MediaWiki master
createAndPromote.php
Go to the documentation of this file.
1<?php
12// @codeCoverageIgnoreStart
13require_once __DIR__ . '/Maintenance.php';
14// @codeCoverageIgnoreEnd
15
16use MediaWiki\Auth\AuthManager;
17use MediaWiki\Deferred\SiteStatsUpdate;
18use MediaWiki\Logging\ManualLogEntry;
19use MediaWiki\Maintenance\Maintenance;
20use MediaWiki\Password\PasswordError;
21use MediaWiki\Permissions\UltimateAuthority;
22use MediaWiki\User\User;
23use MediaWiki\WikiMap\WikiMap;
24
33class CreateAndPromote extends Maintenance {
34 private const PERMIT_ROLES = [ 'sysop', 'bureaucrat', 'interface-admin', 'bot' ];
35
36 public function __construct() {
37 parent::__construct();
38 $this->addDescription( 'Create a new user account and/or grant it additional rights' );
39 $this->addOption(
40 'email',
41 'Sets the users email address',
42 false,
43 true
44 );
45 $this->addOption(
46 'force',
47 'If account exists already, just grant it rights or change password.'
48 );
49 foreach ( self::PERMIT_ROLES as $role ) {
50 $this->addOption( $role, "Add the account to the {$role} group" );
51 }
52
53 $this->addOption(
54 'custom-groups',
55 'Comma-separated list of groups to add the user to',
56 false,
57 true
58 );
59
60 $this->addOption(
61 'reason',
62 'Reason for account creation and user rights assignment to log to wiki',
63 false,
64 true
65 );
66
67 $this->addArg( 'username', 'Username of new user' );
68 $this->addArg( 'password', 'Password to set', false );
69 }
70
71 public function execute() {
72 $username = $this->getArg( 0 );
73 $password = $this->getArg( 1 );
74 $force = $this->hasOption( 'force' );
75 $inGroups = [];
76 $services = $this->getServiceContainer();
77
78 $user = $services->getUserFactory()->newFromName( $username );
79 if ( !is_object( $user ) ) {
80 $this->fatalError( 'invalid username.' );
81 }
82
83 if ( $services->getUserNameUtils()->isTemp( $user->getName() ) ) {
84 $this->fatalError(
85 'Temporary accounts cannot have groups or a password, so this script should not be used ' .
86 'to create a temporary account. Temporary accounts can be created by making an edit while logged out.'
87 );
88 }
89
90 $exists = ( $user->idForName() !== 0 );
91
92 if ( $exists && !$force ) {
93 $this->fatalError( 'Account exists. Perhaps you want the --force option?' );
94 } elseif ( !$exists && !$password ) {
95 $this->error( 'Argument <password> required!' );
96 $this->maybeHelp( true );
97 } elseif ( $exists ) {
98 $inGroups = $services->getUserGroupManager()->getUserGroups( $user );
99 }
100
101 $groups = array_filter( self::PERMIT_ROLES, $this->hasOption( ... ) );
102 if ( $this->hasOption( 'custom-groups' ) ) {
103 $allGroups = array_fill_keys( $services->getUserGroupManager()->listAllGroups(), true );
104 $customGroupsText = $this->getOption( 'custom-groups' );
105 if ( $customGroupsText !== '' ) {
106 $customGroups = explode( ',', $customGroupsText );
107 foreach ( $customGroups as $customGroup ) {
108 if ( isset( $allGroups[$customGroup] ) ) {
109 $groups[] = trim( $customGroup );
110 } else {
111 $this->output( "$customGroup is not a valid group, ignoring!\n" );
112 }
113 }
114 }
115 }
116
117 $promotions = array_diff(
118 $groups,
119 $inGroups
120 );
121
122 if ( $exists && !$password && count( $promotions ) === 0 ) {
123 $this->output( "Account exists and nothing to do.\n" );
124
125 return;
126 } elseif ( count( $promotions ) !== 0 ) {
127 $dbDomain = WikiMap::getCurrentWikiDbDomain()->getId();
128 $promoText = "User:{$username} into " . implode( ', ', $promotions ) . "...\n";
129 if ( $exists ) {
130 $this->output( "$dbDomain: Promoting $promoText" );
131 } else {
132 $this->output( "$dbDomain: Creating and promoting $promoText" );
133 }
134 }
135
136 if ( !$exists ) {
137 // Verify the password meets the password requirements before creating.
138 // This check is repeated below to account for differences between
139 // the password policy for regular users and for users in certain groups.
140 if ( $password ) {
141 $status = $user->checkPasswordValidity( $password );
142
143 if ( !$status->isGood() ) {
144 $this->fatalError( $status );
145 }
146 }
147
148 // Create the user via AuthManager as there may be various side
149 // effects that are performed by the configured AuthManager chain.
150 $status = $this->getServiceContainer()->getAuthManager()->autoCreateUser(
151 $user,
152 AuthManager::AUTOCREATE_SOURCE_MAINT,
153 false,
154 true,
155 new UltimateAuthority( User::newSystemUser( User::MAINTENANCE_SCRIPT_USER, [ 'steal' => true ] ) )
156 );
157 if ( !$status->isGood() ) {
158 $this->fatalError( $status );
159 }
160 }
161
162 if ( $promotions ) {
163 // Add groups before changing password, as the password policy for certain groups has
164 // stricter requirements.
