dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge "StringUtils: Add a utility for checking if a string is a valid regex"
[lhc/web/wiklou.git] / includes / user / PasswordReset.php
1 <?php
2 /**
3 * User password reset helper for MediaWiki.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 use MediaWiki\Auth\AuthManager;
24 use MediaWiki\Auth\TemporaryPasswordAuthenticationRequest;
25 use MediaWiki\Permissions\PermissionManager;
26 use Psr\Log\LoggerAwareInterface;
27 use Psr\Log\LoggerInterface;
28 use MediaWiki\Logger\LoggerFactory;
29
30 /**
31 * Helper class for the password reset functionality shared by the web UI and the API.
32 *
33 * Requires the TemporaryPasswordPrimaryAuthenticationProvider and the
34 * EmailNotificationSecondaryAuthenticationProvider (or something providing equivalent
35 * functionality) to be enabled.
36 */
37 class PasswordReset implements LoggerAwareInterface {
38 /** @var Config */
39 protected $config;
40
41 /** @var AuthManager */
42 protected $authManager;
43
44 /** @var PermissionManager */
45 private $permissionManager;
46
47 /** @var LoggerInterface */
48 protected $logger;
49
50 /**
51 * In-process cache for isAllowed lookups, by username.
52 * Contains a StatusValue object
53 * @var MapCacheLRU
54 */
55 private $permissionCache;
56
57 public function __construct(
58 Config $config,
59 AuthManager $authManager,
60 PermissionManager $permissionManager
61 ) {
62 $this->config = $config;
63 $this->authManager = $authManager;
64 $this->permissionManager = $permissionManager;
65 $this->permissionCache = new MapCacheLRU( 1 );
66 $this->logger = LoggerFactory::getInstance( 'authentication' );
67 }
68
69 /**
70 * Set the logger instance to use.
71 *
72 * @param LoggerInterface $logger
73 * @since 1.29
74 */
75 public function setLogger( LoggerInterface $logger ) {
76 $this->logger = $logger;
77 }
78
79 /**
80 * Check if a given user has permission to use this functionality.
81 * @param User $user
82 * @since 1.29 Second argument for displayPassword removed.
83 * @return StatusValue
84 */
85 public function isAllowed( User $user ) {
86 $status = $this->permissionCache->get( $user->getName() );
87 if ( !$status ) {
88 $resetRoutes = $this->config->get( 'PasswordResetRoutes' );
89 $status = StatusValue::newGood();
90
91 if ( !is_array( $resetRoutes ) || !in_array( true, $resetRoutes, true ) ) {
92 // Maybe password resets are disabled, or there are no allowable routes
93 $status = StatusValue::newFatal( 'passwordreset-disabled' );
94 } elseif (
95 ( $providerStatus = $this->authManager->allowsAuthenticationDataChange(
96 new TemporaryPasswordAuthenticationRequest(), false ) )
97 && !$providerStatus->isGood()
98 ) {
99 // Maybe the external auth plugin won't allow local password changes
100 $status = StatusValue::newFatal( 'resetpass_forbidden-reason',
101 $providerStatus->getMessage() );
102 } elseif ( !$this->config->get( 'EnableEmail' ) ) {
103 // Maybe email features have been disabled
104 $status = StatusValue::newFatal( 'passwordreset-emaildisabled' );
105 } elseif ( !$this->permissionManager->userHasRight( $user, 'editmyprivateinfo' ) ) {
106 // Maybe not all users have permission to change private data
107 $status = StatusValue::newFatal( 'badaccess' );
108 } elseif ( $this->isBlocked( $user ) ) {
109 // Maybe the user is blocked (check this here rather than relying on the parent
110 // method as we have a more specific error message to use here and we want to
111 // ignore some types of blocks)
112 $status = StatusValue::newFatal( 'blocked-mailpassword' );
113 }
114
115 $this->permissionCache->set( $user->getName(), $status );
116 }
117
118 return $status;
119 }
120
121 /**
122 * Do a password reset. Authorization is the caller's responsibility.
123 *
124 * Process the form. At this point we know that the user passes all the criteria in
125 * userCanExecute(), and if the data array contains 'Username', etc, then Username
126 * resets are allowed.
127 *
128 * @since 1.29 Fourth argument for displayPassword removed.
