go to the documentation of this file.
1<?php
26// @codeCoverageIgnoreStart
27require_once __DIR__ . '/Maintenance.php';
28// @codeCoverageIgnoreEnd
29
37
47 private const PERMIT_ROLES = [ 'sysop', 'bureaucrat', 'interface-admin', 'bot' ];
48
49 public function __construct() {
50 parent::__construct();
51 $this->addDescription( 'Create a new user account and/or grant it additional rights' );
52 $this->addOption(
53 'force',
54 'If account exists already, just grant it rights or change password.'
55 );
56 foreach ( self::PERMIT_ROLES as $role ) {
57 $this->addOption( $role, "Add the account to the {$role} group" );
58 }
59
60 $this->addOption(
61 'custom-groups',
62 'Comma-separated list of groups to add the user to',
63 false,
64 true
65 );
66
67 $this->addOption(
68 'reason',
69 'Reason for account creation and user rights assignment to log to wiki',
70 false,
71 true
72 );
73
74 $this->addArg( 'username', 'Username of new user' );
75 $this->addArg( 'password', 'Password to set', false );
76 }
77
78 public function execute() {
79 $username = $this->getArg( 0 );
80 $password = $this->getArg( 1 );
81 $force = $this->hasOption( 'force' );
82 $inGroups = [];
83 $services = $this->getServiceContainer();
84
85 $user = $services->getUserFactory()->newFromName( $username );
86 if ( !is_object( $user ) ) {
87 $this->fatalError( 'invalid username.' );
88 }
89
90 if ( $services->getUserNameUtils()->isTemp( $user->getName() ) ) {
91 $this->fatalError(
92 'Temporary accounts cannot have groups or a password, so this script should not be used ' .
93 'to create a temporary account. Temporary accounts can be created by making an edit while logged out.'
94 );
95 }
96
97 $exists = ( $user->idForName() !== 0 );
98
99 if ( $exists && !$force ) {
100 $this->fatalError( 'Account exists. Perhaps you want the --force option?' );
101 } elseif ( !$exists && !$password ) {
102 $this->error( 'Argument <password> required!' );
103 $this->maybeHelp( true );
104 } elseif ( $exists ) {
105 $inGroups = $services->getUserGroupManager()->getUserGroups( $user );
106 }
107
108 $groups = array_filter( self::PERMIT_ROLES, $this->hasOption( ... ) );
109 if ( $this->hasOption( 'custom-groups' ) ) {
110 $allGroups = array_fill_keys( $services->getUserGroupManager()->listAllGroups(), true );
111 $customGroupsText = $this->getOption( 'custom-groups' );
112 if ( $customGroupsText !== '' ) {
113 $customGroups = explode( ',', $customGroupsText );
114 foreach ( $customGroups as $customGroup ) {
115 if ( isset( $allGroups[$customGroup] ) ) {
116 $groups[] = trim( $customGroup );
117 } else {
118 $this->output( "$customGroup is not a valid group, ignoring!\n" );
119 }
120 }
121 }
122 }
123
124 $promotions = array_diff(
125 $groups,
126 $inGroups
127 );
128
129 if ( $exists && !$password && count( $promotions ) === 0 ) {
130 $this->output( "Account exists and nothing to do.\n" );
131
132 return;
133 } elseif ( count( $promotions ) !== 0 ) {
134 $dbDomain = WikiMap::getCurrentWikiDbDomain()->getId();
135 $promoText = "User:{$username} into " . implode( ', ', $promotions ) . "...\n";
136 if ( $exists ) {
137 $this->output( "$dbDomain: Promoting $promoText" );
138 } else {
139 $this->output( "$dbDomain: Creating and promoting $promoText" );
140 }
141 }
142
143 if ( !$exists ) {
144 // Verify the password meets the password requirements before creating.
145 // This check is repeated below to account for differences between
146 // the password policy for regular users and for users in certain groups.