165 $userGroupManager = $services->getUserGroupManager();
166 $userGroupManager->addUserToMultipleGroups( $user, $promotions );
167 $reason = $this->getOption( 'reason' ) ?: '';
168 $this->addLogEntry( $user, $inGroups, array_merge( $inGroups, $promotions ), $reason );
169 }
170
171 if ( $password ) {
172 # Try to set the password
173 try {
174 $status = $user->changeAuthenticationData( [
175 'username' => $user->getName(),
176 'password' => $password,
177 'retype' => $password,
178 ] );
179 } catch ( PasswordError $pwe ) {
180 $this->fatalError( 'Unexpected PasswordError: ' . $pwe->getMessage() );
181 }
182 if ( !$status->isGood() ) {
183 $this->output( "Setting the password failed.\n" );
184 $this->fatalError( $status );
185 }
186 if ( $exists ) {
187 $this->output( "Password set.\n" );
188 $user->saveSettings();
189 }
190 }
191
192 if ( $this->hasOption( 'email' ) ) {
193 $resetEmail = $this->createChild( ResetUserEmail::class );
194 $resetEmail->setArg( 0, $user->getName() );
195 $resetEmail->setArg( 1, $this->getOption( 'email' ) );
196 $resetEmail->setOption( 'no-reset-password', true );
197 $resetEmail->execute();
198 }
199
200 if ( !$exists ) {
201 # Increment site_stats.ss_users
202 $ssu = SiteStatsUpdate::factory( [ 'users' => 1 ] );
203 $ssu->doUpdate();
204 }
205
206 $this->output( "done.\n" );
207 }
208
217 private function addLogEntry( $user, array $oldGroups, array $newGroups, string $reason ) {
218 $logEntry = new ManualLogEntry( 'rights', 'rights' );
219 $logEntry->setPerformer( User::newSystemUser( User::MAINTENANCE_SCRIPT_USER, [ 'steal' => true ] ) );
220 $logEntry->setTarget( $user->getUserPage() );
221 $logEntry->setComment( $reason );
222 $logEntry->setParameters( [
223 '4::oldgroups' => $oldGroups,
224 '5::newgroups' => $newGroups
225 ] );
226 $logid = $logEntry->insert();
227 $logEntry->publish( $logid );
228 }
229}
230
231// @codeCoverageIgnoreStart
232$maintClass = CreateAndPromote::class;
233require_once RUN_MAINTENANCE_IF_MAIN;
234// @codeCoverageIgnoreEnd
CreateAndPromote
Maintenance script to create an account and grant it rights.
Definition createAndPromote.php:33
CreateAndPromote\execute
execute()
Do the actual work.
Definition createAndPromote.php:71
CreateAndPromote\__construct
__construct()
Default constructor.
Definition createAndPromote.php:36
MediaWiki\Auth\AuthManager
AuthManager is the authentication system in MediaWiki and serves entry point for authentication.
Definition AuthManager.php:109
MediaWiki\Deferred\SiteStatsUpdate
Class for handling updates to the site_stats table.
Definition SiteStatsUpdate.php:20
MediaWiki\Logging\ManualLogEntry
Class for creating new log entries and inserting them into the database.
Definition ManualLogEntry.php:42
MediaWiki\Maintenance\Maintenance
Abstract maintenance class for quickly writing and churning out maintenance scripts with minimal effo...
Definition Maintenance.php:65
MediaWiki\Maintenance\Maintenance\createChild
createChild(string $maintClass, ?string $classFile=null)
Returns an instance of the given maintenance script, with all of the current arguments passed to it.
Definition Maintenance.php:760
MediaWiki\Maintenance\Maintenance\addArg
addArg( $arg, $description, $required=true, $multi=false)
Add some args that are needed.
Definition Maintenance.php:311
MediaWiki\Maintenance\Maintenance\getArg
getArg( $argId=0, $default=null)
Get an argument.
Definition Maintenance.php:358
MediaWiki\Maintenance\Maintenance\output
output( $out, $channel=null)
Throw some output to the user.
Definition Maintenance.php:486
MediaWiki\Maintenance\Maintenance\fatalError
fatalError( $msg, $exitCode=1)
Output a message and terminate the current script.
Definition Maintenance.php:551
MediaWiki\Maintenance\Maintenance\addOption
addOption( $name, $description, $required=false, $withArg=false, $shortName=false, $multiOccurrence=false)
Add a parameter to the script.
Definition Maintenance.php:266
MediaWiki\Maintenance\Maintenance\hasOption
hasOption( $name)
Checks to see if a particular option was set.
Definition Maintenance.php:285
MediaWiki\Maintenance\Maintenance\getOption
getOption( $name, $default=null)
Get an option, or return the default.
Definition Maintenance.php:300
MediaWiki\Maintenance\Maintenance\error
error( $err, $die=0)
Throw an error to the user.
Definition Maintenance.php:513
MediaWiki\Maintenance\Maintenance\getServiceContainer
getServiceContainer()
Returns the main service container.
Definition Maintenance.php:680
MediaWiki\Maintenance\Maintenance\maybeHelp
maybeHelp( $force=false)
Maybe show the help.
Definition Maintenance.php:922
MediaWiki\Maintenance\Maintenance\addDescription
addDescription( $text)
Set the description text.
Definition Maintenance.php:336
MediaWiki\Password\PasswordError
Show an error when any operation involving passwords fails to run.
Definition PasswordError.php:19
MediaWiki\Permissions\UltimateAuthority
Represents an authority that has all permissions.
Definition UltimateAuthority.php:22
MediaWiki\User\User
User class for the MediaWiki software.
Definition User.php:130
MediaWiki\WikiMap\WikiMap
Tools for dealing with other locally-hosted wikis.
Definition WikiMap.php:19