26 require_once __DIR__ .
'/Maintenance.php';
37 parent::__construct();
38 $this->
addDescription(
'Wrap all passwords of a certain type in a new layered type. '
39 .
'The script runs in dry-run mode by default (use --update to update rows)' );
41 'Password type to wrap passwords in (must inherit LayeredParameterizedPassword)',
true,
true );
42 $this->
addOption(
'verbose',
'Enables verbose output',
false,
false,
'v' );
43 $this->
addOption(
'update',
'Actually wrap passwords',
false,
false,
'u' );
50 $typeInfo = $passwordFactory->getTypes();
51 $layeredType = $this->
getOption(
'type' );
54 if ( !isset( $typeInfo[$layeredType] ) ) {
55 $this->
fatalError(
'Undefined password type' );
58 $passObj = $passwordFactory->newFromType( $layeredType );
60 $this->
fatalError(
'Layered parameterized password type must be used.' );
64 $typeConfig = $typeInfo[$layeredType];
65 $firstType = $typeConfig[
'types'][0];
71 $typeCond =
'user_password' . $dbw->buildLike(
":$firstType:", $dbw->anyString() );
80 $res = $dbw->select(
'user',
81 [
'user_id',
'user_name',
'user_password' ],
83 'user_id > ' . $dbw->addQuotes( $minUserId ),
88 'ORDER BY' =>
'user_id',
89 'LIMIT' => $this->getBatchSize(),
96 foreach ( $res as $row ) {
97 $user = User::newFromId( $row->user_id );
99 $password = $passwordFactory->newFromCiphertext( $row->user_password );
100 '@phan-var ParameterizedPassword $password';
102 $layeredPassword = $passwordFactory->newFromType( $layeredType );
103 '@phan-var LayeredParameterizedPassword $layeredPassword';
104 $layeredPassword->partialCrypt( $password );
108 "Updating password for user {$row->user_name} ({$row->user_id}) from " .
109 "type {$password->getType()} to {$layeredPassword->getType()}.\n"
115 $updateUsers[] = $user;
116 $dbw->update(
'user',
117 [
'user_password' => $layeredPassword->toString() ],
118 [
'user_id' => $row->user_id ],
123 $minUserId = $row->user_id;
131 foreach ( $updateUsers as $user ) {
132 $user->clearSharedCache(
'refresh' );
135 }
while ( $res->numRows() );
138 $this->
output(
"$count users rows updated.\n" );
140 $this->
output(
"$count user rows found using old password formats. "
141 .
"Run script again with --update to update these rows.\n" );
147 require_once RUN_MAINTENANCE_IF_MAIN;
This password hash type layers one or more parameterized password types on top of each other.
Abstract maintenance class for quickly writing and churning out maintenance scripts with minimal effo...
getDB( $db, $groups=[], $dbDomain=false)
Returns a database to be used by current maintenance script.
beginTransaction(IDatabase $dbw, $fname)
Begin a transaction on a DB.
commitTransaction(IDatabase $dbw, $fname)
Commit the transaction on a DB handle and wait for replica DBs to catch up.
output( $out, $channel=null)
Throw some output to the user.
waitForReplication()
Wait for replica DBs to catch up.
hasOption( $name)
Checks to see if a particular option was set.
getServiceContainer()
Returns the main service container.
addDescription( $text)
Set the description text.
addOption( $name, $description, $required=false, $withArg=false, $shortName=false, $multiOccurrence=false)
Add a parameter to the script.
getOption( $name, $default=null)
Get an option, or return the default.
fatalError( $msg, $exitCode=1)
Output a message and terminate the current script.
Maintenance script to wrap all passwords of a certain type in a specified layered type that wraps aro...
execute()
Do the actual work.
__construct()
Default constructor.