147 if ( $password ) {
148 $status = $user->checkPasswordValidity( $password );
149
150 if ( !$status->isGood() ) {
151 $this->fatalError( $status );
152 }
153 }
154
155 // Create the user via AuthManager as there may be various side
156 // effects that are performed by the configured AuthManager chain.
157 $status = $this->getServiceContainer()->getAuthManager()->autoCreateUser(
158 $user,
159 AuthManager::AUTOCREATE_SOURCE_MAINT,
160 false
161 );
162 if ( !$status->isGood() ) {
163 $this->fatalError( $status );
164 }
165 }
166
167 if ( $promotions ) {
168 // Add groups before changing password, as the password policy for certain groups has
169 // stricter requirements.
170 $userGroupManager = $services->getUserGroupManager();
171 $userGroupManager->addUserToMultipleGroups( $user, $promotions );
172 $reason = $this->getOption( 'reason' ) ?: '';
173 $this->addLogEntry( $user, $inGroups, array_merge( $inGroups, $promotions ), $reason );
174 }
175
176 if ( $password ) {
177 # Try to set the password
178 try {
179 $status = $user->changeAuthenticationData( [
180 'username' => $user->getName(),
181 'password' => $password,
182 'retype' => $password,
183 ] );
184 if ( !$status->isGood() ) {
185 throw new PasswordError( $status->getMessage( false, false, 'en' )->text() );
186 }
187 if ( $exists ) {
188 $this->output( "Password set.\n" );
189 $user->saveSettings();
190 }
191 } catch ( PasswordError $pwe ) {
192 $this->fatalError( 'Setting the password failed: ' . $pwe->getMessage() );
193 }
194 }
195
196 if ( !$exists ) {
197 # Increment site_stats.ss_users
198 $ssu = SiteStatsUpdate::factory( [ 'users' => 1 ] );
199 $ssu->doUpdate();
200 }
201
202 $this->output( "done.\n" );
203 }
204
213 private function addLogEntry( $user, array $oldGroups, array $newGroups, string $reason ) {
214 $logEntry = new ManualLogEntry( 'rights', 'rights' );
215 $logEntry->setPerformer( User::newSystemUser( User::MAINTENANCE_SCRIPT_USER, [ 'steal' => true ] ) );
216 $logEntry->setTarget( $user->getUserPage() );
217 $logEntry->setComment( $reason );
218 $logEntry->setParameters( [
219 '4::oldgroups' => $oldGroups,
220 '5::newgroups' => $newGroups
221 ] );
222 $logid = $logEntry->insert();
223 $logEntry->publish( $logid );
224 }
225}
226
227// @codeCoverageIgnoreStart
228$maintClass = CreateAndPromote::class;
229require_once RUN_MAINTENANCE_IF_MAIN;
230// @codeCoverageIgnoreEnd
Maintenance script to create an account and grant it rights.
execute()
Do the actual work.
__construct()
Default constructor.
This serves as the entry point to the authentication system.
Class for handling updates to the site_stats table.
Class for creating new log entries and inserting them into the database.
Abstract maintenance class for quickly writing and churning out maintenance scripts with minimal effo...
addArg( $arg, $description, $required=true, $multi=false)
Add some args that are needed.
getArg( $argId=0, $default=null)
Get an argument.
output( $out, $channel=null)
Throw some output to the user.
fatalError( $msg, $exitCode=1)
Output a message and terminate the current script.
addOption( $name, $description, $required=false, $withArg=false, $shortName=false, $multiOccurrence=false)
Add a parameter to the script.
hasOption( $name)
Checks to see if a particular option was set.
getOption( $name, $default=null)
Get an option, or return the default.
error( $err, $die=0)
Throw an error to the user.
getServiceContainer()
Returns the main service container.
maybeHelp( $force=false)
Maybe show the help.
addDescription( $text)
Set the description text.
Show an error when any operation involving passwords fails to run.
User class for the MediaWiki software.
Definition User.php:123
Tools for dealing with other locally-hosted wikis.
Definition WikiMap.php:33