public function testInvalidateAllPasswordsForUser() { $bp1 = TestingAccessWrapper::newFromObject(BotPassword::newFromCentralId(42, 'BotPassword')); $bp2 = TestingAccessWrapper::newFromObject(BotPassword::newFromCentralId(43, 'BotPassword')); $this->assertNotInstanceOf('InvalidPassword', $bp1->getPassword(), 'sanity check'); $this->assertNotInstanceOf('InvalidPassword', $bp2->getPassword(), 'sanity check'); BotPassword::invalidateAllPasswordsForUser($this->testUserName); $this->assertInstanceOf('InvalidPassword', $bp1->getPassword()); $this->assertNotInstanceOf('InvalidPassword', $bp2->getPassword()); $bp = TestingAccessWrapper::newFromObject(BotPassword::newFromCentralId(42, 'BotPassword')); $this->assertInstanceOf('InvalidPassword', $bp->getPassword()); }
/** * Actually set the password and such * @since 1.27 cannot set a password for a user not in the database * @param string|null $str New password to set or null to set an invalid * password hash meaning that the user will not be able to log in * through the web interface. */ private function setPasswordInternal($str) { $id = self::idFromName($this->getName(), self::READ_LATEST); if ($id == 0) { throw new LogicException('Cannot set a password for a user that is not in the database.'); } $passwordFactory = new PasswordFactory(); $passwordFactory->init(RequestContext::getMain()->getConfig()); $dbw = wfGetDB(DB_MASTER); $dbw->update('user', array('user_password' => $passwordFactory->newFromPlaintext($str)->toString(), 'user_newpassword' => PasswordFactory::newInvalidPassword()->toString(), 'user_newpass_time' => $dbw->timestampOrNull(null)), array('user_id' => $id), __METHOD__); // When the main password is changed, invalidate all bot passwords too BotPassword::invalidateAllPasswordsForUser($this->getName()); }
/** * Change authentication data (e.g. passwords) * * If $req was returned for AuthManager::ACTION_CHANGE, using $req should * result in a successful login in the future. * * If $req was returned for AuthManager::ACTION_REMOVE, using $req should * no longer result in a successful login. * * @param AuthenticationRequest $req */ public function changeAuthenticationData(AuthenticationRequest $req) { $this->logger->info('Changing authentication data for {user} class {what}', ['user' => is_string($req->username) ? $req->username : '******', 'what' => get_class($req)]); $this->callMethodOnProviders(6, 'providerChangeAuthenticationData', [$req]); // When the main account's authentication data is changed, invalidate // all BotPasswords too. \BotPassword::invalidateAllPasswordsForUser($req->username); }
/** * Actually set the password and such * @since 1.27 cannot set a password for a user not in the database * @param string|null $str New password to set or null to set an invalid * password hash meaning that the user will not be able to log in * through the web interface. * @return bool Success */ private function setPasswordInternal($str) { global $wgDisableAuthManager; if ($wgDisableAuthManager) { $id = self::idFromName($this->getName(), self::READ_LATEST); if ($id == 0) { throw new LogicException('Cannot set a password for a user that is not in the database.'); } $passwordFactory = new PasswordFactory(); $passwordFactory->init(RequestContext::getMain()->getConfig()); $dbw = wfGetDB(DB_MASTER); $dbw->update('user', ['user_password' => $passwordFactory->newFromPlaintext($str)->toString(), 'user_newpassword' => PasswordFactory::newInvalidPassword()->toString(), 'user_newpass_time' => $dbw->timestampOrNull(null)], ['user_id' => $id], __METHOD__); // When the main password is changed, invalidate all bot passwords too BotPassword::invalidateAllPasswordsForUser($this->getName()); } else { $manager = AuthManager::singleton(); // If the user doesn't exist yet, fail if (!$manager->userExists($this->getName())) { throw new LogicException('Cannot set a password for a user that is not in the database.'); } $data = ['username' => $this->getName(), 'password' => $str, 'retype' => $str]; $reqs = $manager->getAuthenticationRequests(AuthManager::ACTION_CHANGE, $this); $reqs = AuthenticationRequest::loadRequestsFromSubmission($reqs, $data); foreach ($reqs as $req) { $status = $manager->allowsAuthenticationDataChange($req); if (!$status->isOk()) { \MediaWiki\Logger\LoggerFactory::getInstance('authentication')->info(__METHOD__ . ': Password change rejected: ' . $status->getWikiText()); return false; } } foreach ($reqs as $req) { $manager->changeAuthenticationData($req); } $this->setOption('watchlisttoken', false); } SessionManager::singleton()->invalidateSessionsForUser($this); return true; }