MediaWiki  master
resetAuthenticationThrottle.php
Go to the documentation of this file.
1 <?php
24 use MediaWiki\Auth\AuthManager;
25 use MediaWiki\Auth\Throttler;
26 use MediaWiki\Logger\LoggerFactory;
27 
28 require_once __DIR__ . '/Maintenance.php';
29 
36 class ResetAuthenticationThrottle extends Maintenance {
37 
38  public function __construct() {
39  parent::__construct();
40  $this->addDescription( 'Reset login/signup throttling for a specified user and/or IP. '
41  . "\n\n"
42  . 'When resetting signup only, provide the IP. When resetting login (or both), provide '
43  . 'both username (as entered in login screen) and IP. An easy way to obtain them is '
44  . "the 'throttler' log channel." );
45  $this->addOption( 'login', 'Reset login throttle' );
46  $this->addOption( 'signup', 'Reset account creation throttle' );
47  $this->addOption( 'user', 'Username to reset', false, true );
48  $this->addOption( 'ip', 'IP to reset', false, true );
49  }
50 
51  public function execute() {
52  $forLogin = (bool)$this->getOption( 'login' );
53  $forSignup = (bool)$this->getOption( 'signup' );
54  $username = $this->getOption( 'user' );
55  $ip = $this->getOption( 'ip' );
56 
57  if ( !$forLogin && !$forSignup ) {
58  $this->fatalError( 'At least one of --login and --signup is required!' );
59  } elseif ( $forLogin && ( $ip === null || $username === null ) ) {
60  $this->fatalError( '--usename and --ip are both required when using --login!' );
61  } elseif ( $forSignup && $ip === null ) {
62  $this->fatalError( '--ip is required when using --signup!' );
63  } elseif ( $ip !== null && !IP::isValid( $ip ) ) {
64  $this->fatalError( "Not a valid IP: $ip" );
65  }
66 
67  if ( $forLogin ) {
68  $this->clearLoginThrottle( $username, $ip );
69  }
70  if ( $forSignup ) {
71  $this->clearSignupThrottle( $ip );
72  }
73 
74  LoggerFactory::getInstance( 'throttler' )->notice( 'Manually cleared {type} throttle', [
75  'type' => implode( ' and ', array_filter( [
76  $forLogin ? 'login' : null,
77  $forSignup ? 'signup' : null,
78  ] ) ),
79  'username' => $username,
80  'ipKey' => $ip,
81  ] );
82  }
83 
88  protected function clearLoginThrottle( $rawUsername, $ip ) {
89  $this->output( 'Clearing login throttle... ' );
90 
91  $passwordAttemptThrottle = $this->getConfig()->get( 'PasswordAttemptThrottle' );
92  if ( !$passwordAttemptThrottle ) {
93  $this->output( "none set\n" );
94  return;
95  }
96 
97  $throttler = new Throttler( $passwordAttemptThrottle, [
98  'type' => 'password',
99  'cache' => ObjectCache::getLocalClusterInstance(),
100  ] );
101  if ( $rawUsername !== null ) {
102  $usernames = AuthManager::singleton()->normalizeUsername( $rawUsername );
103  if ( !$usernames ) {
104  $this->fatalError( "Not a valid username: $rawUsername" );
105  }
106  } else {
107  $usernames = [ null ];
108  }
109  foreach ( $usernames as $username ) {
110  $throttler->clear( $username, $ip );
111  }
112 
113  $botPasswordThrottler = new Throttler( $passwordAttemptThrottle, [
114  'type' => 'botpassword',
115  'cache' => ObjectCache::getLocalClusterInstance(),
116  ] );
117  $botPasswordThrottler->clear( $username, $ip );
118 
119  $this->output( "done\n" );
120  }
121 
125  protected function clearSignupThrottle( $ip ) {
126  $this->output( 'Clearing signup throttle... ' );
127 
128  $accountCreationThrottle = $this->getConfig()->get( 'AccountCreationThrottle' );
129  if ( !is_array( $accountCreationThrottle ) ) {
130  $accountCreationThrottle = [ [
131  'count' => $accountCreationThrottle,
132  'seconds' => 86400,
133  ] ];
134  }
135  if ( !$accountCreationThrottle ) {
136  $this->output( "none set\n" );
137  return;
138  }
139  $throttler = new Throttler( $accountCreationThrottle, [
140  'type' => 'acctcreate',
141  'cache' => ObjectCache::getLocalClusterInstance(),
142  ] );
143 
144  $throttler->clear( null, $ip );
145 
146  $this->output( "done\n" );
147  }
148 
149 }
150 
151 $maintClass = ResetAuthenticationThrottle::class;
152 require_once RUN_MAINTENANCE_IF_MAIN;
RUN_MAINTENANCE_IF_MAIN
const RUN_MAINTENANCE_IF_MAIN
Definition: Maintenance.php:39
ResetAuthenticationThrottle
Reset login/signup throttling for a specified user and/or IP.
Definition: resetAuthenticationThrottle.php:36
Maintenance\getOption
getOption( $name, $default=null)
Get an option, or return the default.
Definition: Maintenance.php:302
Maintenance
Abstract maintenance class for quickly writing and churning out maintenance scripts with minimal effo...
Definition: Maintenance.php:82
ObjectCache\getLocalClusterInstance
static getLocalClusterInstance()
Get the main cluster-local cache object.
Definition: ObjectCache.php:348
IP\isValid
static isValid( $ip)
Validate an IP address.
Definition: IP.php:111
Maintenance\addDescription
addDescription( $text)
Set the description text.
Definition: Maintenance.php:348
Maintenance\output
output( $out, $channel=null)
Throw some output to the user.
Definition: Maintenance.php:453
Maintenance\addOption
addOption( $name, $description, $required=false, $withArg=false, $shortName=false, $multiOccurrence=false)
Add a parameter to the script.
Definition: Maintenance.php:267
Maintenance\fatalError
fatalError( $msg, $exitCode=1)
Output a message and terminate the current script.
Definition: Maintenance.php:504