3 * Implements Special:BotPasswords
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
21 * @ingroup SpecialPage
24 use MediaWiki\Logger\LoggerFactory
;
25 use MediaWiki\MediaWikiServices
;
28 * Let users manage bot passwords
30 * @ingroup SpecialPage
32 class SpecialBotPasswords
extends FormSpecialPage
{
34 /** @var int Central user ID */
37 /** @var BotPassword|null Bot password being edited, if any */
38 private $botPassword = null;
40 /** @var string Operation being performed: create, update, delete */
41 private $operation = null;
43 /** @var string New password set, for communication between onSubmit() and onSuccess() */
44 private $password = null;
46 /** @var Psr\Log\LoggerInterface */
47 private $logger = null;
49 public function __construct() {
50 parent
::__construct( 'BotPasswords', 'editmyprivateinfo' );
51 $this->logger
= LoggerFactory
::getInstance( 'authentication' );
57 public function isListed() {
58 return $this->getConfig()->get( 'EnableBotPasswords' );
61 protected function getLoginSecurityLevel() {
62 return $this->getName();
66 * Main execution point
67 * @param string|null $par
69 function execute( $par ) {
70 $this->getOutput()->disallowUserJs();
71 $this->requireLogin();
72 $this->addHelpLink( 'Manual:Bot_passwords' );
75 if ( strlen( $par ) === 0 ) {
77 } elseif ( strlen( $par ) > BotPassword
::APPID_MAXLENGTH
) {
78 throw new ErrorPageError( 'botpasswords', 'botpasswords-bad-appid',
79 [ htmlspecialchars( $par ) ] );
82 parent
::execute( $par );
85 protected function checkExecutePermissions( User
$user ) {
86 parent
::checkExecutePermissions( $user );
88 if ( !$this->getConfig()->get( 'EnableBotPasswords' ) ) {
89 throw new ErrorPageError( 'botpasswords', 'botpasswords-disabled' );
92 $this->userId
= CentralIdLookup
::factory()->centralIdFromLocalUser( $this->getUser() );
93 if ( !$this->userId
) {
94 throw new ErrorPageError( 'botpasswords', 'botpasswords-no-central-id' );
98 protected function getFormFields() {
101 if ( $this->par
!== null ) {
102 $this->botPassword
= BotPassword
::newFromCentralId( $this->userId
, $this->par
);
103 if ( !$this->botPassword
) {
104 $this->botPassword
= BotPassword
::newUnsaved( [
105 'centralId' => $this->userId
,
106 'appId' => $this->par
,
110 $sep = BotPassword
::getSeparator();
113 'label-message' => 'username',
114 'default' => $this->getUser()->getName() . $sep . $this->par
117 if ( $this->botPassword
->isSaved() ) {
118 $fields['resetPassword'] = [
120 'label-message' => 'botpasswords-label-resetpassword',
122 if ( $this->botPassword
->isInvalid() ) {
123 $fields['resetPassword']['default'] = true;
127 $lang = $this->getLanguage();
128 $showGrants = MWGrants
::getValidGrants();
129 $fields['grants'] = [
130 'type' => 'checkmatrix',
131 'label-message' => 'botpasswords-label-grants',
132 'help-message' => 'botpasswords-help-grants',
134 $this->msg( 'botpasswords-label-grants-column' )->escaped() => 'grant'
136 'rows' => array_combine(
137 array_map( 'MWGrants::getGrantsLink', $showGrants ),
140 'default' => array_map(
144 $this->botPassword
->getGrants()
146 'tooltips' => array_combine(
147 array_map( 'MWGrants::getGrantsLink', $showGrants ),
149 function ( $rights ) use ( $lang ) {
150 return $lang->semicolonList( array_map( 'User::getRightDescription', $rights ) );
152 array_intersect_key( MWGrants
::getRightsByGrant(), array_flip( $showGrants ) )
155 'force-options-on' => array_map(
159 MWGrants
::getHiddenGrants()
163 $fields['restrictions'] = [
164 'class' => HTMLRestrictionsField
::class,
166 'default' => $this->botPassword
->getRestrictions(),
170 $linkRenderer = $this->getLinkRenderer();
171 $passwordFactory = MediaWikiServices
::getInstance()->getPasswordFactory();
173 $dbr = BotPassword
::getDB( DB_REPLICA
);
176 [ 'bp_app_id', 'bp_password' ],
177 [ 'bp_user' => $this->userId
],
180 foreach ( $res as $row ) {
182 $password = $passwordFactory->newFromCiphertext( $row->bp_password
);
183 $passwordInvalid = $password instanceof InvalidPassword
;
185 } catch ( PasswordError
$ex ) {
186 $passwordInvalid = true;
189 $text = $linkRenderer->makeKnownLink(
190 $this->getPageTitle( $row->bp_app_id
),
193 if ( $passwordInvalid ) {
194 $text .= $this->msg( 'word-separator' )->escaped()
195 . $this->msg( 'botpasswords-label-needsreset' )->parse();
