Ð¤Ð°Ð¹Ð»Ð¾Ð²Ñ‹Ð¹ Ð¼ÐµÐ½ÐµÐ´Ð¶ÐµÑ€

Ð¤Ð°Ð¹Ð»Ð¾Ð²Ñ‹Ð¹ Ð¼ÐµÐ½ÐµÐ´Ð¶ÐµÑ€ - Ð ÐµÐ´Ð°ÐºÑ‚Ð¸Ñ€Ð¾Ð²Ð°Ñ‚ÑŒ - /var/www/html/user.zip

ÐÐ°Ð·Ð°Ð´
PK��!��(�F��test_user_copy.shnu�ȯ��#!/bin/sh # SPDX-License-Identifier: GPL-2.0 # Runs copy_to/from_user infrastructure using test_user_copy kernel module # Kselftest framework requirement - SKIP code is 4. ksft_skip=4 if ! /sbin/modprobe -q -n test_user_copy; then echo "user: module test_user_copy is not found [SKIP]" exit $ksft_skip fi if /sbin/modprobe -q test_user_copy; then /sbin/modprobe -q -r test_user_copy echo "user_copy: ok" else echo "user_copy: [FAIL]" exit 1 fi PK��!��h\��Makefilenu��[��# SPDX-License-Identifier: GPL-2.0-only # Makefile for user memory selftests # No binaries, but make sure arg-less "make" doesn't trigger "run_tests" all: TEST_PROGS := test_user_copy.sh include ../lib.mk PK��!��, ��ActorStoreFactory.phpnu��Iw��<?php /** * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User; use MediaWiki\Block\HideUserUtils; use MediaWiki\Config\ServiceOptions; use MediaWiki\DAO\WikiAwareEntity; use MediaWiki\MainConfigNames; use MediaWiki\User\TempUser\TempUserConfig; use Psr\Log\LoggerInterface; use Wikimedia\Rdbms\ILBFactory; use Wikimedia\Rdbms\ILoadBalancer; /* * ActorStore factory for various domains. * * @package MediaWiki\User * @since 1.36 / class ActorStoreFactory { /* @internal / public const CONSTRUCTOR_OPTIONS = [ MainConfigNames::SharedDB, MainConfigNames::SharedTables, ]; private ILBFactory $loadBalancerFactory; private UserNameUtils $userNameUtils; private TempUserConfig $tempUserConfig; private LoggerInterface $logger; private HideUserUtils $hideUserUtils; /* @var string\|false / private $sharedDB; /* @var string[] / private $sharedTables; /* @var ActorStore[] / private $storeCache = []; /* * @param ServiceOptions $options * @param ILBFactory $loadBalancerFactory * @param UserNameUtils $userNameUtils * @param TempUserConfig $tempUserConfig * @param LoggerInterface $logger * @param HideUserUtils $hideUserUtils / public function __construct( ServiceOptions $options, ILBFactory $loadBalancerFactory, UserNameUtils $userNameUtils, TempUserConfig $tempUserConfig, LoggerInterface $logger, HideUserUtils $hideUserUtils ) { $options->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS ); $this->loadBalancerFactory = $loadBalancerFactory; $this->sharedDB = $options->get( MainConfigNames::SharedDB ); $this->sharedTables = $options->get( MainConfigNames::SharedTables ); $this->userNameUtils = $userNameUtils; $this->tempUserConfig = $tempUserConfig; $this->logger = $logger; $this->hideUserUtils = $hideUserUtils; } /* * @param string\|false $wikiId * @return ActorNormalization / public function getActorNormalization( $wikiId = WikiAwareEntity::LOCAL ): ActorNormalization { return $this->getActorStore( $wikiId ); } /* * @since 1.42 * @param string\|false $wikiId * @return ActorNormalization / public function getActorNormalizationForImport( $wikiId = WikiAwareEntity::LOCAL ): ActorNormalization { return $this->getActorStoreForImport( $wikiId ); } /* * @param string\|false $wikiId * @return ActorStore / public function getActorStore( $wikiId = WikiAwareEntity::LOCAL ): ActorStore { return $this->getStore( $wikiId, false ); } /* * @since 1.42 * @param string\|false $wikiId * @return ActorStore / public function getActorStoreForImport( $wikiId = WikiAwareEntity::LOCAL ): ActorStore { return $this->getStore( $wikiId, true ); } /* * @since 1.43 * @param string\|false $wikiId * @return ActorStore / public function getActorStoreForUndelete( $wikiId = WikiAwareEntity::LOCAL ): ActorStore { return $this->getStore( $wikiId, true ); } /* * @param string\|false $wikiId * @param bool $allowingIpActorCreation * @return ActorStore / private function getStore( $wikiId, bool $allowingIpActorCreation ): ActorStore { // During the transition from User, we still have old User objects // representing users from a different wiki, so we still have IDatabase::getDomainId // passed as $wikiId, so we need to remap it back to LOCAL. if ( is_string( $wikiId ) && $this->loadBalancerFactory->getLocalDomainID() === $wikiId ) { $wikiId = WikiAwareEntity::LOCAL; } $storeCacheKey = ( $allowingIpActorCreation ? 'allowing-ip-actor-creation-' : '' ) . ( $wikiId === WikiAwareEntity::LOCAL ? 'LOCAL' : $wikiId ); if ( !isset( $this->storeCache[$storeCacheKey] ) ) { $store = new ActorStore( $this->getLoadBalancerForTable( 'actor', $wikiId ), $this->userNameUtils, $this->tempUserConfig, $this->logger, $this->hideUserUtils, $wikiId ); if ( $allowingIpActorCreation ) { $store->setAllowCreateIpActors( true ); } $this->storeCache[$storeCacheKey] = $store; } return $this->storeCache[$storeCacheKey]; } /* * @param string\|false $wikiId * @return UserIdentityLookup / public function getUserIdentityLookup( $wikiId = WikiAwareEntity::LOCAL ): UserIdentityLookup { return $this->getActorStore( $wikiId ); } /* * Returns a load balancer for the database that has the $table * for the given $wikiId. * * @param string $table * @param string\|false $wikiId * @return ILoadBalancer / private function getLoadBalancerForTable( string $table, $wikiId = WikiAwareEntity::LOCAL ): ILoadBalancer { if ( $this->sharedDB && in_array( $table, $this->sharedTables ) ) { // The main LB is already properly set up for shared databases early in Setup.php return $this->loadBalancerFactory->getMainLB(); } return $this->loadBalancerFactory->getMainLB( $wikiId ); } } PK��!�ۢ[O��Options/UserOptionsLookup.phpnu��Iw��<?php /* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User\Options; use MediaWiki\User\UserIdentity; use Wikimedia\Rdbms\IDBAccessObject; /* * Provides access to user options * @since 1.35 / abstract class UserOptionsLookup { /* * Exclude user options that are set to their default value. / public const EXCLUDE_DEFAULTS = 1; /* * The suffix appended to preference names for the associated preference * that tracks whether they have a local override. * @since 1.43 / public const LOCAL_EXCEPTION_SUFFIX = '-local-exception'; /* * Combine the language default options with any site-specific and user-specific defaults * and add the default language variants. * * @param UserIdentity\|null $userIdentity User to look the default up for; set to null to * ignore any user-specific defaults (since 1.42) * @return array / abstract public function getDefaultOptions( ?UserIdentity $userIdentity = null ): array; /* * Get a given default option value. * * @param string $opt Name of option to retrieve * @param UserIdentity\|null $userIdentity User to look the defaults up for; set to null to * ignore any user-specific defaults (since 1.42) * @return mixed\|null Default option value / public function getDefaultOption( string $opt, ?UserIdentity $userIdentity = null ) { $defaultOptions = $this->getDefaultOptions( $userIdentity ); return $defaultOptions[$opt] ?? null; } /* * Get the user's current setting for a given option. * * @param UserIdentity $user The user to get the option for * @param string $oname The option to check * @param mixed\|null $defaultOverride A default value returned if the option does not exist * @param bool $ignoreHidden Whether to ignore the effects of $wgHiddenPrefs * @param int $queryFlags A bit field composed of READ_XXX flags * @return mixed\|null User's current value for the option, * Note that while option values retrieved from the database are always strings, default * values and values set within the current request and not yet saved may be of another type. * @see getBoolOption() * @see getIntOption() / abstract public function getOption( UserIdentity $user, string $oname, $defaultOverride = null, bool $ignoreHidden = false, int $queryFlags = IDBAccessObject::READ_NORMAL ); /* * Get all user's options * * @param UserIdentity $user The user to get the option for * @param int $flags Bitwise combination of: * UserOptionsManager::EXCLUDE_DEFAULTS Exclude user options that are set * to the default value. Options * that are set to their conditionally * default value are not excluded. * @param int $queryFlags A bit field composed of READ_XXX flags * @return array / abstract public function getOptions( UserIdentity $user, int $flags = 0, int $queryFlags = IDBAccessObject::READ_NORMAL ): array; /* * Get the user's current setting for a given option, as a boolean value. * * @param UserIdentity $user The user to get the option for * @param string $oname The option to check * @param int $queryFlags A bit field composed of READ_XXX flags * @return bool User's current value for the option * @see getOption() / public function getBoolOption( UserIdentity $user, string $oname, int $queryFlags = IDBAccessObject::READ_NORMAL ): bool { return (bool)$this->getOption( $user, $oname, null, false, $queryFlags ); } /* * Get the user's current setting for a given option, as an integer value. * * @param UserIdentity $user The user to get the option for * @param string $oname The option to check * @param int $defaultOverride A default value returned if the option does not exist * @param int $queryFlags A bit field composed of READ_XXX flags * @return int User's current value for the option * @see getOption() / public function getIntOption( UserIdentity $user, string $oname, int $defaultOverride = 0, int $queryFlags = IDBAccessObject::READ_NORMAL ): int { $val = $this->getOption( $user, $oname, $defaultOverride, false, $queryFlags ); if ( $val == '' ) { $val = $defaultOverride; } return intval( $val ); } /* * Determine if a user option came from a source other than the local store * or the defaults. If this is true, setting the option will be ignored * unless GLOBAL_OVERRIDE or GLOBAL_UPDATE is passed to setOption(). * * @param UserIdentity $user * @param string $key * @return bool / public function isOptionGlobal( UserIdentity $user, string $key ) { return false; } } /* @deprecated class alias since 1.42 / class_alias( UserOptionsLookup::class, 'MediaWiki\\User\\UserOptionsLookup' ); PK��!�}q�\��\��Options/UserOptionsManager.phpnu��Iw��<?php /* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User\Options; use InvalidArgumentException; use MediaWiki\Config\ServiceOptions; use MediaWiki\Context\IContextSource; use MediaWiki\HookContainer\HookContainer; use MediaWiki\HookContainer\HookRunner; use MediaWiki\Language\LanguageCode; use MediaWiki\Language\LanguageConverter; use MediaWiki\Languages\LanguageConverterFactory; use MediaWiki\MainConfigNames; use MediaWiki\MediaWikiServices; use MediaWiki\User\UserFactory; use MediaWiki\User\UserIdentity; use MediaWiki\User\UserNameUtils; use MediaWiki\User\UserTimeCorrection; use Psr\Log\LoggerInterface; use Wikimedia\ObjectFactory\ObjectFactory; use Wikimedia\Rdbms\IConnectionProvider; use Wikimedia\Rdbms\IDBAccessObject; /* * A service class to control user options * @since 1.35 / class UserOptionsManager extends UserOptionsLookup { /* * @internal For use by ServiceWiring / public const CONSTRUCTOR_OPTIONS = [ MainConfigNames::HiddenPrefs, MainConfigNames::LocalTZoffset, ]; /* * @since 1.39.5, 1.40 / public const MAX_BYTES_OPTION_VALUE = 65530; /* * If the option was set globally, ignore the update. * @since 1.43 / public const GLOBAL_IGNORE = 'ignore'; /* * If the option was set globally, add a local override. * @since 1.43 / public const GLOBAL_OVERRIDE = 'override'; /* * If the option was set globally, update the global value. * @since 1.43 / public const GLOBAL_UPDATE = 'update'; private const LOCAL_STORE_KEY = 'local'; private ServiceOptions $serviceOptions; private DefaultOptionsLookup $defaultOptionsLookup; private LanguageConverterFactory $languageConverterFactory; private IConnectionProvider $dbProvider; private UserFactory $userFactory; private LoggerInterface $logger; private HookRunner $hookRunner; private UserNameUtils $userNameUtils; private array $storeProviders; private ObjectFactory $objectFactory; /* @var UserOptionsCacheEntry[] / private $cache = []; /* @var UserOptionsStore[]\|null / private $stores; /* * @param ServiceOptions $options * @param DefaultOptionsLookup $defaultOptionsLookup * @param LanguageConverterFactory $languageConverterFactory * @param IConnectionProvider $dbProvider * @param LoggerInterface $logger * @param HookContainer $hookContainer * @param UserFactory $userFactory * @param UserNameUtils $userNameUtils * @param ObjectFactory $objectFactory * @param array $storeProviders / public function __construct( ServiceOptions $options, DefaultOptionsLookup $defaultOptionsLookup, LanguageConverterFactory $languageConverterFactory, IConnectionProvider $dbProvider, LoggerInterface $logger, HookContainer $hookContainer, UserFactory $userFactory, UserNameUtils $userNameUtils, ObjectFactory $objectFactory, array $storeProviders ) { $options->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS ); $this->serviceOptions = $options; $this->defaultOptionsLookup = $defaultOptionsLookup; $this->languageConverterFactory = $languageConverterFactory; $this->dbProvider = $dbProvider; $this->logger = $logger; $this->hookRunner = new HookRunner( $hookContainer ); $this->userFactory = $userFactory; $this->userNameUtils = $userNameUtils; $this->objectFactory = $objectFactory; $this->storeProviders = $storeProviders; } /* * @inheritDoc / public function getDefaultOptions( ?UserIdentity $userIdentity = null ): array { return $this->defaultOptionsLookup->getDefaultOptions( $userIdentity ); } /* * @inheritDoc / public function getDefaultOption( string $opt, ?UserIdentity $userIdentity = null ) { return $this->defaultOptionsLookup->getDefaultOption( $opt, $userIdentity ); } /* * @inheritDoc / public function getOption( UserIdentity $user, string $oname, $defaultOverride = null, bool $ignoreHidden = false, int $queryFlags = IDBAccessObject::READ_NORMAL ) { # We want 'disabled' preferences to always behave as the default value for # users, even if they have set the option explicitly in their settings (ie they # set it, and then it was disabled removing their ability to change it). But # we don't want to erase the preferences in the database in case the preference # is re-enabled again. So don't touch $mOptions, just override the returned value if ( !$ignoreHidden && in_array( $oname, $this->serviceOptions->get( MainConfigNames::HiddenPrefs ) ) ) { return $this->defaultOptionsLookup->getDefaultOption( $oname, $user ); } $options = $this->loadUserOptions( $user, $queryFlags ); if ( array_key_exists( $oname, $options ) ) { return $options[$oname]; } return $defaultOverride; } /* * @inheritDoc / public function getOptions( UserIdentity $user, int $flags = 0, int $queryFlags = IDBAccessObject::READ_NORMAL ): array { $options = $this->loadUserOptions( $user, $queryFlags ); # We want 'disabled' preferences to always behave as the default value for # users, even if they have set the option explicitly in their settings (ie they # set it, and then it was disabled removing their ability to change it). But # we don't want to erase the preferences in the database in case the preference # is re-enabled again. So don't touch $mOptions, just override the returned value foreach ( $this->serviceOptions->get( MainConfigNames::HiddenPrefs ) as $pref ) { $default = $this->defaultOptionsLookup->getDefaultOption( $pref, $user ); if ( $default !== null ) { $options[$pref] = $default; } } if ( $flags & self::EXCLUDE_DEFAULTS ) { // NOTE: This intentionally ignores conditional defaults, so that `mw.user.options` // work correctly for options with conditional defaults. $defaultOptions = $this->defaultOptionsLookup->getDefaultOptions( null ); foreach ( $options as $option => $value ) { if ( array_key_exists( $option, $defaultOptions ) && self::isValueEqual( $value, $defaultOptions[$option] ) ) { unset( $options[$option] ); } } } return $options; } public function isOptionGlobal( UserIdentity $user, string $key ) { $this->getOptions( $user ); $source = $this->cache[ $this->getCacheKey( $user ) ]->sources[$key] ?? self::LOCAL_STORE_KEY; return $source !== self::LOCAL_STORE_KEY; } /* * Set the given option for a user. * * You need to call saveOptions() to actually write to the database. * * $val should be null or a string. Other types are accepted for B/C with legacy * code but can result in surprising behavior and are discouraged. Values are always * stored as strings in the database, so if you pass a non-string value, it will be * eventually converted; but before the call to saveOptions(), getOption() will return * the passed value from instance cache without any type conversion. * * A null value means resetting the option to its default value (removing the user_properties * row). Passing in the same value as the default value fo the user has the same result. * This behavior supports some level of type juggling - e.g. if the default value is 1, * and you pass in '1', the option will be reset to its default value. * * When an option is reset to its default value, that means whenever the default value * is changed in the site configuration, the user preference for this user will also change. * There is no way to set a user preference to be the same as the default but avoid it * changing when the default changes. You can instead use $wgConditionalUserOptions to * split the default based on user registration date. * * If a global user option exists with the given name, the behaviour depends on the value * of $global. * * @param UserIdentity $user * @param string $oname The option to set * @param mixed $val New value to set. * @param string $global Since 1.43. What to do if the option was set * globally using the GlobalPreferences extension. One of the * self::GLOBAL_* constants: * - GLOBAL_IGNORE: Do nothing. The option remains with its previous value. * - GLOBAL_OVERRIDE: Add a local override. * - GLOBAL_UPDATE: Update the option globally. * The UI should typically ask for the user's consent before setting a global * option. / public function setOption( UserIdentity $user, string $oname, $val, $global = self::GLOBAL_IGNORE ) { // Explicitly NULL values should refer to defaults $val ??= $this->defaultOptionsLookup->getDefaultOption( $oname, $user ); $userKey = $this->getCacheKey( $user ); $info = $this->cache[$userKey] ??= new UserOptionsCacheEntry; $info->modifiedValues[$oname] = $val; $info->globalUpdateActions[$oname] = $global; } /* * Reset certain (or all) options to the site defaults * * The optional parameter determines which kinds of preferences will be reset. * Supported values are everything that can be reported by getOptionKinds() * and 'all', which forces a reset of all preferences and overrides everything else. * * @note You need to call saveOptions() to actually write to the database. * * @deprecated since 1.43 use resetOptionsByName() with PreferencesFactory::getOptionNamesForReset() * * @param UserIdentity $user * @param IContextSource $context Context source used when $resetKinds does not contain 'all'. * @param array\|string $resetKinds Which kinds of preferences to reset. * Defaults to [ 'registered', 'registered-multiselect', 'registered-checkmatrix', 'unused' ] / public function resetOptions( UserIdentity $user, IContextSource $context, $resetKinds = [ 'registered', 'registered-multiselect', 'registered-checkmatrix', 'unused' ] ) { wfDeprecated( __METHOD__, '1.43' ); $preferencesFactory = MediaWikiServices::getInstance()->getPreferencesFactory(); $optionsToReset = $preferencesFactory->getOptionNamesForReset( $this->userFactory->newFromUserIdentity( $user ), $context, $resetKinds ); $this->resetOptionsByName( $user, $optionsToReset ); } /* * Reset a list of options to the site defaults * * @note You need to call saveOptions() to actually write to the database. * * @param UserIdentity $user * @param string[] $optionNames / public function resetOptionsByName( UserIdentity $user, array $optionNames ) { foreach ( $optionNames as $name ) { $this->setOption( $user, $name, null ); } } /* * Reset all options that were set to a non-default value by the given user * * @note You need to call saveOptions() to actually write to the database. * * @param UserIdentity $user / public function resetAllOptions( UserIdentity $user ) { foreach ( $this->loadUserOptions( $user ) as $name => $value ) { $this->setOption( $user, $name, null ); } } /* * @deprecated since 1.43 use PreferencesFactory::listResetKinds() * * @return string[] Option kinds / public function listOptionKinds(): array { wfDeprecated( __METHOD__, '1.43' ); $preferencesFactory = MediaWikiServices::getInstance()->getPreferencesFactory(); return $preferencesFactory->listResetKinds(); } /* * @deprecated since 1.43 use PreferencesFactory::getResetKinds * * @param UserIdentity $userIdentity * @param IContextSource $context * @param array\|null $options * @return string[] / public function getOptionKinds( UserIdentity $userIdentity, IContextSource $context, $options = null ): array { wfDeprecated( __METHOD__, '1.43' ); $user = $this->userFactory->newFromUserIdentity( $userIdentity ); $preferencesFactory = MediaWikiServices::getInstance()->getPreferencesFactory(); return $preferencesFactory->getResetKinds( $user, $context, $options ); } /* * Saves the non-default options for this user, as previously set e.g. via * setOption(), in the database's "user_properties" (preferences) table. * * @since 1.38, this method was internal before that. * @param UserIdentity $user / public function saveOptions( UserIdentity $user ) { $dbw = $this->dbProvider->getPrimaryDatabase(); $changed = $this->saveOptionsInternal( $user ); $legacyUser = $this->userFactory->newFromUserIdentity( $user ); // Before UserOptionsManager, User::saveSettings was used for user options // saving. Some extensions might depend on UserSaveSettings hook being run // when options are saved, so run this hook for legacy reasons. // Once UserSaveSettings hook is deprecated and replaced with a different hook // with more modern interface, extensions should use 'SaveUserOptions' hook. $this->hookRunner->onUserSaveSettings( $legacyUser ); if ( $changed ) { $dbw->onTransactionCommitOrIdle( static function () use ( $legacyUser ) { $legacyUser->checkAndSetTouched(); }, __METHOD__ ); } } /* * Saves the non-default options for this user, as previously set e.g. via * setOption(), in the database's "user_properties" (preferences) table. * * @param UserIdentity $user * @return bool true if options were changed and new options successfully saved. * @internal only public for use in User::saveSettings / public function saveOptionsInternal( UserIdentity $user ): bool { if ( $this->userNameUtils->isIP( $user->getName() ) \|\| $this->userNameUtils->isTemp( $user->getName() ) ) { throw new InvalidArgumentException( __METHOD__ . ' was called on IP or temporary user' ); } $userKey = $this->getCacheKey( $user ); $cache = $this->cache[$userKey] ?? new UserOptionsCacheEntry; $modifiedOptions = $cache->modifiedValues; // FIXME: should probably use READ_LATEST here $originalOptions = $this->loadOriginalOptions( $user ); if ( !$this->hookRunner->onSaveUserOptions( $user, $modifiedOptions, $originalOptions ) ) { return false; } $updatesByStore = []; foreach ( $modifiedOptions as $key => $value ) { // Don't store unchanged or default values $defaultValue = $this->defaultOptionsLookup->getDefaultOption( $key, $user ); if ( $value === null \|\| self::isValueEqual( $value, $defaultValue ) ) { $valOrNull = null; } else { $valOrNull = (string)$value; } $source = $cache->sources[$key] ?? self::LOCAL_STORE_KEY; if ( $source === self::LOCAL_STORE_KEY ) { $updatesByStore[self::LOCAL_STORE_KEY][$key] = $valOrNull; } else { $updateAction = $cache->globalUpdateActions[$key] ?? self::GLOBAL_IGNORE; if ( $updateAction === self::GLOBAL_UPDATE ) { $updatesByStore[$source][$key] = $valOrNull; } elseif ( $updateAction === self::GLOBAL_OVERRIDE ) { $updatesByStore[self::LOCAL_STORE_KEY][$key] = $valOrNull; $updatesByStore[self::LOCAL_STORE_KEY][$key . self::LOCAL_EXCEPTION_SUFFIX] = '1'; } } } $changed = false; $stores = $this->getStores(); foreach ( $updatesByStore as $source => $updates ) { $changed = $stores[$source]->store( $user, $updates ) \|\| $changed; } if ( !$changed ) { return false; } // Clear the cache and the update queue unset( $this->cache[$userKey] ); return true; } /* * Loads user options either from cache or from the database. * * @note Query flags are ignored for anons, since they do not have any * options stored in the database. If the UserIdentity was itself * obtained from a replica and doesn't have ID set due to replication lag, * it will be treated as anon regardless of the query flags passed here. * * @internal * * @param UserIdentity $user * @param int $queryFlags * @return array / public function loadUserOptions( UserIdentity $user, int $queryFlags = IDBAccessObject::READ_NORMAL ): array { $userKey = $this->getCacheKey( $user ); $originalOptions = $this->loadOriginalOptions( $user, $queryFlags ); $cache = $this->cache[$userKey] ?? null; if ( $cache ) { return array_merge( $originalOptions, $cache->modifiedValues ); } else { return $originalOptions; } } /* * Clears cached user options. * @internal To be used by User::clearInstanceCache * @param UserIdentity $user / public function clearUserOptionsCache( UserIdentity $user ) { unset( $this->cache[ $this->getCacheKey( $user ) ] ); } /* * Fetches the options directly from the database with no caches. * * @param UserIdentity $user * @param int $queryFlags a bit field composed of READ_XXX flags * @return array / private function loadOptionsFromStore( UserIdentity $user, int $queryFlags ): array { $this->logger->debug( 'Loading options from database', [ 'user_id' => $user->getId(), 'user_name' => $user->getName() ] ); $mergedOptions = []; $cache = $this->cache[ $this->getCacheKey( $user ) ] ??= new UserOptionsCacheEntry; foreach ( $this->getStores() as $storeName => $store ) { $options = $store->fetch( $user, $queryFlags ); foreach ( $options as $name => $value ) { // Handle a local exception which is the default if ( str_ends_with( $name, self::LOCAL_EXCEPTION_SUFFIX ) && $value ) { $baseName = substr( $name, 0, -strlen( self::LOCAL_EXCEPTION_SUFFIX ) ); if ( !isset( $options[$baseName] ) ) { // T368595: The source should always be set to local for local exceptions $cache->sources[$baseName] = self::LOCAL_STORE_KEY; unset( $mergedOptions[$baseName] ); } } // Handle a non-default option or non-default local exception if ( !isset( $mergedOptions[$name] ) \|\| !empty( $options[$name . self::LOCAL_EXCEPTION_SUFFIX] ) ) { $cache->sources[$name] = $storeName; $mergedOptions[$name] = $this->normalizeValueType( $value ); } } } return $mergedOptions; } /* * Convert '0' to 0. PHP's boolean conversion considers them both * false, but e.g. JavaScript considers the former as true. * * @todo T54542 Somehow determine the desired type (string/int/bool) * and convert all values here. * * @param string $value * @return mixed / private function normalizeValueType( $value ) { if ( $value === '0' ) { $value = 0; } return $value; } /* * Loads the original user options from the database and applies various transforms, * like timecorrection. Runs hooks. * * @param UserIdentity $user * @param int $queryFlags * @return array / private function loadOriginalOptions( UserIdentity $user, int $queryFlags = IDBAccessObject::READ_NORMAL ): array { $userKey = $this->getCacheKey( $user ); $defaultOptions = $this->defaultOptionsLookup->getDefaultOptions( $user ); $cache = $this->cache[$userKey] ??= new UserOptionsCacheEntry; if ( $this->userNameUtils->isIP( $user->getName() ) \|\| $this->userNameUtils->isTemp( $user->getName() ) ) { // For unlogged-in users, load language/variant options from request. // There's no need to do it for logged-in users: they can set preferences, // and handling of page content is done by $pageLang->getPreferredVariant() and such, // so don't override user's choice (especially when the user chooses site default). $variant = $this->languageConverterFactory->getLanguageConverter()->getDefaultVariant(); $defaultOptions['variant'] = $variant; $defaultOptions['language'] = $variant; $cache->originalValues = $defaultOptions; return $defaultOptions; } // In case options were already loaded from the database before and no options // changes were saved to the database, we can use the cached original options. if ( $cache->canUseCachedValues( $queryFlags ) && $cache->originalValues !== null ) { return $cache->originalValues; } $options = $this->loadOptionsFromStore( $user, $queryFlags ) + $defaultOptions; // Replace deprecated language codes $options['language'] = LanguageCode::replaceDeprecatedCodes( $options['language'] ); $options['variant'] = LanguageCode::replaceDeprecatedCodes( $options['variant'] ); foreach ( LanguageConverter::$languagesWithVariants as $langCode ) { $variant = "variant-$langCode"; if ( isset( $options[$variant] ) ) { $options[$variant] = LanguageCode::replaceDeprecatedCodes( $options[$variant] ); } } // Fix up timezone offset (Due to DST it can change from what was stored in the DB) // ZoneInfo\|offset\|TimeZoneName if ( isset( $options['timecorrection'] ) ) { $options['timecorrection'] = ( new UserTimeCorrection( $options['timecorrection'], null, $this->serviceOptions->get( MainConfigNames::LocalTZoffset ) ) )->toString(); } // Need to store what we have so far before the hook to prevent // infinite recursion if the hook attempts to reload options $cache->originalValues = $options; $cache->recency = $queryFlags; $this->hookRunner->onLoadUserOptions( $user, $options ); $cache->originalValues = $options; return $options; } /* * Get a cache key for a user * @param UserIdentity $user * @return string / private function getCacheKey( UserIdentity $user ): string { $name = $user->getName(); if ( $this->userNameUtils->isIP( $name ) \|\| $this->userNameUtils->isTemp( $name ) ) { // IP and temporary users may not have custom preferences, so they can share a key return 'anon'; } elseif ( $user->isRegistered() ) { return "u:{$user->getId()}"; } else { // Allow users with no local account to have preferences provided by alternative // UserOptionsStore implementations (e.g. in GlobalPreferences) $canonical = $this->userNameUtils->getCanonical( $name ) ?: $name; return "a:$canonical"; } } /* * Determines whether two values are sufficiently similar that the database * does not need to be updated to reflect the change. This is basically the * same as comparing the result of Database::addQuotes(). * * @since 1.43 * * @param mixed $a * @param mixed $b * @return bool / public static function isValueEqual( $a, $b ) { // null is only equal to another null (T355086) if ( $a === null \|\| $b === null ) { return $a === $b; } if ( is_bool( $a ) ) { $a = (int)$a; } if ( is_bool( $b ) ) { $b = (int)$b; } return (string)$a === (string)$b; } /* * Get the storage backends in descending order of priority * * @return UserOptionsStore[] / private function getStores() { if ( !$this->stores ) { $stores = [ self::LOCAL_STORE_KEY => new LocalUserOptionsStore( $this->dbProvider ) ]; foreach ( $this->storeProviders as $name => $spec ) { $store = $this->objectFactory->createObject( $spec ); if ( !$store instanceof UserOptionsStore ) { throw new \RuntimeException( "Invalid type for extension store \"$name\"" ); } $stores[$name] = $store; } // Query global providers first, preserve keys $this->stores = array_reverse( $stores, true ); } return $this->stores; } } /* @deprecated class alias since 1.42 / class_alias( UserOptionsManager::class, 'MediaWiki\\User\\UserOptionsManager' ); PK��!��P�)��)��!��Options/LocalUserOptionsStore.phpnu��Iw��<?php namespace MediaWiki\User\Options; use MediaWiki\User\UserIdentity; use Wikimedia\Rdbms\DBAccessObjectUtils; use Wikimedia\Rdbms\IConnectionProvider; use Wikimedia\Rdbms\IDBAccessObject; class LocalUserOptionsStore implements UserOptionsStore { private IConnectionProvider $dbProvider; /* @var array[] Cached options for each user, by user ID / private $optionsFromDb; public function __construct( IConnectionProvider $dbProvider ) { $this->dbProvider = $dbProvider; } public function fetch( UserIdentity $user, int $recency ): array { // In core, only users with local accounts may have preferences if ( !