search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Use TOCData methods to process new headings
[mediawiki.git] / maintenance / wrapOldPasswords.php
blob37e984650b38c31ec3a375d0d4b8de1fd711920a
1 <?php
2 /**
3 * Maintenance script to wrap all old-style passwords in a layered type
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 * @ingroup Maintenance
22 */
23
24 require_once __DIR__ . '/Maintenance.php';
25
26 use MediaWiki\MediaWikiServices;
27
28 /**
29 * Maintenance script to wrap all passwords of a certain type in a specified layered
30 * type that wraps around the old type.
31 *
32 * @since 1.24
33 * @ingroup Maintenance
34 */
35 class WrapOldPasswords extends Maintenance {
36 public function __construct() {
37 parent::__construct();
38 $this->addDescription( 'Wrap all passwords of a certain type in a new layered type. '
39 . 'The script runs in dry-run mode by default (use --update to update rows)' );
40 $this->addOption( 'type',
41 'Password type to wrap passwords in (must inherit LayeredParameterizedPassword)', true, true );
42 $this->addOption( 'verbose', 'Enables verbose output', false, false, 'v' );
43 $this->addOption( 'update', 'Actually wrap passwords', false, false, 'u' );
44 $this->setBatchSize( 100 );
45 }
46
47 public function execute() {
48 $passwordFactory = MediaWikiServices::getInstance()->getPasswordFactory();
49
50 $typeInfo = $passwordFactory->getTypes();
51 $layeredType = $this->getOption( 'type' );
52
53 // Check that type exists and is a layered type
54 if ( !isset( $typeInfo[$layeredType] ) ) {
55 $this->fatalError( 'Undefined password type' );
56 }
57
58 $passObj = $passwordFactory->newFromType( $layeredType );
59 if ( !$passObj instanceof LayeredParameterizedPassword ) {
60 $this->fatalError( 'Layered parameterized password type must be used.' );
61 }
62
63 // Extract the first layer type
64 $typeConfig = $typeInfo[$layeredType];
65 $firstType = $typeConfig['types'][0];
66
67 $update = $this->hasOption( 'update' );
68
69 // Get a list of password types that are applicable
70 $dbw = $this->getDB( DB_PRIMARY );
71 $typeCond = 'user_password' . $dbw->buildLike( ":$firstType:", $dbw->anyString() );
72
73 $count = 0;
74 $minUserId = 0;
75 do {
76 if ( $update ) {
77 $this->beginTransaction( $dbw, __METHOD__ );
78 }
79
80 $res = $dbw->select( 'user',
81 [ 'user_id', 'user_name', 'user_password' ],
82 [
83 'user_id > ' . $dbw->addQuotes( $minUserId ),
84 $typeCond
85 ],
86 __METHOD__,
87 [
88 'ORDER BY' => 'user_id',
89 'LIMIT' => $this->getBatchSize(),
90 'LOCK IN SHARE MODE',
91 ]
92 );
93
94 /** @var User[] $updateUsers */
95 $updateUsers = [];
96 foreach ( $res as $row ) {
97 $user = User::newFromId( $row->user_id );
98 /** @var ParameterizedPassword $password */
99 $password = $passwordFactory->newFromCiphertext( $row->user_password );
100 '@phan-var ParameterizedPassword $password';
101 /** @var LayeredParameterizedPassword $layeredPassword */
102 $layeredPassword = $passwordFactory->newFromType( $layeredType );
103 '@phan-var LayeredParameterizedPassword $layeredPassword';
104 $layeredPassword->partialCrypt( $password );
105
106 if ( $this->hasOption( 'verbose' ) ) {
107 $this->output(
108 "Updating password for user {$row->user_name} ({$row->user_id}) from " .
109 "type {$password->getType()} to {$layeredPassword->getType()}.\n"
110 );
111 }
112
113 $count++;
114 if ( $update ) {
115 $updateUsers[] = $user;
116 $dbw->update( 'user',
117 [ 'user_password' => $layeredPassword->toString() ],
118 [ 'user_id' => $row->user_id ],
119 __METHOD__
120 );
121 }
122
123 $minUserId = $row->user_id;
124 }
125
126 if ( $update ) {
127 $this->commitTransaction( $dbw, __METHOD__ );
128 $this->waitForReplication();
129
130 // Clear memcached so old passwords are wiped out
131 foreach ( $updateUsers as $user ) {
132 $user->clearSharedCache( 'refresh' );
133 }
134 }
135 } while ( $res->numRows() );
136
137 if ( $update ) {
138 $this->output( "$count users rows updated.\n" );
139 } else {
140 $this->output( "$count user rows found using old password formats. "
141 . "Run script again with --update to update these rows.\n" );
142 }
143 }
144 }
145
146 $maintClass = WrapOldPasswords::class;
147 require_once RUN_MAINTENANCE_IF_MAIN;
MediaWiki Core