MediaWiki master
wrapOldPasswords.php
Go to the documentation of this file.
1<?php
27
28require_once __DIR__ . '/Maintenance.php';
29
38 public function __construct() {
39 parent::__construct();
40 $this->addDescription( 'Wrap all passwords of a certain type in a new layered type. '
41 . 'The script runs in dry-run mode by default (use --update to update rows)' );
42 $this->addOption( 'type',
43 'Password type to wrap passwords in (must inherit LayeredParameterizedPassword)', true, true );
44 $this->addOption( 'verbose', 'Enables verbose output', false, false, 'v' );
45 $this->addOption( 'update', 'Actually wrap passwords', false, false, 'u' );
46 $this->setBatchSize( 100 );
47 }
48
49 public function execute() {
50 $passwordFactory = $this->getServiceContainer()->getPasswordFactory();
51
52 $typeInfo = $passwordFactory->getTypes();
53 $layeredType = $this->getOption( 'type' );
54
55 // Check that type exists and is a layered type
56 if ( !isset( $typeInfo[$layeredType] ) ) {
57 $this->fatalError( 'Undefined password type' );
58 }
59
60 $passObj = $passwordFactory->newFromType( $layeredType );
61 if ( !$passObj instanceof LayeredParameterizedPassword ) {
62 $this->fatalError( 'Layered parameterized password type must be used.' );
63 }
64
65 // Extract the first layer type
66 $typeConfig = $typeInfo[$layeredType];
67 $firstType = $typeConfig['types'][0];
68
69 $update = $this->hasOption( 'update' );
70
71 // Get a list of password types that are applicable
72 $dbw = $this->getPrimaryDB();
73
74 $count = 0;
75 $minUserId = 0;
76 do {
77 if ( $update ) {
78 $this->beginTransaction( $dbw, __METHOD__ );
79 }
80
81 $res = $dbw->newSelectQueryBuilder()
82 ->select( [ 'user_id', 'user_name', 'user_password' ] )
83 ->lockInShareMode()
84 ->from( 'user' )
85 ->where( [
86 $dbw->expr( 'user_id', '>', $minUserId ),
87 $dbw->expr(
88 'user_password',
89 IExpression::LIKE,
90 new LikeValue( ":$firstType:", $dbw->anyString() )
91 ),
92 ] )
93 ->orderBy( 'user_id' )
94 ->limit( $this->getBatchSize() )
95 ->caller( __METHOD__ )->fetchResultSet();
96
98 $updateUsers = [];
99 foreach ( $res as $row ) {
100 $user = User::newFromId( $row->user_id );
102 $password = $passwordFactory->newFromCiphertext( $row->user_password );
103 '@phan-var ParameterizedPassword $password';
105 $layeredPassword = $passwordFactory->newFromType( $layeredType );
106 '@phan-var LayeredParameterizedPassword $layeredPassword';
107 $layeredPassword->partialCrypt( $password );
108
109 if ( $this->hasOption( 'verbose' ) ) {
110 $this->output(
111 "Updating password for user {$row->user_name} ({$row->user_id}) from " .
112 "type {$password->getType()} to {$layeredPassword->getType()}.\n"
113 );
114 }
115
116 $count++;
117 if ( $update ) {
118 $updateUsers[] = $user;
119 $dbw->update( 'user',
120 [ 'user_password' => $layeredPassword->toString() ],
121 [ 'user_id' => $row->user_id ],
122 __METHOD__
123 );
124 }
125
126 $minUserId = $row->user_id;
127 }
128
129 if ( $update ) {
130 $this->commitTransaction( $dbw, __METHOD__ );
131 $this->waitForReplication();
132
133 // Clear memcached so old passwords are wiped out
134 foreach ( $updateUsers as $user ) {
135 $user->clearSharedCache( 'refresh' );
136 }
137 }
138 } while ( $res->numRows() );
139
140 if ( $update ) {
141 $this->output( "$count users rows updated.\n" );
142 } else {
143 $this->output( "$count user rows found using old password formats. "
144 . "Run script again with --update to update these rows.\n" );
145 }
146 }
147}
148
149$maintClass = WrapOldPasswords::class;
150require_once RUN_MAINTENANCE_IF_MAIN;
This password hash type layers one or more parameterized password types on top of each other.
Abstract maintenance class for quickly writing and churning out maintenance scripts with minimal effo...
beginTransaction(IDatabase $dbw, $fname)
Begin a transaction on a DB.
commitTransaction(IDatabase $dbw, $fname)
Commit the transaction on a DB handle and wait for replica DBs to catch up.
output( $out, $channel=null)
Throw some output to the user.
waitForReplication()
Wait for replica DBs to catch up.
hasOption( $name)
Checks to see if a particular option was set.
getServiceContainer()
Returns the main service container.
getBatchSize()
Returns batch size.
addDescription( $text)
Set the description text.
addOption( $name, $description, $required=false, $withArg=false, $shortName=false, $multiOccurrence=false)
Add a parameter to the script.
getOption( $name, $default=null)
Get an option, or return the default.
setBatchSize( $s=0)
fatalError( $msg, $exitCode=1)
Output a message and terminate the current script.
internal since 1.36
Definition User.php:93
Content of like value.
Definition LikeValue.php:14
Maintenance script to wrap all passwords of a certain type in a specified layered type that wraps aro...
execute()
Do the actual work.
__construct()
Default constructor.