$user->getId() ) { return []; } $dbr = DBAccessObjectUtils::getDBFromRecency( $this->dbProvider, $recency ); $res = $dbr->newSelectQueryBuilder() ->select( [ 'up_property', 'up_value' ] ) ->from( 'user_properties' ) ->where( [ 'up_user' => $user->getId() ] ) ->recency( $recency ) ->caller( __METHOD__ )->fetchResultSet(); $options = []; foreach ( $res as $row ) { $options[$row->up_property] = (string)$row->up_value; } $this->optionsFromDb[$user->getId()] = $options; return $options; } public function store( UserIdentity $user, array $updates ) { // In core, only users with local accounts may have preferences if ( !$user->getId() ) { return false; } $oldOptions = $this->optionsFromDb[ $user->getId() ] ?? $this->fetch( $user, IDBAccessObject::READ_LATEST ); $newOptions = $oldOptions; $keysToDelete = []; $rowsToInsert = []; foreach ( $updates as $key => $value ) { if ( !UserOptionsManager::isValueEqual( $value, $oldOptions[$key] ?? null ) ) { // Update by deleting and reinserting if ( array_key_exists( $key, $oldOptions ) ) { $keysToDelete[] = $key; unset( $newOptions[$key] ); } if ( $value !== null ) { $truncValue = mb_strcut( $value, 0, UserOptionsManager::MAX_BYTES_OPTION_VALUE ); $rowsToInsert[] = [ 'up_user' => $user->getId(), 'up_property' => $key, 'up_value' => $truncValue, ]; $newOptions[$key] = $truncValue; } } } if ( !count( $keysToDelete ) && !count( $rowsToInsert ) ) { // Nothing to do return false; } // Do the DELETE $dbw = $this->dbProvider->getPrimaryDatabase(); if ( $keysToDelete ) { $dbw->newDeleteQueryBuilder() ->deleteFrom( 'user_properties' ) ->where( [ 'up_user' => $user->getId() ] ) ->andWhere( [ 'up_property' => $keysToDelete ] ) ->caller( __METHOD__ )->execute(); } if ( $rowsToInsert ) { // Insert the new preference rows $dbw->newInsertQueryBuilder() ->insertInto( 'user_properties' ) ->ignore() ->rows( $rowsToInsert ) ->caller( __METHOD__ )->execute(); } // Update cache $this->optionsFromDb[$user->getId()] = $newOptions; return true; } } PK��!��^4��#��Options/StaticUserOptionsLookup.phpnu��Iw��<?php namespace MediaWiki\User\Options; use MediaWiki\User\UserIdentity; use Wikimedia\Rdbms\IDBAccessObject; /* * A UserOptionsLookup that's just an array. Useful for testing and creating staging environments. * Note that unlike UserOptionsManager, no attempt is made to canonicalize user names. * @since 1.36 / class StaticUserOptionsLookup extends UserOptionsLookup { /* @var array[] / private $userMap; /* @var mixed[] / private $defaults; /* * @param array[] $userMap User options, username => [ option name => value ] * @param mixed[] $defaults Defaults for each option, option name => value / public function __construct( array $userMap, array $defaults = [] ) { $this->userMap = $userMap; $this->defaults = $defaults; } /* @inheritDoc / public function getDefaultOptions( ?UserIdentity $userIdentity = null ): array { return $this->defaults; } /* @inheritDoc / public function getOption( UserIdentity $user, string $oname, $defaultOverride = null, bool $ignoreHidden = false, int $queryFlags = IDBAccessObject::READ_NORMAL ) { $userOptions = $this->getOptions( $user ); if ( array_key_exists( $oname, $userOptions ) ) { return $userOptions[$oname]; } else { return $defaultOverride; } } /* @inheritDoc / public function getOptions( UserIdentity $user, int $flags = 0, int $queryFlags = IDBAccessObject::READ_NORMAL ): array { $userOptions = []; if ( $user->isRegistered() ) { $userOptions = $this->userMap[$user->getName()] ?? []; } if ( !( $flags & self::EXCLUDE_DEFAULTS ) ) { $userOptions += $this->defaults; } return $userOptions; } } /* @deprecated class alias since 1.42 / class_alias( StaticUserOptionsLookup::class, 'MediaWiki\User\StaticUserOptionsLookup' ); PK��!�5ou�m��m��!��Options/UserOptionsCacheEntry.phpnu��Iw��<?php namespace MediaWiki\User\Options; use Wikimedia\Rdbms\IDBAccessObject; /* * @internal / class UserOptionsCacheEntry { /* * @var array<string,mixed> Values modified by setOption(), queued for update / public $modifiedValues = []; /* * @var array<string,string> The source name for each value in $originalValues / public $sources = []; /* * @var array<string,string> The value of the $global parameter to setOption() / public $globalUpdateActions = []; /* * @var array<string,string>\|null Cached original user options with all the * adjustments like time correction and hook changes applied. Ready to be * returned. Null if the original values have not been loaded / public $originalValues; /* @var int\|null Query flags used to retrieve options from database / public $recency; /* * Determine if it's OK to use cached options values for a given user and query flags * * @param int $recency * @return bool / public function canUseCachedValues( $recency ) { $recencyUsed = $this->recency ?? IDBAccessObject::READ_NONE; return $recencyUsed >= $recency; } } PK��!�"Gֵ��$��Options/Hook/LoadUserOptionsHook.phpnu��Iw��<?php namespace MediaWiki\User\Options\Hook; use MediaWiki\User\UserIdentity; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "LoadUserOptions" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface LoadUserOptionsHook { /* * This hook is called when user options/preferences are being loaded from the database. * * @since 1.37 * * @param UserIdentity $user * @param array &$options Options, can be modified. * @return void This hook must not abort, it must return no value / public function onLoadUserOptions( UserIdentity $user, array &$options ): void; } PK��!�.w�}a��a��$��Options/Hook/SaveUserOptionsHook.phpnu��Iw��<?php namespace MediaWiki\User\Options\Hook; use MediaWiki\User\UserIdentity; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "SaveUserOptions" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface SaveUserOptionsHook { /* * This hook is called just before saving user preferences. * * Hook handlers can either add or manipulate options, or reset one back to its default * to block changing it. Hook handlers are also allowed to abort the process by returning * false, e.g. to save to a global profile instead. Compare to the UserSaveSettings * hook, which is called after the preferences have been saved. * * @since 1.37 * * @param UserIdentity $user The user for which the options are going to be saved * @param array &$modifiedOptions The user's options as an associative array, modifiable. * To reset the preference value to default, set the preference to null. * To block the preference from changing, unset the key from the array. * To modify a preference value, set a new value. * @param array $originalOptions The user's original options being replaced * @return bool\|void True or no return value to continue or false to abort / public function onSaveUserOptions( UserIdentity $user, array &$modifiedOptions, array $originalOptions ); } PK��!��7��7��:��Options/Hook/ConditionalDefaultOptionsAddConditionHook.phpnu��Iw��<?php namespace MediaWiki\User\Options\Hook; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "ConditionalDefaultOptionsAddCondition" to register handlers implementing * this interface. It runs virtually on any request, although it should run once, performance of * the hook run should be taken in account. * * @stable to implement * @ingroup Hooks / interface ConditionalDefaultOptionsAddConditionHook { /* * This hook is called when ConditionalDefaultsLookup service is created. * Important: $extraConditions must be added and used in a property defined by the same extension. Using * a condition from a missing extension will result in fatal error. * See also Manual:$wgConditionalUserOptions. * * @since 1.43 * * @param array<string,callable> &$extraConditions An empty array to add checker functions to * evaluate conditions set in $wgConditionalUserOptions. The key is the name of the condition * and the value a callable which will take two arguments: * - UserIdentity $user: the user which option is being evaluated * - array $args: the rest of arguments in the relevant condition configuration * @return void This hook must not abort, it must return no value / public function onConditionalDefaultOptionsAddCondition( array &$extraConditions ): void; } PK��!�}+ �,��,�� Options/DefaultOptionsLookup.phpnu��Iw��<?php /* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User\Options; use MediaWiki\Config\ServiceOptions; use MediaWiki\HookContainer\HookContainer; use MediaWiki\HookContainer\HookRunner; use MediaWiki\Language\LanguageCode; use MediaWiki\Language\LanguageConverter; use MediaWiki\MainConfigNames; use MediaWiki\Title\NamespaceInfo; use MediaWiki\User\UserIdentity; use Skin; use Wikimedia\Assert\Assert; use Wikimedia\Rdbms\IDBAccessObject; /* * A service class to control default user options * @since 1.35 / class DefaultOptionsLookup extends UserOptionsLookup { /* * @internal For use by ServiceWiring / public const CONSTRUCTOR_OPTIONS = [ MainConfigNames::DefaultSkin, MainConfigNames::DefaultUserOptions, MainConfigNames::NamespacesToBeSearchedDefault ]; private ServiceOptions $serviceOptions; private LanguageCode $contentLang; private NamespaceInfo $nsInfo; private ConditionalDefaultsLookup $conditionalDefaultsLookup; /* @var array\|null Cached default options / private $defaultOptions = null; private HookRunner $hookRunner; /* * @param ServiceOptions $options * @param LanguageCode $contentLang * @param HookContainer $hookContainer * @param NamespaceInfo $nsInfo * @param ConditionalDefaultsLookup $conditionalUserOptionsDefaultsLookup / public function __construct( ServiceOptions $options, LanguageCode $contentLang, HookContainer $hookContainer, NamespaceInfo $nsInfo, ConditionalDefaultsLookup $conditionalUserOptionsDefaultsLookup ) { $options->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS ); $this->serviceOptions = $options; $this->contentLang = $contentLang; $this->hookRunner = new HookRunner( $hookContainer ); $this->nsInfo = $nsInfo; $this->conditionalDefaultsLookup = $conditionalUserOptionsDefaultsLookup; } /* * Get default user options from $wgDefaultUserOptions (ignoring any conditional defaults) * * @return array / private function getGenericDefaultOptions(): array { if ( $this->defaultOptions !== null ) { return $this->defaultOptions; } $this->defaultOptions = $this->serviceOptions->get( MainConfigNames::DefaultUserOptions ); // Default language setting // NOTE: don't use the content language code since the static default variant would // NOT always be the same as the content language code. $contentLangCode = $this->contentLang->toString(); $LangsWithStaticDefaultVariant = LanguageConverter::$languagesWithStaticDefaultVariant; $staticDefaultVariant = $LangsWithStaticDefaultVariant[$contentLangCode] ?? $contentLangCode; $this->defaultOptions['language'] = $contentLangCode; $this->defaultOptions['variant'] = $staticDefaultVariant; foreach ( LanguageConverter::$languagesWithVariants as $langCode ) { $staticDefaultVariant = $LangsWithStaticDefaultVariant[$langCode] ?? $langCode; $this->defaultOptions["variant-$langCode"] = $staticDefaultVariant; } // NOTE: don't use SearchEngineConfig::getSearchableNamespaces here, // since extensions may change the set of searchable namespaces depending // on user groups/permissions. $nsSearchDefault = $this->serviceOptions->get( MainConfigNames::NamespacesToBeSearchedDefault ); foreach ( $this->nsInfo->getValidNamespaces() as $n ) { $this->defaultOptions['searchNs' . $n] = ( $nsSearchDefault[$n] ?? false ) ? 1 : 0; } $this->defaultOptions['skin'] = Skin::normalizeKey( $this->serviceOptions->get( MainConfigNames::DefaultSkin ) ); $this->hookRunner->onUserGetDefaultOptions( $this->defaultOptions ); return $this->defaultOptions; } /* * @inheritDoc / public function getDefaultOptions( ?UserIdentity $userIdentity = null ): array { $defaultOptions = $this->getGenericDefaultOptions(); // If requested, process any conditional defaults if ( $userIdentity ) { $conditionallyDefaultOptions = $this->conditionalDefaultsLookup->getConditionallyDefaultOptions(); foreach ( $conditionallyDefaultOptions as $optionName ) { $conditionalDefault = $this->conditionalDefaultsLookup->getOptionDefaultForUser( $optionName, $userIdentity ); if ( $conditionalDefault !== null ) { $defaultOptions[$optionName] = $conditionalDefault; } } } return $defaultOptions; } /* * @inheritDoc / public function getOption( UserIdentity $user, string $oname, $defaultOverride = null, bool $ignoreHidden = false, int $queryFlags = IDBAccessObject::READ_NORMAL ) { $this->verifyUsable( $user, __METHOD__ ); return $this->getDefaultOption( $oname ) ?? $defaultOverride; } /* * @inheritDoc / public function getOptions( UserIdentity $user, int $flags = 0, int $queryFlags = IDBAccessObject::READ_NORMAL ): array { $this->verifyUsable( $user, __METHOD__ ); if ( $flags & self::EXCLUDE_DEFAULTS ) { return []; } return $this->getDefaultOptions(); } /* * Checks if the DefaultOptionsLookup is usable as an instance of UserOptionsLookup. * * It only makes sense in an installer context when UserOptionsManager cannot be yet instantiated * as the database is not available. Thus, this can only be called for an anon user, * calling under different circumstances indicates a bug, or that a system user is being used. * * The only exception to this is database-less PHPUnit tests, where sometimes fake registered users are * used and end up being passed to this class. This should not be considered a bug, and using the default * preferences in this scenario is probably the intended behaviour. * * @param UserIdentity $user * @param string $fname / private function verifyUsable( UserIdentity $user, string $fname ) { if ( defined( 'MEDIAWIKI_INSTALL' ) ) { return; } Assert::precondition( !$user->isRegistered(), "$fname called on a registered user" ); } } /* @deprecated class alias since 1.42 / class_alias( DefaultOptionsLookup::class, 'MediaWiki\\User\\DefaultOptionsLookup' ); PK��!�pUE�P��P��Options/UserOptionsStore.phpnu��Iw��<?php namespace MediaWiki\User\Options; use MediaWiki\User\UserIdentity; /* * @since 1.43 * @stable to implement / interface UserOptionsStore { /* * Fetch all options for a given user from the store. * * Note that OptionsStore does not handle fallback to default. Options are * either present or absent. * * @param UserIdentity $user A user with a non-zero ID * @param int $recency a bit field composed of READ_XXX flags * @return array<string,string> / public function fetch( UserIdentity $user, int $recency ); /* * Process a batch of option updates. * * The store may assume that fetch() was previously called with a recency * sufficient to provide reference values for a differential update. It is * the caller's responsibility to manage recency. * * Note that OptionsStore does not have a concept of defaults. The store is * not required to check whether the value matches the default. * * @param UserIdentity $user A user with a non-zero ID * @param array<string,string\|null> $updates A map of option names to new * values. If the value is null, the key should be deleted from the store * and subsequently not returned from fetch(). Absent keys should be left * unchanged. * @return bool Whether any change was made / public function store( UserIdentity $user, array $updates ); } PK��!�\|��%��Options/ConditionalDefaultsLookup.phpnu��Iw��<?php namespace MediaWiki\User\Options; use InvalidArgumentException; use MediaWiki\Config\ServiceOptions; use MediaWiki\MainConfigNames; use MediaWiki\User\Registration\UserRegistrationLookup; use MediaWiki\User\UserGroupManager; use MediaWiki\User\UserIdentity; use MediaWiki\User\UserIdentityUtils; use Wikimedia\Timestamp\ConvertibleTimestamp; class ConditionalDefaultsLookup { /* * @internal Exposed for ServiceWiring only / public const CONSTRUCTOR_OPTIONS = [ MainConfigNames::ConditionalUserOptions, ]; private ServiceOptions $options; private UserRegistrationLookup $userRegistrationLookup; private UserIdentityUtils $userIdentityUtils; /* * UserGroupManager must be provided as a callback function to avoid circular dependency * @var callable / private $userGroupManagerCallback; private array $extraConditions; public function __construct( ServiceOptions $options, UserRegistrationLookup $userRegistrationLookup, UserIdentityUtils $userIdentityUtils, callable $userGroupManagerCallback, array $extraConditions = [] ) { $options->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS ); $this->options = $options; $this->userRegistrationLookup = $userRegistrationLookup; $this->userIdentityUtils = $userIdentityUtils; $this->userGroupManagerCallback = $userGroupManagerCallback; $this->extraConditions = $extraConditions; } /* * Does the option support conditional defaults? * * @param string $option * @return bool / public function hasConditionalDefault( string $option ): bool { return array_key_exists( $option, $this->options->get( MainConfigNames::ConditionalUserOptions ) ); } /* * Get all conditionally default user options * * @return string[] / public function getConditionallyDefaultOptions(): array { return array_keys( $this->options->get( MainConfigNames::ConditionalUserOptions ) ); } /* * Get the conditional default for user and option * * @param string $optionName * @param UserIdentity $userIdentity * @return mixed\|null The default value if set, or null if it cannot be determined * conditionally (default from DefaultOptionsLookup should be used in that case). / public function getOptionDefaultForUser( string $optionName, UserIdentity $userIdentity ) { $conditionalDefaults = $this->options ->get( MainConfigNames::ConditionalUserOptions )[$optionName] ?? []; foreach ( $conditionalDefaults as $conditionalDefault ) { // At the zeroth index of the conditional case, the intended value is found; the rest // of the array are conditions, which are evaluated in checkConditionsForUser(). $value = array_shift( $conditionalDefault ); if ( $this->checkConditionsForUser( $userIdentity, $conditionalDefault ) ) { return $value; } } return null; } /* * Are ALL conditions satisfied for the given user? * * @param UserIdentity $userIdentity * @param array $conditions * @return bool / private function checkConditionsForUser( UserIdentity $userIdentity, array $conditions ): bool { foreach ( $conditions as $condition ) { if ( !$this->checkConditionForUser( $userIdentity, $condition ) ) { return false; } } return true; } /* * Is ONE condition satisfied for the given user? * * @param UserIdentity $userIdentity * @param array\|int $cond Either [ CUDCOND_, args ] or CUDCOND_, depending on whether the * condition has any arguments. * @return bool / private function checkConditionForUser( UserIdentity $userIdentity, $cond ): bool { if ( !is_array( $cond ) ) { $cond = [ $cond ]; } if ( $cond === [] ) { throw new InvalidArgumentException( 'Empty condition' ); } $condName = array_shift( $cond ); switch ( $condName ) { case CUDCOND_AFTER: $registration = $this->userRegistrationLookup->getRegistration( $userIdentity ); if ( $registration === null \|\| $registration === false ) { return false; } return ( (int)ConvertibleTimestamp::convert( TS_UNIX, $registration ) - (int)ConvertibleTimestamp::convert( TS_UNIX, $cond[0] ) ) > 0; case CUDCOND_ANON: return !$userIdentity->isRegistered(); case CUDCOND_NAMED: return $this->userIdentityUtils->isNamed( $userIdentity ); case CUDCOND_USERGROUP: $userGroupManagerCallback = $this->userGroupManagerCallback; /* @var UserGroupManager / $userGroupManager = $userGroupManagerCallback(); return in_array( $cond[0], $userGroupManager->getUserEffectiveGroups( $userIdentity ) ); default: if ( array_key_exists( $condName, $this->extraConditions ) ) { return call_user_func( $this->extraConditions[$condName], $userIdentity, $cond ); } throw new InvalidArgumentException( 'Unsupported condition ' . $condName ); } } } PK��!��R��UserSelectQueryBuilder.phpnu��Iw��<?php /* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User; use Iterator; use MediaWiki\Block\HideUserUtils; use MediaWiki\User\TempUser\TempUserConfig; use Wikimedia\Assert\Assert; use Wikimedia\Assert\PreconditionException; use Wikimedia\Rdbms\IExpression; use Wikimedia\Rdbms\IReadableDatabase; use Wikimedia\Rdbms\LikeValue; use Wikimedia\Rdbms\SelectQueryBuilder; class UserSelectQueryBuilder extends SelectQueryBuilder { /* @var ActorStore / private $actorStore; private TempUserConfig $tempUserConfig; private HideUserUtils $hideUserUtils; private bool $userJoined = false; /* * @internal * @param IReadableDatabase $db * @param ActorStore $actorStore * @param TempUserConfig $tempUserConfig / public function __construct( IReadableDatabase $db, ActorStore $actorStore, TempUserConfig $tempUserConfig, HideUserUtils $hideUserUtils ) { parent::__construct( $db ); $this->actorStore = $actorStore; $this->tempUserConfig = $tempUserConfig; $this->hideUserUtils = $hideUserUtils; $this->table( 'actor' ); } /* * Find by provided user ids. * * @param int\|int[] $userIds * @return UserSelectQueryBuilder / public function whereUserIds( $userIds ): self { Assert::parameterType( [ 'integer', 'array' ], $userIds, '$userIds' ); $this->conds( [ 'actor_user' => $userIds ] ); return $this; } /* * Find by provided user ids. * @deprecated since 1.37, use whereUserIds instead * @param int\|int[] $userIds * @return UserSelectQueryBuilder / public function userIds( $userIds ): self { return $this->whereUserIds( $userIds ); } /* * Find by provided user names. * * @param string\|string[] $userNames * @return UserSelectQueryBuilder / public function whereUserNames( $userNames ): self { Assert::parameterType( [ 'string', 'array' ], $userNames, '$userIds' ); $userNames = array_map( function ( $name ) { return $this->actorStore->normalizeUserName( (string)$name ); }, (array)$userNames ); $this->conds( [ 'actor_name' => $userNames ] ); return $this; } /* * Find by provided user names. * @deprecated since 1.37, use whereUserNames instead * @param string\|string[] $userNames * @return UserSelectQueryBuilder / public function userNames( $userNames ): self { return $this->whereUserNames( $userNames ); } /* * Find users with names starting from the provided prefix. * * @note this could produce a huge number of results, like User00000 ... User99999, * so you must set a limit when using this condition. * * @param string $prefix * @return UserSelectQueryBuilder / public function whereUserNamePrefix( string $prefix ): self { if ( !isset( $this->options['LIMIT'] ) ) { throw new PreconditionException( 'Must set a limit when using a user name prefix' ); } $this->conds( $this->db->expr( 'actor_name', IExpression::LIKE, new LikeValue( $prefix, $this->db->anyString() ) ) ); return $this; } /* * Find users with names starting from the provided prefix. * * @note this could produce a huge number of results, like User00000 ... User99999, * so you must set a limit when using this condition. * @deprecated since 1.37 use whereUserNamePrefix instead * @param string $prefix * @return UserSelectQueryBuilder / public function userNamePrefix( string $prefix ): self { return $this->whereUserNamePrefix( $prefix ); } /* * Find registered users who registered * * @param string $timestamp * @param bool $direction Direction flag (if true, user_registration must be before $timestamp) * @since 1.42 * @return UserSelectQueryBuilder / public function whereRegisteredTimestamp( string $timestamp, bool $direction ): self { if ( !$this->userJoined ) { $this->join( 'user', null, [ "actor_user=user_id" ] ); $this->userJoined = true; } $this->conds( $this->db->expr( 'user_registration', ( $direction ? '<' : '>' ), $this->db->timestamp( $timestamp ) ) ); return $this; } /* * Order results by name in $direction * * @param string $dir one of self::SORT_ASC or self::SORT_DESC * @return UserSelectQueryBuilder / public function orderByName( string $dir = self::SORT_ASC ): self { $this->orderBy( 'actor_name', $dir ); return $this; } /* * Order results by user id. * * @param string $dir one of self::SORT_ASC or self::SORT_DESC * @return UserSelectQueryBuilder / public function orderByUserId( string $dir = self::SORT_ASC ): self { $this->orderBy( 'actor_user', $dir ); return $this; } /* * Only return registered users. * * @return UserSelectQueryBuilder / public function registered(): self { $this->conds( $this->db->expr( 'actor_user', '!=', null ) ); return $this; } /* * Only return anonymous users. * * @return UserSelectQueryBuilder / public function anon(): self { $this->conds( [ 'actor_user' => null ] ); return $this; } /* * Only return named users. * * @return UserSelectQueryBuilder / public function named(): self { if ( !$this->tempUserConfig->isKnown() ) { // nothing to do: getMatchCondition throws if temp accounts aren't known return $this; } $this->conds( $this->tempUserConfig->getMatchCondition( $this->db, 'actor_name', IExpression::NOT_LIKE ) ); return $this; } /* * Only return temp users * * @return UserSelectQueryBuilder / public function temp(): self { if ( !$this->tempUserConfig->isKnown() ) { $this->conds( '1=0' ); return $this; } $this->conds( $this->tempUserConfig->getMatchCondition( $this->db, 'actor_name', IExpression::LIKE ) ); return $this; } /* * Filter based on user hidden status * * @since 1.38 * @param bool $hidden True - only hidden users, false - no hidden users * @return $this / public function hidden( bool $hidden ): self { $this->conds( $this->hideUserUtils->getExpression( $this->db, 'actor_user', $hidden ? HideUserUtils::HIDDEN_USERS : HideUserUtils::SHOWN_USERS ) ); return $this; } /* * Fetch a single UserIdentity that matches specified criteria. * * @return UserIdentity\|null / public function fetchUserIdentity(): ?UserIdentity { $this->fields( [ 'actor_id', 'actor_name', 'actor_user' ] ); $row = $this->fetchRow(); if ( !$row ) { return null; } return $this->actorStore->newActorFromRow( $row ); } /* * Fetch UserIdentities for the specified query. * * @return Iterator<UserIdentity> / public function fetchUserIdentities(): Iterator { $this->fields( [ 'actor_id', 'actor_name', 'actor_user' ] ); $result = $this->fetchResultSet(); foreach ( $result as $row ) { yield $this->actorStore->newActorFromRow( $row ); } $result->free(); } /* * Returns an array of user names matching the query. * * @return string[] / public function fetchUserNames(): array { $this->field( 'actor_name' ); return $this->fetchFieldValues(); } } PK��!�ɘ�<��<��#��UserNamePrefixSearch_deprecated.phpnu��Iw��<?php /* * Prefix search of user names. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / use MediaWiki\MediaWikiServices; use MediaWiki\User\User; // phpcs:disable MediaWiki.Files.ClassMatchesFilename.NotMatch /* * Handles searching prefixes of user names * * @note There are two classes called UserNamePrefixSearch. You should use the first one, in * namespace MediaWiki\User, which is a service. \UserNamePrefixSearch is a deprecated static wrapper * that forwards to the global service. * * @deprecated since 1.36, use the MediaWiki\User\UserNamePrefixSearch service; hard deprecated * since 1.41 * * @since 1.27 / class UserNamePrefixSearch { /* * Do a prefix search of user names and return a list of matching user names. * * @deprecated since 1.36, use the MediaWiki\User\UserNamePrefixSearch service instead; hard * deprecated since 1.41 * * @param string\|User $audience The string 'public' or a user object to show the search for * @param string $search * @param int $limit * @param int $offset How many results to offset from the beginning * @return string[] / public static function search( $audience, $search, $limit, $offset = 0 ) { wfDeprecated( __METHOD__, '1.36' ); return MediaWikiServices::getInstance() ->getUserNamePrefixSearch() ->search( $audience, (string)$search, (int)$limit, (int)$offset ); } } PK��!��j\|�8��8��LoggedOutEditToken.phpnu��Iw��<?php /* * MediaWiki edit token * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file * @ingroup Session / namespace MediaWiki\User; use MediaWiki\Session\Token; /* * Value object representing a logged-out user's edit token * * This exists so that code generically dealing with MediaWiki\Session\Token * (i.e. the API) doesn't have to have so many special cases for anon edit * tokens. * * @newable * * @since 1.27 / class LoggedOutEditToken extends Token { /* * @stable to call / public function __construct() { parent::__construct( '', '', false ); } protected function toStringAtTimestamp( $timestamp ) { return self::SUFFIX; } public function match( $userToken, $maxAge = null ) { return $userToken === self::SUFFIX; } } /* @deprecated class alias since 1.41 / class_alias( LoggedOutEditToken::class, 'LoggedOutEditToken' ); PK��!�?�!t��ActorCache.phpnu��Iw��<?php /* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User; /* * Simple in-memory cache for UserIdentity objects indexed by user ID, * actor ID and user name. * * We cannot just use MapCacheLRU for this because of eviction semantics: * we need to be able to remove UserIdentity from the cache even if * user ID or user name has changed, so we track the most accessed VALUES * in the cache, not keys, and evict them alongside with all their indexes. * * @since 1.37 * @internal for use by ActorStore * @package MediaWiki\User / class ActorCache { /* @var string Key by actor ID / public const KEY_ACTOR_ID = 'actorId'; /* @var string Key by user ID / public const KEY_USER_ID = 'userId'; /* @var string Key by user name / public const KEY_USER_NAME = 'name'; private int $maxSize; /* * @var array[][] Contains 3 keys, KEY_ACTOR_ID, KEY_USER_ID, and KEY_USER_NAME, * each of which has a value of an array of arrays with actor ids and UserIdentity objects, * keyed with the corresponding actor id/user id/user name / private $cache = [ self::KEY_ACTOR_ID => [], self::KEY_USER_NAME => [], self::KEY_USER_ID => [] ]; /* * @param int $maxSize hold up to this many UserIdentity values / public function __construct( int $maxSize ) { $this->maxSize = $maxSize; } /* * Get user identity which has $keyType equal to $keyValue * @param string $keyType one of self::KEY_* constants. * @param string\|int $keyValue * @return UserIdentity\|null / public function getActor( string $keyType, $keyValue ): ?UserIdentity { return $this->getCachedValue( $keyType, $keyValue )['actor'] ?? null; } /* * Get actor ID of the user which has $keyType equal to $keyValue. * @param string $keyType one of self::KEY_* constants. * @param string\|int $keyValue * @return int\|null / public function getActorId( string $keyType, $keyValue ): ?int { return $this->getCachedValue( $keyType, $keyValue )['actorId'] ?? null; } /* * Add $actor with $actorId to the cache. * @param int $actorId * @param UserIdentity $actor / public function add( int $actorId, UserIdentity $actor ) { while ( count( $this->cache[self::KEY_ACTOR_ID] ) >= $this->maxSize ) { $evictId = array_key_first( $this->cache[self::KEY_ACTOR_ID] ); $this->remove( $this->cache[self::KEY_ACTOR_ID][$evictId]['actor'] ); } $value = [ 'actorId' => $actorId, 'actor' => $actor ]; $this->cache[self::KEY_ACTOR_ID][$actorId] = $value; $userId = $actor->getId( $actor->getWikiId() ); if ( $userId ) { $this->cache[self::KEY_USER_ID][$userId] = $value; } $this->cache[self::KEY_USER_NAME][$actor->getName()] = $value; } /* * Remove $actor from cache. * @param UserIdentity $actor / public function remove( UserIdentity $actor ) { $oldByName = $this->cache[self::KEY_USER_NAME][$actor->getName()] ?? null; $oldByUserId = $this->cache[self::KEY_USER_ID][$actor->getId( $actor->getWikiId() )] ?? null; if ( $oldByName ) { unset( $this->cache[self::KEY_USER_ID][$oldByName['actor']->getId( $oldByName['actor']->getWikiId() )] ); unset( $this->cache[self::KEY_ACTOR_ID][$oldByName['actorId']] ); } if ( $oldByUserId ) { unset( $this->cache[self::KEY_USER_NAME][$oldByUserId['actor']->getName()] ); unset( $this->cache[self::KEY_ACTOR_ID][$oldByUserId['actorId']] ); } unset( $this->cache[self::KEY_USER_NAME][$actor->getName()] ); unset( $this->cache[self::KEY_USER_ID][$actor->getId( $actor->getWikiId() )] ); } /* * Remove everything from the cache. * @internal / public function clear() { $this->cache = [ self::KEY_ACTOR_ID => [], self::KEY_USER_NAME => [], self::KEY_USER_ID => [] ]; } /* * @param string $keyType one of self::KEY_* constants. * @param string\|int $keyValue * @return array\|null [ 'actor' => UserIdentity, 'actorId' => int ] / private function getCachedValue( string $keyType, $keyValue ): ?array { if ( isset( $this->cache[$keyType][$keyValue] ) ) { $cached = $this->cache[$keyType][$keyValue]; $actorId = $cached['actorId']; // Record the actor with $actorId was recently used. $item = $this->cache[self::KEY_ACTOR_ID][$actorId]; unset( $this->cache[self::KEY_ACTOR_ID][$actorId] ); $this->cache[self::KEY_ACTOR_ID][$actorId] = $item; return $cached; } return null; } } PK��!