MediaWiki  master
resetAuthenticationThrottle.php
Go to the documentation of this file.
1 <?php
24 use MediaWiki\Auth\AuthManager;
25 use MediaWiki\Auth\Throttler;
26 use MediaWiki\Logger\LoggerFactory;
27 use Wikimedia\IPUtils;
28 
29 require_once __DIR__ . '/Maintenance.php';
30 
37 class ResetAuthenticationThrottle extends Maintenance {
38 
39  public function __construct() {
40  parent::__construct();
41  $this->addDescription( 'Reset login/signup throttling for a specified user and/or IP. '
42  . "\n\n"
43  . 'When resetting signup only, provide the IP. When resetting login (or both), provide '
44  . 'both username (as entered in login screen) and IP. An easy way to obtain them is '
45  . "the 'throttler' log channel." );
46  $this->addOption( 'login', 'Reset login throttle' );
47  $this->addOption( 'signup', 'Reset account creation throttle' );
48  $this->addOption( 'user', 'Username to reset', false, true );
49  $this->addOption( 'ip', 'IP to reset', false, true );
50  }
51 
52  public function execute() {
53  $forLogin = (bool)$this->getOption( 'login' );
54  $forSignup = (bool)$this->getOption( 'signup' );
55  $username = $this->getOption( 'user' );
56  $ip = $this->getOption( 'ip' );
57 
58  if ( !$forLogin && !$forSignup ) {
59  $this->fatalError( 'At least one of --login and --signup is required!' );
60  } elseif ( $forLogin && ( $ip === null || $username === null ) ) {
61  $this->fatalError( '--user and --ip are both required when using --login!' );
62  } elseif ( $forSignup && $ip === null ) {
63  $this->fatalError( '--ip is required when using --signup!' );
64  } elseif ( $ip !== null && !IPUtils::isValid( $ip ) ) {
65  $this->fatalError( "Not a valid IP: $ip" );
66  }
67 
68  if ( $forLogin ) {
69  $this->clearLoginThrottle( $username, $ip );
70  }
71  if ( $forSignup ) {
72  $this->clearSignupThrottle( $ip );
73  }
74 
75  LoggerFactory::getInstance( 'throttler' )->notice( 'Manually cleared {type} throttle', [
76  'type' => implode( ' and ', array_filter( [
77  $forLogin ? 'login' : null,
78  $forSignup ? 'signup' : null,
79  ] ) ),
80  'username' => $username,
81  'ipKey' => $ip,
82  ] );
83  }
84 
89  protected function clearLoginThrottle( $rawUsername, $ip ) {
90  $this->output( 'Clearing login throttle... ' );
91 
92  $passwordAttemptThrottle = $this->getConfig()->get( 'PasswordAttemptThrottle' );
93  if ( !$passwordAttemptThrottle ) {
94  $this->output( "none set\n" );
95  return;
96  }
97 
98  $throttler = new Throttler( $passwordAttemptThrottle, [
99  'type' => 'password',
100  'cache' => ObjectCache::getLocalClusterInstance(),
101  ] );
102  if ( $rawUsername !== null ) {
103  $usernames = AuthManager::singleton()->normalizeUsername( $rawUsername );
104  if ( !$usernames ) {
105  $this->fatalError( "Not a valid username: $rawUsername" );
106  }
107  } else {
108  $usernames = [ null ];
109  }
110  foreach ( $usernames as $username ) {
111  $throttler->clear( $username, $ip );
112  }
113 
114  $botPasswordThrottler = new Throttler( $passwordAttemptThrottle, [
115  'type' => 'botpassword',
116  'cache' => ObjectCache::getLocalClusterInstance(),
117  ] );
118  $botPasswordThrottler->clear( $username, $ip );
119 
120  $this->output( "done\n" );
121  }
122 
126  protected function clearSignupThrottle( $ip ) {
127  $this->output( 'Clearing signup throttle... ' );
128 
129  $accountCreationThrottle = $this->getConfig()->get( 'AccountCreationThrottle' );
130  if ( !is_array( $accountCreationThrottle ) ) {
131  $accountCreationThrottle = [ [
132  'count' => $accountCreationThrottle,
133  'seconds' => 86400,
134  ] ];
135  }
136  if ( !$accountCreationThrottle ) {
137  $this->output( "none set\n" );
138  return;
139  }
140  $throttler = new Throttler( $accountCreationThrottle, [
141  'type' => 'acctcreate',
142  'cache' => ObjectCache::getLocalClusterInstance(),
143  ] );
144 
145  $throttler->clear( null, $ip );
146 
147  $this->output( "done\n" );
148  }
149 
150 }
151 
152 $maintClass = ResetAuthenticationThrottle::class;
153 require_once RUN_MAINTENANCE_IF_MAIN;
RUN_MAINTENANCE_IF_MAIN
const RUN_MAINTENANCE_IF_MAIN
Definition: Maintenance.php:38
ObjectCache\getLocalClusterInstance
static getLocalClusterInstance()
Get the main cluster-local cache object.
Definition: ObjectCache.php:272
Maintenance\fatalError
fatalError( $msg, $exitCode=1)
Output a message and terminate the current script.
Definition: Maintenance.php:480
Maintenance\addDescription
addDescription( $text)
Set the description text.
Definition: Maintenance.php:323
ResetAuthenticationThrottle
Reset login/signup throttling for a specified user and/or IP.
Definition: resetAuthenticationThrottle.php:37
ResetAuthenticationThrottle\clearSignupThrottle
clearSignupThrottle( $ip)
Definition: resetAuthenticationThrottle.php:126
MediaWiki\Auth\Throttler
Definition: Throttler.php:37
Maintenance
Abstract maintenance class for quickly writing and churning out maintenance scripts with minimal effo...
Definition: Maintenance.php:53
Maintenance\getConfig
getConfig()
Definition: Maintenance.php:587
ResetAuthenticationThrottle\clearLoginThrottle
clearLoginThrottle( $rawUsername, $ip)
Definition: resetAuthenticationThrottle.php:89
ResetAuthenticationThrottle\execute
execute()
Do the actual work.
Definition: resetAuthenticationThrottle.php:52
MediaWiki\Logger\LoggerFactory
PSR-3 logger instance factory.
Definition: LoggerFactory.php:45
Maintenance\addOption
addOption( $name, $description, $required=false, $withArg=false, $shortName=false, $multiOccurrence=false)
Add a parameter to the script.
Definition: Maintenance.php:241
$maintClass
$maintClass
Definition: resetAuthenticationThrottle.php:152
MediaWiki\Auth\AuthManager
This serves as the entry point to the authentication system.
Definition: AuthManager.php:88
Maintenance\getOption
getOption( $name, $default=null)
Get an option, or return the default.
Definition: Maintenance.php:277
ResetAuthenticationThrottle\__construct
__construct()
Default constructor.
Definition: resetAuthenticationThrottle.php:39
Maintenance\output
output( $out, $channel=null)
Throw some output to the user.
Definition: Maintenance.php:429