129 * @param User $performingUser The user that does the password reset
130 * @param string|null $username The user whose password is reset
131 * @param string|null $email Alternative way to specify the user
132 * @return StatusValue Will contain the passwords as a username => password array if the
133 * $displayPassword flag was set
134 * @throws LogicException When the user is not allowed to perform the action
135 * @throws MWException On unexpected DB errors
136 */
137 public function execute(
138 User $performingUser, $username = null, $email = null
139 ) {
140 if ( !$this->isAllowed( $performingUser )->isGood() ) {
141 throw new LogicException( 'User ' . $performingUser->getName()
142 . ' is not allowed to reset passwords' );
143 }
144
145 $resetRoutes = $this->config->get( 'PasswordResetRoutes' )
146 + [ 'username' => false, 'email' => false ];
147 if ( $resetRoutes['username'] && $username ) {
148 $method = 'username';
149 $users = [ User::newFromName( $username ) ];
150 $email = null;
151 } elseif ( $resetRoutes['email'] && $email ) {
152 if ( !Sanitizer::validateEmail( $email ) ) {
153 return StatusValue::newFatal( 'passwordreset-invalidemail' );
154 }
155 $method = 'email';
156 $users = $this->getUsersByEmail( $email );
157 $username = null;
158 } else {
159 // The user didn't supply any data
160 return StatusValue::newFatal( 'passwordreset-nodata' );
161 }
162
163 // Check for hooks (captcha etc), and allow them to modify the users list
164 $error = [];
165 $data = [
166 'Username' => $username,
167 'Email' => $email,
168 ];
169 if ( !Hooks::run( 'SpecialPasswordResetOnSubmit', [ &$users, $data, &$error ] ) ) {
170 return StatusValue::newFatal( Message::newFromSpecifier( $error ) );
171 }
172
173 if ( !$users ) {
174 if ( $method === 'email' ) {
175 // Don't reveal whether or not an email address is in use
176 return StatusValue::newGood( [] );
177 } else {
178 return StatusValue::newFatal( 'noname' );
179 }
180 }
181
182 $firstUser = $users[0];
183
184 if ( !$firstUser instanceof User || !$firstUser->getId() ) {
185 // Don't parse username as wikitext (T67501)
186 return StatusValue::newFatal( wfMessage( 'nosuchuser', wfEscapeWikiText( $username ) ) );
187 }
188
189 // Check against the rate limiter
190 if ( $performingUser->pingLimiter( 'mailpassword' ) ) {
191 return StatusValue::newFatal( 'actionthrottledtext' );
192 }
193
194 // All the users will have the same email address
195 if ( !$firstUser->getEmail() ) {
196 // This won't be reachable from the email route, so safe to expose the username
197 return StatusValue::newFatal( wfMessage( 'noemail',
198 wfEscapeWikiText( $firstUser->getName() ) ) );
199 }
200
201 // We need to have a valid IP address for the hook, but per T20347, we should
202 // send the user's name if they're logged in.
203 $ip = $performingUser->getRequest()->getIP();
204 if ( !$ip ) {
205 return StatusValue::newFatal( 'badipaddress' );
206 }
207
208 Hooks::run( 'User::mailPasswordInternal', [ &$performingUser, &$ip, &$firstUser ] );
209
210 $result = StatusValue::newGood();
211 $reqs = [];
212 foreach ( $users as $user ) {
213 $req = TemporaryPasswordAuthenticationRequest::newRandom();
214 $req->username = $user->getName();
215 $req->mailpassword = true;
216 $req->caller = $performingUser->getName();
217 $status = $this->authManager->allowsAuthenticationDataChange( $req, true );
218 if ( $status->isGood() && $status->getValue() !== 'ignored' ) {
219 $reqs[] = $req;
220 } elseif ( $result->isGood() ) {
221 // only record the first error, to avoid exposing the number of users having the
222 // same email address
223 if ( $status->getValue() === 'ignored' ) {
224 $status = StatusValue::newFatal( 'passwordreset-ignored' );
225 }
226 $result->merge( $status );
227 }
228 }
229
230 $logContext = [
231 'requestingIp' => $ip,
232 'requestingUser' => $performingUser->getName(),
233 'targetUsername' => $username,
234 'targetEmail' => $email,
235 'actualUser' => $firstUser->getName(),
236 ];
237
238 if ( !$result->isGood() ) {
239 $this->logger->info(
240 "{requestingUser} attempted password reset of {actualUser} but failed",
241 $logContext + [ 'errors' => $result->getErrors() ]
242 );
243 return $result;
244 }
245
246 $passwords = [];
247 foreach ( $reqs as $req ) {
248 // This is adding a new temporary password, not intentionally changing anything
249 // (even though it might technically invalidate an old temporary password).
250 $this->authManager->changeAuthenticationData( $req, /* $isAddition */ true );
251 }
252
253 $this->logger->info(
254 "{requestingUser} did password reset of {actualUser}",
255 $logContext
256 );
257
258 return StatusValue::newGood( $passwords );
259 }
260
261 /**
262 * Check whether the user is blocked.
263 * Ignores certain types of system blocks that are only meant to force users to log in.
264 * @param User $user
265 * @return bool
266 * @since 1.30
267 */
268 protected function isBlocked( User $user ) {
269 $block = $user->getBlock() ?: $user->getGlobalBlock();
270 if ( !$block ) {
271 return false;
272 }
273 return $block->appliesToPasswordReset();
274 }
275
276 /**
277 * @param string $email
278 * @return User[]
279 * @throws MWException On unexpected database errors
280 */
281 protected function getUsersByEmail( $email ) {
282 $userQuery = User::getQueryInfo();
283 $res = wfGetDB( DB_REPLICA )->select(
284 $userQuery['tables'],
285 $userQuery['fields'],
286 [ 'user_email' => $email ],
287 __METHOD__,
288 [],
289 $userQuery['joins']
290 );
291
292 if ( !$res ) {
293 // Some sort of database error, probably unreachable
294 throw new MWException( 'Unknown database error in ' . __METHOD__ );
295 }
296
297 $users = [];
298 foreach ( $res as $row ) {
299 $users[] = User::newFromRow( $row );
300 }
301 return $users;
302 }
303 }
Wiklou, le Wiki du Wiklou