��kj�� UserTimeCorrection.phpnu��Iw��<?php /* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file * @author Derk-Jan Hartman <hartman.wiki@gmail.com> / namespace MediaWiki\User; use DateInterval; use DateTime; use DateTimeZone; use Exception; use MediaWiki\Utils\MWTimestamp; use Stringable; use Wikimedia\RequestTimeout\TimeoutException; /* * Utility class to parse the TimeCorrection string value. * * These values are used to specify the time offset for a user and are stored in * the database as a user preference and returned by the preferences APIs * * The class will correct invalid input and adjusts timezone offsets to applicable dates, * taking into account DST etc. * * @since 1.37 / class UserTimeCorrection implements Stringable { /* * @var string (default) Time correction based on the MediaWiki's system offset from UTC. * The System offset can be configured with wgLocalTimezone and/or wgLocalTZoffset / public const SYSTEM = 'System'; /* @var string Time correction based on a user defined offset from UTC / public const OFFSET = 'Offset'; /* @var string Time correction based on a user defined timezone / public const ZONEINFO = 'ZoneInfo'; /* @var DateTime / private $date; /* @var bool / private $valid; /* @var string / private $correctionType; /* @var int Offset in minutes / private $offset; /* @var DateTimeZone\|null / private $timeZone; /* * @param string $timeCorrection Original time correction string * @param DateTime\|null $relativeToDate The date used to calculate the time zone offset of. * This defaults to the current date and time. * @param int $systemOffset Offset for self::SYSTEM in minutes / public function __construct( string $timeCorrection, ?DateTime $relativeToDate = null, int $systemOffset = 0 ) { $this->date = $relativeToDate ?? new DateTime( '@' . MWTimestamp::time() ); $this->valid = false; $this->parse( $timeCorrection, $systemOffset ); } /* * Get time offset for a user * * @return string Offset that was applied to the user / public function getCorrectionType(): string { return $this->correctionType; } /* * Get corresponding time offset for this correction * Note: When correcting dates/times, apply only the offset OR the time zone, not both. * @return int Offset in minutes / public function getTimeOffset(): int { return $this->offset; } /* * Get corresponding time offset for this correction * Note: When correcting dates/times, apply only the offset OR the time zone, not both. * @return DateInterval Offset in minutes as a DateInterval / public function getTimeOffsetInterval(): DateInterval { $offset = abs( $this->offset ); $interval = new DateInterval( "PT{$offset}M" ); if ( $this->offset < 1 ) { $interval->invert = 1; } return $interval; } /* * The time zone if known * Note: When correcting dates/times, apply only the offset OR the time zone, not both. * @return DateTimeZone\|null / public function getTimeZone(): ?DateTimeZone { return $this->timeZone; } /* * Was the original correction specification valid * @return bool / public function isValid(): bool { return $this->valid; } /* * Parse the timecorrection string as stored in the database for a user * or as entered into the Preferences form field * * There can be two forms of these strings: * 1. A pipe separated tuple of a maximum of 3 fields * - Field 1 is the type of offset definition * - Field 2 is the offset in minutes from UTC (ignored for System type) * FIXME Since it's ignored, remove the offset from System everywhere. * - Field 3 is a timezone identifier from the tz database (only required for ZoneInfo type) * - The offset for a ZoneInfo type is unreliable because of DST. * After retrieving it from the database, it should be recalculated based on the TZ identifier. * Examples: * - System * - System\|60 * - Offset\|60 * - ZoneInfo\|60\|Europe/Amsterdam * * 2. The following form provides an offset in hours and minutes * This currently should only be used by the preferences input field, * but historically they were present in the database. * TODO: write a maintenance script to migrate these old db values * Examples: * - 16:00 * - 10 * * @param string $timeCorrection * @param int $systemOffset / private function parse( string $timeCorrection, int $systemOffset ) { $data = explode( '\|', $timeCorrection, 3 ); // First handle the case of an actual timezone being specified. if ( $data[0] === self::ZONEINFO ) { try { $this->correctionType = self::ZONEINFO; $this->timeZone = new DateTimeZone( $data[2] ); $this->offset = (int)floor( $this->timeZone->getOffset( $this->date ) / 60 ); $this->valid = true; return; } catch ( TimeoutException $e ) { throw $e; } catch ( Exception $e ) { // Not a valid/known timezone. // Fall back to any specified offset } } // If $timeCorrection is in fact a pipe-separated value, check the // first value. switch ( $data[0] ) { case self::OFFSET: case self::ZONEINFO: $this->correctionType = self::OFFSET; // First value is Offset, so use the specified offset $this->offset = (int)( $data[1] ?? 0 ); // If this is ZoneInfo, then we didn't recognize the TimeZone $this->valid = isset( $data[1] ) && $data[0] === self::OFFSET; break; case self::SYSTEM: $this->correctionType = self::SYSTEM; $this->offset = $systemOffset; $this->valid = true; break; default: // $timeCorrection actually isn't a pipe separated value, but instead // a colon separated value. This is only used by the HTMLTimezoneField userinput // but can also still be present in the Db. (but shouldn't be) $this->correctionType = self::OFFSET; $data = explode( ':', $timeCorrection, 2 ); if ( count( $data ) >= 2 ) { // Combination hours and minutes. $this->offset = abs( (int)$data[0] ) 60 + (int)$data[1]; if ( (int)$data[0] < 0 ) { $this->offset = -1; } $this->valid = true; } elseif ( preg_match( '/^[+-]?\d+$/', $data[0] ) ) { // Just hours. $this->offset = (int)$data[0] 60; $this->valid = true; } else { // We really don't know this. Fallback to System $this->correctionType = self::SYSTEM; $this->offset = $systemOffset; return; } break; } // Max is +14:00 and min is -12:00, see: // https://en.wikipedia.org/wiki/Timezone if ( $this->offset < -12 * 60 \|\| $this->offset > 14 * 60 ) { $this->valid = false; } // 14:00 $this->offset = min( $this->offset, 14 * 60 ); // -12:00 $this->offset = max( $this->offset, -12 * 60 ); } /** * Converts a timezone offset in minutes (e.g., "120") to an hh:mm string like "+02:00". * @param int $offset * @return string / public static function formatTimezoneOffset( int $offset ): string { $hours = $offset > 0 ? floor( $offset / 60 ) : ceil( $offset / 60 ); return sprintf( '%+03d:%02d', $hours, abs( $offset ) % 60 ); } /* * Note: The string value of this object might not be equal to the original value * @return string a timecorrection string representing this value / public function toString(): string { switch ( $this->correctionType ) { case self::ZONEINFO: if ( $this->timeZone ) { return "ZoneInfo\|{$this->offset}\|{$this->timeZone->getName()}"; } // If not, fallback: case self::SYSTEM: case self::OFFSET: default: return "{$this->correctionType}\|{$this->offset}"; } } public function __toString() { return $this->toString(); } } PK��!�7s�7�.��.��BotPasswordStore.phpnu��Iw��<?php /* * BotPassword interaction with databases * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User; use MediaWiki\Config\ServiceOptions; use MediaWiki\Json\FormatJson; use MediaWiki\MainConfigNames; use MediaWiki\Password\Password; use MediaWiki\Password\PasswordFactory; use MediaWiki\User\CentralId\CentralIdLookup; use MWCryptRand; use MWRestrictions; use StatusValue; use Wikimedia\Rdbms\IConnectionProvider; use Wikimedia\Rdbms\IDatabase; use Wikimedia\Rdbms\IDBAccessObject; use Wikimedia\Rdbms\IReadableDatabase; /* * @author DannyS712 * @since 1.37 / class BotPasswordStore { /* * @internal For use by ServiceWiring / public const CONSTRUCTOR_OPTIONS = [ MainConfigNames::EnableBotPasswords, ]; private ServiceOptions $options; private IConnectionProvider $dbProvider; private CentralIdLookup $centralIdLookup; /* * @param ServiceOptions $options * @param CentralIdLookup $centralIdLookup * @param IConnectionProvider $dbProvider / public function __construct( ServiceOptions $options, CentralIdLookup $centralIdLookup, IConnectionProvider $dbProvider ) { $options->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS ); $this->options = $options; $this->centralIdLookup = $centralIdLookup; $this->dbProvider = $dbProvider; } /* * Get a database connection for the bot passwords database * @return IReadableDatabase * @internal / public function getReplicaDatabase(): IReadableDatabase { return $this->dbProvider->getReplicaDatabase( 'virtual-botpasswords' ); } /* * Get a database connection for the bot passwords database * @return IDatabase * @internal / public function getPrimaryDatabase(): IDatabase { return $this->dbProvider->getPrimaryDatabase( 'virtual-botpasswords' ); } /* * Load a BotPassword from the database based on a UserIdentity object * @param UserIdentity $userIdentity * @param string $appId * @param int $flags IDBAccessObject read flags * @return BotPassword\|null / public function getByUser( UserIdentity $userIdentity, string $appId, int $flags = IDBAccessObject::READ_NORMAL ): ?BotPassword { if ( !$this->options->get( MainConfigNames::EnableBotPasswords ) ) { return null; } $centralId = $this->centralIdLookup->centralIdFromLocalUser( $userIdentity, CentralIdLookup::AUDIENCE_RAW, $flags ); return $centralId ? $this->getByCentralId( $centralId, $appId, $flags ) : null; } /* * Load a BotPassword from the database * @param int $centralId from CentralIdLookup * @param string $appId * @param int $flags IDBAccessObject read flags * @return BotPassword\|null / public function getByCentralId( int $centralId, string $appId, int $flags = IDBAccessObject::READ_NORMAL ): ?BotPassword { if ( !$this->options->get( MainConfigNames::EnableBotPasswords ) ) { return null; } if ( ( $flags & IDBAccessObject::READ_LATEST ) == IDBAccessObject::READ_LATEST ) { $db = $this->dbProvider->getPrimaryDatabase( 'virtual-botpasswords' ); } else { $db = $this->dbProvider->getReplicaDatabase( 'virtual-botpasswords' ); } $row = $db->newSelectQueryBuilder() ->select( [ 'bp_user', 'bp_app_id', 'bp_token', 'bp_restrictions', 'bp_grants' ] ) ->from( 'bot_passwords' ) ->where( [ 'bp_user' => $centralId, 'bp_app_id' => $appId ] ) ->recency( $flags ) ->caller( __METHOD__ )->fetchRow(); return $row ? new BotPassword( $row, true, $flags ) : null; } /* * Create an unsaved BotPassword * @param array $data Data to use to create the bot password. Keys are: * - user: (UserIdentity) UserIdentity to create the password for. Overrides username and centralId. * - username: (string) Username to create the password for. Overrides centralId. * - centralId: (int) User central ID to create the password for. * - appId: (string, required) App ID for the password. * - restrictions: (MWRestrictions, optional) Restrictions. * - grants: (string[], optional) Grants. * @param int $flags IDBAccessObject read flags * @return BotPassword\|null / public function newUnsavedBotPassword( array $data, int $flags = IDBAccessObject::READ_NORMAL ): ?BotPassword { if ( isset( $data['user'] ) && ( !$data['user'] instanceof UserIdentity ) ) { return null; } $row = (object)[ 'bp_user' => 0, 'bp_app_id' => trim( $data['appId'] ?? '' ), 'bp_token' => 'unsaved', 'bp_restrictions' => $data['restrictions'] ?? MWRestrictions::newDefault(), 'bp_grants' => $data['grants'] ?? [], ]; if ( $row->bp_app_id === '' \|\| strlen( $row->bp_app_id ) > BotPassword::APPID_MAXLENGTH \|\| !$row->bp_restrictions instanceof MWRestrictions \|\| !is_array( $row->bp_grants ) ) { return null; } $row->bp_restrictions = $row->bp_restrictions->toJson(); $row->bp_grants = FormatJson::encode( $row->bp_grants ); if ( isset( $data['user'] ) ) { // Must be a UserIdentity object, already checked above $row->bp_user = $this->centralIdLookup->centralIdFromLocalUser( $data['user'], CentralIdLookup::AUDIENCE_RAW, $flags ); } elseif ( isset( $data['username'] ) ) { $row->bp_user = $this->centralIdLookup->centralIdFromName( $data['username'], CentralIdLookup::AUDIENCE_RAW, $flags ); } elseif ( isset( $data['centralId'] ) ) { $row->bp_user = $data['centralId']; } if ( !$row->bp_user ) { return null; } return new BotPassword( $row, false, $flags ); } /* * Save the new BotPassword to the database * * @internal * * @param BotPassword $botPassword * @param Password\|null $password Use null for an invalid password * @return StatusValue if everything worked, the value of the StatusValue is the new token / public function insertBotPassword( BotPassword $botPassword, ?Password $password = null ): StatusValue { $res = $this->validateBotPassword( $botPassword ); if ( !$res->isGood() ) { return $res; } $password ??= PasswordFactory::newInvalidPassword(); $dbw = $this->getPrimaryDatabase(); $dbw->newInsertQueryBuilder() ->insertInto( 'bot_passwords' ) ->ignore() ->row( [ 'bp_user' => $botPassword->getUserCentralId(), 'bp_app_id' => $botPassword->getAppId(), 'bp_token' => MWCryptRand::generateHex( User::TOKEN_LENGTH ), 'bp_restrictions' => $botPassword->getRestrictions()->toJson(), 'bp_grants' => FormatJson::encode( $botPassword->getGrants() ), 'bp_password' => $password->toString(), ] ) ->caller( __METHOD__ )->execute(); $ok = (bool)$dbw->affectedRows(); if ( $ok ) { $token = $dbw->newSelectQueryBuilder() ->select( 'bp_token' ) ->from( 'bot_passwords' ) ->where( [ 'bp_user' => $botPassword->getUserCentralId(), 'bp_app_id' => $botPassword->getAppId(), ] ) ->caller( __METHOD__ )->fetchField(); return StatusValue::newGood( $token ); } return StatusValue::newFatal( 'botpasswords-insert-failed', $botPassword->getAppId() ); } /* * Update an existing BotPassword in the database * * @internal * * @param BotPassword $botPassword * @param Password\|null $password Use null for an invalid password * @return StatusValue if everything worked, the value of the StatusValue is the new token / public function updateBotPassword( BotPassword $botPassword, ?Password $password = null ): StatusValue { $res = $this->validateBotPassword( $botPassword ); if ( !$res->isGood() ) { return $res; } $conds = [ 'bp_user' => $botPassword->getUserCentralId(), 'bp_app_id' => $botPassword->getAppId(), ]; $fields = [ 'bp_token' => MWCryptRand::generateHex( User::TOKEN_LENGTH ), 'bp_restrictions' => $botPassword->getRestrictions()->toJson(), 'bp_grants' => FormatJson::encode( $botPassword->getGrants() ), ]; if ( $password !== null ) { $fields['bp_password'] = $password->toString(); } $dbw = $this->getPrimaryDatabase(); $dbw->newUpdateQueryBuilder() ->update( 'bot_passwords' ) ->set( $fields ) ->where( $conds ) ->caller( __METHOD__ )->execute(); $ok = (bool)$dbw->affectedRows(); if ( $ok ) { $token = $dbw->newSelectQueryBuilder() ->select( 'bp_token' ) ->from( 'bot_passwords' ) ->where( $conds ) ->caller( __METHOD__ )->fetchField(); return StatusValue::newGood( $token ); } return StatusValue::newFatal( 'botpasswords-update-failed', $botPassword->getAppId() ); } /* * Check if a BotPassword is valid to save in the database (either inserting a new * one or updating an existing one) based on the size of the restrictions and grants * * @param BotPassword $botPassword * @return StatusValue / private function validateBotPassword( BotPassword $botPassword ): StatusValue { $res = StatusValue::newGood(); $restrictions = $botPassword->getRestrictions()->toJson(); if ( strlen( $restrictions ) > BotPassword::RESTRICTIONS_MAXLENGTH ) { $res->fatal( 'botpasswords-toolong-restrictions' ); } $grants = FormatJson::encode( $botPassword->getGrants() ); if ( strlen( $grants ) > BotPassword::GRANTS_MAXLENGTH ) { $res->fatal( 'botpasswords-toolong-grants' ); } return $res; } /* * Delete an existing BotPassword in the database * * @param BotPassword $botPassword * @return bool / public function deleteBotPassword( BotPassword $botPassword ): bool { $dbw = $this->getPrimaryDatabase(); $dbw->newDeleteQueryBuilder() ->deleteFrom( 'bot_passwords' ) ->where( [ 'bp_user' => $botPassword->getUserCentralId() ] ) ->andWhere( [ 'bp_app_id' => $botPassword->getAppId() ] ) ->caller( __METHOD__ )->execute(); return (bool)$dbw->affectedRows(); } /* * Invalidate all passwords for a user, by name * @param string $username * @return bool Whether any passwords were invalidated / public function invalidateUserPasswords( string $username ): bool { if ( !$this->options->get( MainConfigNames::EnableBotPasswords ) ) { return false; } $centralId = $this->centralIdLookup->centralIdFromName( $username, CentralIdLookup::AUDIENCE_RAW, IDBAccessObject::READ_LATEST ); if ( !$centralId ) { return false; } $dbw = $this->getPrimaryDatabase(); $dbw->newUpdateQueryBuilder() ->update( 'bot_passwords' ) ->set( [ 'bp_password' => PasswordFactory::newInvalidPassword()->toString() ] ) ->where( [ 'bp_user' => $centralId ] ) ->caller( __METHOD__ )->execute(); return (bool)$dbw->affectedRows(); } /* * Remove all passwords for a user, by name * @param string $username * @return bool Whether any passwords were removed / public function removeUserPasswords( string $username ): bool { if ( !$this->options->get( MainConfigNames::EnableBotPasswords ) ) { return false; } $centralId = $this->centralIdLookup->centralIdFromName( $username, CentralIdLookup::AUDIENCE_RAW, IDBAccessObject::READ_LATEST ); if ( !$centralId ) { return false; } $dbw = $this->getPrimaryDatabase(); $dbw->newDeleteQueryBuilder() ->deleteFrom( 'bot_passwords' ) ->where( [ 'bp_user' => $centralId ] ) ->caller( __METHOD__ )->execute(); return (bool)$dbw->affectedRows(); } } PK��!��'��?��?��UserIdentityLookup.phpnu��Iw��<?php /* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User; use InvalidArgumentException; use Wikimedia\Rdbms\IDBAccessObject; use Wikimedia\Rdbms\IReadableDatabase; /* * Service for looking up UserIdentity * * @package MediaWiki\User * @since 1.36 / interface UserIdentityLookup { /* * Find an identity of a user by $name * * @param string $name * @param int $queryFlags one of IDBAccessObject constants * @return UserIdentity\|null * @throws InvalidArgumentException if non-normalizable actor name is passed. / public function getUserIdentityByName( string $name, int $queryFlags = IDBAccessObject::READ_NORMAL ): ?UserIdentity; /* * Find an identity of a user by $userId * * @param int $userId * @param int $queryFlags one of IDBAccessObject constants * @return UserIdentity\|null / public function getUserIdentityByUserId( int $userId, int $queryFlags = IDBAccessObject::READ_NORMAL ): ?UserIdentity; /* * Returns a specialized SelectQueryBuilder for querying the UserIdentity objects. * * @param IReadableDatabase\|int $dbOrQueryFlags The database connection to perform the query on, * or one of the IDBAccessObject::READ_* constants. * @return UserSelectQueryBuilder / public function newSelectQueryBuilder( $dbOrQueryFlags = IDBAccessObject::READ_NORMAL ): UserSelectQueryBuilder; } PK��!��1U��U��TempUser/CreateStatus.phpnu��Iw��<?php namespace MediaWiki\User\TempUser; use MediaWiki\Status\Status; use MediaWiki\User\User; /* * Status object with strongly typed value, for TempUserManager::createUser() * * @since 1.39 * @internal / class CreateStatus extends Status { /* * @return User / public function getUser(): User { return $this->value; } } PK��!��!�@ ��@ ��TempUser/TempUserConfig.phpnu��Iw��<?php namespace MediaWiki\User\TempUser; use MediaWiki\Permissions\Authority; use Wikimedia\Rdbms\IExpression; use Wikimedia\Rdbms\IReadableDatabase; /** * Interface for temporary user creation config and name matching. * * This is separate from TempUserCreator to avoid dependency loops during * service construction, since TempUserCreator needs UserNameUtils which * needs TempUserConfig. * * @since 1.39 / interface TempUserConfig { /* * Is temp user creation enabled? * * @return bool / public function isEnabled(); /* * Are temporary accounts a known concept on the wiki? * This should return true if any temporary accounts exist. * * @return bool / public function isKnown(); /* * Is the action valid for user auto-creation? * * @param string $action * @return bool / public function isAutoCreateAction( string $action ); /* * Should/would auto-create be performed if the user attempts to perform * the given action? * * @since 1.41 * @param Authority $authority * @param string $action * @return bool / public function shouldAutoCreate( Authority $authority, string $action ); /* * Does the name match the configured pattern indicating that it is a * temporary auto-created user? * * @param string $name * @return bool / public function isTempName( string $name ); /* * Does the name match a configured pattern which indicates that it * conflicts with temporary user names? Should manual user creation * be denied? * * @param string $name * @return mixed / public function isReservedName( string $name ); /* * Get a placeholder name which matches the reserved prefix * * @return string / public function getPlaceholderName(): string; /* * Get a Pattern indicating how temporary account can be detected * * Used to avoid selecting a temp account via select queries. * * @deprecated since 1.42. Use ::getMatchPatterns as multiple patterns may be defined. * @return Pattern / public function getMatchPattern(): Pattern; /* * Get Patterns indicating how temporary account can be detected * * Used to avoid selecting a temp account via select queries. * * @since 1.42 * @return Pattern[] / public function getMatchPatterns(): array; /* * Get a SQL query condition that will match (or not match) temporary accounts. * * @since 1.42 * @param IReadableDatabase $db * @param string $field Database field to match against * @param string $op Operator: IExpression::LIKE or IExpression::NOT_LIKE * @return IExpression / public function getMatchCondition( IReadableDatabase $db, string $field, string $op ): IExpression; /* * After how many days do temporary users expire? * * @note expireTemporaryAccounts.php maintenance script needs to be periodically executed for * temp account expiry to work. * @since 1.42 * @return int\|null Null if temp accounts should never expire / public function getExpireAfterDays(): ?int; /* * How many days before expiration should temporary users be notified? * * @note expireTemporaryAccounts.php maintenance script needs to be periodically executed for * temp account expiry to work. * @since 1.42 * @return int\|null Null if temp accounts should never be notified before expiration / public function getNotifyBeforeExpirationDays(): ?int; } PK��!�`�j��TempUser/DBSerialProvider.phpnu��Iw��<?php namespace MediaWiki\User\TempUser; use Wikimedia\Rdbms\IDatabase; use Wikimedia\Rdbms\RawSQLValue; /* * Base class for serial acquisition code shared between core and CentralAuth. * * @since 1.39 / abstract class DBSerialProvider implements SerialProvider { /* @var int / private $numShards; /* * @param array $config * - numShards (int, default 1): A small integer. This can be set to a * value greater than 1 to avoid acquiring a global lock when * allocating IDs, at the expense of making the IDs be non-monotonic. / public function __construct( $config ) { $this->numShards = $config['numShards'] ?? 1; } public function acquireIndex( int $year = 0 ): int { if ( $this->numShards ) { $shard = mt_rand( 0, $this->numShards - 1 ); } else { $shard = 0; } $dbw = $this->getDB(); $table = $this->getTableName(); $dbw->startAtomic( __METHOD__ ); $dbw->newInsertQueryBuilder() ->insertInto( $table ) ->row( [ 'uas_shard' => $shard, 'uas_year' => $year, 'uas_value' => 1 ] ) ->onDuplicateKeyUpdate() ->uniqueIndexFields( [ 'uas_shard', 'uas_year' ] ) ->set( [ 'uas_value' => new RawSQLValue( 'uas_value+1' ) ] ) ->caller( __METHOD__ )->execute(); $value = $dbw->newSelectQueryBuilder() ->select( 'uas_value' ) ->from( $table ) ->where( [ 'uas_shard' => $shard ] ) ->andWhere( [ 'uas_year' => $year ] ) ->caller( __METHOD__ ) ->fetchField(); $dbw->endAtomic( __METHOD__ ); return $value $this->numShards + $shard; } /** * @return IDatabase / abstract protected function getDB(); /* * @return string / abstract protected function getTableName(); } PK��!�� TempUser/ScrambleMapping.phpnu��Iw��<?php namespace MediaWiki\User\TempUser; use LogicException; use OutOfBoundsException; use RuntimeException; /* * A mapping which converts sequential input into an output sequence that looks * pseudo-random, but preserves the base-10 length of the input number. * * Take a sequence generated by multiplying the previous element of the * sequence by a fixed number "g", then applying the modulus "p": * * X(0) = 1 * X(i) = ( g X(i-1) ) mod p * * If g is a primitive root modulo p, then this sequence will cover all values * from 1 to p-1 before it repeats. X(i) is a modular exponential function * (g^i mod p) and algorithms are available to calculate it efficiently. * * Loosely speaking, we choose a sequence based on the number of digits N in the * input, with the period being approximately 10^N, so that the number of digits * in the output will be approximately the same. * * More precisely, after offsetting the subsequent sequences to avoid colliding * with the previous sequences, the period ends up being about 0.9 * 10^N * * The modulo p is always a prime number because that makes the maths easier. * We use a value for g close to p/sqrt(3) since that seems to stir the digits * better than the largest or smallest primitive root. * * @internal / class ScrambleMapping implements SerialMapping { /* * Appropriately sized prime moduli and primitive roots. Generated with * this GP/PARI script: * s=0; \ * for(q = 2, 10, \ * p=precprime(10^q - s); \ * s = s + p; \ * forstep(i = floor(p/sqrt(3)), 1, -1, \ * if(znorder(Mod(i, p)) == p-1, \ * print("[ ", i, ", ", p, " ],"); \ * break ))) / private const GENERATORS = [ [ 56, 97 ], [ 511, 887 ], [ 5203, 9013 ], [ 51947, 90001 ], [ 519612, 900001 ], [ 5196144, 8999993 ], [ 51961523, 89999999 ], [ 519615218, 899999963 ], [ 5196152444, 9000000043 ], ]; /* @var int / private $offset; /* @var bool / private $hasGmp; /* @var bool / private $hasBcm; public function __construct( $config ) { $this->offset = $config['offset'] ?? 0; $this->hasGmp = extension_loaded( 'gmp' ); $this->hasBcm = extension_loaded( 'bcmath' ); if ( !$this->hasGmp && !$this->hasBcm ) { throw new RuntimeException( __CLASS__ . ' requires the bcmath or gmp extension' ); } } public function getSerialIdForIndex( int $index ): string { if ( $index <= 0 ) { return (string)$index; } $offset = $this->offset; if ( $index - $offset < 0 ) { throw new OutOfBoundsException( __METHOD__ . ": The configured offset $offset is too large." ); } foreach ( self::GENERATORS as [ $g, $p ] ) { if ( $index - $offset < $p ) { return (string)( $offset + $this->powmod( $g, $index - $offset, $p ) ); } $offset += $p - 1; } throw new RuntimeException( __METHOD__ . ": The index $index is too large" ); } private function powmod( $num, $exponent, $modulus ) { if ( $this->hasGmp ) { return \gmp_intval( \gmp_powm( $num, $exponent, $modulus ) ); } elseif ( $this->hasBcm ) { return (int)\bcpowmod( (string)$num, (string)$exponent, (string)$modulus ); } else { throw new LogicException( __CLASS__ . ' requires the bcmath or gmp extension' ); } } } PK��!�9��7��&��TempUser/PlainNumericSerialMapping.phpnu��Iw��<?php namespace MediaWiki\User\TempUser; /* * Simple serial mapping for ASCII decimal numbers * * @since 1.39 / class PlainNumericSerialMapping implements SerialMapping { /* @var int / private $offset; /* * @param array $config / public function __construct( $config ) { $this->offset = $config['offset'] ?? 0; } public function getSerialIdForIndex( int $index ): string { return (string)( $index + $this->offset ); } } PK��!��'�� TempUser/Pattern.phpnu��Iw��<?php namespace MediaWiki\User\TempUser; use Stringable; use UnexpectedValueException; use Wikimedia\Rdbms\LikeValue; use Wikimedia\Rdbms\Platform\ISQLPlatform; /* * Helper for TempUserConfig representing string patterns with "$1" indicating * variable substitution. * * @internal / class Pattern implements Stringable { /* @var string / private $debugName; /* @var string / private $pattern; /* @var string / private $prefix; /* @var string / private $suffix; /* * @param string $debugName The name of the pattern, for use in error messages * @param string $pattern The pattern itself / public function __construct( string $debugName, string $pattern ) { $this->debugName = $debugName; $this->pattern = $pattern; } /* * Does the pattern match the given name? * @param string $name * @return bool / public function isMatch( string $name ) { $this->init(); $match = true; if ( $this->prefix !== '' ) { $match = str_starts_with( $name, $this->prefix ); } if ( $match && $this->suffix !== '' ) { $match = str_ends_with( $name, $this->suffix ) && strlen( $name ) >= strlen( $this->prefix ) + strlen( $this->suffix ); } return $match; } /* * Substitute the serial number into the pattern. * * @param string $mappedSerial * @param ?string $year * @return string / public function generate( $mappedSerial, ?string $year = null ) { $this->init(); return $this->prefix . ( $year ? $year . '-' : '' ) . $mappedSerial . $this->suffix; } /* * Convert the pattern to an SQL like clause * * @deprecated since 1.42. Use toLikeValue() instead * @param ISQLPlatform $db * @return string / public function buildLike( ISQLPlatform $db ) { wfDeprecated( __METHOD__, '1.42' ); $this->init(); return $db->buildLike( $this->prefix, $db->anyString(), $this->suffix ); } /* * Convert the pattern to an SQL builder "LIKE" value that matches it * * @param ISQLPlatform $db * @return LikeValue / public function toLikeValue( ISQLPlatform $db ): LikeValue { $this->init(); return new LikeValue( $this->prefix, $db->anyString(), $this->suffix ); } /* * Extract the variable part of the string (matching $1 or YYYY-$1), * or null if there is no match * * @param string $name * @return ?string / public function extract( string $name ) { if ( $this->isMatch( $name ) ) { return substr( $name, strlen( $this->prefix ), strlen( $name ) - strlen( $this->prefix ) - strlen( $this->suffix ) ); } return null; } /* * Initialise the prefix and suffix / private function init() { if ( $this->prefix === null ) { $varPos = strpos( $this->pattern, '$1' ); if ( $varPos === false ) { throw new UnexpectedValueException( __CLASS__ . "pattern {$this->debugName} must be of the form \"prefix \$1 suffix\"" ); } $this->prefix = substr( $this->pattern, 0, $varPos ); $this->suffix = substr( $this->pattern, $varPos + strlen( '$1' ) ); } } public function __toString() { return $this->pattern; } } PK��!�tnTZ��'��TempUser/FilteredRadixSerialMapping.phpnu��Iw��<?php namespace MediaWiki\User\TempUser; use ArrayUtils; /* * Since "base" is an overused term in class names and mostly means something * else, we will call the base of a numeric representation a radix. * * This class converts integer serial numbers to strings using an arbitrary * base between 2 and 36. It can skip certain IDs deemed to be "bad", e.g. * because they spell offensive words. * * @since 1.39 / class FilteredRadixSerialMapping implements SerialMapping { /* @var int / private $radix; /* @var int[] / private $badIndexes; /* @var bool / private $uppercase; /* * @param array $config See MainConfigSchema::AutoCreateTempUser / public function __construct( $config ) { $this->radix = $config['radix'] ?? 10; $this->badIndexes = $config['badIndexes'] ?? []; $this->uppercase = $config['uppercase'] ?? false; } public function getSerialIdForIndex( int $index ): string { $index = $this->adjustID( $index ); return \Wikimedia\base_convert( (string)$index, 10, $this->radix, 1, !$this->uppercase ); } /* * Add the number of "bad" IDs less than or equal to the given ID to the * given ID, thus mapping the set of all integers to the "good" set. * * @param int $id * @return int / private function adjustID( int $id ): int { $pos = ArrayUtils::findLowerBound( function ( $i ) { return $this->badIndexes[$i]; }, count( $this->badIndexes ), static function ( $a, $b ) { return $a <=> $b; }, $id ); return $pos === false ? $id : $id + $pos + 1; } } PK��!