MediaWiki  master
resetAuthenticationThrottle.php
Go to the documentation of this file.
1 <?php
24 use MediaWiki\Auth\Throttler;
25 use MediaWiki\Logger\LoggerFactory;
26 use MediaWiki\MediaWikiServices;
27 use Wikimedia\IPUtils;
28 
29 require_once __DIR__ . '/Maintenance.php';
30 
37 class ResetAuthenticationThrottle extends Maintenance {
38 
39  public function __construct() {
40  parent::__construct();
41  $this->addDescription( 'Reset login/signup throttling for a specified user and/or IP. '
42  . "\n\n"
43  . 'When resetting signup only, provide the IP. When resetting login (or both), provide '
44  . 'both username (as entered in login screen) and IP. An easy way to obtain them is '
45  . "the 'throttler' log channel." );
46  $this->addOption( 'login', 'Reset login throttle' );
47  $this->addOption( 'signup', 'Reset account creation throttle' );
48  $this->addOption( 'user', 'Username to reset', false, true );
49  $this->addOption( 'ip', 'IP to reset', false, true );
50  }
51 
52  public function execute() {
53  $forLogin = (bool)$this->getOption( 'login' );
54  $forSignup = (bool)$this->getOption( 'signup' );
55  $username = $this->getOption( 'user' );
56  $ip = $this->getOption( 'ip' );
57 
58  if ( !$forLogin && !$forSignup ) {
59  $this->fatalError( 'At least one of --login and --signup is required!' );
60  } elseif ( $forLogin && ( $ip === null || $username === null ) ) {
61  $this->fatalError( '--user and --ip are both required when using --login!' );
62  } elseif ( $forSignup && $ip === null ) {
63  $this->fatalError( '--ip is required when using --signup!' );
64  } elseif ( $ip !== null && !IPUtils::isValid( $ip ) ) {
65  $this->fatalError( "Not a valid IP: $ip" );
66  }
67 
68  if ( $forLogin ) {
69  $this->clearLoginThrottle( $username, $ip );
70  }
71  if ( $forSignup ) {
72  $this->clearSignupThrottle( $ip );
73  }
74 
75  LoggerFactory::getInstance( 'throttler' )->notice( 'Manually cleared {type} throttle', [
76  'type' => implode( ' and ', array_filter( [
77  $forLogin ? 'login' : null,
78  $forSignup ? 'signup' : null,
79  ] ) ),
80  'username' => $username,
81  'ipKey' => $ip,
82  ] );
83  }
84 
89  protected function clearLoginThrottle( $rawUsername, $ip ) {
90  $this->output( 'Clearing login throttle...' );
91 
92  $passwordAttemptThrottle = $this->getConfig()->get( 'PasswordAttemptThrottle' );
93  if ( !$passwordAttemptThrottle ) {
94  $this->output( "none set\n" );
95  return;
96  }
97 
98  $throttler = new Throttler( $passwordAttemptThrottle, [
99  'type' => 'password',
100  'cache' => ObjectCache::getLocalClusterInstance(),
101  ] );
102  if ( $rawUsername !== null ) {
103  $usernames = MediaWikiServices::getInstance()->getAuthManager()
104  ->normalizeUsername( $rawUsername );
105  if ( !$usernames ) {
106  $this->fatalError( "Not a valid username: $rawUsername" );
107  }
108  } else {
109  $usernames = [ null ];
110  }
111  foreach ( $usernames as $username ) {
112  $throttler->clear( $username, $ip );
113  }
114 
115  $botPasswordThrottler = new Throttler( $passwordAttemptThrottle, [
116  'type' => 'botpassword',
117  'cache' => ObjectCache::getLocalClusterInstance(),
118  ] );
119  $botPasswordThrottler->clear( $username, $ip );
120 
121  $this->output( "done\n" );
122  }
123 
127  protected function clearSignupThrottle( $ip ) {
128  $this->output( 'Clearing signup throttle...' );
129 
130  $accountCreationThrottle = $this->getConfig()->get( 'AccountCreationThrottle' );
131  if ( !is_array( $accountCreationThrottle ) ) {
132  $accountCreationThrottle = [ [
133  'count' => $accountCreationThrottle,
134  'seconds' => 86400,
135  ] ];
136  }
137  if ( !$accountCreationThrottle ) {
138  $this->output( "none set\n" );
139  return;
140  }
141  $throttler = new Throttler( $accountCreationThrottle, [
142  'type' => 'acctcreate',
143  'cache' => ObjectCache::getLocalClusterInstance(),
144  ] );
145 
146  $throttler->clear( null, $ip );
147 
148  $this->output( "done\n" );
149  }
150 
151 }
152 
153 $maintClass = ResetAuthenticationThrottle::class;
154 require_once RUN_MAINTENANCE_IF_MAIN;
ObjectCache\getLocalClusterInstance
static getLocalClusterInstance()
Get the main cluster-local cache object.
Definition: ObjectCache.php:273
MediaWiki\MediaWikiServices
MediaWikiServices is the service locator for the application scope of MediaWiki.
Definition: MediaWikiServices.php:204
Maintenance\fatalError
fatalError( $msg, $exitCode=1)
Output a message and terminate the current script.
Definition: Maintenance.php:489
Maintenance\addDescription
addDescription( $text)
Set the description text.
Definition: Maintenance.php:329
ResetAuthenticationThrottle
Reset login/signup throttling for a specified user and/or IP.
Definition: resetAuthenticationThrottle.php:37
ResetAuthenticationThrottle\clearSignupThrottle
clearSignupThrottle( $ip)
Definition: resetAuthenticationThrottle.php:127
MediaWiki\Auth\Throttler
Definition: Throttler.php:37
Maintenance
Abstract maintenance class for quickly writing and churning out maintenance scripts with minimal effo...
Definition: Maintenance.php:59
Maintenance\getConfig
getConfig()
Definition: Maintenance.php:598
ResetAuthenticationThrottle\clearLoginThrottle
clearLoginThrottle( $rawUsername, $ip)
Definition: resetAuthenticationThrottle.php:89
ResetAuthenticationThrottle\execute
execute()
Do the actual work.
Definition: resetAuthenticationThrottle.php:52
MediaWiki\Logger\LoggerFactory
PSR-3 logger instance factory.
Definition: LoggerFactory.php:45
Maintenance\addOption
addOption( $name, $description, $required=false, $withArg=false, $shortName=false, $multiOccurrence=false)
Add a parameter to the script.
Definition: Maintenance.php:249
$maintClass
$maintClass
Definition: resetAuthenticationThrottle.php:153
Maintenance\getOption
getOption( $name, $default=null)
Get an option, or return the default.
Definition: Maintenance.php:286
ResetAuthenticationThrottle\__construct
__construct()
Default constructor.
Definition: resetAuthenticationThrottle.php:39
Maintenance\output
output( $out, $channel=null)
Throw some output to the user.
Definition: Maintenance.php:435