MediaWiki master
resetAuthenticationThrottle.php
Go to the documentation of this file.
1<?php
10use MediaWiki\Auth\Throttler;
11use MediaWiki\Logger\LoggerFactory;
12use MediaWiki\MainConfigNames;
13use MediaWiki\Maintenance\Maintenance;
14use Wikimedia\IPUtils;
15
16// @codeCoverageIgnoreStart
17require_once __DIR__ . '/Maintenance.php';
18// @codeCoverageIgnoreEnd
19
26class ResetAuthenticationThrottle extends Maintenance {
27
28 public function __construct() {
29 parent::__construct();
30 $this->addDescription( 'Reset login/signup throttling for a specified user and/or IP. '
31 . "\n\n"
32 . 'When resetting signup or temp account, provide the IP. When resetting login (or both), provide '
33 . 'both username (as entered in login screen) and IP. An easy way to obtain them is '
34 . "the 'throttler' log channel." );
35 $this->addOption( 'login', 'Reset login throttle' );
36 $this->addOption( 'signup', 'Reset account creation throttle' );
37 $this->addOption( 'tempaccount', 'Reset temp account creation throttle' );
38 $this->addOption( 'tempaccountnameacquisition', 'Reset temp account name acquisition throttle' );
39 $this->addOption( 'user', 'Username to reset (when using --login)', false, true );
40 $this->addOption( 'ip', 'IP to reset', false, true );
41 }
42
43 public function execute() {
44 $forLogin = (bool)$this->getOption( 'login' );
45 $forSignup = (bool)$this->getOption( 'signup' );
46 $forTempAccount = (bool)$this->getOption( 'tempaccount' );
47 $forTempAccountNameAcquisition = (bool)$this->getOption( 'tempaccountnameacquisition' );
48 $username = $this->getOption( 'user' );
49 $ip = $this->getOption( 'ip' );
50
51 if ( !$forLogin && !$forSignup && !$forTempAccount && !$forTempAccountNameAcquisition ) {
52 $this->fatalError(
53 'At least one of --login, --signup, --tempaccount, or --tempaccountnameacquisition is required!'
54 );
55 } elseif ( $ip === null ) {
56 $this->fatalError( '--ip is required!' );
57 } elseif ( !IPUtils::isValid( $ip ) ) {
58 $this->fatalError( "Not a valid IP: $ip" );
59 }
60
61 if ( $forLogin ) {
62 $this->clearLoginThrottle( $username, $ip );
63 }
64 if ( $forSignup ) {
65 $this->clearSignupThrottle( $ip );
66 }
67 if ( $forTempAccount ) {
68 $this->clearTempAccountCreationThrottle( $ip );
69 }
70 if ( $forTempAccountNameAcquisition ) {
71 $this->clearTempAccountNameAcquisitionThrottle( $ip );
72 }
73
74 LoggerFactory::getInstance( 'throttler' )->info( 'Manually cleared {type} throttle', [
75 'type' => implode( ' and ', array_filter( [
76 $forLogin ? 'login' : null,
77 $forSignup ? 'signup' : null,
78 $forTempAccount ? 'tempaccount' : null,
79 $forTempAccountNameAcquisition ? 'tempaccountnameacquisition' : null,
80 ] ) ),
81 'username' => $username,
82 'ipKey' => $ip,
83 ] );
84 }
85
90 protected function clearLoginThrottle( $rawUsername, $ip ) {
91 $this->output( 'Clearing login throttle...' );
92
93 $passwordAttemptThrottle = $this->getConfig()->get( MainConfigNames::PasswordAttemptThrottle );
94 if ( !$passwordAttemptThrottle ) {
95 $this->output( "none set\n" );
96 return;
97 }
98
99 $objectCacheFactory = $this->getServiceContainer()->getInstance()->getObjectCacheFactory();
100
101 $throttler = new Throttler( $passwordAttemptThrottle, [
102 'type' => 'password',
103 'cache' => $objectCacheFactory->getLocalClusterInstance(),
104 ] );
105 if ( $rawUsername !== null ) {
106 $usernames = $this->getServiceContainer()->getAuthManager()
107 ->normalizeUsername( $rawUsername );
108 if ( !$usernames ) {
109 $this->fatalError( "Not a valid username: $rawUsername" );
110 }
111 } else {
112 $usernames = [ null ];
113 }
114 foreach ( $usernames as $username ) {
115 $throttler->clear( $username, $ip );
116 }
117
118 $botPasswordThrottler = new Throttler( $passwordAttemptThrottle, [
119 'type' => 'botpassword',
120 'cache' => $objectCacheFactory->getLocalClusterInstance(),
121 ] );