�h�ù.��.��TempUser/TempUserCreator.phpnu��Iw��<?php namespace MediaWiki\User\TempUser; use MediaWiki\Auth\AuthManager; use MediaWiki\Auth\Throttler; use MediaWiki\Permissions\Authority; use MediaWiki\Registration\ExtensionRegistry; use MediaWiki\Request\WebRequest; use MediaWiki\Session\Session; use MediaWiki\User\CentralId\CentralIdLookup; use MediaWiki\User\UserFactory; use MediaWiki\User\UserRigorOptions; use MediaWiki\Utils\MWTimestamp; use UnexpectedValueException; use Wikimedia\ObjectFactory\ObjectFactory; use Wikimedia\Rdbms\IExpression; use Wikimedia\Rdbms\IReadableDatabase; /* * Service for temporary user creation. For convenience this also proxies the * TempUserConfig methods. * * This is separate from TempUserConfig to avoid dependency loops. Special pages * and actions are free to use this class, but services should take it as a * constructor parameter only if necessary. * * @since 1.39 / class TempUserCreator implements TempUserConfig { private RealTempUserConfig $config; private UserFactory $userFactory; private AuthManager $authManager; private CentralIdLookup $centralIdLookup; private Throttler $tempAccountCreationThrottler; private Throttler $tempAccountNameAcquisitionThrottler; private array $serialProviderConfig; private array $serialMappingConfig; private ObjectFactory $objectFactory; private ?SerialProvider $serialProvider; private ?SerialMapping $serialMapping; /* ObjectFactory specs for the core serial providers / private const SERIAL_PROVIDERS = [ 'local' => [ 'class' => LocalSerialProvider::class, 'services' => [ 'DBLoadBalancer' ], ] ]; /* ObjectFactory specs for the core serial maps / private const SERIAL_MAPPINGS = [ 'plain-numeric' => [ 'class' => PlainNumericSerialMapping::class, ], 'localized-numeric' => [ 'class' => LocalizedNumericSerialMapping::class, 'services' => [ 'LanguageFactory' ], ], 'filtered-radix' => [ 'class' => FilteredRadixSerialMapping::class, ], 'scramble' => [ 'class' => ScrambleMapping::class, ] ]; public function __construct( RealTempUserConfig $config, ObjectFactory $objectFactory, UserFactory $userFactory, AuthManager $authManager, CentralIdLookup $centralIdLookup, Throttler $tempAccountCreationThrottler, Throttler $tempAccountNameAcquisitionThrottler ) { $this->config = $config; $this->objectFactory = $objectFactory; $this->userFactory = $userFactory; $this->authManager = $authManager; $this->centralIdLookup = $centralIdLookup; $this->tempAccountCreationThrottler = $tempAccountCreationThrottler; $this->tempAccountNameAcquisitionThrottler = $tempAccountNameAcquisitionThrottler; $this->serialProviderConfig = $config->getSerialProviderConfig(); $this->serialMappingConfig = $config->getSerialMappingConfig(); } /* * Acquire a serial number, create the corresponding user and log in. * * @param string\|null $name Previously acquired name * @param WebRequest $request Request details, used for throttling * @return CreateStatus / public function create( ?string $name, WebRequest $request ): CreateStatus { $status = new CreateStatus; // Check name acquisition rate limits first. if ( $name === null ) { $name = $this->acquireName( $request->getIP() ); if ( $name === null ) { // If the $name remains null after calling ::acquireName, then // we cannot generate a username and therefore cannot create a user. // This could also happen if acquiring the name was rate limited // In this case return a CreateStatus indicating no user was created. // TODO: Create a custom message to support workflows related to T357802 return CreateStatus::newFatal( 'temp-user-unable-to-acquire' ); } } // Check temp account creation rate limits. // TODO: This is duplicated from ThrottlePreAuthenticationProvider // and should be factored out, see T261744 $result = $this->tempAccountCreationThrottler->increase( null, $request->getIP(), 'TempUserCreator' ); if ( $result ) { // TODO: Use a custom message here (T357777, T357802) $message = wfMessage( 'acct_creation_throttle_hit' )->params( $result['count'] ) ->durationParams( $result['wait'] ); $status->fatal( $message ); return $status; } $createStatus = $this->attemptAutoCreate( $name ); if ( $createStatus->isOK() ) { // The temporary account name didn't already exist, so now attempt to login // using ::attemptAutoCreate as there isn't a public method to just login. $this->attemptAutoCreate( $name, true ); } return $createStatus; } public function isEnabled() { return $this->config->isEnabled(); } public function isKnown() { return $this->config->isKnown(); } public function isAutoCreateAction( string $action ) { return $this->config->isAutoCreateAction( $action ); } public function shouldAutoCreate( Authority $authority, string $action ) { return $this->config->shouldAutoCreate( $authority, $action ); } public function isTempName( string $name ) { return $this->config->isTempName( $name ); } public function isReservedName( string $name ) { return $this->config->isReservedName( $name ); } public function getPlaceholderName(): string { return $this->config->getPlaceholderName(); } public function getMatchPattern(): Pattern { return $this->config->getMatchPattern(); } public function getMatchPatterns(): array { return $this->config->getMatchPatterns(); } public function getMatchCondition( IReadableDatabase $db, string $field, string $op ): IExpression { return $this->config->getMatchCondition( $db, $field, $op ); } public function getExpireAfterDays(): ?int { return $this->config->getExpireAfterDays(); } public function getNotifyBeforeExpirationDays(): ?int { return $this->config->getNotifyBeforeExpirationDays(); } /* * Attempts to auto create a temporary user using * AuthManager::autoCreateUser, and optionally log them * in if $login is true. * * @param string $name * @param bool $login Whether to also log the user in to this temporary account. * @return CreateStatus / private function attemptAutoCreate( string $name, bool $login = false ): CreateStatus { $createStatus = new CreateStatus; // Verify the $name is usable. $user = $this->userFactory->newFromName( $name, UserRigorOptions::RIGOR_USABLE ); if ( !$user ) { $createStatus->fatal( 'internalerror_info', 'Unable to create user with automatically generated name' ); return $createStatus; } $status = $this->authManager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_TEMP, $login ); $createStatus->merge( $status ); // If a userexists warning is a part of the status, then // add the fatal error temp-user-unable-to-acquire. if ( $createStatus->hasMessage( 'userexists' ) ) { $createStatus->fatal( 'temp-user-unable-to-acquire' ); } if ( $createStatus->isOK() ) { $createStatus->value = $user; } return $createStatus; } /* * Acquire a new username and return it. Permanently reserve the ID in * the database. * * @param string $ip The IP address associated with this name acquisition request. * @return string\|null The username, or null if the auto-generated username is * already in use, or if the attempt trips the TempAccountNameAcquisitionThrottle limits. / private function acquireName( string $ip ): ?string { if ( $this->tempAccountNameAcquisitionThrottler->increase( null, $ip, 'TempUserCreator' ) ) { return null; } $year = null; if ( $this->serialProviderConfig['useYear'] ?? false ) { $year = MWTimestamp::getInstance()->format( 'Y' ); } // Check if the temporary account name is already in use as the ID provided // may not be properly collision safe (T353390) $index = $this->getSerialProvider()->acquireIndex( (int)$year ); $serialId = $this->getSerialMapping()->getSerialIdForIndex( $index ); $username = $this->config->getGeneratorPattern()->generate( $serialId, $year ); // Because the ::acquireIndex method may not always return a unique index, // make sure that the temporary account name does not already exist. This // is needed because of the problems discussed in T353390. // The problems discussed at that task should not require the use of a primary lookup. $centralId = $this->centralIdLookup->centralIdFromName( $username, CentralIdLookup::AUDIENCE_RAW ); if ( !$centralId ) { // If no user exists with this name centrally, then return the $username. return $username; } return null; } /* * Get the serial provider * @return SerialProvider / private function getSerialProvider(): SerialProvider { if ( !isset( $this->serialProvider ) ) { $this->serialProvider = $this->createSerialProvider(); } return $this->serialProvider; } /* * Create the serial provider * @return SerialProvider / private function createSerialProvider(): SerialProvider { $type = $this->serialProviderConfig['type']; if ( isset( self::SERIAL_PROVIDERS[$type] ) ) { $spec = self::SERIAL_PROVIDERS[$type]; } else { $extensionProviders = ExtensionRegistry::getInstance() ->getAttribute( 'TempUserSerialProviders' ); if ( isset( $extensionProviders[$type] ) ) { $spec = $extensionProviders[$type]; } else { throw new UnexpectedValueException( __CLASS__ . ": unknown serial provider \"$type\"" ); } } /* @noinspection PhpIncompatibleReturnTypeInspection / // @phan-suppress-next-line PhanTypeInvalidCallableArrayKey return $this->objectFactory->createObject( $spec, [ 'assertClass' => SerialProvider::class, 'extraArgs' => [ $this->serialProviderConfig ] ] ); } /* * Get the serial mapping * @return SerialMapping / private function getSerialMapping(): SerialMapping { if ( !isset( $this->serialMapping ) ) { $this->serialMapping = $this->createSerialMapping(); } return $this->serialMapping; } /* * Create the serial map * @return SerialMapping / private function createSerialMapping(): SerialMapping { $type = $this->serialMappingConfig['type']; if ( isset( self::SERIAL_MAPPINGS[$type] ) ) { $spec = self::SERIAL_MAPPINGS[$type]; } else { $extensionMappings = ExtensionRegistry::getInstance() ->getAttribute( 'TempUserSerialMappings' ); if ( isset( $extensionMappings[$type] ) ) { $spec = $extensionMappings[$type]; } else { throw new UnexpectedValueException( __CLASS__ . ": unknown serial mapping \"$type\"" ); } } /* @noinspection PhpIncompatibleReturnTypeInspection / // @phan-suppress-next-line PhanTypeInvalidCallableArrayKey return $this->objectFactory->createObject( $spec, [ 'assertClass' => SerialMapping::class, 'extraArgs' => [ $this->serialMappingConfig ] ] ); } /* * Permanently acquire a username, stash it in a session, and return it. * Do not create the user. * * If this method was called before with the same session ID, return the * previously stashed username instead of acquiring a new one. * * @param Session $session * @return string\|null The username, or null if no username could be acquired / public function acquireAndStashName( Session $session ) { $name = $session->get( 'TempUser:name' ); if ( $name !== null ) { return $name; } $name = $this->acquireName( $session->getRequest()->getIP() ); if ( $name !== null ) { $session->set( 'TempUser:name', $name ); $session->save(); } return $name; } /* * Return a possible acquired and stashed username in a session. * Do not acquire or create the user. * * If this method is called with the same session ID as function acquireAndStashName(), * it returns the previously stashed username. * * @since 1.41 * @param Session $session * @return ?string The username, if it was already acquired / public function getStashedName( Session $session ): ?string { return $session->get( 'TempUser:name' ); } } PK��!�؋�~��~��TempUser/SerialMapping.phpnu��Iw��<?php namespace MediaWiki\User\TempUser; /* * Interface for integer to string mappings for temporary user autocreation * * @since 1.39 / interface SerialMapping { /* * @param int $index * @return string The serial ID. This should consist of title characters * but should not be a single asterisk. / public function getSerialIdForIndex( int $index ): string; } PK��!��>����TempUser/LocalizedNumericSerialMapping.phpnu��Iw��<?php namespace MediaWiki\User\TempUser; use MediaWiki\Language\Language; use MediaWiki\Languages\LanguageFactory; /** * Serial mapping which uses a Language object to format serial numbers. * * @since 1.39 / class LocalizedNumericSerialMapping implements SerialMapping { private Language $language; /* * @param array $config * - language: The language code * @param LanguageFactory $languageFactory / public function __construct( $config, LanguageFactory $languageFactory ) { $this->language = $languageFactory->getLanguage( $config['language'] ?? 'en' ); } public function getSerialIdForIndex( int $index ): string { return $this->language->formatNum( $index ); } } PK��!�9We!7��7��TempUser/RealTempUserConfig.phpnu��Iw��<?php namespace MediaWiki\User\TempUser; use BadMethodCallException; use InvalidArgumentException; use MediaWiki\Permissions\Authority; use MediaWiki\Utils\MWTimestamp; use Wikimedia\Rdbms\IExpression; use Wikimedia\Rdbms\IReadableDatabase; /* * The real TempUserConfig including internal methods used by TempUserCreator. * * @since 1.39 / class RealTempUserConfig implements TempUserConfig { /* @var bool / private $known = false; /* @var bool / private $enabled = false; /* @var array / private $serialProviderConfig = []; /* @var array / private $serialMappingConfig = []; /* @var string[] / private $autoCreateActions; /* @var Pattern\|null / private $genPattern; /* @var Pattern[]\|null / private $matchPatterns; /* @var Pattern\|null / private $reservedPattern; /* @var int\|null / private $expireAfterDays; /* @var int\|null / private $notifyBeforeExpirationDays; /* * @param array $config See the documentation of $wgAutoCreateTempUser. * - known: bool * - enabled: bool * - actions: array * - genPattern: string * - matchPattern: string\|string[], optional * - reservedPattern: string, optional * - serialProvider: array * - serialMapping: array * - expireAfterDays: int, optional * - notifyBeforeExpirationDays: int, optional / public function __construct( $config ) { $this->enabled = $config['enabled'] ?? false; $this->known = $this->enabled \|\| ( $config['known'] ?? false ); // Configuration related to creating new temporary accounts for some actions if ( $this->enabled ) { $this->autoCreateActions = $config['actions']; $this->serialProviderConfig = $config['serialProvider']; $this->serialMappingConfig = $config['serialMapping']; } // Configuration related to managing and identifying existing temporary accounts, // regardless of whether new temp accounts are being actively created via the // 'enabled' config flag. if ( $this->known \|\| $this->enabled ) { $this->genPattern = new Pattern( 'genPattern', $config['genPattern'] ); $this->expireAfterDays = $config['expireAfterDays'] ?? null; $this->notifyBeforeExpirationDays = $config['notifyBeforeExpirationDays'] ?? null; if ( isset( $config['matchPattern'] ) ) { $matchPatterns = $config['matchPattern']; if ( !is_array( $config['matchPattern'] ) ) { $matchPatterns = [ $matchPatterns ]; } foreach ( $matchPatterns as &$pattern ) { $pattern = new Pattern( 'matchPattern', $pattern ); } $this->matchPatterns = $matchPatterns; } else { $this->matchPatterns = [ $this->genPattern ]; } } // Configuration that is set regardless of whether the feature is enabled or known. if ( isset( $config['reservedPattern'] ) ) { $this->reservedPattern = new Pattern( 'reservedPattern', $config['reservedPattern'] ); } } public function isEnabled() { return $this->enabled; } public function isKnown() { return $this->known; } public function isAutoCreateAction( string $action ) { if ( $action === 'create' ) { $action = 'edit'; } return $this->isEnabled() && in_array( $action, $this->autoCreateActions, true ); } public function shouldAutoCreate( Authority $authority, string $action ) { return $this->isAutoCreateAction( $action ) && !$authority->isRegistered() && $authority->isAllowed( 'createaccount' ); } public function isTempName( string $name ) { if ( !$this->isKnown() ) { return false; } foreach ( $this->matchPatterns as $pattern ) { if ( $pattern->isMatch( $name ) ) { return true; } } return false; } public function isReservedName( string $name ) { return $this->isTempName( $name ) \|\| ( $this->reservedPattern && $this->reservedPattern->isMatch( $name ) ); } public function getPlaceholderName(): string { $year = null; if ( $this->serialProviderConfig['useYear'] ?? false ) { $year = MWTimestamp::getInstance()->format( 'Y' ); } if ( $this->isEnabled() ) { return $this->genPattern->generate( '', $year ); } else { throw new BadMethodCallException( __METHOD__ . ' is disabled' ); } } /** * @deprecated since 1.42. / public function getMatchPattern(): Pattern { wfDeprecated( __METHOD__, '1.42' ); if ( $this->isKnown() ) { // This method is deprecated to allow time for callers to update. // This method only returns one Pattern, so just return the first one. return $this->getMatchPatterns()[0]; } else { throw new BadMethodCallException( __METHOD__ . ' is disabled' ); } } public function getMatchPatterns(): array { if ( $this->isKnown() ) { return $this->matchPatterns; } else { throw new BadMethodCallException( __METHOD__ . ' is disabled' ); } } public function getMatchCondition( IReadableDatabase $db, string $field, string $op ): IExpression { if ( $this->isKnown() ) { $exprs = []; foreach ( $this->getMatchPatterns() as $pattern ) { $exprs[] = $db->expr( $field, $op, $pattern->toLikeValue( $db ) ); } if ( count( $exprs ) === 1 ) { return $exprs[0]; } if ( $op === IExpression::LIKE ) { return $db->orExpr( $exprs ); } elseif ( $op === IExpression::NOT_LIKE ) { return $db->andExpr( $exprs ); } else { throw new InvalidArgumentException( "Invalid operator $op" ); } } else { throw new BadMethodCallException( __METHOD__ . ' is disabled' ); } } public function getExpireAfterDays(): ?int { return $this->expireAfterDays; } public function getNotifyBeforeExpirationDays(): ?int { return $this->notifyBeforeExpirationDays; } /* * @internal For TempUserCreator only * @return Pattern / public function getGeneratorPattern(): Pattern { if ( $this->isEnabled() ) { return $this->genPattern; } else { throw new BadMethodCallException( __METHOD__ . ' is disabled' ); } } /* * @internal For TempUserCreator only * @return array / public function getSerialProviderConfig(): array { return $this->serialProviderConfig; } /* * @internal For TempUserCreator only * @return array / public function getSerialMappingConfig(): array { return $this->serialMappingConfig; } } PK��!�� TempUser/LocalSerialProvider.phpnu��Iw��<?php namespace MediaWiki\User\TempUser; use Wikimedia\Rdbms\ILoadBalancer; /* * A serial provider which allocates IDs from the local database, or from a * shared database if $wgSharedDB is used. It is "local" in the sense that it * uses the same DB connection as the local wiki. * * @since 1.39 / class LocalSerialProvider extends DBSerialProvider { private ILoadBalancer $lb; /* * @param array $config * - numShards (int, default 1): A small integer. This can be set to a * value greater than 1 to avoid acquiring a global lock when * allocating IDs, at the expense of making the IDs be non-monotonic. * @param ILoadBalancer $lb / public function __construct( $config, ILoadBalancer $lb ) { parent::__construct( $config ); $this->lb = $lb; } protected function getDB() { return $this->lb->getConnection( DB_PRIMARY, [], false, // So that startAtomic() will start a commit, reducing lock time. // Without this flag, the transaction will be open until the start // of request shutdown. This could be omitted to reduce the // connection overhead, with numShards tuned upwards to compensate. ILoadBalancer::CONN_TRX_AUTOCOMMIT ); } protected function getTableName() { return 'user_autocreate_serial'; } } PK��!�.��TempUser/SerialProvider.phpnu��Iw��<?php namespace MediaWiki\User\TempUser; /* * Interface for serial providers for temporary users. * * @since 1.39 / interface SerialProvider { /* * Acquire an integer such that it is unlikely to be used again, and return it. * @param int $year The current year, as calculated by the caller (or 0 if the * year is not being used). * @return int / public function acquireIndex( int $year = 0 ): int; } PK��!�tz(f�!��!��UserGroupMembership.phpnu��Iw��<?php /* * Represents the membership of a user to a user group. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User; use InvalidArgumentException; use MediaWiki\Context\IContextSource; use MediaWiki\MediaWikiServices; use MediaWiki\Message\Message; use MediaWiki\Title\Title; /* * Represents a "user group membership" -- a specific instance of a user belonging * to a group. For example, the fact that user Mary belongs to the sysop group is a * user group membership. * * The class is a pure value object. Use UserGroupManager to modify user group memberships. * * @since 1.29 / class UserGroupMembership { /* @var int The ID of the user who belongs to the group / private $userId; /* @var string / private $group; /* @var string\|null Timestamp of expiry in TS_MW format, or null if no expiry / private $expiry; /* @var bool Expiration flag / private $expired; /* * @param int $userId The ID of the user who belongs to the group * @param string\|null $group The internal group name * @param string\|null $expiry Timestamp of expiry in TS_MW format, or null if no expiry / public function __construct( int $userId = 0, ?string $group = null, ?string $expiry = null ) { $this->userId = $userId; $this->group = $group; $this->expiry = $expiry ?: null; $this->expired = $expiry && wfTimestampNow() > $expiry; } /* * @return int / public function getUserId() { return $this->userId; } /* * @return string / public function getGroup() { return $this->group; } /* * @return string\|null Timestamp of expiry in TS_MW format, or null if no expiry / public function getExpiry() { return $this->expiry; } /* * Has the membership expired? * * @return bool / public function isExpired() { return $this->expired; } /* * Gets a link for a user group, possibly including the expiry date if relevant. * * @deprecated since 1.41 use getLinkWiki or getLinkHTML directly * * @param string\|UserGroupMembership $ugm Either a group name as a string, or * a UserGroupMembership object * @param IContextSource $context * @param string $format Either 'wiki' or 'html' * @param string\|null $userName If you want to use the group member message * ("administrator"), pass the name of the user who belongs to the group; it * is used for GENDER of the group member message. If you instead want the * group name message ("Administrators"), omit this parameter. * @return string / public static function getLink( $ugm, IContextSource $context, string $format, $userName = null ) { switch ( $format ) { case 'wiki': return self::getLinkWiki( $ugm, $context, $userName ); case 'html': return self::getLinkHTML( $ugm, $context, $userName ); default: throw new InvalidArgumentException( 'UserGroupMembership::getLink() $format parameter should be ' . "'wiki' or 'html'" ); } } /* * Gets a link for a user group, possibly including the expiry date if relevant. * @since 1.41 * * @param string\|UserGroupMembership $ugm Either a group name as a string, or * a UserGroupMembership object * @param IContextSource $context * @param string\|null $userName If you want to use the group member message * ("administrator"), pass the name of the user who belongs to the group; it * is used for GENDER of the group member message. If you instead want the * group name message ("Administrators"), omit this parameter. * @return string / public static function getLinkHTML( $ugm, IContextSource $context, $userName = null ): string { [ 'expiry' => $expiry, 'linkTitle' => $linkTitle, 'groupName' => $groupName ] = self::getLinkInfo( $ugm, $context, $userName ); // link to the group description page, if it exists $linkRenderer = MediaWikiServices::getInstance()->getLinkRenderer(); if ( $linkTitle ) { $groupLink = $linkRenderer->makeLink( $linkTitle, $groupName ); } else { $groupLink = htmlspecialchars( $groupName ); } if ( $expiry ) { [ 'expiryDT' => $expiryDT, 'expiryD' => $expiryD, 'expiryT' => $expiryT ] = self::getLinkExpiryParams( $context, $expiry ); $groupLink = Message::rawParam( $groupLink ); return $context->msg( 'group-membership-link-with-expiry' ) ->params( $groupLink, $expiryDT, $expiryD, $expiryT )->escaped(); } return $groupLink; } /* * Gets a link for a user group, possibly including the expiry date if relevant. * @since 1.41 * * @param string\|UserGroupMembership $ugm Either a group name as a string, or * a UserGroupMembership object * @param IContextSource $context * @param string\|null $userName If you want to use the group member message * ("administrator"), pass the name of the user who belongs to the group; it * is used for GENDER of the group member message. If you instead want the * group name message ("Administrators"), omit this parameter. * @return string / public static function getLinkWiki( $ugm, IContextSource $context, $userName = null ): string { [ 'expiry' => $expiry, 'linkTitle' => $linkTitle, 'groupName' => $groupName ] = self::getLinkInfo( $ugm, $context, $userName ); // link to the group description page, if it exists if ( $linkTitle ) { $linkPage = $linkTitle->getFullText(); $groupLink = "[[$linkPage\|$groupName]]"; } else { $groupLink = $groupName; } if ( $expiry ) { [ 'expiryDT' => $expiryDT, 'expiryD' => $expiryD, 'expiryT' => $expiryT ] = self::getLinkExpiryParams( $context, $expiry ); return $context->msg( 'group-membership-link-with-expiry' ) ->params( $groupLink, $expiryDT, $expiryD, $expiryT )->text(); } return $groupLink; } /* * @param self\|string $ugm * @param IContextSource $context * @param string\|null $userName * @return array / private static function getLinkInfo( $ugm, $context, $userName = null ): array { if ( $ugm instanceof UserGroupMembership ) { $expiry = $ugm->getExpiry(); $group = $ugm->getGroup(); } else { $expiry = null; $group = $ugm; } $uiLanguage = $context->getLanguage(); if ( $userName !== null ) { $groupName = $uiLanguage->getGroupMemberName( $group, $userName ); } else { $groupName = $uiLanguage->getGroupName( $group ); } $linkTitle = self::getGroupPage( $group ); return [ 'expiry' => $expiry, 'linkTitle' => $linkTitle, 'groupName' => $groupName ]; } /* * @param IContextSource $context * @param string $expiry * @return array / private static function getLinkExpiryParams( IContextSource $context, string $expiry ): array { // format the expiry to a nice string $uiLanguage = $context->getLanguage(); $uiUser = $context->getUser(); $expiryDT = $uiLanguage->userTimeAndDate( $expiry, $uiUser ); $expiryD = $uiLanguage->userDate( $expiry, $uiUser ); $expiryT = $uiLanguage->userTime( $expiry, $uiUser ); return [ 'expiryDT' => $expiryDT, 'expiryD' => $expiryD, 'expiryT' => $expiryT ]; } /* * Gets the title of a page describing a particular user group. When the name * of the group appears in the UI, it can link to this page. * * @param string $group Internal group name * @return Title\|false Title of the page if it exists, false otherwise / public static function getGroupPage( $group ) { $msg = wfMessage( "grouppage-$group" )->inContentLanguage(); if ( $msg->exists() ) { $title = Title::newFromText( $msg->text() ); if ( is_object( $title ) ) { return $title; } } return false; } /* * Compares two pure value objects * * @param UserGroupMembership $ugm * @return bool * * @since 1.35 / public function equals( UserGroupMembership $ugm ) { return ( $ugm->getUserId() === $this->userId && $ugm->getGroup() === $this->group ); } } /* @deprecated class alias since 1.41 / class_alias( UserGroupMembership::class, 'UserGroupMembership' ); PK��!�-��j��j��UserGroupManager.phpnu��Iw��<?php /* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User; use InvalidArgumentException; use JobQueueGroup; use LogicException; use ManualLogEntry; use MediaWiki\Config\ServiceOptions; use MediaWiki\Deferred\DeferredUpdates; use MediaWiki\HookContainer\HookContainer; use MediaWiki\HookContainer\HookRunner; use MediaWiki\MainConfigNames; use MediaWiki\Parser\Sanitizer; use MediaWiki\Permissions\Authority; use MediaWiki\Permissions\GroupPermissionsLookup; use MediaWiki\User\TempUser\TempUserConfig; use MediaWiki\WikiMap\WikiMap; use Psr\Log\LoggerInterface; use UserGroupExpiryJob; use Wikimedia\Assert\Assert; use Wikimedia\IPUtils; use Wikimedia\Rdbms\IConnectionProvider; use Wikimedia\Rdbms\IDBAccessObject; use Wikimedia\Rdbms\ILBFactory; use Wikimedia\Rdbms\IReadableDatabase; use Wikimedia\Rdbms\ReadOnlyMode; use Wikimedia\Rdbms\SelectQueryBuilder; /* * Manages user groups. * @since 1.35 / class UserGroupManager { /* * @internal For use by ServiceWiring / public const CONSTRUCTOR_OPTIONS = [ MainConfigNames::AddGroups, MainConfigNames::AutoConfirmAge, MainConfigNames::AutoConfirmCount, MainConfigNames::Autopromote, MainConfigNames::AutopromoteOnce, MainConfigNames::AutopromoteOnceLogInRC, MainConfigNames::EmailAuthentication, MainConfigNames::ImplicitGroups, MainConfigNames::GroupInheritsPermissions, MainConfigNames::GroupPermissions, MainConfigNames::GroupsAddToSelf, MainConfigNames::GroupsRemoveFromSelf, MainConfigNames::RevokePermissions, MainConfigNames::RemoveGroups, MainConfigNames::PrivilegedGroups, ]; /* * Logical operators recognized in $wgAutopromote. * * @since 1.42 / public const VALID_OPS = [ '&', '\|', '^', '!' ]; private ServiceOptions $options; private IConnectionProvider $dbProvider; private HookContainer $hookContainer; private HookRunner $hookRunner; private ReadOnlyMode $readOnlyMode; private UserEditTracker $userEditTracker; private GroupPermissionsLookup $groupPermissionsLookup; private JobQueueGroup $jobQueueGroup; private LoggerInterface $logger; private TempUserConfig $tempUserConfig; /* @var callable[] / private $clearCacheCallbacks; /* @var string\|false / private $wikiId; /* string key for implicit groups cache / private const CACHE_IMPLICIT = 'implicit'; /* string key for effective groups cache / private const CACHE_EFFECTIVE = 'effective'; /* string key for group memberships cache / private const CACHE_MEMBERSHIP = 'membership'; /* string key for former groups cache / private const CACHE_FORMER = 'former'; /* string key for former groups cache / private const CACHE_PRIVILEGED = 'privileged'; /* * @var array Service caches, an assoc. array keyed after the user-keys generated * by the getCacheKey method and storing values in the following format: * * userKey => [ * self::CACHE_IMPLICIT => implicit groups cache * self::CACHE_EFFECTIVE => effective groups cache * self::CACHE_MEMBERSHIP => [ ] // Array of UserGroupMembership objects * self::CACHE_FORMER => former groups cache * self::CACHE_PRIVILEGED => privileged groups cache * ] / private $userGroupCache = []; /* * @var array An assoc. array that stores query flags used to retrieve user groups * from the database and is stored in the following format: * * userKey => [ * self::CACHE_IMPLICIT => implicit groups query flag * self::CACHE_EFFECTIVE => effective groups query flag * self::CACHE_MEMBERSHIP => membership groups query flag * self::CACHE_FORMER => former groups query flag * self::CACHE_PRIVILEGED => privileged groups query flag * ] / private $queryFlagsUsedForCaching = []; /* * @internal For use preventing an infinite loop when checking APCOND_BLOCKED * @var array An assoc. array mapping the getCacheKey userKey to a bool indicating * an ongoing condition check. / private $recursionMap = []; /* * @param ServiceOptions $options * @param ReadOnlyMode $readOnlyMode * @param ILBFactory $lbFactory * @param HookContainer $hookContainer * @param UserEditTracker $userEditTracker * @param GroupPermissionsLookup $groupPermissionsLookup * @param JobQueueGroup $jobQueueGroup * @param LoggerInterface $logger * @param TempUserConfig $tempUserConfig * @param callable[] $clearCacheCallbacks * @param string\|false $wikiId / public function __construct( ServiceOptions $options, ReadOnlyMode $readOnlyMode, ILBFactory $lbFactory, HookContainer $hookContainer, UserEditTracker $userEditTracker, GroupPermissionsLookup $groupPermissionsLookup, JobQueueGroup $jobQueueGroup, LoggerInterface $logger, TempUserConfig $tempUserConfig, array $clearCacheCallbacks = [], $wikiId = UserIdentity::LOCAL ) { $options->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS ); $this->options = $options; $this->dbProvider = $lbFactory; $this->hookContainer = $hookContainer; $this->hookRunner = new HookRunner( $hookContainer ); $this->userEditTracker = $userEditTracker; $this->groupPermissionsLookup = $groupPermissionsLookup; $this->jobQueueGroup = $jobQueueGroup; $this->logger = $logger; $this->tempUserConfig = $tempUserConfig; $this->readOnlyMode = $readOnlyMode; $this->clearCacheCallbacks = $clearCacheCallbacks; $this->wikiId = $wikiId; } /* * Return the set of defined explicit groups. * The implicit groups (by default , 'user' and 'autoconfirmed') are not included, as they are defined automatically, not in the database. * @return string[] internal group names / public function listAllGroups(): array { return array_values( array_unique( array_diff( array_merge( array_keys( $this->options->get( MainConfigNames::GroupPermissions ) ), array_keys( $this->options->get( MainConfigNames::RevokePermissions ) ), array_keys( $this->options->get( MainConfigNames::GroupInheritsPermissions ) ) ), $this->listAllImplicitGroups() ) ) ); } /* * Get a list of all configured implicit groups * @return string[] / public function listAllImplicitGroups(): array { return $this->options->get( MainConfigNames::ImplicitGroups ); } /* * Creates a new UserGroupMembership instance from $row. * The fields required to build an instance could be * found using getQueryInfo() method. * * @param \stdClass $row A database result object * * @return UserGroupMembership / public function newGroupMembershipFromRow( \stdClass $row ): UserGroupMembership { return new UserGroupMembership( (int)$row->ug_user, $row->ug_group, $row->ug_expiry === null ? null : wfTimestamp( TS_MW, $row->ug_expiry ) ); } /* * Load the user groups cache from the provided user groups data * @internal for use by the User object only * @param UserIdentity $user * @param array $userGroups an array of database query results * @param int $queryFlags / public function loadGroupMembershipsFromArray( UserIdentity $user, array $userGroups, int $queryFlags = IDBAccessObject::READ_NORMAL ) { $user->assertWiki( $this->wikiId ); $membershipGroups = []; reset( $userGroups ); foreach ( $userGroups as $row ) { $ugm = $this->newGroupMembershipFromRow( $row ); $membershipGroups[ $ugm->getGroup() ] = $ugm; } $this->setCache( $this->getCacheKey( $user ), self::CACHE_MEMBERSHIP, $membershipGroups, $queryFlags ); } /* * Get the list of implicit group memberships this user has. * * This includes 'user' if logged in, '' for all accounts, and autopromoted groups * * @param UserIdentity $user * @param int $queryFlags * @param bool $recache Whether to avoid the cache * @return string[] internal group names / public function getUserImplicitGroups( UserIdentity $user, int $queryFlags = IDBAccessObject::READ_NORMAL, bool $recache = false ): array { $user->assertWiki( $this->wikiId ); $userKey = $this->getCacheKey( $user ); if ( $recache \|\| !isset( $this->userGroupCache[$userKey][self::CACHE_IMPLICIT] ) \|\| !