Page Menu
Home
WickedGov Phorge
Search
Configure Global Search
Log In
Files
F2751520
wrapOldPasswordHashes.php
No One
Temporary
Actions
Download File
Edit File
Delete File
View Transforms
Subscribe
Flag For Later
Award Token
Size
5 KB
Referenced Files
None
Subscribers
None
wrapOldPasswordHashes.php
View Options
<?php
/**
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* http://www.gnu.org/copyleft/gpl.html
*
* @file
* @ingroup Maintenance
*/
namespace
MediaWiki\Extension\CentralAuth\Maintenance
;
use
MediaWiki\Extension\CentralAuth\CentralAuthServices
;
use
MediaWiki\Extension\CentralAuth\User\CentralAuthUser
;
use
MediaWiki\Maintenance\Maintenance
;
use
MediaWiki\Password\LayeredParameterizedPassword
;
use
MediaWiki\Password\ParameterizedPassword
;
use
Wikimedia\Rdbms\IExpression
;
use
Wikimedia\Rdbms\LikeValue
;
$IP
=
getenv
(
'MW_INSTALL_PATH'
);
if
(
$IP
===
false
)
{
$IP
=
__DIR__
.
'/../../..'
;
}
require_once
"$IP/maintenance/Maintenance.php"
;
/**
* CentralAuth version of WrapOldPasswords
*/
class
WrapOldPasswordHashes
extends
Maintenance
{
public
function
__construct
()
{
parent
::
__construct
();
$this
->
addDescription
(
'Wrap all passwords of a certain type in a new layered type. '
.
'The script runs in dry-run mode by default (use --update to update rows)'
);
$this
->
addOption
(
'type'
,
'Password type to wrap passwords in (must inherit LayeredParameterizedPassword)'
,
true
,
true
);
$this
->
addOption
(
'verbose'
,
'Enables verbose output'
,
false
,
false
,
'v'
);
$this
->
addOption
(
'update'
,
'Actually wrap passwords'
,
false
,
false
,
'u'
);
$this
->
setBatchSize
(
3
);
$this
->
requireExtension
(
'CentralAuth'
);
}
public
function
execute
()
{
$passwordFactory
=
$this
->
getServiceContainer
()->
getPasswordFactory
();
$typeInfo
=
$passwordFactory
->
getTypes
();
$layeredType
=
$this
->
getOption
(
'type'
);
// Check that type exists and is a layered type
if
(
!
isset
(
$typeInfo
[
$layeredType
]
)
)
{
$this
->
fatalError
(
'Undefined password type: '
.
$layeredType
);
}
$passObj
=
$passwordFactory
->
newFromType
(
$layeredType
);
if
(
!
$passObj
instanceof
LayeredParameterizedPassword
)
{
$this
->
fatalError
(
'Layered parameterized password type must be used.'
);
}
// Extract the first layer type
$typeConfig
=
$typeInfo
[
$layeredType
];
$firstType
=
$typeConfig
[
'types'
][
0
];
$update
=
$this
->
hasOption
(
'update'
);
$databaseManager
=
CentralAuthServices
::
getDatabaseManager
();
// Get a list of password types that are applicable
$dbw
=
$databaseManager
->
getCentralPrimaryDB
();
$typeCond
=
$dbw
->
expr
(
'gu_password'
,
IExpression
::
LIKE
,
new
LikeValue
(
":$firstType:"
,
$dbw
->
anyString
()
)
);
$batchSize
=
$this
->
getBatchSize
();
$count
=
0
;
$minUserId
=
0
;
while
(
true
)
{
if
(
$update
)
{
$this
->
beginTransaction
(
$dbw
,
__METHOD__
);
}
$start
=
microtime
(
true
);
$res
=
$dbw
->
newSelectQueryBuilder
()
->
select
(
[
'gu_id'
,
'gu_name'
,
'gu_password'
]
)
->
from
(
'globaluser'
)
->
where
(
[
$dbw
->
expr
(
'gu_id'
,
'>'
,
$minUserId
),
$typeCond
]
)
->
orderBy
(
'gu_id'
)
->
limit
(
$batchSize
)
->
lockInShareMode
()
->
caller
(
__METHOD__
)
->
fetchResultSet
();
if
(
$res
->
numRows
()
===
0
)
{
if
(
$update
)
{
$this
->
commitTransaction
(
$dbw
,
__METHOD__
);
}
break
;
}
/** @var CentralAuthUser[] $updateUsers */
$updateUsers
=
[];
foreach
(
$res
as
$row
)
{
$user
=
CentralAuthUser
::
getPrimaryInstanceByName
(
$row
->
gu_name
);
/** @var ParameterizedPassword $password */
$password
=
$passwordFactory
->
newFromCiphertext
(
$row
->
gu_password
);
'@phan-var ParameterizedPassword $password'
;
/** @var LayeredParameterizedPassword $layeredPassword */
$layeredPassword
=
$passwordFactory
->
newFromType
(
$layeredType
);
'@phan-var LayeredParameterizedPassword $layeredPassword'
;
$layeredPassword
->
partialCrypt
(
$password
);
if
(
$this
->
hasOption
(
'verbose'
)
)
{
$this
->
output
(
"Updating password for user {$row->gu_name} ({$row->gu_id}) from "
.
"type {$password->getType()} to {$layeredPassword->getType()}.
\n
"
);
}
if
(
$update
)
{
$count
++;
$updateUsers
[]
=
$user
;
$dbw
->
newUpdateQueryBuilder
()
->
update
(
'globaluser'
)
->
set
(
[
'gu_password'
=>
$layeredPassword
->
toString
()
]
)
->
where
(
[
'gu_id'
=>
$row
->
gu_id
]
)
->
caller
(
__METHOD__
)
->
execute
();
}
$minUserId
=
$row
->
gu_id
;
}
if
(
$update
)
{
$this
->
commitTransaction
(
$dbw
,
__METHOD__
);
// Clear memcached so old passwords are wiped out
foreach
(
$updateUsers
as
$user
)
{
$user
->
invalidateCache
();
}
}
$this
->
output
(
"Last id processed: $minUserId; Actually updated: $count...
\n
"
);
$delta
=
microtime
(
true
)
-
$start
;
$this
->
output
(
sprintf
(
"%4d passwords wrapped in %6.2fms (%6.2fms each)
\n
"
,
$res
->
numRows
(),
$delta
*
1000.0
,
(
$delta
/
$res
->
numRows
()
)
*
1000.0
)
);
}
if
(
$update
)
{
$this
->
output
(
"$count users rows updated.
\n
"
);
}
else
{
$this
->
output
(
"$count user rows found using old password formats. "
.
"Run script again with --update to update these rows.
\n
"
);
}
}
}
$maintClass
=
WrapOldPasswordHashes
::
class
;
require_once
RUN_MAINTENANCE_IF_MAIN
;
File Metadata
Details
Attached
Mime Type
text/x-php
Expires
Fri, Jul 3, 18:44 (1 d, 13 h)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
a5/13/675a2ed25b1ac38dd795a55ff777
Default Alt Text
wrapOldPasswordHashes.php (5 KB)
Attached To
Mode
rMWPROD MediaWiki Production
Attached
Detach File
Event Timeline
Log In to Comment