wrapOldPasswords.php

Go to the documentation of this file.

<?php
require_once __DIR__ . '/Maintenance.php';

class WrapOldPasswords extends Maintenance {
    public function __construct() {
        parent::__construct();
        $this->mDescription = "Wrap all passwords of a certain type in a new layered type";
        $this->addOption( 'type',
            'Password type to wrap passwords in (must inherit LayeredParameterizedPassword)', true, true );
        $this->addOption( 'verbose', 'Enables verbose output', false, false, 'v' );
        $this->setBatchSize( 100 );
    }

    public function execute() {
        global $wgAuth;

        if ( !$wgAuth->allowSetLocalPassword() ) {
            $this->error( '$wgAuth does not allow local passwords. Aborting.', true );
        }

        $passwordFactory = new PasswordFactory();
        $passwordFactory->init( RequestContext::getMain()->getConfig() );

        $typeInfo = $passwordFactory->getTypes();
        $layeredType = $this->getOption( 'type' );

        // Check that type exists and is a layered type
        if ( !isset( $typeInfo[$layeredType] ) ) {
            $this->error( 'Undefined password type', true );
        }

        $passObj = $passwordFactory->newFromType( $layeredType );
        if ( !$passObj instanceof LayeredParameterizedPassword ) {
            $this->error( 'Layered parameterized password type must be used.', true );
        }

        // Extract the first layer type
        $typeConfig = $typeInfo[$layeredType];
        $firstType = $typeConfig['types'][0];

        // Get a list of password types that are applicable
        $dbw = $this->getDB( DB_MASTER );
        $typeCond = 'user_password' . $dbw->buildLike( ":$firstType:", $dbw->anyString() );

        $minUserId = 0;
        do {
            $dbw->begin();

            $res = $dbw->select( 'user',
                array( 'user_id', 'user_name', 'user_password' ),
                array(
                    'user_id > ' . $dbw->addQuotes( $minUserId ),
                    $typeCond
                ),
                __METHOD__,
                array(
                    'ORDER BY' => 'user_id',
                    'LIMIT' => $this->mBatchSize,
                    'LOCK IN SHARE MODE',
                )
            );

            $updateUsers = array();
            foreach ( $res as $row ) {
                if ( $this->hasOption( 'verbose' ) ) {
                    $this->output( "Updating password for user {$row->user_name} ({$row->user_id}).\n" );
                }

                $user = User::newFromId( $row->user_id );
                $password = $passwordFactory->newFromCiphertext( $row->user_password );
                $layeredPassword = $passwordFactory->newFromType( $layeredType );
                $layeredPassword->partialCrypt( $password );

                $updateUsers[] = $user;
                $dbw->update( 'user',
                    array( 'user_password' => $layeredPassword->toString() ),
                    array( 'user_id' => $row->user_id ),
                    __METHOD__
                );

                $minUserId = $row->user_id;
            }

            $dbw->commit();

            // Clear memcached so old passwords are wiped out
            foreach ( $updateUsers as $user ) {
                $user->clearSharedCache();
            }
        } while ( $res->numRows() );
    }
}

$maintClass = "WrapOldPasswords";
require_once RUN_MAINTENANCE_IF_MAIN;