$this->canUseCachedValues( $user, self::CACHE_IMPLICIT, $queryFlags ) ) { $groups = [ '' ]; if ( $this->tempUserConfig->isTempName( $user->getName() ) ) { $groups[] = 'temp'; } elseif ( $user->isRegistered() ) { $groups[] = 'user'; $groups = array_unique( array_merge( $groups, $this->getUserAutopromoteGroups( $user ) ) ); } $this->setCache( $userKey, self::CACHE_IMPLICIT, $groups, $queryFlags ); if ( $recache ) { // Assure data consistency with rights/groups, // as getUserEffectiveGroups() depends on this function $this->clearUserCacheForKind( $user, self::CACHE_EFFECTIVE ); } } return $this->userGroupCache[$userKey][self::CACHE_IMPLICIT]; } /** * Get the list of implicit group memberships the user has. * * This includes all explicit groups, plus 'user' if logged in, * '' for all accounts, and autopromoted groups * @param UserIdentity $user * @param int $queryFlags * @param bool $recache Whether to avoid the cache * @return string[] internal group names / public function getUserEffectiveGroups( UserIdentity $user, int $queryFlags = IDBAccessObject::READ_NORMAL, bool $recache = false ): array { $user->assertWiki( $this->wikiId ); $userKey = $this->getCacheKey( $user ); // Ignore cache if the $recache flag is set, cached values can not be used // or the cache value is missing if ( $recache \|\| !$this->canUseCachedValues( $user, self::CACHE_EFFECTIVE, $queryFlags ) \|\| !isset( $this->userGroupCache[$userKey][self::CACHE_EFFECTIVE] ) ) { $groups = array_unique( array_merge( $this->getUserGroups( $user, $queryFlags ), // explicit groups $this->getUserImplicitGroups( $user, $queryFlags, $recache ) // implicit groups ) ); // TODO: Deprecate passing out user object in the hook by introducing // an alternative hook if ( $this->hookContainer->isRegistered( 'UserEffectiveGroups' ) ) { $userObj = User::newFromIdentity( $user ); $userObj->load(); // Hook for additional groups $this->hookRunner->onUserEffectiveGroups( $userObj, $groups ); } // Force reindexation of groups when a hook has unset one of them $effectiveGroups = array_values( array_unique( $groups ) ); $this->setCache( $userKey, self::CACHE_EFFECTIVE, $effectiveGroups, $queryFlags ); } return $this->userGroupCache[$userKey][self::CACHE_EFFECTIVE]; } /* * Returns the groups the user has belonged to. * * The user may still belong to the returned groups. Compare with * getUserGroups(). * * The function will not return groups the user had belonged to before MW 1.17 * * @param UserIdentity $user * @param int $queryFlags * @return string[] Names of the groups the user has belonged to. / public function getUserFormerGroups( UserIdentity $user, int $queryFlags = IDBAccessObject::READ_NORMAL ): array { $user->assertWiki( $this->wikiId ); $userKey = $this->getCacheKey( $user ); if ( $this->canUseCachedValues( $user, self::CACHE_FORMER, $queryFlags ) && isset( $this->userGroupCache[$userKey][self::CACHE_FORMER] ) ) { return $this->userGroupCache[$userKey][self::CACHE_FORMER]; } if ( !$user->isRegistered() ) { // Anon users don't have groups stored in the database return []; } $res = $this->getDBConnectionRefForQueryFlags( $queryFlags )->newSelectQueryBuilder() ->select( 'ufg_group' ) ->from( 'user_former_groups' ) ->where( [ 'ufg_user' => $user->getId( $this->wikiId ) ] ) ->caller( __METHOD__ ) ->fetchResultSet(); $formerGroups = []; foreach ( $res as $row ) { $formerGroups[] = $row->ufg_group; } $this->setCache( $userKey, self::CACHE_FORMER, $formerGroups, $queryFlags ); return $this->userGroupCache[$userKey][self::CACHE_FORMER]; } /* * Get the groups for the given user based on $wgAutopromote. * * @param UserIdentity $user The user to get the groups for * @return string[] Array of groups to promote to. * * @see $wgAutopromote / public function getUserAutopromoteGroups( UserIdentity $user ): array { $user->assertWiki( $this->wikiId ); $promote = []; // TODO: remove the need for the full user object $userObj = User::newFromIdentity( $user ); if ( $userObj->isTemp() ) { return []; } foreach ( $this->options->get( MainConfigNames::Autopromote ) as $group => $cond ) { if ( $this->recCheckCondition( $cond, $userObj ) ) { $promote[] = $group; } } $this->hookRunner->onGetAutoPromoteGroups( $userObj, $promote ); return $promote; } /* * Get the groups for the given user based on the given criteria. * * Does not return groups the user already belongs to or has once belonged. * * @param UserIdentity $user The user to get the groups for * @param string $event Key in $wgAutopromoteOnce (each event has groups/criteria) * * @return string[] Groups the user should be promoted to. * * @see $wgAutopromoteOnce / public function getUserAutopromoteOnceGroups( UserIdentity $user, string $event ): array { $user->assertWiki( $this->wikiId ); $autopromoteOnce = $this->options->get( MainConfigNames::AutopromoteOnce ); $promote = []; if ( isset( $autopromoteOnce[$event] ) && count( $autopromoteOnce[$event] ) ) { // TODO: remove the need for the full user object $userObj = User::newFromIdentity( $user ); if ( $userObj->isTemp() ) { return []; } $currentGroups = $this->getUserGroups( $user ); $formerGroups = $this->getUserFormerGroups( $user ); foreach ( $autopromoteOnce[$event] as $group => $cond ) { // Do not check if the user's already a member if ( in_array( $group, $currentGroups ) ) { continue; } // Do not autopromote if the user has belonged to the group if ( in_array( $group, $formerGroups ) ) { continue; } // Finally - check the conditions if ( $this->recCheckCondition( $cond, $userObj ) ) { $promote[] = $group; } } } return $promote; } /* * Returns the list of privileged groups that $user belongs to. * Privileged groups are ones that can be abused in a dangerous way. * * Depending on how extensions extend this method, it might return values * that are not strictly user groups (ACL list names, etc.). * It is meant for logging/auditing, not for passing to methods that expect group names. * * @param UserIdentity $user * @param int $queryFlags * @param bool $recache Whether to avoid the cache * @return string[] * @since 1.41 (also backported to 1.39.5 and 1.40.1) * @see $wgPrivilegedGroups * @see https://www.mediawiki.org/wiki/Manual:Hooks/UserGetPrivilegedGroups / public function getUserPrivilegedGroups( UserIdentity $user, int $queryFlags = IDBAccessObject::READ_NORMAL, bool $recache = false ): array { $userKey = $this->getCacheKey( $user ); if ( !$recache && $this->canUseCachedValues( $user, self::CACHE_PRIVILEGED, $queryFlags ) && isset( $this->userGroupCache[$userKey][self::CACHE_PRIVILEGED] ) ) { return $this->userGroupCache[$userKey][self::CACHE_PRIVILEGED]; } if ( !$user->isRegistered() ) { return []; } $groups = array_intersect( $this->getUserEffectiveGroups( $user, $queryFlags, $recache ), $this->options->get( 'PrivilegedGroups' ) ); $this->hookRunner->onUserPrivilegedGroups( $user, $groups ); $this->setCache( $this->getCacheKey( $user ), self::CACHE_PRIVILEGED, array_values( array_unique( $groups ) ), $queryFlags ); return $this->userGroupCache[$userKey][self::CACHE_PRIVILEGED]; } /* * Recursively check a condition. Conditions are in the form * [ '&' or '\|' or '^' or '!', cond1, cond2, ... ] * where cond1, cond2, ... are themselves conditions; OR * APCOND_EMAILCONFIRMED, OR * [ APCOND_EMAILCONFIRMED ], OR * [ APCOND_EDITCOUNT, number of edits ], OR * [ APCOND_AGE, seconds since registration ], OR * similar constructs defined by extensions. * This function evaluates the former type recursively, and passes off to * checkCondition for evaluation of the latter type. * * If you change the logic of this method, please update * ApiQuerySiteinfo::appendAutoPromote(), as it depends on this method. * * @param mixed $cond A condition, possibly containing other conditions * @param User $user The user to check the conditions against * * @return bool Whether the condition is true / private function recCheckCondition( $cond, User $user ): bool { if ( is_array( $cond ) && count( $cond ) >= 2 && in_array( $cond[0], self::VALID_OPS ) ) { // Recursive condition if ( $cond[0] == '&' ) { // AND (all conds pass) foreach ( array_slice( $cond, 1 ) as $subcond ) { if ( !$this->recCheckCondition( $subcond, $user ) ) { return false; } } return true; } elseif ( $cond[0] == '\|' ) { // OR (at least one cond passes) foreach ( array_slice( $cond, 1 ) as $subcond ) { if ( $this->recCheckCondition( $subcond, $user ) ) { return true; } } return false; } elseif ( $cond[0] == '^' ) { // XOR (exactly one cond passes) if ( count( $cond ) > 3 ) { $this->logger->warning( 'recCheckCondition() given XOR ("^") condition on three or more conditions.' . ' Check your $wgAutopromote and $wgAutopromoteOnce settings.' ); } return $this->recCheckCondition( $cond[1], $user ) xor $this->recCheckCondition( $cond[2], $user ); } elseif ( $cond[0] == '!' ) { // NOT (no conds pass) foreach ( array_slice( $cond, 1 ) as $subcond ) { if ( $this->recCheckCondition( $subcond, $user ) ) { return false; } } return true; } } // If we got here, the array presumably does not contain other conditions; // it's not recursive. Pass it off to checkCondition. if ( !is_array( $cond ) ) { $cond = [ $cond ]; } return $this->checkCondition( $cond, $user ); } /* * As recCheckCondition, but not recursive. The only valid conditions * are those whose first element is one of APCOND_* defined in Defines.php. * Other types will throw an exception if no extension evaluates them. * * @param array $cond A condition, which must not contain other conditions * @param User $user The user to check the condition against * @return bool Whether the condition is true for the user * @throws InvalidArgumentException if autopromote condition was not recognized. * @throws LogicException if APCOND_BLOCKED is checked again before returning a result. / private function checkCondition( array $cond, User $user ): bool { if ( count( $cond ) < 1 ) { return false; } switch ( $cond[0] ) { case APCOND_EMAILCONFIRMED: if ( Sanitizer::validateEmail( $user->getEmail() ) ) { if ( $this->options->get( MainConfigNames::EmailAuthentication ) ) { return (bool)$user->getEmailAuthenticationTimestamp(); } else { return true; } } return false; case APCOND_EDITCOUNT: $reqEditCount = $cond[1] ?? $this->options->get( MainConfigNames::AutoConfirmCount ); // T157718: Avoid edit count lookup if specified edit count is 0 or invalid if ( $reqEditCount <= 0 ) { return true; } return (int)$this->userEditTracker->getUserEditCount( $user ) >= $reqEditCount; case APCOND_AGE: $reqAge = $cond[1] ?? $this->options->get( MainConfigNames::AutoConfirmAge ); $age = time() - (int)wfTimestampOrNull( TS_UNIX, $user->getRegistration() ); return $age >= $reqAge; case APCOND_AGE_FROM_EDIT: $age = time() - (int)wfTimestampOrNull( TS_UNIX, $this->userEditTracker->getFirstEditTimestamp( $user ) ); return $age >= $cond[1]; case APCOND_INGROUPS: $groups = array_slice( $cond, 1 ); return count( array_intersect( $groups, $this->getUserGroups( $user ) ) ) == count( $groups ); case APCOND_ISIP: return $cond[1] == $user->getRequest()->getIP(); case APCOND_IPINRANGE: return IPUtils::isInRange( $user->getRequest()->getIP(), $cond[1] ); case APCOND_BLOCKED: // Because checking for ipblock-exempt leads back to here (thus infinite recursion), // we if we've been here before for this user without having returned a value. // See T270145 and T349608 $userKey = $this->getCacheKey( $user ); if ( $this->recursionMap[$userKey] ?? false ) { throw new LogicException( "Unexpected recursion! APCOND_BLOCKED is being checked during" . " an existing APCOND_BLOCKED check for \"{$user->getName()}\"!" ); } $this->recursionMap[$userKey] = true; // Setting the second parameter here to true prevents us from getting back here // during standard MediaWiki core behavior $block = $user->getBlock( IDBAccessObject::READ_LATEST, true ); $this->recursionMap[$userKey] = false; return $block && $block->isSitewide(); case APCOND_ISBOT: return in_array( 'bot', $this->groupPermissionsLookup ->getGroupPermissions( $this->getUserGroups( $user ) ) ); default: $result = null; $this->hookRunner->onAutopromoteCondition( $cond[0], // @phan-suppress-next-line PhanTypeMismatchArgument Type mismatch on pass-by-ref args array_slice( $cond, 1 ), $user, $result ); if ( $result === null ) { throw new InvalidArgumentException( "Unrecognized condition {$cond[0]} for autopromotion!" ); } return (bool)$result; } } /* * Add the user to the group if he/she meets given criteria. * * Contrary to autopromotion by $wgAutopromote, the group will be * possible to remove manually via Special:UserRights. In such case it * will not be re-added automatically. The user will also not lose the * group if they no longer meet the criteria. * * @param UserIdentity $user User to add to the groups * @param string $event Key in $wgAutopromoteOnce (each event has groups/criteria) * * @return string[] Array of groups the user has been promoted to. * * @see $wgAutopromoteOnce / public function addUserToAutopromoteOnceGroups( UserIdentity $user, string $event ): array { $user->assertWiki( $this->wikiId ); Assert::precondition( !$this->wikiId \|\| WikiMap::isCurrentWikiDbDomain( $this->wikiId ), __METHOD__ . " is not supported for foreign wikis: {$this->wikiId} used" ); if ( $this->readOnlyMode->isReadOnly( $this->wikiId ) \|\| !$user->isRegistered() \|\| $this->tempUserConfig->isTempName( $user->getName() ) ) { return []; } $toPromote = $this->getUserAutopromoteOnceGroups( $user, $event ); if ( $toPromote === [] ) { return []; } $userObj = User::newFromIdentity( $user ); if ( !$userObj->checkAndSetTouched() ) { return []; // raced out (bug T48834) } $oldGroups = $this->getUserGroups( $user ); // previous groups $oldUGMs = $this->getUserGroupMemberships( $user ); $this->addUserToMultipleGroups( $user, $toPromote ); $newGroups = array_merge( $oldGroups, $toPromote ); // all groups $newUGMs = $this->getUserGroupMemberships( $user ); // update groups in external authentication database // TODO: deprecate passing full User object to hook $this->hookRunner->onUserGroupsChanged( $userObj, $toPromote, [], false, false, $oldUGMs, $newUGMs ); $logEntry = new ManualLogEntry( 'rights', 'autopromote' ); $logEntry->setPerformer( $user ); $logEntry->setTarget( $userObj->getUserPage() ); $logEntry->setParameters( [ '4::oldgroups' => $oldGroups, '5::newgroups' => $newGroups, ] ); $logid = $logEntry->insert(); if ( $this->options->get( MainConfigNames::AutopromoteOnceLogInRC ) ) { $logEntry->publish( $logid ); } return $toPromote; } /* * Get the list of explicit group memberships this user has. * The implicit * and user groups are not included. * * @param UserIdentity $user * @param int $queryFlags * @return string[] / public function getUserGroups( UserIdentity $user, int $queryFlags = IDBAccessObject::READ_NORMAL ): array { return array_keys( $this->getUserGroupMemberships( $user, $queryFlags ) ); } /* * Loads and returns UserGroupMembership objects for all the groups a user currently * belongs to. * * @param UserIdentity $user the user to search for * @param int $queryFlags * @return UserGroupMembership[] Associative array of (group name => UserGroupMembership object) / public function getUserGroupMemberships( UserIdentity $user, int $queryFlags = IDBAccessObject::READ_NORMAL ): array { $user->assertWiki( $this->wikiId ); $userKey = $this->getCacheKey( $user ); if ( $this->canUseCachedValues( $user, self::CACHE_MEMBERSHIP, $queryFlags ) && isset( $this->userGroupCache[$userKey][self::CACHE_MEMBERSHIP] ) ) { /* @suppress PhanTypeMismatchReturn / return $this->userGroupCache[$userKey][self::CACHE_MEMBERSHIP]; } if ( !$user->isRegistered() ) { // Anon users don't have groups stored in the database return []; } $queryBuilder = $this->newQueryBuilder( $this->getDBConnectionRefForQueryFlags( $queryFlags ) ); $res = $queryBuilder ->where( [ 'ug_user' => $user->getId( $this->wikiId ) ] ) ->caller( __METHOD__ ) ->fetchResultSet(); $ugms = []; foreach ( $res as $row ) { $ugm = $this->newGroupMembershipFromRow( $row ); if ( !$ugm->isExpired() ) { $ugms[$ugm->getGroup()] = $ugm; } } ksort( $ugms ); $this->setCache( $userKey, self::CACHE_MEMBERSHIP, $ugms, $queryFlags ); return $ugms; } /* * Add the user to the given group. This takes immediate effect. * If the user is already in the group, the expiry time will be updated to the new * expiry time. (If $expiry is omitted or null, the membership will be altered to * never expire.) * * @param UserIdentity $user * @param string $group Name of the group to add * @param string\|null $expiry Optional expiry timestamp in any format acceptable to * wfTimestamp(), or null if the group assignment should not expire * @param bool $allowUpdate Whether to perform "upsert" instead of INSERT * * @throws InvalidArgumentException * @return bool / public function addUserToGroup( UserIdentity $user, string $group, ?string $expiry = null, bool $allowUpdate = false ): bool { $user->assertWiki( $this->wikiId ); if ( $this->readOnlyMode->isReadOnly( $this->wikiId ) ) { return false; } $isTemp = $this->tempUserConfig->isTempName( $user->getName() ); if ( !$user->isRegistered() ) { throw new InvalidArgumentException( 'UserGroupManager::addUserToGroup() needs a positive user ID. ' . 'Perhaps addUserToGroup() was called before the user was added to the database.' ); } if ( $isTemp ) { throw new InvalidArgumentException( 'UserGroupManager::addUserToGroup() cannot be called on a temporary user.' ); } if ( $expiry ) { $expiry = wfTimestamp( TS_MW, $expiry ); } // TODO: Deprecate passing out user object in the hook by introducing // an alternative hook if ( $this->hookContainer->isRegistered( 'UserAddGroup' ) ) { $userObj = User::newFromIdentity( $user ); $userObj->load(); if ( !$this->hookRunner->onUserAddGroup( $userObj, $group, $expiry ) ) { return false; } } $oldUgms = $this->getUserGroupMemberships( $user, IDBAccessObject::READ_LATEST ); $dbw = $this->dbProvider->getPrimaryDatabase( $this->wikiId ); $dbw->startAtomic( __METHOD__ ); $dbw->newInsertQueryBuilder() ->insertInto( 'user_groups' ) ->ignore() ->row( [ 'ug_user' => $user->getId( $this->wikiId ), 'ug_group' => $group, 'ug_expiry' => $expiry ? $dbw->timestamp( $expiry ) : null, ] ) ->caller( __METHOD__ )->execute(); $affected = $dbw->affectedRows(); if ( !$affected ) { // Conflicting row already exists; it should be overridden if it is either expired // or if $allowUpdate is true and the current row is different than the loaded row. $conds = [ 'ug_user' => $user->getId( $this->wikiId ), 'ug_group' => $group ]; if ( $allowUpdate ) { // Update the current row if its expiry does not match that of the loaded row $conds[] = $expiry ? $dbw->expr( 'ug_expiry', '=', null ) ->or( 'ug_expiry', '!=', $dbw->timestamp( $expiry ) ) : $dbw->expr( 'ug_expiry', '!=', null ); } else { // Update the current row if it is expired $conds[] = $dbw->expr( 'ug_expiry', '<', $dbw->timestamp() ); } $dbw->newUpdateQueryBuilder() ->update( 'user_groups' ) ->set( [ 'ug_expiry' => $expiry ? $dbw->timestamp( $expiry ) : null ] ) ->where( $conds ) ->caller( __METHOD__ )->execute(); $affected = $dbw->affectedRows(); } $dbw->endAtomic( __METHOD__ ); // Purge old, expired memberships from the DB DeferredUpdates::addCallableUpdate( function ( $fname ) { $dbr = $this->dbProvider->getReplicaDatabase( $this->wikiId ); $hasExpiredRow = (bool)$dbr->newSelectQueryBuilder() ->select( '1' ) ->from( 'user_groups' ) ->where( [ $dbr->expr( 'ug_expiry', '<', $dbr->timestamp() ) ] ) ->caller( $fname ) ->fetchField(); if ( $hasExpiredRow ) { $this->jobQueueGroup->push( new UserGroupExpiryJob( [] ) ); } } ); if ( $affected > 0 ) { $oldUgms[$group] = new UserGroupMembership( $user->getId( $this->wikiId ), $group, $expiry ); if ( !$oldUgms[$group]->isExpired() ) { $this->setCache( $this->getCacheKey( $user ), self::CACHE_MEMBERSHIP, $oldUgms, IDBAccessObject::READ_LATEST ); $this->clearUserCacheForKind( $user, self::CACHE_EFFECTIVE ); } foreach ( $this->clearCacheCallbacks as $callback ) { $callback( $user ); } return true; } return false; } /* * Add the user to the given list of groups. * * @since 1.37 * * @param UserIdentity $user * @param string[] $groups Names of the groups to add * @param string\|null $expiry Optional expiry timestamp in any format acceptable to * wfTimestamp(), or null if the group assignment should not expire * @param bool $allowUpdate Whether to perform "upsert" instead of INSERT * * @throws InvalidArgumentException / public function addUserToMultipleGroups( UserIdentity $user, array $groups, ?string $expiry = null, bool $allowUpdate = false ) { foreach ( $groups as $group ) { $this->addUserToGroup( $user, $group, $expiry, $allowUpdate ); } } /* * Remove the user from the given group. This takes immediate effect. * * @param UserIdentity $user * @param string $group Name of the group to remove * @throws InvalidArgumentException * @return bool / public function removeUserFromGroup( UserIdentity $user, string $group ): bool { $user->assertWiki( $this->wikiId ); // TODO: Deprecate passing out user object in the hook by introducing // an alternative hook if ( $this->hookContainer->isRegistered( 'UserRemoveGroup' ) ) { $userObj = User::newFromIdentity( $user ); $userObj->load(); if ( !$this->hookRunner->onUserRemoveGroup( $userObj, $group ) ) { return false; } } if ( $this->readOnlyMode->isReadOnly( $this->wikiId ) ) { return false; } if ( !$user->isRegistered() ) { throw new InvalidArgumentException( 'UserGroupManager::removeUserFromGroup() needs a positive user ID. ' . 'Perhaps removeUserFromGroup() was called before the user was added to the database.' ); } $oldUgms = $this->getUserGroupMemberships( $user, IDBAccessObject::READ_LATEST ); $oldFormerGroups = $this->getUserFormerGroups( $user, IDBAccessObject::READ_LATEST ); $dbw = $this->dbProvider->getPrimaryDatabase( $this->wikiId ); $dbw->newDeleteQueryBuilder() ->deleteFrom( 'user_groups' ) ->where( [ 'ug_user' => $user->getId( $this->wikiId ), 'ug_group' => $group ] ) ->caller( __METHOD__ )->execute(); if ( !$dbw->affectedRows() ) { return false; } // Remember that the user was in this group $dbw->newInsertQueryBuilder() ->insertInto( 'user_former_groups' ) ->ignore() ->row( [ 'ufg_user' => $user->getId( $this->wikiId ), 'ufg_group' => $group ] ) ->caller( __METHOD__ )->execute(); unset( $oldUgms[$group] ); $userKey = $this->getCacheKey( $user ); $this->setCache( $userKey, self::CACHE_MEMBERSHIP, $oldUgms, IDBAccessObject::READ_LATEST ); $oldFormerGroups[] = $group; $this->setCache( $userKey, self::CACHE_FORMER, $oldFormerGroups, IDBAccessObject::READ_LATEST ); $this->clearUserCacheForKind( $user, self::CACHE_EFFECTIVE ); foreach ( $this->clearCacheCallbacks as $callback ) { $callback( $user ); } return true; } /* * Return the query builder to build upon and query * * @param IReadableDatabase $db * @return SelectQueryBuilder * @internal / public function newQueryBuilder( IReadableDatabase $db ): SelectQueryBuilder { return $db->newSelectQueryBuilder() ->select( [ 'ug_user', 'ug_group', 'ug_expiry', ] ) ->from( 'user_groups' ); } /* * Purge expired memberships from the user_groups table * @internal * @note this could be slow and is intended for use in a background job * @return int\|false false if purging wasn't attempted (e.g. because of * readonly), the number of rows purged (might be 0) otherwise / public function purgeExpired() { if ( $this->readOnlyMode->isReadOnly( $this->wikiId ) ) { return false; } $ticket = $this->dbProvider->getEmptyTransactionTicket( __METHOD__ ); $dbw = $this->dbProvider->getPrimaryDatabase( $this->wikiId ); $lockKey = "{$dbw->getDomainID()}:UserGroupManager:purge"; // per-wiki $scopedLock = $dbw->getScopedLockAndFlush( $lockKey, __METHOD__, 0 ); if ( !$scopedLock ) { return false; // already running } $now = time(); $purgedRows = 0; do { $dbw->startAtomic( __METHOD__ ); $res = $this->newQueryBuilder( $dbw ) ->where( [ $dbw->expr( 'ug_expiry', '<', $dbw->timestamp( $now ) ) ] ) ->forUpdate() ->limit( 100 ) ->caller( __METHOD__ ) ->fetchResultSet(); if ( $res->numRows() > 0 ) { $insertData = []; // array of users/groups to insert to user_former_groups $deleteCond = []; // array for deleting the rows that are to be moved around foreach ( $res as $row ) { $insertData[] = [ 'ufg_user' => $row->ug_user, 'ufg_group' => $row->ug_group ]; $deleteCond[] = $dbw ->expr( 'ug_user', '=', $row->ug_user ) ->and( 'ug_group', '=', $row->ug_group ); } // Delete the rows we're about to move $dbw->newDeleteQueryBuilder() ->deleteFrom( 'user_groups' ) ->where( $dbw->orExpr( $deleteCond ) ) ->caller( __METHOD__ )->execute(); // Push the groups to user_former_groups $dbw->newInsertQueryBuilder() ->insertInto( 'user_former_groups' ) ->ignore() ->rows( $insertData ) ->caller( __METHOD__ )->execute(); // Count how many rows were purged $purgedRows += $res->numRows(); } $dbw->endAtomic( __METHOD__ ); $this->dbProvider->commitAndWaitForReplication( __METHOD__, $ticket ); } while ( $res->numRows() > 0 ); return $purgedRows; } /* * @param array $config * @param string $group * @return string[] / private function expandChangeableGroupConfig( array $config, string $group ): array { if ( empty( $config[$group] ) ) { return []; } elseif ( $config[$group] === true ) { // You get everything return $this->listAllGroups(); } elseif ( is_array( $config[$group] ) ) { return $config[$group]; } return []; } /* * Returns an array of the groups that a particular group can add/remove. * * @since 1.37 * @param string $group The group to check for whether it can add/remove * @return array [ * 'add' => [ addablegroups ], * 'remove' => [ removablegroups ], * 'add-self' => [ addablegroups to self ], * 'remove-self' => [ removable groups from self ] ] / public function getGroupsChangeableByGroup( string $group ): array { return [ 'add' => $this->expandChangeableGroupConfig( $this->options->get( MainConfigNames::AddGroups ), $group ), 'remove' => $this->expandChangeableGroupConfig( $this->options->get( MainConfigNames::RemoveGroups ), $group ), 'add-self' => $this->expandChangeableGroupConfig( $this->options->get( MainConfigNames::GroupsAddToSelf ), $group ), 'remove-self' => $this->expandChangeableGroupConfig( $this->options->get( MainConfigNames::GroupsRemoveFromSelf ), $group ), ]; } /* * Returns an array of groups that this $actor can add and remove. * * @since 1.37 * @param Authority $authority * @return array [ * 'add' => [ addablegroups ], * 'remove' => [ removablegroups ], * 'add-self' => [ addablegroups to self ], * 'remove-self' => [ removable groups from self ] * ] * @phan-return array{add:list<string>,remove:list<string>,add-self:list<string>,remove-self:list<string>} / public function getGroupsChangeableBy( Authority $authority ): array { if ( $authority->isAllowed( 'userrights' ) ) { // This group gives the right to modify everything (reverse- // compatibility with old "userrights lets you change // everything") // Using array_merge to make the groups reindexed $all = array_merge( $this->listAllGroups() ); return [ 'add' => $all, 'remove' => $all, 'add-self' => [], 'remove-self' => [] ]; } // Okay, it's not so simple, we will have to go through the arrays $groups = [ 'add' => [], 'remove' => [], 'add-self' => [], 'remove-self' => [] ]; $actorGroups = $this->getUserEffectiveGroups( $authority->getUser() ); foreach ( $actorGroups as $actorGroup ) { $groups = array_merge_recursive( $groups, $this->getGroupsChangeableByGroup( $actorGroup ) ); $groups['add'] = array_unique( $groups['add'] ); $groups['remove'] = array_unique( $groups['remove'] ); $groups['add-self'] = array_unique( $groups['add-self'] ); $groups['remove-self'] = array_unique( $groups['remove-self'] ); } return $groups; } /* * Cleans cached group memberships for a given user * * @param UserIdentity $user / public function clearCache( UserIdentity $user ) { $user->assertWiki( $this->wikiId ); $userKey = $this->getCacheKey( $user ); unset( $this->userGroupCache[$userKey] ); unset( $this->queryFlagsUsedForCaching[$userKey] ); } /* * Sets cached group memberships and query flags for a given user * * @param string $userKey * @param string $cacheKind one of self::CACHE_KIND_* constants * @param array $groupValue * @param int $queryFlags / private function setCache( string $userKey, string $cacheKind, array $groupValue, int $queryFlags ) { $this->userGroupCache[$userKey][$cacheKind] = $groupValue; $this->queryFlagsUsedForCaching[$userKey][$cacheKind] = $queryFlags; } /* * Clears a cached group membership and query key for a given user * * @param UserIdentity $user * @param string $cacheKind one of self::CACHE_* constants / private function clearUserCacheForKind( UserIdentity $user, string $cacheKind ) { $userKey = $this->getCacheKey( $user ); unset( $this->userGroupCache[$userKey][$cacheKind] ); unset( $this->queryFlagsUsedForCaching[$userKey][$cacheKind] ); } /* * @param int $recency a bit field composed of IDBAccessObject::READ_XXX flags * @return IReadableDatabase / private function getDBConnectionRefForQueryFlags( int $recency ): IReadableDatabase { if ( ( IDBAccessObject::READ_LATEST & $recency ) == IDBAccessObject::READ_LATEST ) { return $this->dbProvider->getPrimaryDatabase( $this->wikiId ); } return $this->dbProvider->getReplicaDatabase( $this->wikiId ); } /* * Gets a unique key for various caches. * @param UserIdentity $user * @return string / private function getCacheKey( UserIdentity $user ): string { return $user->isRegistered() ? "u:{$user->getId( $this->wikiId )}" : "anon:{$user->getName()}"; } /* * Determines if it's ok to use cached options values for a given user and query flags * @param UserIdentity $user * @param string $cacheKind one of self::CACHE_* constants * @param int $queryFlags * @return bool / private function canUseCachedValues( UserIdentity $user, string $cacheKind, int $queryFlags ): bool { if ( !