122 $botPasswordThrottler->clear( $username, $ip );
123
124 $this->output( "done\n" );
125 }
126
130 protected function clearSignupThrottle( $ip ) {
131 $this->output( 'Clearing signup throttle...' );
132
133 $accountCreationThrottle = $this->getConfig()->get( MainConfigNames::AccountCreationThrottle );
134 if ( !is_array( $accountCreationThrottle ) ) {
135 $accountCreationThrottle = [ [
136 'count' => $accountCreationThrottle,
137 'seconds' => 86400,
138 ] ];
139 }
140 if ( !$accountCreationThrottle ) {
141 $this->output( "none set\n" );
142 return;
143 }
144 $throttler = new Throttler( $accountCreationThrottle, [
145 'type' => 'acctcreate',
146 'cache' => $this->getServiceContainer()->getObjectCacheFactory()
147 ->getLocalClusterInstance(),
148 ] );
149
150 $throttler->clear( null, $ip );
151
152 $this->output( "done\n" );
153 }
154
155 protected function clearTempAccountCreationThrottle( string $ip ): void {
156 $this->output( 'Clearing temp account creation throttle...' );
157
158 $tempAccountCreationThrottle = $this->getConfig()->get( MainConfigNames::TempAccountCreationThrottle );
159 if ( !$tempAccountCreationThrottle ) {
160 $this->output( "none set\n" );
161 return;
162 }
163 $throttler = new Throttler( $tempAccountCreationThrottle, [
164 'type' => 'tempacctcreate',
165 'cache' => $this->getServiceContainer()->getObjectCacheFactory()
166 ->getLocalClusterInstance(),
167 ] );
168
169 $throttler->clear( null, $ip );
170
171 $this->output( "done\n" );
172 }
173
174 protected function clearTempAccountNameAcquisitionThrottle( string $ip ): void {
175 $this->output( 'Clearing temp account name acquisition throttle...' );
176
177 $tempAccountNameAcquisitionThrottle = $this->getConfig()->get(
178 MainConfigNames::TempAccountNameAcquisitionThrottle
179 );
180 if ( !$tempAccountNameAcquisitionThrottle ) {
181 $this->output( "none set\n" );
182 return;
183 }
184 $throttler = new Throttler( $tempAccountNameAcquisitionThrottle, [
185 'type' => 'tempacctnameacquisition',
186 'cache' => $this->getServiceContainer()->getObjectCacheFactory()
187 ->getLocalClusterInstance(),
188 ] );
189
190 $throttler->clear( null, $ip );
191
192 $this->output( "done\n" );
193 }
194
195}
196
197// @codeCoverageIgnoreStart
198$maintClass = ResetAuthenticationThrottle::class;
199require_once RUN_MAINTENANCE_IF_MAIN;
200// @codeCoverageIgnoreEnd
MediaWiki\Auth\Throttler
A helper class for throttling authentication attempts.
Definition Throttler.php:26
MediaWiki\Logger\LoggerFactory
Create PSR-3 logger objects.
Definition LoggerFactory.php:32
MediaWiki\MainConfigNames
A class containing constants representing the names of configuration variables.
Definition MainConfigNames.php:22
MediaWiki\Maintenance\Maintenance
Abstract maintenance class for quickly writing and churning out maintenance scripts with minimal effo...
Definition Maintenance.php:65
MediaWiki\Maintenance\Maintenance\output
output( $out, $channel=null)
Throw some output to the user.
Definition Maintenance.php:486
MediaWiki\Maintenance\Maintenance\fatalError
fatalError( $msg, $exitCode=1)
Output a message and terminate the current script.
Definition Maintenance.php:551
MediaWiki\Maintenance\Maintenance\addOption
addOption( $name, $description, $required=false, $withArg=false, $shortName=false, $multiOccurrence=false)
Add a parameter to the script.
Definition Maintenance.php:266
MediaWiki\Maintenance\Maintenance\getOption
getOption( $name, $default=null)
Get an option, or return the default.
Definition Maintenance.php:300
MediaWiki\Maintenance\Maintenance\getServiceContainer
getServiceContainer()
Returns the main service container.
Definition Maintenance.php:680
MediaWiki\Maintenance\Maintenance\addDescription
addDescription( $text)
Set the description text.
Definition Maintenance.php:336
ResetAuthenticationThrottle
Reset login/signup throttling for a specified user and/or IP.
Definition resetAuthenticationThrottle.php:26