public function testInvalidateAllPasswordsForUser()
{
$bp1 = TestingAccessWrapper::newFromObject(BotPassword::newFromCentralId(42, 'BotPassword'));
$bp2 = TestingAccessWrapper::newFromObject(BotPassword::newFromCentralId(43, 'BotPassword'));
$this->assertNotInstanceOf('InvalidPassword', $bp1->getPassword(), 'sanity check');
$this->assertNotInstanceOf('InvalidPassword', $bp2->getPassword(), 'sanity check');
BotPassword::invalidateAllPasswordsForUser($this->testUserName);
$this->assertInstanceOf('InvalidPassword', $bp1->getPassword());
$this->assertNotInstanceOf('InvalidPassword', $bp2->getPassword());
$bp = TestingAccessWrapper::newFromObject(BotPassword::newFromCentralId(42, 'BotPassword'));
$this->assertInstanceOf('InvalidPassword', $bp->getPassword());
}
/**
* Actually set the password and such
* @since 1.27 cannot set a password for a user not in the database
* @param string|null $str New password to set or null to set an invalid
* password hash meaning that the user will not be able to log in
* through the web interface.
*/
private function setPasswordInternal($str)
{
$id = self::idFromName($this->getName(), self::READ_LATEST);
if ($id == 0) {
throw new LogicException('Cannot set a password for a user that is not in the database.');
}
$passwordFactory = new PasswordFactory();
$passwordFactory->init(RequestContext::getMain()->getConfig());
$dbw = wfGetDB(DB_MASTER);
$dbw->update('user', array('user_password' => $passwordFactory->newFromPlaintext($str)->toString(), 'user_newpassword' => PasswordFactory::newInvalidPassword()->toString(), 'user_newpass_time' => $dbw->timestampOrNull(null)), array('user_id' => $id), __METHOD__);
// When the main password is changed, invalidate all bot passwords too
BotPassword::invalidateAllPasswordsForUser($this->getName());
}
/**
* Change authentication data (e.g. passwords)
*
* If $req was returned for AuthManager::ACTION_CHANGE, using $req should
* result in a successful login in the future.
*
* If $req was returned for AuthManager::ACTION_REMOVE, using $req should
* no longer result in a successful login.
*
* @param AuthenticationRequest $req
*/
public function changeAuthenticationData(AuthenticationRequest $req)
{
$this->logger->info('Changing authentication data for {user} class {what}', ['user' => is_string($req->username) ? $req->username : '******', 'what' => get_class($req)]);
$this->callMethodOnProviders(6, 'providerChangeAuthenticationData', [$req]);
// When the main account's authentication data is changed, invalidate
// all BotPasswords too.
\BotPassword::invalidateAllPasswordsForUser($req->username);
}
/**
* Actually set the password and such
* @since 1.27 cannot set a password for a user not in the database
* @param string|null $str New password to set or null to set an invalid
* password hash meaning that the user will not be able to log in
* through the web interface.
* @return bool Success
*/
private function setPasswordInternal($str)
{
global $wgDisableAuthManager;
if ($wgDisableAuthManager) {
$id = self::idFromName($this->getName(), self::READ_LATEST);
if ($id == 0) {
throw new LogicException('Cannot set a password for a user that is not in the database.');
}
$passwordFactory = new PasswordFactory();
$passwordFactory->init(RequestContext::getMain()->getConfig());
$dbw = wfGetDB(DB_MASTER);
$dbw->update('user', ['user_password' => $passwordFactory->newFromPlaintext($str)->toString(), 'user_newpassword' => PasswordFactory::newInvalidPassword()->toString(), 'user_newpass_time' => $dbw->timestampOrNull(null)], ['user_id' => $id], __METHOD__);
// When the main password is changed, invalidate all bot passwords too
BotPassword::invalidateAllPasswordsForUser($this->getName());
} else {
$manager = AuthManager::singleton();
// If the user doesn't exist yet, fail
if (!$manager->userExists($this->getName())) {
throw new LogicException('Cannot set a password for a user that is not in the database.');
}
$data = ['username' => $this->getName(), 'password' => $str, 'retype' => $str];
$reqs = $manager->getAuthenticationRequests(AuthManager::ACTION_CHANGE, $this);
$reqs = AuthenticationRequest::loadRequestsFromSubmission($reqs, $data);
foreach ($reqs as $req) {
$status = $manager->allowsAuthenticationDataChange($req);
if (!$status->isOk()) {
\MediaWiki\Logger\LoggerFactory::getInstance('authentication')->info(__METHOD__ . ': Password change rejected: ' . $status->getWikiText());
return false;
}
}
foreach ($reqs as $req) {
$manager->changeAuthenticationData($req);
}
$this->setOption('watchlisttoken', false);
}
SessionManager::singleton()->invalidateSessionsForUser($this);
return true;
}