$user->isRegistered() ) { // Anon users don't have groups stored in the database, // so $queryFlags are ignored. return true; } if ( $queryFlags >= IDBAccessObject::READ_LOCKING ) { return false; } $userKey = $this->getCacheKey( $user ); $queryFlagsUsed = $this->queryFlagsUsedForCaching[$userKey][$cacheKind] ?? IDBAccessObject::READ_NONE; return $queryFlagsUsed >= $queryFlags; } } PK��!��'��UserIdentityUtils.phpnu��Iw��<?php namespace MediaWiki\User; use MediaWiki\User\TempUser\TempUserConfig; /* * Convenience functions for interpreting UserIdentity objects using additional * services or config. * * @since 1.41 / class UserIdentityUtils { private TempUserConfig $tempUserConfig; /* * @internal * * @param TempUserConfig $tempUserConfig / public function __construct( TempUserConfig $tempUserConfig ) { $this->tempUserConfig = $tempUserConfig; } /* * Is the user a temporary user? * * @param UserIdentity $user * @return bool / public function isTemp( UserIdentity $user ) { return $this->tempUserConfig->isTempName( $user->getName() ); } /* * Is the user a normal non-temporary registered user? * * @param UserIdentity $user * @return bool / public function isNamed( UserIdentity $user ) { return $user->isRegistered() && !$this->tempUserConfig->isTempName( $user->getName() ); } } PK��!�UT)�Z��Z��UserEditTracker.phpnu��Iw��<?php namespace MediaWiki\User; use InvalidArgumentException; use JobQueueGroup; use MediaWiki\Deferred\DeferredUpdates; use MediaWiki\Deferred\UserEditCountUpdate; use UserEditCountInitJob; use Wikimedia\Rdbms\DBAccessObjectUtils; use Wikimedia\Rdbms\IConnectionProvider; use Wikimedia\Rdbms\IDBAccessObject; use Wikimedia\Rdbms\SelectQueryBuilder; use Wikimedia\Timestamp\ConvertibleTimestamp; /* * Track info about user edit counts and timings * * @since 1.35 * @author DannyS712 / class UserEditTracker { private const FIRST_EDIT = 1; private const LATEST_EDIT = 2; private ActorNormalization $actorNormalization; private IConnectionProvider $dbProvider; private JobQueueGroup $jobQueueGroup; /* * @var int[] * * Mapping of user id to edit count for caching * To avoid using non-sequential numerical keys, keys are in the form: `u⧼user id⧽` / private $userEditCountCache = []; /* * @param ActorNormalization $actorNormalization * @param IConnectionProvider $dbProvider * @param JobQueueGroup $jobQueueGroup / public function __construct( ActorNormalization $actorNormalization, IConnectionProvider $dbProvider, JobQueueGroup $jobQueueGroup ) { $this->actorNormalization = $actorNormalization; $this->dbProvider = $dbProvider; $this->jobQueueGroup = $jobQueueGroup; } /* * Get a user's edit count from the user_editcount field, falling back to initialize * * @param UserIdentity $user * @return int\|null Null for anonymous users / public function getUserEditCount( UserIdentity $user ): ?int { $userId = $user->getId(); if ( !$userId ) { return null; } $cacheKey = 'u' . $userId; if ( isset( $this->userEditCountCache[ $cacheKey ] ) ) { return $this->userEditCountCache[ $cacheKey ]; } $count = $this->dbProvider->getReplicaDatabase()->newSelectQueryBuilder() ->select( 'user_editcount' ) ->from( 'user' ) ->where( [ 'user_id' => $userId ] ) ->caller( __METHOD__ )->fetchField(); if ( $count === null ) { // it has not been initialized. do so. $count = $this->initializeUserEditCount( $user ); } $this->userEditCountCache[ $cacheKey ] = $count; return $count; } /* * @internal For use in UserEditCountUpdate class * @param UserIdentity $user * @return int / public function initializeUserEditCount( UserIdentity $user ): int { $dbr = $this->dbProvider->getReplicaDatabase(); $count = (int)$dbr->newSelectQueryBuilder() ->select( 'COUNT()' ) ->from( 'revision' ) ->where( [ 'rev_actor' => $this->actorNormalization->findActorId( $user, $dbr ) ] ) ->caller( __METHOD__ ) ->fetchField(); // Defer updating the edit count via a job (T259719) $this->jobQueueGroup->push( new UserEditCountInitJob( [ 'userId' => $user->getId(), 'editCount' => $count, ] ) ); return $count; } /** * Schedule a job to increase a user's edit count * * @since 1.37 * @param UserIdentity $user / public function incrementUserEditCount( UserIdentity $user ) { if ( !$user->getId() ) { // Can't store editcount without user row (i.e. unregistered) return; } DeferredUpdates::addUpdate( new UserEditCountUpdate( $user, 1 ), DeferredUpdates::POSTSEND ); } /* * Get the user's first edit timestamp * * @param UserIdentity $user * @param int $flags bit field, see IDBAccessObject::READ_XXX * @return string\|false Timestamp of first edit, or false for non-existent/anonymous user * accounts. / public function getFirstEditTimestamp( UserIdentity $user, int $flags = IDBAccessObject::READ_NORMAL ) { return $this->getUserEditTimestamp( $user, self::FIRST_EDIT, $flags ); } /* * Get the user's latest edit timestamp * * @param UserIdentity $user * @param int $flags bit field, see IDBAccessObject::READ_XXX * @return string\|false Timestamp of latest edit, or false for non-existent/anonymous user * accounts. / public function getLatestEditTimestamp( UserIdentity $user, int $flags = IDBAccessObject::READ_NORMAL ) { return $this->getUserEditTimestamp( $user, self::LATEST_EDIT, $flags ); } /* * Get the timestamp of a user's edit, either their first or latest * * @param UserIdentity $user * @param int $type either self::FIRST_EDIT or ::LATEST_EDIT * @param int $flags bit field, see IDBAccessObject::READ_XXX * @return string\|false Timestamp of edit, or false for non-existent/anonymous user accounts. / private function getUserEditTimestamp( UserIdentity $user, int $type, int $flags = IDBAccessObject::READ_NORMAL ) { if ( !$user->getId() ) { return false; } $db = DBAccessObjectUtils::getDBFromRecency( $this->dbProvider, $flags ); $sortOrder = ( $type === self::FIRST_EDIT ) ? SelectQueryBuilder::SORT_ASC : SelectQueryBuilder::SORT_DESC; $time = $db->newSelectQueryBuilder() ->select( 'rev_timestamp' ) ->from( 'revision' ) ->where( [ 'rev_actor' => $this->actorNormalization->findActorId( $user, $db ) ] ) ->orderBy( 'rev_timestamp', $sortOrder ) ->caller( __METHOD__ ) ->fetchField(); if ( !$time ) { return false; // no edits } return ConvertibleTimestamp::convert( TS_MW, $time ); } /* * @internal For use by User::clearInstanceCache() * @param UserIdentity $user / public function clearUserEditCache( UserIdentity $user ) { $userId = $user->getId(); if ( !$userId ) { return; } $cacheKey = 'u' . $userId; unset( $this->userEditCountCache[ $cacheKey ] ); } /* * @internal For use by User::loadFromRow() and tests * @param UserIdentity $user * @param int $editCount * @throws InvalidArgumentException If the user is not registered / public function setCachedUserEditCount( UserIdentity $user, int $editCount ) { $userId = $user->getId(); if ( !$userId ) { throw new InvalidArgumentException( __METHOD__ . ' with an anonymous user' ); } $cacheKey = 'u' . $userId; $this->userEditCountCache[ $cacheKey ] = $editCount; } } PK��!� -��r��r��UserArrayFromResult.phpnu��Iw��<?php /* * Class to walk into a list of User objects. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User; use Countable; use stdClass; use Wikimedia\Rdbms\IResultWrapper; class UserArrayFromResult extends UserArray implements Countable { /* @var IResultWrapper / public $res; /* @var int / public $key; /* @var User\|false / public $current; /* * @param IResultWrapper $res / public function __construct( $res ) { $this->res = $res; $this->key = 0; $this->setCurrent( $this->res->current() ); } /* * @param stdClass\|false $row * @return void / protected function setCurrent( $row ) { if ( $row === false ) { $this->current = false; } else { $this->current = User::newFromRow( $row ); } } /* * @return int / public function count(): int { return $this->res->numRows(); } public function current(): User { return $this->current; } public function key(): int { return $this->key; } public function next(): void { $row = $this->res->fetchObject(); $this->setCurrent( $row ); $this->key++; } public function rewind(): void { $this->res->rewind(); $this->key = 0; $this->setCurrent( $this->res->current() ); } /* * @return bool / public function valid(): bool { return $this->current !== false; } } /* @deprecated class alias since 1.41 / class_alias( UserArrayFromResult::class, 'UserArrayFromResult' ); PK��!��\|&N ��N ��UserNamePrefixSearch.phpnu��Iw��<?php /* * Prefix search of user names. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User; use InvalidArgumentException; use MediaWiki\Block\HideUserUtils; use MediaWiki\Permissions\Authority; use Wikimedia\Rdbms\IConnectionProvider; use Wikimedia\Rdbms\IExpression; use Wikimedia\Rdbms\LikeValue; /* * Handles searching prefixes of user names * * @note There are two classes called UserNamePrefixSearch. You should use this first one, in * namespace MediaWiki\User, which is a service. \UserNamePrefixSearch is a deprecated static wrapper * that forwards to the global service. * * @since 1.36 as a service in the current namespace * @author DannyS712 / class UserNamePrefixSearch { public const AUDIENCE_PUBLIC = 'public'; private IConnectionProvider $dbProvider; private UserNameUtils $userNameUtils; private HideUserUtils $hideUserUtils; /* * @param IConnectionProvider $dbProvider * @param UserNameUtils $userNameUtils * @param HideUserUtils $hideUserUtils / public function __construct( IConnectionProvider $dbProvider, UserNameUtils $userNameUtils, HideUserUtils $hideUserUtils ) { $this->dbProvider = $dbProvider; $this->userNameUtils = $userNameUtils; $this->hideUserUtils = $hideUserUtils; } /* * Do a prefix search of user names and return a list of matching user names. * * @param string\|Authority $audience Either AUDIENCE_PUBLIC or a user to * show the search for * @param string $search * @param int $limit * @param int $offset How many results to offset from the beginning * @return string[] * @throws InvalidArgumentException if $audience is invalid / public function search( $audience, string $search, int $limit, int $offset = 0 ): array { if ( $audience !== self::AUDIENCE_PUBLIC && !( $audience instanceof Authority ) ) { throw new InvalidArgumentException( '$audience must be AUDIENCE_PUBLIC or an Authority object' ); } // Invalid user names are treated as empty strings $prefix = $this->userNameUtils->getCanonical( $search ) ?: ''; $dbr = $this->dbProvider->getReplicaDatabase(); $queryBuilder = $dbr->newSelectQueryBuilder() ->select( 'user_name' ) ->from( 'user' ) ->where( $dbr->expr( 'user_name', IExpression::LIKE, new LikeValue( $prefix, $dbr->anyString() ) ) ) ->orderBy( 'user_name' ) ->limit( $limit ) ->offset( $offset ); // Filter out hidden user names if ( $audience === self::AUDIENCE_PUBLIC \|\| !$audience->isAllowed( 'hideuser' ) ) { $queryBuilder->andWhere( $this->hideUserUtils->getExpression( $dbr ) ); } return $queryBuilder->caller( __METHOD__ )->fetchFieldValues(); } } PK��!��A�� ActorMigration.phpnu��Iw��<?php namespace MediaWiki\User; use MediaWiki\MediaWikiServices; use Wikimedia\Rdbms\IDatabase; use Wikimedia\Rdbms\IReadableDatabase; /* * This is not intended to be a long-term part of MediaWiki; it will be * deprecated and removed once actor migration is complete. * * @since 1.31 * @since 1.34 Use with 'ar_user', 'img_user', 'oi_user', 'fa_user', * 'rc_user', 'log_user', and 'ipb_by' is deprecated. Callers should * reference the corresponding actor fields directly. * @deprecated since 1.39 / class ActorMigration extends ActorMigrationBase { /* * Constant for extensions to feature-test whether $wgActorTableSchemaMigrationStage * (in MW <1.34) expects MIGRATION_* or SCHEMA_COMPAT_* / public const MIGRATION_STAGE_SCHEMA_COMPAT = 1; /* * Field information * @see ActorMigrationBase::getFieldInfo() / public const FIELD_INFOS = [ // Deprecated since 1.39 'rev_user' => [], ]; /* * Static constructor * @return self / public static function newMigration() { return MediaWikiServices::getInstance()->getActorMigration(); } /* * Static constructor * @return self / public static function newMigrationForImport() { $migration = new self( MediaWikiServices::getInstance()->getActorStoreFactory() ); $migration->setForImport( true ); return $migration; } /* * @internal * * @param ActorStoreFactory $actorStoreFactory / public function __construct( ActorStoreFactory $actorStoreFactory ) { parent::__construct( self::FIELD_INFOS, SCHEMA_COMPAT_NEW, $actorStoreFactory ); } /* * @inheritDoc * @deprecated since 1.39 Use `{table} JOIN actor ON {table_prefix}_actor = actor_id` * E.g. for key=rev_user, use `revision JOIN actor ON rev_actor = actor_id` / public function getJoin( $key ) { return parent::getJoin( $key ); } /* * @inheritDoc * @deprecated since 1.39 Use `{table_prefix}_actor IN ({list of actor IDs})`. * E.g. for key=rev_user, use `rev_actor IN ({list of actor IDs})`. * Use `MediaWikiServices::getInstance()->getActorNormalization() * ->findActorId( $user, $db )` to get the actor ID for a given user. / public function getWhere( IReadableDatabase $db, $key, $users, $useId = true ) { return parent::getWhere( $db, $key, $users, $useId ); } /* * @inheritDoc * @deprecated since 1.39 Use `[ '{table_prefix}_actor' => MediaWikiServices::getInstance() * ->getActorNormalization()->acquireActorId( $user, $dbw ) ]` * E.g. for key=log_user, use `[ 'log_actor' => ... ]` / public function getInsertValues( IDatabase $dbw, $key, UserIdentity $user ) { return parent::getInsertValues( $dbw, $key, $user ); } } /* @deprecated class alias since 1.40 / class_alias( ActorMigration::class, 'ActorMigration' ); PK��!�<�iW����Registration/IUserRegistrationProvider.phpnu��Iw��<?php namespace MediaWiki\User\Registration; use MediaWiki\User\UserIdentity; /** * @since 1.41 * @stable to implement / interface IUserRegistrationProvider { /* * Get user registration timestamp * * @param UserIdentity $user * @return string\|false\|null Registration timestamp, null if not available or false if it * cannot be fetched (anonymous users, for example). / public function fetchRegistration( UserIdentity $user ); } PK��!� \B��.��Registration/LocalUserRegistrationProvider.phpnu��Iw��<?php namespace MediaWiki\User\Registration; use MediaWiki\User\UserFactory; use MediaWiki\User\UserIdentity; class LocalUserRegistrationProvider implements IUserRegistrationProvider { public const TYPE = 'local'; private UserFactory $userFactory; /* * @param UserFactory $userFactory / public function __construct( UserFactory $userFactory ) { $this->userFactory = $userFactory; } /* * @inheritDoc / public function fetchRegistration( UserIdentity $user ) { // TODO: Factor this out from User::getRegistration to this method (T352871) $user = $this->userFactory->newFromUserIdentity( $user ); return $user->getRegistration(); } } PK��!��'��Registration/UserRegistrationLookup.phpnu��Iw��<?php namespace MediaWiki\User\Registration; use InvalidArgumentException; use MediaWiki\Config\ServiceOptions; use MediaWiki\MainConfigNames; use MediaWiki\MainConfigSchema; use MediaWiki\User\UserIdentity; use Wikimedia\ObjectFactory\ObjectFactory; /* * @since 1.41 / class UserRegistrationLookup { /* * @internal for use in ServiceWiring * @var string[] Config names to require / public const CONSTRUCTOR_OPTIONS = [ MainConfigNames::UserRegistrationProviders, ]; /* @var array ObjectFactory specs indexed by provider name / private array $providersSpecs; /* @var IUserRegistrationProvider[] Constructed registration providers indexed by name / private array $providers = []; private ObjectFactory $objectFactory; public function __construct( ServiceOptions $options, ObjectFactory $objectFactory ) { $options->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS ); $this->providersSpecs = $options->get( MainConfigNames::UserRegistrationProviders ); $this->objectFactory = $objectFactory; } /* * Is a registration provider registered? * * @see MainConfigSchema::UserRegistrationLookupProviders * @param string $type * @return bool / public function isRegistered( string $type ): bool { return array_key_exists( $type, $this->providersSpecs ); } /* * Construct a registration provider, if needed * * @param string $type * @return IUserRegistrationProvider / private function getProvider( string $type ): IUserRegistrationProvider { if ( !$this->isRegistered( $type ) ) { throw new InvalidArgumentException( 'Registration provider ' . $type . ' is not registered' ); } if ( !array_key_exists( $type, $this->providers ) ) { $this->providers[$type] = $this->objectFactory->createObject( $this->providersSpecs[$type], [ 'assertClass' => IUserRegistrationProvider::class ] ); } return $this->providers[$type]; } /* * @param UserIdentity $user User for which registration should be fetched. * @param string $type Name of a registered registration provider * @return string\|null\|false Registration timestamp, null if not available or false if it * cannot be fetched (anonymous users, for example). / public function getRegistration( UserIdentity $user, string $type = LocalUserRegistrationProvider::TYPE ) { return $this->getProvider( $type )->fetchRegistration( $user ); } /* * Find the first registration timestamp for a given user * * Note this invokes _all_ registered providers. * * @param UserIdentity $user * @return string\|null Earliest registration timestamp, null if not available. / public function getFirstRegistration( UserIdentity $user ): ?string { $registrationTimestampsUnix = []; foreach ( $this->providersSpecs as $providerKey => $_ ) { $registrationTimestampRaw = $this->getRegistration( $user, $providerKey ); if ( !is_string( $registrationTimestampRaw ) ) { // Provider was unable to return a registration timestamp for $providerKey, skip // them. continue; } $registrationTimestampsUnix[] = (int)wfTimestamp( TS_UNIX, $registrationTimestampRaw ); } if ( $registrationTimestampsUnix === [] ) { return null; } return wfTimestamp( TS_MW, min( $registrationTimestampsUnix ) ); } } PK��!�=��UserEditCountInitJob.phpnu��Iw��<?php /* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / use MediaWiki\MediaWikiServices; /* * Job that initializes an user's edit count. * * This is used by UserEditTracker when a user's editcount isn't yet set. * * The following job parameters are required: * - userId: the user ID * - editCount: new edit count to set * * @internal For use by \MediaWiki\User\UserEditTracker * @since 1.36 / class UserEditCountInitJob extends Job implements GenericParameterJob { public function __construct( array $params ) { parent::__construct( 'userEditCountInit', $params ); $this->removeDuplicates = true; } public function run() { $dbw = MediaWikiServices::getInstance()->getConnectionProvider()->getPrimaryDatabase(); $dbw->newUpdateQueryBuilder() ->update( 'user' ) ->set( [ 'user_editcount' => $this->params['editCount'] ] ) ->where( [ 'user_id' => $this->params['userId'], $dbw->expr( 'user_editcount', '=', null )->or( 'user_editcount', '<', $this->params['editCount'] ) ] ) ->caller( __METHOD__ )->execute(); return true; } } PK��!�� :�� :��BotPassword.phpnu��Iw��<?php /* * Utility class for bot passwords * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html / namespace MediaWiki\User; use MediaWiki\Auth\AuthenticationResponse; use MediaWiki\Auth\Throttler; use MediaWiki\Config\Config; use MediaWiki\HookContainer\HookRunner; use MediaWiki\Json\FormatJson; use MediaWiki\MainConfigNames; use MediaWiki\MediaWikiServices; use MediaWiki\Password\InvalidPassword; use MediaWiki\Password\Password; use MediaWiki\Password\PasswordError; use MediaWiki\Password\PasswordFactory; use MediaWiki\Request\WebRequest; use MediaWiki\Session\BotPasswordSessionProvider; use MediaWiki\Session\SessionManager; use MediaWiki\Status\Status; use MWRestrictions; use stdClass; use UnexpectedValueException; use Wikimedia\Rdbms\IDatabase; use Wikimedia\Rdbms\IDBAccessObject; use Wikimedia\Rdbms\IReadableDatabase; /* * Utility class for bot passwords * @since 1.27 / class BotPassword { public const APPID_MAXLENGTH = 32; /* * Minimum length for a bot password / public const PASSWORD_MINLENGTH = 32; /* * Maximum length of the json representation of restrictions * @since 1.36 / public const RESTRICTIONS_MAXLENGTH = 65535; /* * Maximum length of the json representation of grants * @since 1.36 / public const GRANTS_MAXLENGTH = 65535; /* @var bool / private $isSaved; /* @var int / private $centralId; /* @var string / private $appId; /* @var string / private $token; /* @var MWRestrictions / private $restrictions; /* @var string[] / private $grants; /* @var int Defaults to {@see READ_NORMAL} / private $flags; /* * @internal only public for construction in BotPasswordStore * * @param stdClass $row bot_passwords database row * @param bool $isSaved Whether the bot password was read from the database * @param int $flags IDBAccessObject read flags / public function __construct( $row, $isSaved, $flags = IDBAccessObject::READ_NORMAL ) { $this->isSaved = $isSaved; $this->flags = $flags; $this->centralId = (int)$row->bp_user; $this->appId = $row->bp_app_id; $this->token = $row->bp_token; $this->restrictions = MWRestrictions::newFromJson( $row->bp_restrictions ); $this->grants = FormatJson::decode( $row->bp_grants ); } public static function getReplicaDatabase(): IReadableDatabase { return MediaWikiServices::getInstance() ->getBotPasswordStore() ->getReplicaDatabase(); } public static function getPrimaryDatabase(): IDatabase { return MediaWikiServices::getInstance() ->getBotPasswordStore() ->getPrimaryDatabase(); } /* * Load a BotPassword from the database * @param UserIdentity $userIdentity * @param string $appId * @param int $flags IDBAccessObject read flags * @return BotPassword\|null / public static function newFromUser( UserIdentity $userIdentity, $appId, $flags = IDBAccessObject::READ_NORMAL ) { return MediaWikiServices::getInstance() ->getBotPasswordStore() ->getByUser( $userIdentity, (string)$appId, (int)$flags ); } /* * Load a BotPassword from the database * @param int $centralId from CentralIdLookup * @param string $appId * @param int $flags IDBAccessObject read flags * @return BotPassword\|null / public static function newFromCentralId( $centralId, $appId, $flags = IDBAccessObject::READ_NORMAL ) { return MediaWikiServices::getInstance() ->getBotPasswordStore() ->getByCentralId( (int)$centralId, (string)$appId, (int)$flags ); } /* * Create an unsaved BotPassword * @param array $data Data to use to create the bot password. Keys are: * - user: (UserIdentity) UserIdentity to create the password for. Overrides username and centralId. * - username: (string) Username to create the password for. Overrides centralId. * - centralId: (int) User central ID to create the password for. * - appId: (string, required) App ID for the password. * - restrictions: (MWRestrictions, optional) Restrictions. * - grants: (string[], optional) Grants. * @param int $flags IDBAccessObject read flags * @return BotPassword\|null / public static function newUnsaved( array $data, $flags = IDBAccessObject::READ_NORMAL ) { return MediaWikiServices::getInstance() ->getBotPasswordStore() ->newUnsavedBotPassword( $data, (int)$flags ); } /* * Indicate whether this is known to be saved * @return bool / public function isSaved() { return $this->isSaved; } /* * Get the central user ID * @return int / public function getUserCentralId() { return $this->centralId; } /* * @return string / public function getAppId() { return $this->appId; } /* * @return string / public function getToken() { return $this->token; } /* * @return MWRestrictions / public function getRestrictions() { return $this->restrictions; } /* * @return string[] / public function getGrants() { return $this->grants; } /* * Get the separator for combined username + app ID * @return string / public static function getSeparator() { $userrightsInterwikiDelimiter = MediaWikiServices::getInstance() ->getMainConfig()->get( MainConfigNames::UserrightsInterwikiDelimiter ); return $userrightsInterwikiDelimiter; } /* * @return Password / private function getPassword() { if ( ( $this->flags & IDBAccessObject::READ_LATEST ) == IDBAccessObject::READ_LATEST ) { $db = self::getPrimaryDatabase(); } else { $db = self::getReplicaDatabase(); } $password = $db->newSelectQueryBuilder() ->select( 'bp_password' ) ->from( 'bot_passwords' ) ->where( [ 'bp_user' => $this->centralId, 'bp_app_id' => $this->appId ] ) ->recency( $this->flags ) ->caller( __METHOD__ )->fetchField(); if ( $password === false ) { return PasswordFactory::newInvalidPassword(); } $passwordFactory = MediaWikiServices::getInstance()->getPasswordFactory(); try { return $passwordFactory->newFromCiphertext( $password ); } catch ( PasswordError $ex ) { return PasswordFactory::newInvalidPassword(); } } /* * Whether the password is currently invalid * @since 1.32 * @return bool / public function isInvalid() { return $this->getPassword() instanceof InvalidPassword; } /* * Save the BotPassword to the database * @param string $operation 'update' or 'insert' * @param Password\|null $password Password to set. * @return Status * @throws UnexpectedValueException / public function save( $operation, ?Password $password = null ) { // Ensure operation is valid if ( $operation !== 'insert' && $operation !== 'update' ) { throw new UnexpectedValueException( "Expected 'insert' or 'update'; got '{$operation}'." ); } $store = MediaWikiServices::getInstance()->getBotPasswordStore(); if ( $operation === 'insert' ) { $statusValue = $store->insertBotPassword( $this, $password ); } else { // Must be update, already checked above $statusValue = $store->updateBotPassword( $this, $password ); } if ( $statusValue->isGood() ) { $this->token = $statusValue->getValue(); $this->isSaved = true; return Status::newGood(); } // Action failed, status will have code botpasswords-insert-failed or // botpasswords-update-failed depending on which action we tried return Status::wrap( $statusValue ); } /* * Delete the BotPassword from the database * @return bool Success / public function delete() { $ok = MediaWikiServices::getInstance() ->getBotPasswordStore() ->deleteBotPassword( $this ); if ( $ok ) { $this->token = 'unsaved'; $this->isSaved = false; } return $ok; } /* * Invalidate all passwords for a user, by name * @param string $username * @return bool Whether any passwords were invalidated / public static function invalidateAllPasswordsForUser( $username ) { return MediaWikiServices::getInstance() ->getBotPasswordStore() ->invalidateUserPasswords( (string)$username ); } /* * Remove all passwords for a user, by name * @param string $username * @return bool Whether any passwords were removed / public static function removeAllPasswordsForUser( $username ) { return MediaWikiServices::getInstance() ->getBotPasswordStore() ->removeUserPasswords( (string)$username ); } /* * Returns a (raw, unhashed) random password string. * @param Config $config * @return string / public static function generatePassword( $config ) { return PasswordFactory::generateRandomPasswordString( self::PASSWORD_MINLENGTH ); } /* * There are two ways to login with a bot password: "username@appId", "password" and * "username", "appId@password". Transform it so it is always in the first form. * Returns [bot username, bot password]. * If this cannot be a bot password login just return false. * @param string $username * @param string $password * @return string[]\|false / public static function canonicalizeLoginData( $username, $password ) { $sep = self::getSeparator(); // the strlen check helps minimize the password information obtainable from timing if ( strlen( $password ) >= self::PASSWORD_MINLENGTH && str_contains( $username, $sep ) ) { // the separator is not valid in new usernames but might appear in legacy ones if ( preg_match( '/^[0-9a-w]{' . self::PASSWORD_MINLENGTH . ',}$/', $password ) ) { return [ $username, $password ]; } } elseif ( strlen( $password ) > self::PASSWORD_MINLENGTH && str_contains( $password, $sep ) ) { $segments = explode( $sep, $password ); $password = array_pop( $segments ); $appId = implode( $sep, $segments ); if ( preg_match( '/^[0-9a-w]{' . self::PASSWORD_MINLENGTH . ',}$/', $password ) ) { return [ $username . $sep . $appId, $password ]; } } return false; } /* * Try to log the user in * @param string $username Combined user name and app ID * @param string $password Supplied password * @param WebRequest $request * @return Status On success, the good status's value is the new Session object / public static function login( $username, $password, WebRequest $request ) { $enableBotPasswords = MediaWikiServices::getInstance()->getMainConfig() ->get( MainConfigNames::EnableBotPasswords ); $passwordAttemptThrottle = MediaWikiServices::getInstance()->getMainConfig() ->get( MainConfigNames::PasswordAttemptThrottle ); if ( !$enableBotPasswords ) { return Status::newFatal( 'botpasswords-disabled' ); } $provider = SessionManager::singleton()->getProvider( BotPasswordSessionProvider::class ); if ( !$provider ) { return Status::newFatal( 'botpasswords-no-provider' ); } $performer = $request->getSession()->getUser(); // Split name into name+appId $sep = self::getSeparator(); if ( !str_contains( $username, $sep ) ) { return self::loginHook( $username, null, $performer, Status::newFatal( 'botpasswords-invalid-name', $sep ) ); } [ $name, $appId ] = explode( $sep, $username, 2 ); // Find the named user $user = User::newFromName( $name ); if ( !$user \|\| $user->isAnon() ) { return self::loginHook( $user ?: $name, null, $performer, Status::newFatal( 'nosuchuser', $name ) ); } if ( $user->isLocked() ) { return Status::newFatal( 'botpasswords-locked' ); } $throttle = null; if ( $passwordAttemptThrottle ) { $throttle = new Throttler( $passwordAttemptThrottle, [ 'type' => 'botpassword', 'cache' => MediaWikiServices::getInstance()->getObjectCacheFactory() ->getLocalClusterInstance(), ] ); $result = $throttle->increase( $user->getName(), $request->getIP(), __METHOD__ ); if ( $result ) { $msg = wfMessage( 'login-throttled' )->durationParams( $result['wait'] ); return self::loginHook( $user, null, $performer, Status::newFatal( $msg ) ); } } // Get the bot password $bp = self::newFromUser( $user, $appId ); if ( !$bp ) { return self::loginHook( $user, $bp, $performer, Status::newFatal( 'botpasswords-not-exist', $name, $appId ) ); } // Check restrictions $status = $bp->getRestrictions()->check( $request ); if ( !$status->isOK() ) { return self::loginHook( $user, $bp, $performer, Status::newFatal( 'botpasswords-restriction-failed' ) ); } // Check the password $passwordObj = $bp->getPassword(); if ( $passwordObj instanceof InvalidPassword ) { return self::loginHook( $user, $bp, $performer, Status::newFatal( 'botpasswords-needs-reset', $name, $appId ) ); } if ( !$passwordObj->verify( $password ) ) { return self::loginHook( $user, $bp, $performer, Status::newFatal( 'wrongpassword' ) ); } // Ok! Create the session. if ( $throttle ) { $throttle->clear( $user->getName(), $request->getIP() ); } return self::loginHook( $user, $bp, $performer, // @phan-suppress-next-line PhanUndeclaredMethod Status::newGood( $provider->newSessionForRequest( $user, $bp, $request ) ) ); } /* * Call AuthManagerLoginAuthenticateAudit * * To facilitate logging all authentications, even ones not via * AuthManager, call the AuthManagerLoginAuthenticateAudit hook. * * @param User\|string $user User being logged in * @param BotPassword\|null $bp Bot sub-account, if it can be identified * @param User $performer User performing the request * @param Status $status Login status * @return Status The passed-in status / private static function loginHook( $user, $bp, User $performer, Status $status ) { $extraData = [ 'performer' => $performer ]; if ( $user instanceof User ) { $name = $user->getName(); if ( $bp ) { $extraData['appId'] = $name . self::getSeparator() . $bp->getAppId(); } } else { $name = $user; $user = null; } if ( $status->isGood() ) { $response = AuthenticationResponse::newPass( $name ); } else { $response = AuthenticationResponse::newFail( $status->getMessage() ); } ( new HookRunner( MediaWikiServices::getInstance()->getHookContainer() ) ) ->onAuthManagerLoginAuthenticateAudit( $response, $user, $name, $extraData ); return $status; } } /* @deprecated class alias since 1.41 / class_alias( BotPassword::class, 'BotPassword' ); PK��!