* http://www.gnu.org/copyleft/gpl.html
*/
+use MediaWiki\Session\BotPasswordSessionProvider;
+
/**
* Utility class for bot passwords
* @since 1.27
/**
* Get a database connection for the bot passwords database
- * @param int $db Index of the connection to get, e.g. DB_MASTER or DB_SLAVE.
+ * @param int $db Index of the connection to get, e.g. DB_MASTER or DB_REPLICA.
* @return DatabaseBase
*/
public static function getDB( $db ) {
return (bool)$dbw->affectedRows();
}
+ /**
+ * Returns a (raw, unhashed) random password string.
+ * @param Config $config
+ * @return string
+ */
+ public static function generatePassword( $config ) {
+ return PasswordFactory::generateRandomPasswordString(
+ max( 32, $config->get( 'MinimalPasswordLength' ) ) );
+ }
+
+ /**
+ * There are two ways to login with a bot password: "username@appId", "password" and
+ * "username", "appId@password". Transform it so it is always in the first form.
+ * Returns [bot username, bot password, could be normal password?] where the last one is a flag
+ * meaning this could either be a bot password or a normal password, it cannot be decided for
+ * certain (although in such cases it almost always will be a bot password).
+ * If this cannot be a bot password login just return false.
+ * @param string $username
+ * @param string $password
+ * @return array|false
+ */
+ public static function canonicalizeLoginData( $username, $password ) {
+ $sep = BotPassword::getSeparator();
+ if ( strpos( $username, $sep ) !== false ) {
+ // the separator is not valid in usernames so this must be a bot login
+ return [ $username, $password, false ];
+ } elseif ( strlen( $password ) > 32 && strpos( $password, $sep ) !== false ) {
+ // the strlen check helps minimize the password information obtainable from timing
+ $segments = explode( $sep, $password );
+ $password = array_pop( $segments );
+ $appId = implode( $sep, $segments );
+ if ( preg_match( '/^[0-9a-w]{32,}$/', $password ) ) {
+ return [ $username . $sep . $appId, $password, true ];
+ }
+ }
+ return false;
+ }
+
/**
* Try to log the user in
* @param string $username Combined user name and app ID
}
$manager = MediaWiki\Session\SessionManager::singleton();
- $provider = $manager->getProvider(
- 'MediaWiki\\Session\\BotPasswordSessionProvider'
- );
+ $provider = $manager->getProvider( BotPasswordSessionProvider::class );
if ( !$provider ) {
return Status::newFatal( 'botpasswords-no-provider' );
}
// Check restrictions
$status = $bp->getRestrictions()->check( $request );
- if ( !$status->isOk() ) {
+ if ( !$status->isOK() ) {
return Status::newFatal( 'botpasswords-restriction-failed' );
}