[Summary view] [Print] [Text view]

   1  <?php
   2  /**
   3   * Maintenance script to wrap all old-style passwords in a layered type
   4   *
   5   * This program is free software; you can redistribute it and/or modify
   6   * it under the terms of the GNU General Public License as published by
   7   * the Free Software Foundation; either version 2 of the License, or
   8   * (at your option) any later version.
   9   *
  10   * This program is distributed in the hope that it will be useful,
  11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13   * GNU General Public License for more details.
  14   *
  15   * You should have received a copy of the GNU General Public License along
  16   * with this program; if not, write to the Free Software Foundation, Inc.,
  17   * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18   * http://www.gnu.org/copyleft/gpl.html
  19   *
  20   * @file
  21   * @ingroup Maintenance
  22   */
  23  require_once  __DIR__ . '/Maintenance.php';
  24  
  25  /**
  26   * Maintenance script to wrap all passwords of a certain type in a specified layered
  27   * type that wraps around the old type.
  28   *
  29   * @since 1.24
  30   * @ingroup Maintenance
  31   */
  32  class WrapOldPasswords extends Maintenance {
  33  	public function __construct() {
  34          parent::__construct();
  35          $this->mDescription = "Wrap all passwords of a certain type in a new layered type";
  36          $this->addOption( 'type',
  37              'Password type to wrap passwords in (must inherit LayeredParameterizedPassword)', true, true );
  38          $this->addOption( 'verbose', 'Enables verbose output', false, false, 'v' );
  39          $this->setBatchSize( 100 );
  40      }
  41  
  42  	public function execute() {
  43          global $wgAuth;
  44  
  45          if ( !$wgAuth->allowSetLocalPassword() ) {
  46              $this->error( '$wgAuth does not allow local passwords. Aborting.', true );
  47          }
  48  
  49          $passwordFactory = new PasswordFactory();
  50          $passwordFactory->init( RequestContext::getMain()->getConfig() );
  51  
  52          $typeInfo = $passwordFactory->getTypes();
  53          $layeredType = $this->getOption( 'type' );
  54  
  55          // Check that type exists and is a layered type
  56          if ( !isset( $typeInfo[$layeredType] ) ) {
  57              $this->error( 'Undefined password type', true );
  58          }
  59  
  60          $passObj = $passwordFactory->newFromType( $layeredType );
  61          if ( !$passObj instanceof LayeredParameterizedPassword ) {
  62              $this->error( 'Layered parameterized password type must be used.', true );
  63          }
  64  
  65          // Extract the first layer type
  66          $typeConfig = $typeInfo[$layeredType];
  67          $firstType = $typeConfig['types'][0];
  68  
  69          // Get a list of password types that are applicable
  70          $dbw = $this->getDB( DB_MASTER );
  71          $typeCond = 'user_password' . $dbw->buildLike( ":$firstType:", $dbw->anyString() );
  72  
  73          $minUserId = 0;
  74          do {
  75              $dbw->begin();
  76  
  77              $res = $dbw->select( 'user',
  78                  array( 'user_id', 'user_name', 'user_password' ),
  79                  array(
  80                      'user_id > ' . $dbw->addQuotes( $minUserId ),
  81                      $typeCond
  82                  ),
  83                  __METHOD__,
  84                  array(
  85                      'ORDER BY' => 'user_id',
  86                      'LIMIT' => $this->mBatchSize,
  87                      'LOCK IN SHARE MODE',
  88                  )
  89              );
  90  
  91              /** @var User[] $updateUsers */
  92              $updateUsers = array();
  93              foreach ( $res as $row ) {
  94                  if ( $this->hasOption( 'verbose' ) ) {
  95                      $this->output( "Updating password for user {$row->user_name} ({$row->user_id}).\n" );
  96                  }
  97  
  98                  $user = User::newFromId( $row->user_id );
  99                  /** @var ParameterizedPassword $password */
 100                  $password = $passwordFactory->newFromCiphertext( $row->user_password );
 101                  /** @var LayeredParameterizedPassword $layeredPassword */
 102                  $layeredPassword = $passwordFactory->newFromType( $layeredType );
 103                  $layeredPassword->partialCrypt( $password );
 104  
 105                  $updateUsers[] = $user;
 106                  $dbw->update( 'user',
 107                      array( 'user_password' => $layeredPassword->toString() ),
 108                      array( 'user_id' => $row->user_id ),
 109                      __METHOD__
 110                  );
 111  
 112                  $minUserId = $row->user_id;
 113              }
 114  
 115              $dbw->commit();
 116  
 117              // Clear memcached so old passwords are wiped out
 118              foreach ( $updateUsers as $user ) {
 119                  $user->clearSharedCache();
 120              }
 121          } while ( $res->numRows() );
 122      }
 123  }
 124  
 125  $maintClass = "WrapOldPasswords";
 126  require_once RUN_MAINTENANCE_IF_MAIN;