MediaWiki  master
wrapOldPasswords.php
Go to the documentation of this file.
1 <?php
25 
26 require_once __DIR__ . '/Maintenance.php';
27 
36  public function __construct() {
37  parent::__construct();
38  $this->addDescription( 'Wrap all passwords of a certain type in a new layered type. '
39  . 'The script runs in dry-run mode by default (use --update to update rows)' );
40  $this->addOption( 'type',
41  'Password type to wrap passwords in (must inherit LayeredParameterizedPassword)', true, true );
42  $this->addOption( 'verbose', 'Enables verbose output', false, false, 'v' );
43  $this->addOption( 'update', 'Actually wrap passwords', false, false, 'u' );
44  $this->setBatchSize( 100 );
45  }
46 
47  public function execute() {
48  $passwordFactory = $this->getServiceContainer()->getPasswordFactory();
49 
50  $typeInfo = $passwordFactory->getTypes();
51  $layeredType = $this->getOption( 'type' );
52 
53  // Check that type exists and is a layered type
54  if ( !isset( $typeInfo[$layeredType] ) ) {
55  $this->fatalError( 'Undefined password type' );
56  }
57 
58  $passObj = $passwordFactory->newFromType( $layeredType );
59  if ( !$passObj instanceof LayeredParameterizedPassword ) {
60  $this->fatalError( 'Layered parameterized password type must be used.' );
61  }
62 
63  // Extract the first layer type
64  $typeConfig = $typeInfo[$layeredType];
65  $firstType = $typeConfig['types'][0];
66 
67  $update = $this->hasOption( 'update' );
68 
69  // Get a list of password types that are applicable
70  $dbw = $this->getDB( DB_PRIMARY );
71  $typeCond = 'user_password' . $dbw->buildLike( ":$firstType:", $dbw->anyString() );
72 
73  $count = 0;
74  $minUserId = 0;
75  do {
76  if ( $update ) {
77  $this->beginTransaction( $dbw, __METHOD__ );
78  }
79 
80  $res = $dbw->select( 'user',
81  [ 'user_id', 'user_name', 'user_password' ],
82  [
83  'user_id > ' . $dbw->addQuotes( $minUserId ),
84  $typeCond
85  ],
86  __METHOD__,
87  [
88  'ORDER BY' => 'user_id',
89  'LIMIT' => $this->getBatchSize(),
90  'LOCK IN SHARE MODE',
91  ]
92  );
93 
95  $updateUsers = [];
96  foreach ( $res as $row ) {
97  $user = User::newFromId( $row->user_id );
99  $password = $passwordFactory->newFromCiphertext( $row->user_password );
100  '@phan-var ParameterizedPassword $password';
102  $layeredPassword = $passwordFactory->newFromType( $layeredType );
103  '@phan-var LayeredParameterizedPassword $layeredPassword';
104  $layeredPassword->partialCrypt( $password );
105 
106  if ( $this->hasOption( 'verbose' ) ) {
107  $this->output(
108  "Updating password for user {$row->user_name} ({$row->user_id}) from " .
109  "type {$password->getType()} to {$layeredPassword->getType()}.\n"
110  );
111  }
112 
113  $count++;
114  if ( $update ) {
115  $updateUsers[] = $user;
116  $dbw->update( 'user',
117  [ 'user_password' => $layeredPassword->toString() ],
118  [ 'user_id' => $row->user_id ],
119  __METHOD__
120  );
121  }
122 
123  $minUserId = $row->user_id;
124  }
125 
126  if ( $update ) {
127  $this->commitTransaction( $dbw, __METHOD__ );
128  $this->waitForReplication();
129 
130  // Clear memcached so old passwords are wiped out
131  foreach ( $updateUsers as $user ) {
132  $user->clearSharedCache( 'refresh' );
133  }
134  }
135  } while ( $res->numRows() );
136 
137  if ( $update ) {
138  $this->output( "$count users rows updated.\n" );
139  } else {
140  $this->output( "$count user rows found using old password formats. "
141  . "Run script again with --update to update these rows.\n" );
142  }
143  }
144 }
145 
146 $maintClass = WrapOldPasswords::class;
147 require_once RUN_MAINTENANCE_IF_MAIN;
This password hash type layers one or more parameterized password types on top of each other.
Abstract maintenance class for quickly writing and churning out maintenance scripts with minimal effo...
Definition: Maintenance.php:66
getDB( $db, $groups=[], $dbDomain=false)
Returns a database to be used by current maintenance script.
beginTransaction(IDatabase $dbw, $fname)
Begin a transaction on a DB.
commitTransaction(IDatabase $dbw, $fname)
Commit the transaction on a DB handle and wait for replica DBs to catch up.
output( $out, $channel=null)
Throw some output to the user.
waitForReplication()
Wait for replica DBs to catch up.
hasOption( $name)
Checks to see if a particular option was set.
getServiceContainer()
Returns the main service container.
addDescription( $text)
Set the description text.
addOption( $name, $description, $required=false, $withArg=false, $shortName=false, $multiOccurrence=false)
Add a parameter to the script.
getOption( $name, $default=null)
Get an option, or return the default.
setBatchSize( $s=0)
fatalError( $msg, $exitCode=1)
Output a message and terminate the current script.
internal since 1.36
Definition: User.php:98
Maintenance script to wrap all passwords of a certain type in a specified layered type that wraps aro...
execute()
Do the actual work.
__construct()
Default constructor.
const DB_PRIMARY
Definition: defines.php:28