Merge "Better logging for botpasswords"

[lhc/web/wiklou.git] / includes / specials / SpecialBotPasswords.php

diff --git a/includes/specials/SpecialBotPasswords.php b/includes/specials/SpecialBotPasswords.php
index f76c318..f03565a 100644 (file)
--- a/includes/specials/SpecialBotPasswords.php
+++ b/includes/specials/SpecialBotPasswords.php
@@ -21,6 +21,8 @@
  * @ingroup SpecialPage
  */
 
+use MediaWiki\Logger\LoggerFactory;
+
 /**
  * Let users manage bot passwords
  *
@@ -40,8 +42,12 @@ class SpecialBotPasswords extends FormSpecialPage {
        /** @var string New password set, for communication between onSubmit() and onSuccess() */
        private $password = null;
 
+       /** @var Psr\Log\LoggerInterface */
+       private $logger = null;
+
        public function __construct() {
                parent::__construct( 'BotPasswords', 'editmyprivateinfo' );
+               $this->logger = LoggerFactory::getInstance( 'authentication' );
        }
 
        /**
@@ -107,6 +113,9 @@ class SpecialBotPasswords extends FormSpecialPage {
                                        'type' => 'check',
                                        'label-message' => 'botpasswords-label-resetpassword',
                                ];
+                               if ( $this->botPassword->isInvalid() ) {
+                                       $fields['resetPassword']['default'] = true;
+                               }
                        }
 
                        $lang = $this->getLanguage();
@@ -153,22 +162,39 @@ class SpecialBotPasswords extends FormSpecialPage {
 
                } else {
                        $linkRenderer = $this->getLinkRenderer();
+                       $passwordFactory = new PasswordFactory();
+                       $passwordFactory->init( $this->getConfig() );
+
                        $dbr = BotPassword::getDB( DB_REPLICA );
                        $res = $dbr->select(
                                'bot_passwords',
-                               [ 'bp_app_id' ],
+                               [ 'bp_app_id', 'bp_password' ],
                                [ 'bp_user' => $this->userId ],
                                __METHOD__
                        );
                        foreach ( $res as $row ) {
+                               try {
+                                       $password = $passwordFactory->newFromCiphertext( $row->bp_password );
+                                       $passwordInvalid = $password instanceof InvalidPassword;
+                                       unset( $password );
+                               } catch ( PasswordError $ex ) {
+                                       $passwordInvalid = true;
+                               }
+
+                               $text = $linkRenderer->makeKnownLink(
+                                       $this->getPageTitle( $row->bp_app_id ),
+                                       $row->bp_app_id
+                               );
+                               if ( $passwordInvalid ) {
+                                       $text .= $this->msg( 'word-separator' )->escaped()
+                                               . $this->msg( 'botpasswords-label-needsreset' )->parse();
+                               }
+
                                $fields[] = [
                                        'section' => 'existing',
                                        'type' => 'info',
                                        'raw' => true,
-                                       'default' => $linkRenderer->makeKnownLink(
-                                               $this->getPageTitle( $row->bp_app_id ),
-                                               $row->bp_app_id
-                                       ),
+                                       'default' => $text,
                                ];
                        }
 
@@ -257,6 +283,16 @@ class SpecialBotPasswords extends FormSpecialPage {
                                $bp = BotPassword::newFromCentralId( $this->userId, $this->par );
                                if ( $bp ) {
                                        $bp->delete();
+                                       $this->logger->info(
+                                               "Bot password {op} for {user}@{app_id}",
+                                               [
+                                                       'app_id' => $this->par,
+                                                       'user' => $this->getUser()->getName(),
+                                                       'centralId' => $this->userId,
+                                                       'op' => 'delete',
+                                                       'client_ip' => $this->getRequest()->getIP()
+                                               ]
+                                       );
                                }
                                return Status::newGood();
 
@@ -289,6 +325,18 @@ class SpecialBotPasswords extends FormSpecialPage {
                }
 
                if ( $bp->save( $this->operation, $password ) ) {
+                       $this->logger->info(
+                               "Bot password {op} for {user}@{app_id}",
+                               [
+                                       'op' => $this->operation,
+                                       'user' => $this->getUser()->getName(),
+                                       'app_id' => $this->par,
+                                       'centralId' => $this->userId,
+                                       'restrictions' => $data['restrictions'],
+                                       'grants' => $bp->getGrants(),
+                                       'client_ip' => $this->getRequest()->getIP()
+                               ]
+                       );
                        return Status::newGood();
                } else {
                        // Messages: botpasswords-insert-failed, botpasswords-update-failed