/**
* @dataProvider providePasswordTests
* @covers InvalidPassword::equals
* @covers InvalidPassword::toString
*/
public function testInvalidUnequalNormal($shouldMatch, $hash, $password)
{
$invalid = $this->passwordFactory->newFromCiphertext(null);
$normal = $this->passwordFactory->newFromCiphertext($hash);
$this->assertFalse($invalid->equals($normal));
$this->assertFalse($normal->equals($invalid));
}
/**
* @covers InvalidPassword::equals
*/
public function testInvalidUnequalInvalid()
{
$passwordFactory = new PasswordFactory();
$invalid1 = $passwordFactory->newFromCiphertext(null);
$invalid2 = $passwordFactory->newFromCiphertext(null);
$this->assertFalse($invalid1->equals($invalid2));
}
public function execute()
{
global $wgAuth;
if (!$wgAuth->allowSetLocalPassword()) {
$this->error('$wgAuth does not allow local passwords. Aborting.', true);
}
$passwordFactory = new PasswordFactory();
$passwordFactory->init(RequestContext::getMain()->getConfig());
$typeInfo = $passwordFactory->getTypes();
$layeredType = $this->getOption('type');
// Check that type exists and is a layered type
if (!isset($typeInfo[$layeredType])) {
$this->error('Undefined password type', true);
}
$passObj = $passwordFactory->newFromType($layeredType);
if (!$passObj instanceof LayeredParameterizedPassword) {
$this->error('Layered parameterized password type must be used.', true);
}
// Extract the first layer type
$typeConfig = $typeInfo[$layeredType];
$firstType = $typeConfig['types'][0];
// Get a list of password types that are applicable
$dbw = $this->getDB(DB_MASTER);
$typeCond = 'user_password' . $dbw->buildLike(":{$firstType}:", $dbw->anyString());
$minUserId = 0;
do {
$dbw->begin();
$res = $dbw->select('user', array('user_id', 'user_name', 'user_password'), array('user_id > ' . $dbw->addQuotes($minUserId), $typeCond), __METHOD__, array('ORDER BY' => 'user_id', 'LIMIT' => $this->mBatchSize, 'LOCK IN SHARE MODE'));
/** @var User[] $updateUsers */
$updateUsers = array();
foreach ($res as $row) {
if ($this->hasOption('verbose')) {
$this->output("Updating password for user {$row->user_name} ({$row->user_id}).\n");
}
$user = User::newFromId($row->user_id);
/** @var ParameterizedPassword $password */
$password = $passwordFactory->newFromCiphertext($row->user_password);
/** @var LayeredParameterizedPassword $layeredPassword */
$layeredPassword = $passwordFactory->newFromType($layeredType);
$layeredPassword->partialCrypt($password);
$updateUsers[] = $user;
$dbw->update('user', array('user_password' => $layeredPassword->toString()), array('user_id' => $row->user_id), __METHOD__);
$minUserId = $row->user_id;
}
$dbw->commit();
// Clear memcached so old passwords are wiped out
foreach ($updateUsers as $user) {
$user->clearSharedCache();
}
} while ($res->numRows());
}
/**
* Compare a password hash with a plain-text password. Requires the user
* ID if there's a chance that the hash is an old-style hash.
*
* @param string $hash Password hash
* @param string $password Plain-text password to compare
* @param string|bool $userId User ID for old-style password salt
*
* @return bool
* @deprecated since 1.24, use Password class
*/
public static function comparePasswords($hash, $password, $userId = false)
{
wfDeprecated(__METHOD__, '1.24');
// Check for *really* old password hashes that don't even have a type
// The old hash format was just an md5 hex hash, with no type information
if (preg_match('/^[0-9a-f]{32}$/', $hash)) {
global $wgPasswordSalt;
if ($wgPasswordSalt) {
$password = "******";
} else {
$password = "******";
}
}
$passwordFactory = new PasswordFactory();
$passwordFactory->init(RequestContext::getMain()->getConfig());
$hash = $passwordFactory->newFromCiphertext($hash);
return $hash->equals($password);
}
/**
* Get the password
* @return Password
*/
protected function getPassword()
{
list($index, $options) = DBAccessObjectUtils::getDBOptions($this->flags);
$db = self::getDB($index);
$password = $db->selectField('bot_passwords', 'bp_password', array('bp_user' => $this->centralId, 'bp_app_id' => $this->appId), __METHOD__, $options);
if ($password === false) {
return PasswordFactory::newInvalidPassword();
}
$passwordFactory = new \PasswordFactory();
$passwordFactory->init(\RequestContext::getMain()->getConfig());
try {
return $passwordFactory->newFromCiphertext($password);
} catch (PasswordError $ex) {
return PasswordFactory::newInvalidPassword();
}
}
/**
* Set the password on a testing user
*
* This assumes we're still using the generic AuthManager config from
* PHPUnitMaintClass::finalSetup(), and just sets the password in the
* database directly.
* @param User $user
* @param string $password
*/
public static function setPasswordForUser(User $user, $password)
{
if (!$user->getId()) {
throw new MWException("Passed User has not been added to the database yet!");
}
$dbw = wfGetDB(DB_MASTER);
$row = $dbw->selectRow('user', ['user_password'], ['user_id' => $user->getId()], __METHOD__);
if (!$row) {
throw new MWException("Passed User has an ID but is not in the database?");
}
$passwordFactory = new PasswordFactory();
$passwordFactory->init(RequestContext::getMain()->getConfig());
if (!$passwordFactory->newFromCiphertext($row->user_password)->equals($password)) {
$passwordHash = $passwordFactory->newFromPlaintext($password);
$dbw->update('user', ['user_password' => $passwordHash->toString()], ['user_id' => $user->getId()], __METHOD__);
}
}
