includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php

   1 <?php
   2 /**
   3  * This program is free software; you can redistribute it and/or modify
   4  * it under the terms of the GNU General Public License as published by
   5  * the Free Software Foundation; either version 2 of the License, or
   6  * (at your option) any later version.
   7  *
   8  * This program is distributed in the hope that it will be useful,
   9  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  11  * GNU General Public License for more details.
  12  *
  13  * You should have received a copy of the GNU General Public License along
  14  * with this program; if not, write to the Free Software Foundation, Inc.,
  15  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  16  * http://www.gnu.org/copyleft/gpl.html
  17  *
  18  * @file
  19  * @ingroup Auth
  20  */
  21
  22 namespace MediaWiki\Auth;
  23
  24 use MediaWiki\Password\Password;
  25 use MediaWiki\User\UserRigorOptions;
  26 use Wikimedia\Rdbms\DBAccessObjectUtils;
  27 use Wikimedia\Rdbms\IDBAccessObject;
  28
  29 /**
  30  * A primary authentication provider that uses the temporary password field in
  31  * the 'user' table.
  32  *
  33  * A successful login will force a password reset.
  34  *
  35  * @note For proper operation, this should generally come before any other
  36  *  password-based authentication providers.
  37  * @ingroup Auth
  38  * @since 1.27
  39  */
  40 class TemporaryPasswordPrimaryAuthenticationProvider
  41         extends AbstractTemporaryPasswordPrimaryAuthenticationProvider
  42 {
  43
  44         public function testUserExists( $username, $flags = IDBAccessObject::READ_NORMAL ) {
  45                 $username = $this->userNameUtils->getCanonical( $username, UserRigorOptions::RIGOR_USABLE );
  46                 if ( $username === false ) {
  47                         return false;
  48                 }
  49                 $db = DBAccessObjectUtils::getDBFromRecency( $this->dbProvider, $flags );
  50                 return (bool)$db->newSelectQueryBuilder()
  51                         ->select( [ 'user_id' ] )
  52                         ->from( 'user' )
  53                         ->where( [ 'user_name' => $username ] )
  54                         ->caller( __METHOD__ )->fetchField();
  55         }
  56
  57         protected function getTemporaryPassword( string $username, $flags = IDBAccessObject::READ_NORMAL ): array {
  58                 $db = DBAccessObjectUtils::getDBFromRecency( $this->dbProvider, $flags );
  59                 $row = $db->newSelectQueryBuilder()
  60                         ->select( [ 'user_newpassword', 'user_newpass_time' ] )
  61                         ->from( 'user' )
  62                         ->where( [ 'user_name' => $username ] )
  63                         ->caller( __METHOD__ )->fetchRow();
  64
  65                 if ( !$row ) {
  66                         return [ null, null ];
  67                 }
  68                 return [
  69                         $this->getPassword( $row->user_newpassword ),
  70                         $row->user_newpass_time,
  71                 ];
  72         }
  73
  74         protected function setTemporaryPassword( string $username, Password $tempPassHash, $tempPassTime ): void {
  75                 $db = $this->dbProvider->getPrimaryDatabase();
  76                 $db->newUpdateQueryBuilder()
  77                         ->update( 'user' )
  78                         ->set( [
  79                                 'user_newpassword' => $tempPassHash->toString(),
  80                                 'user_newpass_time' => $db->timestampOrNull( $tempPassTime ),
  81                         ] )
  82                         ->where( [ 'user_name' => $username ] )
  83                         ->caller( __METHOD__ )->execute();
  84         }
  85
  86 }