�<-T��-��-��UserFactory.phpnu��Iw��<?php /* * Factory for creating User objects without static coupling. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User; use InvalidArgumentException; use MediaWiki\Config\ServiceOptions; use MediaWiki\Logger\LoggerFactory; use MediaWiki\MainConfigNames; use MediaWiki\Permissions\Authority; use RuntimeException; use stdClass; use Wikimedia\Rdbms\IDatabase; use Wikimedia\Rdbms\IDBAccessObject; use Wikimedia\Rdbms\ILBFactory; use Wikimedia\Rdbms\ILoadBalancer; /* * Creates User objects. * * @since 1.35 / class UserFactory implements UserRigorOptions { /* * RIGOR_* constants are inherited from UserRigorOptions / /* @internal / public const CONSTRUCTOR_OPTIONS = [ MainConfigNames::SharedDB, MainConfigNames::SharedTables, ]; private ServiceOptions $options; private ILBFactory $loadBalancerFactory; private ILoadBalancer $loadBalancer; private UserNameUtils $userNameUtils; private ?User $lastUserFromIdentity = null; public function __construct( ServiceOptions $options, ILBFactory $loadBalancerFactory, UserNameUtils $userNameUtils ) { $options->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS ); $this->options = $options; $this->loadBalancerFactory = $loadBalancerFactory; $this->loadBalancer = $loadBalancerFactory->getMainLB(); $this->userNameUtils = $userNameUtils; } /* * Factory method for creating users by name, replacing static User::newFromName * * This is slightly less efficient than newFromId(), so use newFromId() if * you have both an ID and a name handy. * * @note unlike User::newFromName, this returns null instead of false for invalid usernames * * @since 1.35 * @since 1.36 returns null instead of false for invalid user names * * @param string $name Username, validated by Title::newFromText * @param string $validate Validation strategy, one of the RIGOR_* constants. For no * validation, use RIGOR_NONE. * @return ?User User object, or null if the username is invalid (e.g. if it contains * illegal characters or is an IP address). If the username is not present in the database, * the result will be a user object with a name, a user id of 0, and default settings. / public function newFromName( string $name, string $validate = self::RIGOR_VALID ): ?User { // RIGOR_ constants are the same here and in the UserNameUtils class $canonicalName = $this->userNameUtils->getCanonical( $name, $validate ); if ( $canonicalName === false ) { return null; } $user = new User(); $user->mName = $canonicalName; $user->mFrom = 'name'; $user->setItemLoaded( 'name' ); return $user; } /** * Returns a new anonymous User based on ip. * * @since 1.35 * * @param string\|null $ip IP address * @return User / public function newAnonymous( ?string $ip = null ): User { if ( $ip ) { if ( !$this->userNameUtils->isIP( $ip ) ) { throw new InvalidArgumentException( 'Invalid IP address' ); } $user = new User(); $user->setName( $ip ); } else { $user = new User(); } return $user; } /* * Factory method for creation from a given user ID, replacing User::newFromId * * @since 1.35 * * @param int $id Valid user ID * @return User / public function newFromId( int $id ): User { $user = new User(); $user->mId = $id; $user->mFrom = 'id'; $user->setItemLoaded( 'id' ); return $user; } /* * Factory method for creation from a given actor ID, replacing User::newFromActorId * * @since 1.35 * * @param int $actorId * @return User / public function newFromActorId( int $actorId ): User { $user = new User(); $user->mActorId = $actorId; $user->mFrom = 'actor'; $user->setItemLoaded( 'actor' ); return $user; } /* * Factory method for creation from a given UserIdentity, replacing User::newFromIdentity * * @since 1.35 * * @param UserIdentity $userIdentity * @return User / public function newFromUserIdentity( UserIdentity $userIdentity ): User { if ( $userIdentity instanceof User ) { return $userIdentity; } $id = $userIdentity->getId(); $name = $userIdentity->getName(); // Cache the $userIdentity we converted last. This avoids redundant conversion // in cases where we would be converting the same UserIdentity over and over, // for instance because we need to access data preferences when formatting // timestamps in a listing. if ( $this->lastUserFromIdentity && $this->lastUserFromIdentity->getId() === $id && $this->lastUserFromIdentity->getName() === $name && $this->lastUserFromIdentity->getWikiId() === $userIdentity->getWikiId() ) { return $this->lastUserFromIdentity; } $this->lastUserFromIdentity = $this->newFromAnyId( $id === 0 ? null : $id, $name === '' ? null : $name, null, $userIdentity->getWikiId() ); return $this->lastUserFromIdentity; } /* * Factory method for creation from an ID, name, and/or actor ID, replacing User::newFromAnyId * * @note This does not check that the ID, name, and actor ID all correspond to * the same user. * * @since 1.35 * * @param ?int $userId * @param ?string $userName * @param ?int $actorId * @param string\|false $dbDomain * @return User * @throws InvalidArgumentException if none of userId, userName, and actorId are specified / public function newFromAnyId( ?int $userId, ?string $userName, ?int $actorId = null, $dbDomain = false ): User { // Stop-gap solution for the problem described in T222212. // Force the User ID and Actor ID to zero for users loaded from the database // of another wiki, to prevent subtle data corruption and confusing failure modes. // FIXME this assumes the same username belongs to the same user on all wikis if ( $dbDomain !== false ) { LoggerFactory::getInstance( 'user' )->warning( 'UserFactory::newFromAnyId called with cross-wiki user data', [ 'userId' => $userId, 'userName' => $userName, 'actorId' => $actorId, 'dbDomain' => $dbDomain, 'exception' => new RuntimeException() ] ); $userId = 0; $actorId = 0; } $user = new User; $user->mFrom = 'defaults'; if ( $actorId !== null ) { $user->mActorId = $actorId; if ( $actorId !== 0 ) { $user->mFrom = 'actor'; } $user->setItemLoaded( 'actor' ); } if ( $userName !== null && $userName !== '' ) { $user->mName = $userName; $user->mFrom = 'name'; $user->setItemLoaded( 'name' ); } if ( $userId !== null ) { $user->mId = $userId; if ( $userId !== 0 ) { $user->mFrom = 'id'; } $user->setItemLoaded( 'id' ); } if ( $user->mFrom === 'defaults' ) { throw new InvalidArgumentException( 'Cannot create a user with no name, no ID, and no actor ID' ); } return $user; } /* * Factory method to fetch the user for a given email confirmation code, replacing User::newFromConfirmationCode * * This code is generated when an account is created or its e-mail address has changed. * If the code is invalid or has expired, returns null. * * @since 1.35 * * @param string $confirmationCode * @param int $flags * @return User\|null / public function newFromConfirmationCode( string $confirmationCode, int $flags = IDBAccessObject::READ_NORMAL ): ?User { if ( ( $flags & IDBAccessObject::READ_LATEST ) == IDBAccessObject::READ_LATEST ) { $db = $this->loadBalancer->getConnection( DB_PRIMARY ); } else { $db = $this->loadBalancer->getConnection( DB_REPLICA ); } $id = $db->newSelectQueryBuilder() ->select( 'user_id' ) ->from( 'user' ) ->where( [ 'user_email_token' => md5( $confirmationCode ) ] ) ->andWhere( $db->expr( 'user_email_token_expires', '>', $db->timestamp() ) ) ->recency( $flags ) ->caller( __METHOD__ )->fetchField(); if ( !$id ) { return null; } return $this->newFromId( (int)$id ); } /* * @see User::newFromRow * * @since 1.36 * * @param stdClass $row A row from the user table * @param array\|null $data Further data to load into the object * @return User / public function newFromRow( $row, $data = null ): User { return User::newFromRow( $row, $data ); } /* * @internal for transition from User to Authority as performer concept. * @param Authority $authority * @return User / public function newFromAuthority( Authority $authority ): User { if ( $authority instanceof User ) { return $authority; } return $this->newFromUserIdentity( $authority->getUser() ); } /* * Create a placeholder user for an anonymous user who will be upgraded to * a temporary user. This will throw an exception if temp user autocreation * is disabled. * * @since 1.39 * @return User / public function newTempPlaceholder(): User { $user = new User(); $user->setName( $this->userNameUtils->getTempPlaceholder() ); return $user; } /* * Create an unsaved temporary user with a previously acquired name or a placeholder name. * * @since 1.39 * @param ?string $name If null, a placeholder name is used * @return User / public function newUnsavedTempUser( ?string $name ): User { $user = new User(); $user->setName( $name ?? $this->userNameUtils->getTempPlaceholder() ); return $user; } /* * Purge user related caches, "touch" the user table to invalidate further caches * @since 1.41 * @param UserIdentity $userIdentity / public function invalidateCache( UserIdentity $userIdentity ): void { if ( !$userIdentity->isRegistered() ) { return; } $wikiId = $userIdentity->getWikiId(); if ( $wikiId === UserIdentity::LOCAL ) { $legacyUser = $this->newFromUserIdentity( $userIdentity ); // Update user_touched within User class to manage state of User::mTouched for CAS check $legacyUser->invalidateCache(); } else { // cross-wiki invalidation $userId = $userIdentity->getId( $wikiId ); $dbw = $this->getUserTableConnection( ILoadBalancer::DB_PRIMARY, $wikiId ); $dbw->newUpdateQueryBuilder() ->update( 'user' ) ->set( [ 'user_touched' => $dbw->timestamp() ] ) ->where( [ 'user_id' => $userId ] ) ->caller( __METHOD__ )->execute(); $dbw->onTransactionPreCommitOrIdle( static function () use ( $wikiId, $userId ) { User::purge( $wikiId, $userId ); }, __METHOD__ ); } } /* * @param int $mode * @param string\|false $wikiId * @return IDatabase / private function getUserTableConnection( $mode, $wikiId ): IDatabase { if ( is_string( $wikiId ) && $this->loadBalancerFactory->getLocalDomainID() === $wikiId ) { $wikiId = UserIdentity::LOCAL; } if ( $this->options->get( MainConfigNames::SharedDB ) && in_array( 'user', $this->options->get( MainConfigNames::SharedTables ) ) ) { // The main LB is aliased for the shared database in Setup.php $lb = $this->loadBalancer; } else { $lb = $this->loadBalancerFactory->getMainLB( $wikiId ); } return $lb->getConnection( $mode, [], $wikiId ); } } PK��!��t,�1��1��ActorMigrationBase.phpnu��Iw��<?php /* * Methods to help with the actor table migration * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User; use InvalidArgumentException; use LogicException; use ReflectionClass; use Wikimedia\IPUtils; use Wikimedia\Rdbms\IDatabase; use Wikimedia\Rdbms\IReadableDatabase; /* * This abstract base class helps migrate core and extension code to use the * actor table. * * @stable to extend * @since 1.37 / class ActorMigrationBase { /* @var array[] Cache for `self::getJoin()` / private $joinCache = []; /* @var int One of the SCHEMA_COMPAT_READ_* values / private $readStage; /* @var int A combination of the SCHEMA_COMPAT_WRITE_* flags / private $writeStage; protected ActorStoreFactory $actorStoreFactory; /* @var array / private $fieldInfos; private bool $allowUnknown; private bool $forImport = false; /* * @param array $fieldInfos An array of associative arrays, giving configuration * information about fields which are being migrated. Subkeys are: * - removedVersion: The version in which the field was removed * - deprecatedVersion: The version in which the field was deprecated * - component: The component for removedVersion and deprecatedVersion. * Default: MediaWiki. * - textField: Override the old text field name. Default {$key}_text. * - actorField: Override the actor field name. Default {$key}_actor. * All subkeys are optional. * * @stable to override * @stable to call * * @param int $stage The migration stage. This is a combination of * SCHEMA_COMPAT_* flags: * - SCHEMA_COMPAT_READ_OLD, SCHEMA_COMPAT_WRITE_OLD: Use the old schema, * with _user and _user_text fields. * - SCHEMA_COMPAT_READ_NEW, SCHEMA_COMPAT_WRITE_NEW: Use the new * schema. All relevant tables join directly to the actor table. * * @param ActorStoreFactory $actorStoreFactory * @param array $options Array of other options. May contain: * - allowUnknown: Allow fields not present in $fieldInfos. True by default. / public function __construct( $fieldInfos, $stage, ActorStoreFactory $actorStoreFactory, $options = [] ) { $this->fieldInfos = $fieldInfos; $this->allowUnknown = $options['allowUnknown'] ?? true; $writeStage = $stage & SCHEMA_COMPAT_WRITE_MASK; $readStage = $stage & SCHEMA_COMPAT_READ_MASK; if ( $writeStage === 0 ) { throw new InvalidArgumentException( '$stage must include a write mode' ); } if ( $readStage === 0 ) { throw new InvalidArgumentException( '$stage must include a read mode' ); } if ( !in_array( $readStage, [ SCHEMA_COMPAT_READ_OLD, SCHEMA_COMPAT_READ_NEW ] ) ) { throw new InvalidArgumentException( 'Cannot read multiple schemas' ); } if ( $readStage === SCHEMA_COMPAT_READ_OLD && !( $writeStage & SCHEMA_COMPAT_WRITE_OLD ) ) { throw new InvalidArgumentException( 'Cannot read the old schema without also writing it' ); } if ( $readStage === SCHEMA_COMPAT_READ_NEW && !( $writeStage & SCHEMA_COMPAT_WRITE_NEW ) ) { throw new InvalidArgumentException( 'Cannot read the new schema without also writing it' ); } $this->readStage = $readStage; $this->writeStage = $writeStage; $this->actorStoreFactory = $actorStoreFactory; } /* * Get an instance that allows IP actor creation * @return self / public static function newMigrationForImport() { throw new LogicException( __METHOD__ . " must be overridden" ); } /* * Get config information about a field. * * @stable to override * * @param string $key * @return array / protected function getFieldInfo( $key ) { if ( isset( $this->fieldInfos[$key] ) ) { return $this->fieldInfos[$key]; } elseif ( $this->allowUnknown ) { return []; } else { throw new InvalidArgumentException( $this->getInstanceName() . ": unknown key $key" ); } } /* * Get a name for this instance to use in error messages * * @stable to override * * @return string * @throws \ReflectionException / protected function getInstanceName() { if ( ( new ReflectionClass( $this ) )->isAnonymous() ) { // Mostly for PHPUnit return self::class; } else { return static::class; } } /* * Issue deprecation warning/error as appropriate. * * @internal * * @param string $key / protected function checkDeprecation( $key ) { $fieldInfo = $this->getFieldInfo( $key ); if ( isset( $fieldInfo['removedVersion'] ) ) { $removedVersion = $fieldInfo['removedVersion']; $component = $fieldInfo['component'] ?? 'MediaWiki'; throw new InvalidArgumentException( "Use of {$this->getInstanceName()} for '$key' was removed in $component $removedVersion" ); } if ( isset( $fieldInfo['deprecatedVersion'] ) ) { $deprecatedVersion = $fieldInfo['deprecatedVersion']; $component = $fieldInfo['component'] ?? 'MediaWiki'; wfDeprecated( "{$this->getInstanceName()} for '$key'", $deprecatedVersion, $component, 3 ); } } /* * Return an SQL condition to test if a user field is anonymous * @param string $field Field name or SQL fragment * @return string / public function isAnon( $field ) { return ( $this->readStage & SCHEMA_COMPAT_READ_NEW ) ? "$field IS NULL" : "$field = 0"; } /* * Return an SQL condition to test if a user field is non-anonymous * @param string $field Field name or SQL fragment * @return string / public function isNotAnon( $field ) { return ( $this->readStage & SCHEMA_COMPAT_READ_NEW ) ? "$field IS NOT NULL" : "$field != 0"; } /* * @param string $key A key such as "rev_user" identifying the actor * field being fetched. * @return string[] [ $text, $actor ] / private function getFieldNames( $key ) { $fieldInfo = $this->getFieldInfo( $key ); $textField = $fieldInfo['textField'] ?? $key . '_text'; $actorField = $fieldInfo['actorField'] ?? substr( $key, 0, -5 ) . '_actor'; return [ $textField, $actorField ]; } /* * Get SELECT fields and joins for the actor key * * @param string $key A key such as "rev_user" identifying the actor * field being fetched. * @return array[] With three keys: * - tables: (string[]) to include in the `$table` to `IDatabase->select()` or `SelectQueryBuilder::tables` * - fields: (string[]) to include in the `$vars` to `IDatabase->select()` or `SelectQueryBuilder::fields` * - joins: (array) to include in the `$join_conds` to `IDatabase->select()` or `SelectQueryBuilder::joinConds` * All tables, fields, and joins are aliased, so `+` is safe to use. * @phan-return array{tables:string[],fields:string[],joins:array} / public function getJoin( $key ) { $this->checkDeprecation( $key ); if ( !isset( $this->joinCache[$key] ) ) { $tables = []; $fields = []; $joins = []; [ $text, $actor ] = $this->getFieldNames( $key ); if ( $this->readStage === SCHEMA_COMPAT_READ_OLD ) { $fields[$key] = $key; $fields[$text] = $text; $fields[$actor] = 'NULL'; } else / SCHEMA_COMPAT_READ_NEW / { $alias = "actor_$key"; $tables[$alias] = 'actor'; $joins[$alias] = [ 'JOIN', "{$alias}.actor_id = {$actor}" ]; $fields[$key] = "{$alias}.actor_user"; $fields[$text] = "{$alias}.actor_name"; $fields[$actor] = $actor; } $this->joinCache[$key] = [ 'tables' => $tables, 'fields' => $fields, 'joins' => $joins, ]; } return $this->joinCache[$key]; } /* * Get UPDATE fields for the actor * * @param IDatabase $dbw Database to use for creating an actor ID, if necessary * @param string $key A key such as "rev_user" identifying the actor * field being fetched. * @param UserIdentity $user User to set in the update * @return array to merge into `$values` to `IDatabase->update()` or `$a` to `IDatabase->insert()` / public function getInsertValues( IDatabase $dbw, $key, UserIdentity $user ) { $this->checkDeprecation( $key ); [ $text, $actor ] = $this->getFieldNames( $key ); $ret = []; if ( $this->writeStage & SCHEMA_COMPAT_WRITE_OLD ) { $ret[$key] = $user->getId(); $ret[$text] = $user->getName(); } if ( $this->writeStage & SCHEMA_COMPAT_WRITE_NEW ) { $ret[$actor] = $this->getActorNormalization( $dbw->getDomainID() ) ->acquireActorId( $user, $dbw ); } return $ret; } /* * Get WHERE condition for the actor * * @param IReadableDatabase $db Database to use for quoting and list-making * @param string $key A key such as "rev_user" identifying the actor * field being fetched. * @param UserIdentity\|UserIdentity[]\|null\|false $users Users to test for. * Passing null, false, or the empty array will return 'conds' that never match, * and an empty array for 'orconds'. * @param bool $useId If false, don't try to query by the user ID. * Intended for use with rc_user since it has an index on * (rc_user_text,rc_timestamp) but not (rc_user,rc_timestamp). * @return array With four keys: * - tables: (string[]) to include in the `$table` to `IDatabase->select()` or `SelectQueryBuilder::tables` * - conds: (string) to include in the `$cond` to `IDatabase->select()` or `SelectQueryBuilder::conds` * - orconds: (string[]) array of alternatives in case a union of multiple * queries would be more efficient than a query with OR. May have keys * 'actor', 'userid', 'username'. * Since 1.32, this is guaranteed to contain just one alternative if * $users contains a single user. * - joins: (array) to include in the `$join_conds` to `IDatabase->select()` or `SelectQueryBuilder::joinConds` * All tables and joins are aliased, so `+` is safe to use. * @phan-return array{tables:string[],conds:string,orconds:string[],joins:array} / public function getWhere( IReadableDatabase $db, $key, $users, $useId = true ) { $this->checkDeprecation( $key ); $tables = []; $conds = []; $joins = []; if ( $users instanceof UserIdentity ) { $users = [ $users ]; } elseif ( $users === null \|\| $users === false ) { // DWIM $users = []; } elseif ( !is_array( $users ) ) { $what = get_debug_type( $users ); throw new InvalidArgumentException( __METHOD__ . ": Value for \$users must be a UserIdentity or array, got $what" ); } // Get information about all the passed users $ids = []; $names = []; $actors = []; foreach ( $users as $user ) { if ( $useId && $user->isRegistered() ) { $ids[] = $user->getId(); } else { // make sure to use normalized form of IP for anonymous users $names[] = IPUtils::sanitizeIP( $user->getName() ); } $actorId = $this->getActorNormalization( $db->getDomainID() ) ->findActorId( $user, $db ); if ( $actorId ) { $actors[] = $actorId; } } [ $text, $actor ] = $this->getFieldNames( $key ); // Combine data into conditions to be ORed together if ( $this->readStage === SCHEMA_COMPAT_READ_NEW ) { if ( $actors ) { $conds['newactor'] = $db->makeList( [ $actor => $actors ], IDatabase::LIST_AND ); } } else { if ( $ids ) { $conds['userid'] = $db->makeList( [ $key => $ids ], IDatabase::LIST_AND ); } if ( $names ) { $conds['username'] = $db->makeList( [ $text => $names ], IDatabase::LIST_AND ); } } return [ 'tables' => $tables, 'conds' => $conds ? $db->makeList( array_values( $conds ), IDatabase::LIST_OR ) : '1=0', 'orconds' => $conds, 'joins' => $joins, ]; } /* * @internal For use immediately after construction only * @param bool $forImport / public function setForImport( bool $forImport ): void { $this->forImport = $forImport; } /* * @param string $domainId * @return ActorNormalization / protected function getActorNormalization( $domainId ): ActorNormalization { if ( $this->forImport ) { return $this->actorStoreFactory->getActorNormalizationForImport( $domainId ); } else { return $this->actorStoreFactory->getActorNormalization( $domainId ); } } } /* @deprecated class alias since 1.40 / class_alias( ActorMigrationBase::class, 'ActorMigrationBase' ); PK��!�_��!��Hook/UserPrivilegedGroupsHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\UserIdentity; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "UserPrivilegedGroups" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface UserPrivilegedGroupsHook { /* * This hook is called in UserGroupManager::getUserPrivilegedGroups(). * * @since 1.41 (also backported to 1.39.5 and 1.40.1) * * @param UserIdentity $userIdentity User identity to get groups for * @param string[] &$groups Current privileged groups * @return bool\|void True or no return value to continue or false to abort / public function onUserPrivilegedGroups( UserIdentity $userIdentity, array &$groups ); } PK��!��{�i�� Hook/UserEffectiveGroupsHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "UserEffectiveGroups" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface UserEffectiveGroupsHook { /* * This hook is called in UserGroupManager::getUserEffectiveGroups(). * * @since 1.35 * * @param User $user User to get groups for * @param string[] &$groups Current effective groups * @return bool\|void True or no return value to continue or false to abort / public function onUserEffectiveGroups( $user, &$groups ); } PK��!��D��0��Hook/UserSetEmailAuthenticationTimestampHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "UserSetEmailAuthenticationTimestamp" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface UserSetEmailAuthenticationTimestampHook { /* * This hook is called when setting the timestamp of a User's email authentication. * * @since 1.35 * * @param User $user * @param ?string &$timestamp new timestamp, change this to override local email * authentication timestamp * @return bool\|void True or no return value to continue or false to abort / public function onUserSetEmailAuthenticationTimestamp( $user, &$timestamp ); } PK��!�J�� Hook/UserArrayFromResultHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\UserArrayFromResult; use Wikimedia\Rdbms\IResultWrapper; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "UserArrayFromResult" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface UserArrayFromResultHook { /* * This hook is called when creating an UserArray object from a database result. * * @since 1.35 * * @param UserArrayFromResult\|null &$userArray Set this to an object to override the default * @param IResultWrapper $res Database result used to create the object * @return bool\|void True or no return value to continue or false to abort / public function onUserArrayFromResult( &$userArray, $res ); } PK��!��6�Oc��c��Hook/UserSetEmailHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "UserSetEmail" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface UserSetEmailHook { /* * This hook is called when changing user email address. * * @since 1.35 * * @param User $user * @param string &$email new email, change this to override new email address * @return bool\|void True or no return value to continue or false to abort / public function onUserSetEmail( $user, &$email ); } PK��!��@0A��A��"��Hook/UserIsBlockedGloballyHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "UserIsBlockedGlobally" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks * @deprecated since 1.40. Use GetUserBlockHook instead. / interface UserIsBlockedGloballyHook { /* * Use this hook to establish that a user is blocked on all wikis. * * @since 1.35 * * @param User $user * @param string $ip User's IP address * @param bool &$blocked Whether the user is blocked, to be modified by the hook * @param null &$block The Block object, to be modified by the hook * @return bool\|void True or no return value to continue or false to abort / public function onUserIsBlockedGlobally( $user, $ip, &$blocked, &$block ); } PK��!�GiU?��?��!��Hook/UserGetReservedNamesHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "UserGetReservedNames" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface UserGetReservedNamesHook { /* * Use this hook to modify $wgReservedUsernames at run time. * * @since 1.35 * * @param array &$reservedUsernames $wgReservedUsernames * @return bool\|void True or no return value to continue or false to abort / public function onUserGetReservedNames( &$reservedUsernames ); } PK��!��ú5��5��'��Hook/User__mailPasswordInternalHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; // phpcs:disable Squiz.Classes.ValidClassName.NotCamelCaps /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "User::mailPasswordInternal" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface User__mailPasswordInternalHook { /* * This hook is called before creation and mailing of a user's new temporary password. * * @since 1.35 * * @param User $user The user who sent the message out * @param string $ip IP of the user who sent the message out * @param User $u The account whose new password will be set * @return bool\|void True or no return value to continue or false to abort / public function onUser__mailPasswordInternal( $user, $ip, $u ); } PK��!�cH�u;��;��Hook/UserLoadDefaultsHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "UserLoadDefaults" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface UserLoadDefaultsHook { /* * This hook is called when loading a default user. * * @since 1.35 * * @param User $user * @param string $name User name * @return bool\|void True or no return value to continue or false to abort / public function onUserLoadDefaults( $user, $name ); } PK��!��M=��=��)��Hook/UserClearNewTalkNotificationHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\UserIdentity; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "UserClearNewTalkNotification" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface UserClearNewTalkNotificationHook { /* * This hook is called post-send when viewing a user talk page. * * The hook may be aborted, in which case the TalkPageNotificationManager service * will _not_ clear the "You have new messages!" notification, and if the page * is on the viewer's watchlist then WatchlistManager will also _not_ update the * "seen" marker. * * @see \MediaWiki\Watchlist\WatchlistManager::clearTitleUserNotifications * @since 1.35 * @param UserIdentity $userIdentity User that will clear the message * @param int $oldid Revision ID of the talk page being viewed (0 means the most recent one) * @return bool\|void True or no return value to continue or false to abort / public function onUserClearNewTalkNotification( $userIdentity, $oldid ); } PK��!�cM&��!��Hook/GetAutoPromoteGroupsHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "GetAutoPromoteGroups" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface GetAutoPromoteGroupsHook { /* * This hook is called when determining which autopromote groups a user is entitled to be in. * * @since 1.35 * * @param User $user User to promote * @param string[] &$promote Groups that will be added * @return bool\|void True or no return value to continue or false to abort / public function onGetAutoPromoteGroups( $user, &$promote ); } PK��!�֏U��U��Hook/UserIsBotHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "UserIsBot" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface UserIsBotHook { /* * Use this hook to establish whether a user is a bot account. * * @since 1.35 * * @param User $user * @param bool &$isBot Whether this is user a bot or not (boolean) * @return bool\|void True or no return value to continue or false to abort / public function onUserIsBot( $user, &$isBot ); } PK��!��Hook/UserGroupsChangedHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; use MediaWiki\User\UserGroupMembership; use MediaWiki\User\UserIdentity; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "UserGroupsChanged" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface UserGroupsChangedHook { /* * This hook is called after user groups are changed. * * @since 1.35 * * @param User\|UserIdentity $user User whose groups changed, for local group changes this is a * User class, for interwiki group changes this was a UserRightsProxy until 1.40 and is a UserIdentity since 1.41 * @param string[] $added Groups added * @param string[] $removed Groups removed * @param User\|false $performer User who performed the change, false if via autopromotion * @param string\|false $reason The reason, if any, given by the user performing the change, * false if via autopromotion. * @param UserGroupMembership[] $oldUGMs An associative array (group name => UserGroupMembership) * of the user's group memberships before the change. * @param UserGroupMembership[] $newUGMs An associative array (group name => UserGroupMembership) * of the user's current group memberships. * @return bool\|void True or no return value to continue or false to abort / public function onUserGroupsChanged( $user, $added, $removed, $performer, $reason, $oldUGMs, $newUGMs ); } PK��!�v�M��Hook/PingLimiterHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "PingLimiter" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface PingLimiterHook { /* * Use this hook to override the results of User::pingLimiter(). * * @since 1.35 * * @param User $user User performing the action * @param string $action Action being performed * @param bool &$result Whether or not the action should be prevented * Change $result and return false to give a definitive answer, otherwise * the built-in rate limiting checks are used, if enabled. * @param int $incrBy Amount to increment counter by * @return bool\|void True or no return value to continue or false to abort / public function onPingLimiter( $user, $action, &$result, $incrBy ); } PK��!��S��0��Hook/UserGetEmailAuthenticationTimestampHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "UserGetEmailAuthenticationTimestamp" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface UserGetEmailAuthenticationTimestampHook { /* * This hook is called when getting the timestamp of email authentication. * * @since 1.35 * * @param User $user * @param string &$timestamp Timestamp. Change this to override the local email * authentication timestamp. * @return bool\|void True or no return value to continue or false to abort / public function onUserGetEmailAuthenticationTimestamp( $user, &$timestamp ); } PK��!��;ۉ��"��Hook/UserGetDefaultOptionsHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "UserGetDefaultOptions" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface UserGetDefaultOptionsHook { /* * This hook is called after fetching core default user options but before returning the options * * Warning: This hook is called for every call to UserOptionsLookup::getDefaultOptions(), which means * it's potentially called dozens or hundreds of times. You may want to cache the results * of non-trivial operations in your hook function for this reason. * * @since 1.35 * * @param array &$defaultOptions Array of preference keys and their default values. * @return bool\|void True or no return value to continue or false to abort / public function onUserGetDefaultOptions( &$defaultOptions ); } PK��!