MediaWiki  master
resetAuthenticationThrottle.php
Go to the documentation of this file.
1 <?php
24 use MediaWiki\Auth\Throttler;
25 use MediaWiki\Logger\LoggerFactory;
26 use MediaWiki\MainConfigNames;
27 use MediaWiki\MediaWikiServices;
28 use Wikimedia\IPUtils;
29 
30 require_once __DIR__ . '/Maintenance.php';
31 
38 class ResetAuthenticationThrottle extends Maintenance {
39 
40  public function __construct() {
41  parent::__construct();
42  $this->addDescription( 'Reset login/signup throttling for a specified user and/or IP. '
43  . "\n\n"
44  . 'When resetting signup only, provide the IP. When resetting login (or both), provide '
45  . 'both username (as entered in login screen) and IP. An easy way to obtain them is '
46  . "the 'throttler' log channel." );
47  $this->addOption( 'login', 'Reset login throttle' );
48  $this->addOption( 'signup', 'Reset account creation throttle' );
49  $this->addOption( 'user', 'Username to reset', false, true );
50  $this->addOption( 'ip', 'IP to reset', false, true );
51  }
52 
53  public function execute() {
54  $forLogin = (bool)$this->getOption( 'login' );
55  $forSignup = (bool)$this->getOption( 'signup' );
56  $username = $this->getOption( 'user' );
57  $ip = $this->getOption( 'ip' );
58 
59  if ( !$forLogin && !$forSignup ) {
60  $this->fatalError( 'At least one of --login and --signup is required!' );
61  } elseif ( $forLogin && ( $ip === null || $username === null ) ) {
62  $this->fatalError( '--user and --ip are both required when using --login!' );
63  } elseif ( $forSignup && $ip === null ) {
64  $this->fatalError( '--ip is required when using --signup!' );
65  } elseif ( $ip !== null && !IPUtils::isValid( $ip ) ) {
66  $this->fatalError( "Not a valid IP: $ip" );
67  }
68 
69  if ( $forLogin ) {
70  $this->clearLoginThrottle( $username, $ip );
71  }
72  if ( $forSignup ) {
73  $this->clearSignupThrottle( $ip );
74  }
75 
76  LoggerFactory::getInstance( 'throttler' )->info( 'Manually cleared {type} throttle', [
77  'type' => implode( ' and ', array_filter( [
78  $forLogin ? 'login' : null,
79  $forSignup ? 'signup' : null,
80  ] ) ),
81  'username' => $username,
82  'ipKey' => $ip,
83  ] );
84  }
85 
90  protected function clearLoginThrottle( $rawUsername, $ip ) {
91  $this->output( 'Clearing login throttle...' );
92 
93  $passwordAttemptThrottle = $this->getConfig()->get( MainConfigNames::PasswordAttemptThrottle );
94  if ( !$passwordAttemptThrottle ) {
95  $this->output( "none set\n" );
96  return;
97  }
98 
99  $throttler = new Throttler( $passwordAttemptThrottle, [
100  'type' => 'password',
101  'cache' => ObjectCache::getLocalClusterInstance(),
102  ] );
103  if ( $rawUsername !== null ) {
104  $usernames = MediaWikiServices::getInstance()->getAuthManager()
105  ->normalizeUsername( $rawUsername );
106  if ( !$usernames ) {
107  $this->fatalError( "Not a valid username: $rawUsername" );
108  }
109  } else {
110  $usernames = [ null ];
111  }
112  foreach ( $usernames as $username ) {
113  $throttler->clear( $username, $ip );
114  }
115 
116  $botPasswordThrottler = new Throttler( $passwordAttemptThrottle, [
117  'type' => 'botpassword',
118  'cache' => ObjectCache::getLocalClusterInstance(),
119  ] );
120  // @phan-suppress-next-line PhanPossiblyUndeclaredVariable T240141
121  $botPasswordThrottler->clear( $username, $ip );
122 
123  $this->output( "done\n" );
124  }
125 
129  protected function clearSignupThrottle( $ip ) {
130  $this->output( 'Clearing signup throttle...' );
131 
132  $accountCreationThrottle = $this->getConfig()->get( MainConfigNames::AccountCreationThrottle );
133  if ( !is_array( $accountCreationThrottle ) ) {
134  $accountCreationThrottle = [ [
135  'count' => $accountCreationThrottle,
136  'seconds' => 86400,
137  ] ];
138  }
139  if ( !$accountCreationThrottle ) {
140  $this->output( "none set\n" );
141  return;
142  }
143  $throttler = new Throttler( $accountCreationThrottle, [
144  'type' => 'acctcreate',
145  'cache' => ObjectCache::getLocalClusterInstance(),
146  ] );
147 
148  $throttler->clear( null, $ip );
149 
150  $this->output( "done\n" );
151  }
152 
153 }
154 
155 $maintClass = ResetAuthenticationThrottle::class;
156 require_once RUN_MAINTENANCE_IF_MAIN;
Maintenance
Abstract maintenance class for quickly writing and churning out maintenance scripts with minimal effo...
Definition: Maintenance.php:66
Maintenance\output
output( $out, $channel=null)
Throw some output to the user.
Definition: Maintenance.php:446
Maintenance\addDescription
addDescription( $text)
Set the description text.
Definition: Maintenance.php:320
Maintenance\addOption
addOption( $name, $description, $required=false, $withArg=false, $shortName=false, $multiOccurrence=false)
Add a parameter to the script.
Definition: Maintenance.php:250
Maintenance\getOption
getOption( $name, $default=null)
Get an option, or return the default.
Definition: Maintenance.php:284
Maintenance\fatalError
fatalError( $msg, $exitCode=1)
Output a message and terminate the current script.
Definition: Maintenance.php:500
MediaWiki\Logger\LoggerFactory
PSR-3 logger instance factory.
Definition: LoggerFactory.php:45
MediaWiki\MainConfigNames
A class containing constants representing the names of configuration variables.
Definition: MainConfigNames.php:23
MediaWiki\MediaWikiServices
Service locator for MediaWiki core services.
Definition: MediaWikiServices.php:217
ObjectCache\getLocalClusterInstance
static getLocalClusterInstance()
Get the main cluster-local cache object.
Definition: ObjectCache.php:294
ResetAuthenticationThrottle
Reset login/signup throttling for a specified user and/or IP.
Definition: resetAuthenticationThrottle.php:38