199 'section' => 'existing',
207 'section' => 'createnew',
208 'type' => 'textwithbutton',
209 'label-message' => 'botpasswords-label-appid',
210 'buttondefault' => $this->msg( 'botpasswords-label-create' )->text(),
211 'buttonflags' => [ 'progressive', 'primary' ],
213 'size' => BotPassword
::APPID_MAXLENGTH
,
214 'maxlength' => BotPassword
::APPID_MAXLENGTH
,
215 'validation-callback' => function ( $v ) {
217 return $v !== '' && strlen( $v ) <= BotPassword
::APPID_MAXLENGTH
;
231 protected function alterForm( HTMLForm
$form ) {
232 $form->setId( 'mw-botpasswords-form' );
233 $form->setTableId( 'mw-botpasswords-table' );
234 $form->addPreText( $this->msg( 'botpasswords-summary' )->parseAsBlock() );
235 $form->suppressDefaultSubmit();
237 if ( $this->par
!== null ) {
238 if ( $this->botPassword
->isSaved() ) {
239 $form->setWrapperLegendMsg( 'botpasswords-editexisting' );
243 'label-message' => 'botpasswords-label-update',
244 'flags' => [ 'primary', 'progressive' ],
249 'label-message' => 'botpasswords-label-delete',
250 'flags' => [ 'destructive' ],
253 $form->setWrapperLegendMsg( 'botpasswords-createnew' );
257 'label-message' => 'botpasswords-label-create',
258 'flags' => [ 'primary', 'progressive' ],
265 'label-message' => 'botpasswords-label-cancel'
270 public function onSubmit( array $data ) {
271 $op = $this->getRequest()->getVal( 'op', '' );
275 $this->getOutput()->redirect( $this->getPageTitle( $data['appId'] )->getFullURL() );
279 $this->operation
= 'insert';
280 return $this->save( $data );
283 $this->operation
= 'update';
284 return $this->save( $data );
287 $this->operation
= 'delete';
288 $bp = BotPassword
::newFromCentralId( $this->userId
, $this->par
);
292 "Bot password {op} for {user}@{app_id}",
294 'app_id' => $this->par
,
295 'user' => $this->getUser()->getName(),
296 'centralId' => $this->userId
,
298 'client_ip' => $this->getRequest()->getIP()
302 return Status
::newGood();
305 $this->getOutput()->redirect( $this->getPageTitle()->getFullURL() );
312 private function save( array $data ) {
313 $bp = BotPassword
::newUnsaved( [
314 'centralId' => $this->userId
,
315 'appId' => $this->par
,
316 'restrictions' => $data['restrictions'],
317 'grants' => array_merge(
318 MWGrants
::getHiddenGrants(),
319 preg_replace( '/^grant-/', '', $data['grants'] )
323 if ( $this->operation
=== 'insert' ||
!empty( $data['resetPassword'] ) ) {
324 $this->password
= BotPassword
::generatePassword( $this->getConfig() );
325 $passwordFactory = MediaWikiServices
::getInstance()->getPasswordFactory();
326 $password = $passwordFactory->newFromPlaintext( $this->password
);
331 if ( $bp->save( $this->operation
, $password ) ) {
333 "Bot password {op} for {user}@{app_id}",
335 'op' => $this->operation
,
336 'user' => $this->getUser()->getName(),
337 'app_id' => $this->par
,
338 'centralId' => $this->userId
,
339 'restrictions' => $data['restrictions'],
340 'grants' => $bp->getGrants(),
341 'client_ip' => $this->getRequest()->getIP()
344 return Status
::newGood();
346 // Messages: botpasswords-insert-failed, botpasswords-update-failed
347 return Status
::newFatal( "botpasswords-{$this->operation}-failed", $this->par
);
351 public function onSuccess() {
352 $out = $this->getOutput();
354 $username = $this->getUser()->getName();
355 switch ( $this->operation
) {
357 $out->setPageTitle( $this->msg( 'botpasswords-created-title' )->text() );
358 $out->addWikiMsg( 'botpasswords-created-body', $this->par
, $username );
362 $out->setPageTitle( $this->msg( 'botpasswords-updated-title' )->text() );
363 $out->addWikiMsg( 'botpasswords-updated-body', $this->par
, $username );
367 $out->setPageTitle( $this->msg( 'botpasswords-deleted-title' )->text() );
368 $out->addWikiMsg( 'botpasswords-deleted-body', $this->par
, $username );
369 $this->password
= null;
373 if ( $this->password
!== null ) {
374 $sep = BotPassword
::getSeparator();
376 'botpasswords-newpassword',
377 htmlspecialchars( $username . $sep . $this->par
),
378 htmlspecialchars( $this->password
),
379 htmlspecialchars( $username ),
380 htmlspecialchars( $this->par
. $sep . $this->password
)
382 $this->password
= null;
385 $out->addReturnTo( $this->getPageTitle() );
388 protected function getGroupName() {
392 protected function getDisplayFormat() {