* http://www.gnu.org/copyleft/gpl.html
*/
+use MediaWiki\MediaWikiServices;
use MediaWiki\Session\BotPasswordSessionProvider;
use Wikimedia\Rdbms\IMaintainableDatabase;
public static function getDB( $db ) {
global $wgBotPasswordsCluster, $wgBotPasswordsDatabase;
+ $lbFactory = MediaWikiServices::getInstance()->getDBLoadBalancerFactory();
$lb = $wgBotPasswordsCluster
- ? wfGetLBFactory()->getExternalLB( $wgBotPasswordsCluster )
- : wfGetLB( $wgBotPasswordsDatabase );
+ ? $lbFactory->getExternalLB( $wgBotPasswordsCluster )
+ : $lbFactory->getMainLB( $wgBotPasswordsDatabase );
return $lb->getConnectionRef( $db, [], $wgBotPasswordsDatabase );
}
}
}
+ /**
+ * Whether the password is currently invalid
+ * @since 1.32
+ * @return bool
+ */
+ public function isInvalid() {
+ return $this->getPassword() instanceof InvalidPassword;
+ }
+
/**
* Save the BotPassword to the database
* @param string $operation 'update' or 'insert'
* @return Status On success, the good status's value is the new Session object
*/
public static function login( $username, $password, WebRequest $request ) {
- global $wgEnableBotPasswords;
+ global $wgEnableBotPasswords, $wgPasswordAttemptThrottle;
if ( !$wgEnableBotPasswords ) {
return Status::newFatal( 'botpasswords-disabled' );
return Status::newFatal( 'nosuchuser', $name );
}
+ if ( $user->isLocked() ) {
+ return Status::newFatal( 'botpasswords-locked' );
+ }
+
+ // Throttle
+ $throttle = null;
+ if ( !empty( $wgPasswordAttemptThrottle ) ) {
+ $throttle = new MediaWiki\Auth\Throttler( $wgPasswordAttemptThrottle, [
+ 'type' => 'botpassword',
+ 'cache' => ObjectCache::getLocalClusterInstance(),
+ ] );
+ $result = $throttle->increase( $user->getName(), $request->getIP(), __METHOD__ );
+ if ( $result ) {
+ $msg = wfMessage( 'login-throttled' )->durationParams( $result['wait'] );
+ return Status::newFatal( $msg );
+ }
+ }
+
// Get the bot password
$bp = self::newFromUser( $user, $appId );
if ( !$bp ) {
}
// Check the password
- if ( !$bp->getPassword()->equals( $password ) ) {
+ $passwordObj = $bp->getPassword();
+ if ( $passwordObj instanceof InvalidPassword ) {
+ return Status::newFatal( 'botpasswords-needs-reset', $name, $appId );
+ }
+ if ( !$passwordObj->equals( $password ) ) {
return Status::newFatal( 'wrongpassword' );
}
// Ok! Create the session.
+ if ( $throttle ) {
+ $throttle->clear( $user->getName(), $request->getIP() );
+ }
return Status::newGood( $provider->newSessionForRequest( $user, $bp, $request ) );
}
}
dépôts / lhc / web / wiklou.git / blobdiff