MediaWiki  master
wrapOldPasswords.php
Go to the documentation of this file.
1 <?php
24 require_once __DIR__ . '/Maintenance.php';
25 
27 
36  public function __construct() {
37  parent::__construct();
38  $this->addDescription( 'Wrap all passwords of a certain type in a new layered type. '
39  . 'The script runs in dry-run mode by default (use --update to update rows)' );
40  $this->addOption( 'type',
41  'Password type to wrap passwords in (must inherit LayeredParameterizedPassword)', true, true );
42  $this->addOption( 'verbose', 'Enables verbose output', false, false, 'v' );
43  $this->addOption( 'update', 'Actually wrap passwords', false, false, 'u' );
44  $this->setBatchSize( 100 );
45  }
46 
47  public function execute() {
48  $passwordFactory = MediaWikiServices::getInstance()->getPasswordFactory();
49 
50  $typeInfo = $passwordFactory->getTypes();
51  $layeredType = $this->getOption( 'type' );
52 
53  // Check that type exists and is a layered type
54  if ( !isset( $typeInfo[$layeredType] ) ) {
55  $this->fatalError( 'Undefined password type' );
56  }
57 
58  $passObj = $passwordFactory->newFromType( $layeredType );
59  if ( !$passObj instanceof LayeredParameterizedPassword ) {
60  $this->fatalError( 'Layered parameterized password type must be used.' );
61  }
62 
63  // Extract the first layer type
64  $typeConfig = $typeInfo[$layeredType];
65  $firstType = $typeConfig['types'][0];
66 
67  $update = $this->hasOption( 'update' );
68 
69  // Get a list of password types that are applicable
70  $dbw = $this->getDB( DB_PRIMARY );
71  $typeCond = 'user_password' . $dbw->buildLike( ":$firstType:", $dbw->anyString() );
72 
73  $count = 0;
74  $minUserId = 0;
75  $lbFactory = MediaWikiServices::getInstance()->getDBLoadBalancerFactory();
76  do {
77  if ( $update ) {
78  $this->beginTransaction( $dbw, __METHOD__ );
79  }
80 
81  $res = $dbw->select( 'user',
82  [ 'user_id', 'user_name', 'user_password' ],
83  [
84  'user_id > ' . $dbw->addQuotes( $minUserId ),
85  $typeCond
86  ],
87  __METHOD__,
88  [
89  'ORDER BY' => 'user_id',
90  'LIMIT' => $this->getBatchSize(),
91  'LOCK IN SHARE MODE',
92  ]
93  );
94 
96  $updateUsers = [];
97  foreach ( $res as $row ) {
98  $user = User::newFromId( $row->user_id );
100  $password = $passwordFactory->newFromCiphertext( $row->user_password );
101  '@phan-var ParameterizedPassword $password';
103  $layeredPassword = $passwordFactory->newFromType( $layeredType );
104  '@phan-var LayeredParameterizedPassword $layeredPassword';
105  $layeredPassword->partialCrypt( $password );
106 
107  if ( $this->hasOption( 'verbose' ) ) {
108  $this->output(
109  "Updating password for user {$row->user_name} ({$row->user_id}) from " .
110  "type {$password->getType()} to {$layeredPassword->getType()}.\n"
111  );
112  }
113 
114  $count++;
115  if ( $update ) {
116  $updateUsers[] = $user;
117  $dbw->update( 'user',
118  [ 'user_password' => $layeredPassword->toString() ],
119  [ 'user_id' => $row->user_id ],
120  __METHOD__
121  );
122  }
123 
124  $minUserId = $row->user_id;
125  }
126 
127  if ( $update ) {
128  $this->commitTransaction( $dbw, __METHOD__ );
129  $lbFactory->waitForReplication();
130 
131  // Clear memcached so old passwords are wiped out
132  foreach ( $updateUsers as $user ) {
133  $user->clearSharedCache( 'refresh' );
134  }
135  }
136  } while ( $res->numRows() );
137 
138  if ( $update ) {
139  $this->output( "$count users rows updated.\n" );
140  } else {
141  $this->output( "$count user rows found using old password formats. "
142  . "Run script again with --update to update these rows.\n" );
143  }
144  }
145 }
146 
147 $maintClass = WrapOldPasswords::class;
148 require_once RUN_MAINTENANCE_IF_MAIN;
This password hash type layers one or more parameterized password types on top of each other.
Abstract maintenance class for quickly writing and churning out maintenance scripts with minimal effo...
Definition: Maintenance.php:66
getDB( $db, $groups=[], $dbDomain=false)
Returns a database to be used by current maintenance script.
beginTransaction(IDatabase $dbw, $fname)
Begin a transaction on a DB.
commitTransaction(IDatabase $dbw, $fname)
Commit the transaction on a DB handle and wait for replica DBs to catch up.
output( $out, $channel=null)
Throw some output to the user.
hasOption( $name)
Checks to see if a particular option was set.
addDescription( $text)
Set the description text.
addOption( $name, $description, $required=false, $withArg=false, $shortName=false, $multiOccurrence=false)
Add a parameter to the script.
getOption( $name, $default=null)
Get an option, or return the default.
setBatchSize( $s=0)
fatalError( $msg, $exitCode=1)
Output a message and terminate the current script.
Service locator for MediaWiki core services.
static newFromId( $id)
Static factory method for creation from a given user ID.
Definition: User.php:639
Maintenance script to wrap all passwords of a certain type in a specified layered type that wraps aro...
execute()
Do the actual work.
__construct()
Default constructor.
const DB_PRIMARY
Definition: defines.php:28