��. 5��5��Hook/EmailConfirmedHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "EmailConfirmed" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface EmailConfirmedHook { /* * This hook is called when checking that the user's email address is "confirmed". * * This runs before the other checks, such as anonymity and the real check; return * true to allow those checks to occur, and false if checking is done. * * @since 1.35 * * @param User $user User being checked * @param bool &$confirmed Whether or not the email address is confirmed * @return bool\|void True or no return value to continue or false to abort / public function onEmailConfirmed( $user, &$confirmed ); } PK��!��U�#��#��Hook/UserAddGroupHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "UserAddGroup" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface UserAddGroupHook { /* * This hook is called when adding a group or changing a group's expiry. * * @since 1.35 * * @param User $user The user that is to have a group added * @param string &$group The group to add; can be modified * @param string\|null &$expiry The expiry time in TS_MW format, or null if the group is not to * expire; can be modified * @return bool\|void True or no return value to continue or false to abort (not add the group) / public function onUserAddGroup( $user, &$group, &$expiry ); } PK��!��,��,��)��Hook/SpecialPasswordResetOnSubmitHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; use Wikimedia\Message\MessageSpecifier; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "SpecialPasswordResetOnSubmit" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface SpecialPasswordResetOnSubmitHook { /* * This hook is called when executing a form submission on Special:PasswordReset. * * The data submitted by the user ($data) is an associative array with the keys 'Username' and * 'Email', whose values are already validated user input (a valid username, and a valid email * address), or null if not given by the user. At least one of the values is not null. * * Since MediaWiki 1.43, hook handlers should check each user's 'requireemail' preference, and * if it is enabled by the user, only return that user if both username and email were present. * Until MediaWiki 1.42 only one of username and email could be present (the other would be null). * * @since 1.35 * * @param User[] &$users * @param array $data Array of data submitted by the user * @phan-param array{Username:?string, Email:?string} $data * @param string\|array\|MessageSpecifier &$error String, error code (message key) * used to describe to error (out parameter). The hook needs to return false * when setting this, otherwise it will have no effect. * @return bool\|void True or no return value to continue or false to abort / public function onSpecialPasswordResetOnSubmit( &$users, $data, &$error ); } PK��!�� [��[��Hook/UserGetEmailHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "UserGetEmail" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface UserGetEmailHook { /* * This hook is called when getting an user email address. * * @since 1.35 * * @param User $user * @param string &$email Email, change this to override local email * @return bool\|void True or no return value to continue or false to abort / public function onUserGetEmail( $user, &$email ); } PK��!��˼�#��#��Hook/UserLogoutHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "UserLogout" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface UserLogoutHook { /* * This hook is called before a user logs out. * * @since 1.35 * * @param User $user The user that is about to be logged out * @return bool\|void True or no return value to continue or false to abort / public function onUserLogout( $user ); } PK��!��Z�[��[��!��Hook/ConfirmEmailCompleteHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "ConfirmEmailComplete" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface ConfirmEmailCompleteHook { /* * This hook is called after a user's email has been confirmed successfully. * * @since 1.35 * * @param User $user User whose email is being confirmed * @return bool\|void True or no return value to continue or false to abort / public function onConfirmEmailComplete( $user ); } PK��!�<��Hook/UserRemoveGroupHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "UserRemoveGroup" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface UserRemoveGroupHook { /* * This hook is called when removing a group. * * @since 1.35 * * @param User $user The user that is to have a group removed * @param string &$group The group to be removed. Can be modified. * @return bool\|void True or no return value to continue or false to abort (override * the stock group removal) / public function onUserRemoveGroup( $user, &$group ); } PK��!�j�cq2��2��Hook/IsValidPasswordHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; use Wikimedia\Message\MessageSpecifier; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "isValidPassword" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface IsValidPasswordHook { /* * Use this hook to override the result of User::isValidPassword() * * @since 1.35 * * @param string $password The password entered by the user * @param bool\|string\|MessageSpecifier &$result Set this and return false * to override the internal checks * @param User $user User the password is being validated for * @return bool\|void True or no return value to continue or false to abort / public function onIsValidPassword( $password, &$result, $user ); } PK��!��2��!��Hook/AutopromoteConditionHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "AutopromoteCondition" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface AutopromoteConditionHook { /* * Use this hook to check autopromote condition for user. * * @since 1.35 * * @param string $type Condition type * @param array $args Arguments * @param User $user * @param array &$result Result of checking autopromote condition * @return bool\|void True or no return value to continue or false to abort / public function onAutopromoteCondition( $type, $args, $user, &$result ); } PK��!��Kgh��h��$��Hook/InvalidateEmailCompleteHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "InvalidateEmailComplete" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface InvalidateEmailCompleteHook { /* * This hook is called after a user's email has been invalidated successfully. * * @since 1.35 * * @param User $user User whose email is being invalidated * @return bool\|void True or no return value to continue or false to abort / public function onInvalidateEmailComplete( $user ); } PK��!��ZH��Hook/UserSaveSettingsHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "UserSaveSettings" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface UserSaveSettingsHook { /* * This hook is called directly after user settings have been saved to the database. * * Compare to the SaveUserOptions hook, which is called before saving and is only * called for options managed by UserOptionsManager. * * @since 1.35 * * @param User $user The User for which the settings have been saved * @return bool\|void True or no return value to continue or false to abort / public function onUserSaveSettings( $user ); } PK��!�'�=��)��Hook/UserLoadAfterLoadFromSessionHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "UserLoadAfterLoadFromSession" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface UserLoadAfterLoadFromSessionHook { /* * This hook is called to authenticate users on external or environmental means. * * This hook is called after session is loaded. * * @since 1.35 * * @param User $user User object being loaded * @return bool\|void True or no return value to continue or false to abort / public function onUserLoadAfterLoadFromSession( $user ); } PK��!��.]Qy��y��Hook/UserIsLockedHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "UserIsLocked" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface UserIsLockedHook { /* * Use this hook to establish that a user is locked. See User::isLocked(). * * @since 1.35 * * @param User $user User in question. * @param bool &$locked Set true if the user should be locked. * @return bool\|void True or no return value to continue or false to abort / public function onUserIsLocked( $user, &$locked ); } PK��!��Ox �� Hook/UserCanSendEmailHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "UserCanSendEmail" to register handlers implementing this interface. * * @ingroup Hooks * @deprecated since 1.41, handle the EmailUserAuthorizeSend hook instead. / interface UserCanSendEmailHook { /* * Use this hook to override User::canSendEmail() permission check. * * @since 1.35 * * @param User $user User (object) whose permission is being checked * @param bool\|string\|array &$hookErr Out-param for the error. Passed as the parameters to * OutputPage::showErrorPage. * @return bool\|void True or no return value to continue or false to abort / public function onUserCanSendEmail( $user, &$hookErr ); } PK��!��g��N��N��%��Hook/UserSendConfirmationMailHook.phpnu��Iw��<?php namespace MediaWiki\User\Hook; use MediaWiki\User\User; /* * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "UserSendConfirmationMail" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks / interface UserSendConfirmationMailHook { /* * This hook is called just before a confirmation email is sent to a user. * * Hook handlers can modify the email that will be sent. * * @since 1.35 * * @param User $user The User for which the confirmation email is going to be sent * @param array &$mail Associative array describing the email, with the following keys: * - subject: Subject line of the email * - body: Email body. Can be a string, or an array with keys 'text' and 'html' * - from: User object, or null meaning $wgPasswordSender will be used * - replyTo: MailAddress object or null * @param array $info Associative array with additional information: * - type: 'created' if the user's account was just created; 'set' if the user * set an email address when they previously didn't have one; 'changed' if * the user had an email address and changed it * - ip: The IP address from which the user set/changed their email address * - confirmURL: URL the user should visit to confirm their email * - invalidateURL: URL the user should visit to invalidate confirmURL * - expiration: time and date when confirmURL expires * @return bool\|void True or no return value to continue or false to abort / public function onUserSendConfirmationMail( $user, &$mail, $info ); } PK��!�TP��P��P�� UserArray.phpnu��Iw��<?php /* * Class to walk into a list of User objects. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User; use ArrayIterator; use Iterator; use MediaWiki\HookContainer\HookRunner; use MediaWiki\MediaWikiServices; use Wikimedia\Rdbms\IResultWrapper; abstract class UserArray implements Iterator { /* * @note Try to avoid in new code, in case getting UserIdentity batch is enough, * use {@link \MediaWiki\User\UserIdentityLookup::newSelectQueryBuilder()}. * In case you need full User objects, you can keep using this method, but it's * moving towards deprecation. * * @param IResultWrapper $res * @return UserArrayFromResult\|ArrayIterator / public static function newFromResult( $res ) { $userArray = null; $hookRunner = new HookRunner( MediaWikiServices::getInstance()->getHookContainer() ); if ( !$hookRunner->onUserArrayFromResult( $userArray, $res ) ) { return new ArrayIterator( [] ); } return $userArray ?? new UserArrayFromResult( $res ); } /* * @note Try to avoid in new code, in case getting UserIdentity batch is enough, * use {@link \MediaWiki\User\UserIdentityLookup::newSelectQueryBuilder()}. * In case you need full User objects, you can keep using this method, but it's * moving towards deprecation. * * @param array $ids * @return UserArrayFromResult\|ArrayIterator / public static function newFromIDs( $ids ) { $ids = array_map( 'intval', (array)$ids ); // paranoia if ( !$ids ) { // Database::select() doesn't like empty arrays return new ArrayIterator( [] ); } $dbr = MediaWikiServices::getInstance()->getConnectionProvider()->getReplicaDatabase(); $res = User::newQueryBuilder( $dbr ) ->where( [ 'user_id' => array_unique( $ids ) ] ) ->caller( __METHOD__ ) ->fetchResultSet(); return self::newFromResult( $res ); } /* * @note Try to avoid in new code, in case getting UserIdentity batch is enough, * use {@link \MediaWiki\User\UserIdentityLookup::newSelectQueryBuilder()}. * In case you need full User objects, you can keep using this method, but it's * moving towards deprecation. * * @since 1.25 * @param array $names * @return UserArrayFromResult\|ArrayIterator / public static function newFromNames( $names ) { $names = array_map( 'strval', (array)$names ); // paranoia if ( !$names ) { // Database::select() doesn't like empty arrays return new ArrayIterator( [] ); } $dbr = MediaWikiServices::getInstance()->getConnectionProvider()->getReplicaDatabase(); $res = User::newQueryBuilder( $dbr ) ->where( [ 'user_name' => array_unique( $names ) ] ) ->caller( __METHOD__ ) ->fetchResultSet(); return self::newFromResult( $res ); } /* * @return User / abstract public function current(): User; /* * @return int / abstract public function key(): int; } /* @deprecated class alias since 1.41 / class_alias( UserArray::class, 'UserArray' ); PK��!�ЏE��UserIdentityValue.phpnu��Iw��<?php /* * Value object representing a user's identity. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User; use MediaWiki\DAO\WikiAwareEntityTrait; use Stringable; use Wikimedia\Assert\Assert; /* * Value object representing a user's identity. * * @newable * * @since 1.31 / class UserIdentityValue implements Stringable, UserIdentity { use WikiAwareEntityTrait; /* * @var int / private $id; /* * @var string / private $name; /* @var string\|false / private $wikiId; /* * @stable to call * * @note Signature in 1.35 was: ( $id, $name, $actor ). * * @param int $id user ID * @param string $name user name * @param string\|false $wikiId wiki ID or self::LOCAL for the local wiki / public function __construct( int $id, string $name, $wikiId = self::LOCAL ) { $this->assertWikiIdParam( $wikiId ); $this->id = $id; $this->name = $name; $this->wikiId = $wikiId; } /* * Create UserIdentity for an anonymous user. * * @since 1.36 * @param string $name * @param string\|false $wikiId wiki ID or self::LOCAL for the local wiki * @return UserIdentityValue / public static function newAnonymous( string $name, $wikiId = self::LOCAL ): self { return new self( 0, $name, $wikiId ); } /* * Create UserIdentity for a registered user. * * @since 1.36 * @param int $userId * @param string $name * @param string\|false $wikiId wiki ID or self::LOCAL for the local wiki * @return UserIdentityValue / public static function newRegistered( int $userId, string $name, $wikiId = self::LOCAL ): self { Assert::parameter( $userId > 0, '$userId', 'must be greater than zero (user must exist)' ); return new self( $userId, $name, $wikiId ); } /* * Create UserIdentity for an external user with $prefix and $name * * @since 1.36 * @param string $prefix * @param string $name * @param string\|false $wikiId wiki ID or self::LOCAL for the local wiki * @return UserIdentityValue / public static function newExternal( string $prefix, string $name, $wikiId = self::LOCAL ): self { // > is a standard separator for external users in the database, see ExternalUserNames return new self( 0, "$prefix>$name", $wikiId ); } /* * Get the ID of the wiki this UserIdentity belongs to. * * @since 1.36 * @see RevisionRecord::getWikiId() * * @return string\|false The wiki's logical name or self::LOCAL to indicate the local wiki / public function getWikiId() { return $this->wikiId; } /* * The numerical user ID provided to the constructor. * * @param string\|false $wikiId The wiki ID expected by the caller * @return int The user ID. May be 0 for anonymous users or for users with no local account. * / public function getId( $wikiId = self::LOCAL ): int { $this->assertWiki( $wikiId ); return $this->id; } /* * @return string The user's logical name. May be an IPv4 or IPv6 address for anonymous users. / public function getName(): string { return $this->name; } /* * @deprecated since 1.36, use ActorNormalization::acquireActorId instead. * * @param string\|false $wikiId * * @return int always 0. / public function getActorId( $wikiId = self::LOCAL ): int { wfDeprecated( __METHOD__, '1.36' ); return 0; } /* * @since 1.32 * * @param UserIdentity\|null $user * @return bool / public function equals( ?UserIdentity $user ): bool { if ( !$user ) { return false; } // XXX it's not clear whether central ID providers are supposed to obey this return $this->getName() === $user->getName(); } /* * @since 1.34 * * @return bool True if user is registered on this wiki, i.e., has a user ID. False if user is * anonymous or has no local account (which can happen when importing). This is equivalent to * getId() != 0 and is provided for code readability. / public function isRegistered(): bool { return $this->getId( $this->wikiId ) != 0; } public function __toString(): string { return $this->getName(); } } PK��!�<?6u��ActorNormalization.phpnu��Iw��<?php /* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User; use CannotCreateActorException; use InvalidArgumentException; use stdClass; use Wikimedia\Rdbms\IDatabase; use Wikimedia\Rdbms\IReadableDatabase; /* * Service for dealing with the actor table. * @since 1.36 / interface ActorNormalization { /* * Instantiate a new UserIdentity object based on a $row from the actor table. * * Use this method when an actor row was already fetched from the DB via a join. * This method just constructs a new instance and does not try fetching missing * values from the DB again, use {@link UserIdentityLookup} for that. * * @param stdClass $row with the following fields: * - int actor_id * - string actor_name * - int\|null actor_user * @return UserIdentity * @throws InvalidArgumentException / public function newActorFromRow( stdClass $row ): UserIdentity; /* * Instantiate a new UserIdentity object based on field values from a DB row. * * Until {@link ActorMigration} is completed, the actor table joins alias actor field names * to legacy field names. This method is convenience to construct the UserIdentity based on * legacy field names. It's more relaxed with typing then ::newFromRow to better support legacy * code, so always prefer ::newFromRow in new code. Eventually, once {@link ActorMigration} * is completed and all queries use explicit join with actor table, this method will be * deprecated and removed. * * @throws InvalidArgumentException * @param int\|null $userId * @param string\|null $name * @param int\|null $actorId * @return UserIdentity / public function newActorFromRowFields( $userId, $name, $actorId ): UserIdentity; /* * Find the actor_id for the given name. * * @param string $name * @param IReadableDatabase $db The database connection to operate on. * The database must correspond to the wiki this ActorNormalization is bound to. * @return int\|null / public function findActorIdByName( string $name, IReadableDatabase $db ): ?int; /* * Find the actor_id of the given $user. * * @param UserIdentity $user * @param IReadableDatabase $db The database connection to operate on. * The database must correspond to the wiki this ActorNormalization is bound to. * @return int\|null / public function findActorId( UserIdentity $user, IReadableDatabase $db ): ?int; /* * Attempt to assign an actor ID to the given $user * If it is already assigned, return the existing ID. * * @param UserIdentity $user * @param IDatabase $dbw The database connection to acquire the ID from. * The database must correspond to the wiki this ActorNormalization is bound to. * @return int greater then 0 * @throws CannotCreateActorException if no actor ID has been assigned to this $user / public function acquireActorId( UserIdentity $user, IDatabase $dbw ): int; /* * Find an actor by $id. * * @param int $actorId * @param IReadableDatabase $db The database connection to operate on. * The database must correspond to the wiki this ActorNormalization is bound to. * @return UserIdentity\|null Returns null if no actor with this $actorId exists in the database. / public function getActorById( int $actorId, IReadableDatabase $db ): ?UserIdentity; /* * In case all reasonable attempts of initializing a proper actor from the * database have failed, entities can be attributed to special 'Unknown user' actor. * * @return UserIdentity / public function getUnknownActor(): UserIdentity; } PK��!��\|L��UserRigorOptions.phpnu��Iw��<?php /* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file * @author DannyS712 / namespace MediaWiki\User; /* * Shared interface for rigor levels when dealing with User methods * * @since 1.36 / interface UserRigorOptions { /* * Check that a user name is valid for batch processes, login and account * creation. This does not allow auto-created temporary user patterns. / public const RIGOR_CREATABLE = 'creatable'; /* * Check that a user name is valid for batch processes and login / public const RIGOR_USABLE = 'usable'; /* * Check that a user name is valid for batch processes / public const RIGOR_VALID = 'valid'; /* * No validation at all / public const RIGOR_NONE = 'none'; } PK��!��ˋ)��)��TalkPageNotificationManager.phpnu��Iw��<?php /* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User; use MediaWiki\Config\ServiceOptions; use MediaWiki\Deferred\DeferredUpdates; use MediaWiki\HookContainer\HookContainer; use MediaWiki\HookContainer\HookRunner; use MediaWiki\MainConfigNames; use MediaWiki\Revision\RevisionLookup; use MediaWiki\Revision\RevisionRecord; use MediaWiki\Utils\MWTimestamp; use Wikimedia\Rdbms\IConnectionProvider; use Wikimedia\Rdbms\ReadOnlyMode; /* * Manages user talk page notifications * @since 1.35 / class TalkPageNotificationManager { /* * @internal For use by ServiceWiring / public const CONSTRUCTOR_OPTIONS = [ MainConfigNames::DisableAnonTalk ]; private array $userMessagesCache = []; private bool $disableAnonTalk; private IConnectionProvider $dbProvider; private ReadOnlyMode $readOnlyMode; private RevisionLookup $revisionLookup; private HookRunner $hookRunner; private UserFactory $userFactory; /* * @param ServiceOptions $serviceOptions * @param IConnectionProvider $dbProvider * @param ReadOnlyMode $readOnlyMode * @param RevisionLookup $revisionLookup * @param HookContainer $hookContainer * @param UserFactory $userFactory / public function __construct( ServiceOptions $serviceOptions, IConnectionProvider $dbProvider, ReadOnlyMode $readOnlyMode, RevisionLookup $revisionLookup, HookContainer $hookContainer, UserFactory $userFactory ) { $serviceOptions->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS ); $this->disableAnonTalk = $serviceOptions->get( MainConfigNames::DisableAnonTalk ); $this->dbProvider = $dbProvider; $this->readOnlyMode = $readOnlyMode; $this->revisionLookup = $revisionLookup; $this->hookRunner = new HookRunner( $hookContainer ); $this->userFactory = $userFactory; } /* * Check if the user has new messages. * @param UserIdentity $user * @return bool whether the user has new messages / public function userHasNewMessages( UserIdentity $user ): bool { $userKey = $this->getCacheKey( $user ); // Load the newtalk status if it is unloaded if ( !isset( $this->userMessagesCache[$userKey] ) ) { if ( $this->isTalkDisabled( $user ) ) { // Anon disabled by configuration. $this->userMessagesCache[$userKey] = false; } else { $this->userMessagesCache[$userKey] = $this->dbCheckNewUserMessages( $user ); } } return (bool)$this->userMessagesCache[$userKey]; } /* * Clear notifications when the user's own talk page is viewed * * @param UserIdentity $user * @param RevisionRecord\|null $oldRev If it is an old revision view, the * old revision. If it is a current revision view, this should be null. / public function clearForPageView( UserIdentity $user, ?RevisionRecord $oldRev = null ) { // Abort if the hook says so. (Echo doesn't abort, it just queues its own update) if ( !$this->hookRunner->onUserClearNewTalkNotification( $user, $oldRev ? $oldRev->getId() : 0 ) ) { return; } if ( $this->isTalkDisabled( $user ) ) { return; } // Nothing to do if there are no messages if ( !$this->userHasNewMessages( $user ) ) { return; } // If there is a subsequent revision after the one being viewed, use // its timestamp as the new notification timestamp. If there is no // subsequent revision, the notification is cleared. if ( $oldRev ) { $newRev = $this->revisionLookup->getNextRevision( $oldRev ); if ( $newRev ) { DeferredUpdates::addCallableUpdate( function () use ( $user, $newRev ) { $this->dbDeleteNewUserMessages( $user ); $this->dbUpdateNewUserMessages( $user, $newRev ); } ); return; } } // Update the cache now so that the skin doesn't show a notification $userKey = $this->getCacheKey( $user ); $this->userMessagesCache[$userKey] = false; // Defer the DB delete DeferredUpdates::addCallableUpdate( function () use ( $user ) { $this->touchUser( $user ); $this->dbDeleteNewUserMessages( $user ); } ); } /* * Update the talk page messages status. * * @param UserIdentity $user * @param RevisionRecord\|null $curRev New, as yet unseen revision of the user talk page. * Null is acceptable in case the revision is not known. This will indicate that new messages * exist, but will not affect the latest seen message timestamp / public function setUserHasNewMessages( UserIdentity $user, ?RevisionRecord $curRev = null ): void { if ( $this->isTalkDisabled( $user ) ) { return; } $userKey = $this->getCacheKey( $user ); $this->userMessagesCache[$userKey] = true; $this->touchUser( $user ); $this->dbUpdateNewUserMessages( $user, $curRev ); } /* * Remove the new messages status * @param UserIdentity $user / public function removeUserHasNewMessages( UserIdentity $user ): void { if ( $this->isTalkDisabled( $user ) ) { return; } $userKey = $this->getCacheKey( $user ); $this->userMessagesCache[$userKey] = false; $this->dbDeleteNewUserMessages( $user ); } /* * Returns the timestamp of the latest revision of the user talkpage * that the user has already seen in TS_MW format. * If the user has no new messages, returns null * * @param UserIdentity $user * @return string\|null / public function getLatestSeenMessageTimestamp( UserIdentity $user ): ?string { $userKey = $this->getCacheKey( $user ); // Don't use self::userHasNewMessages here to avoid an extra DB query // in case the value is not cached already if ( $this->isTalkDisabled( $user ) \|\| ( isset( $this->userMessagesCache[$userKey] ) && !$this->userMessagesCache[$userKey] ) ) { return null; } [ $field, $id ] = $this->getQueryFieldAndId( $user ); // Get the "last viewed rev" timestamp from the oldest message notification $timestamp = $this->dbProvider->getReplicaDatabase()->newSelectQueryBuilder() ->select( 'MIN(user_last_timestamp)' ) ->from( 'user_newtalk' ) ->where( [ $field => $id ] ) ->caller( __METHOD__ )->fetchField(); if ( $timestamp ) { // TODO: Now that User::setNewTalk() was removed, it should be possible to // cache not* having a new message as well (if $timestamp is null). $this->userMessagesCache[$userKey] = true; } return $timestamp !== null ? MWTimestamp::convert( TS_MW, $timestamp ) : null; } /** * Remove the cached newtalk status for the given user * @internal There should be no need to call this other than from User::clearInstanceCache * @param UserIdentity $user / public function clearInstanceCache( UserIdentity $user ): void { $userKey = $this->getCacheKey( $user ); $this->userMessagesCache[$userKey] = null; } /* * Check whether the talk page is disabled for a user * @param UserIdentity $user * @return bool / private function isTalkDisabled( UserIdentity $user ): bool { return !$user->isRegistered() && $this->disableAnonTalk; } /* * Internal uncached check for new messages * @param UserIdentity $user * @return bool True if the user has new messages / private function dbCheckNewUserMessages( UserIdentity $user ): bool { [ $field, $id ] = $this->getQueryFieldAndId( $user ); $ok = $this->dbProvider->getReplicaDatabase()->newSelectQueryBuilder() ->select( $field ) ->from( 'user_newtalk' ) ->where( [ $field => $id ] ) ->caller( __METHOD__ )->fetchField(); return (bool)$ok; } /* * Add or update the new messages flag * @param UserIdentity $user * @param RevisionRecord\|null $curRev New, as yet unseen revision of the * user talk page. Ignored if null. * @return bool True if successful, false otherwise / private function dbUpdateNewUserMessages( UserIdentity $user, ?RevisionRecord $curRev = null ): bool { if ( $this->readOnlyMode->isReadOnly() ) { return false; } if ( $curRev ) { $prevRev = $this->revisionLookup->getPreviousRevision( $curRev ); $ts = $prevRev ? $prevRev->getTimestamp() : null; } else { $ts = null; } // Mark the user as having new messages since this revision $dbw = $this->dbProvider->getPrimaryDatabase(); [ $field, $id ] = $this->getQueryFieldAndId( $user ); $dbw->newInsertQueryBuilder() ->insertInto( 'user_newtalk' ) ->ignore() ->row( [ $field => $id, 'user_last_timestamp' => $dbw->timestampOrNull( $ts ) ] ) ->caller( __METHOD__ )->execute(); return (bool)$dbw->affectedRows(); } /* * Clear the new messages flag for the given user * @param UserIdentity $user * @return bool True if successful, false otherwise / private function dbDeleteNewUserMessages( UserIdentity $user ): bool { if ( $this->readOnlyMode->isReadOnly() ) { return false; } $dbw = $this->dbProvider->getPrimaryDatabase(); [ $field, $id ] = $this->getQueryFieldAndId( $user ); $dbw->newDeleteQueryBuilder() ->deleteFrom( 'user_newtalk' ) ->where( [ $field => $id ] ) ->caller( __METHOD__ )->execute(); return (bool)$dbw->affectedRows(); } /* * Get the field name and id for the user_newtalk table query * @param UserIdentity $user * @return array ( string $field, string\|int $id ) / private function getQueryFieldAndId( UserIdentity $user ): array { if ( $user->isRegistered() ) { $field = 'user_id'; $id = $user->getId(); } else { $field = 'user_ip'; $id = $user->getName(); } return [ $field, $id ]; } /* * Gets a unique key for various caches. * @param UserIdentity $user * @return string / private function getCacheKey( UserIdentity $user ): string { return $user->isRegistered() ? "u:{$user->getId()}" : "anon:{$user->getName()}"; } /* * Update the user touched timestamp * @param UserIdentity $user / private function touchUser( UserIdentity $user ) { // Ideally this would not be in User, it would be in its own service // or something $this->userFactory->newFromUserIdentity( $user )->touch(); } } PK��!��D��User.phpnu��Iw��<?php /* * Implements the User class for the %MediaWiki software. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User; use AllowDynamicProperties; use ArrayIterator; use BadMethodCallException; use InvalidArgumentException; use MailAddress; use MediaWiki\Auth\AuthenticationRequest; use MediaWiki\Auth\AuthManager; use MediaWiki\Block\AbstractBlock; use MediaWiki\Block\Block; use MediaWiki\Block\SystemBlock; use MediaWiki\Context\RequestContext; use MediaWiki\DAO\WikiAwareEntityTrait; use MediaWiki\HookContainer\ProtectedHookAccessorTrait; use MediaWiki\Logger\LoggerFactory; use MediaWiki\Mail\UserEmailContact; use MediaWiki\MainConfigNames; use MediaWiki\MainConfigSchema; use MediaWiki\MediaWikiServices; use MediaWiki\Page\PageIdentity; use MediaWiki\Parser\Sanitizer; use MediaWiki\Password\PasswordFactory; use MediaWiki\Password\UserPasswordPolicy; use MediaWiki\Permissions\Authority; use MediaWiki\Permissions\PermissionStatus; use MediaWiki\Permissions\RateLimitSubject; use MediaWiki\Permissions\UserAuthority; use MediaWiki\Request\WebRequest; use MediaWiki\Session\SessionManager; use MediaWiki\Session\Token; use MediaWiki\Status\Status; use MediaWiki\Title\Title; use MWCryptHash; use MWCryptRand; use MWExceptionHandler; use RuntimeException; use stdClass; use Stringable; use UnexpectedValueException; use Wikimedia\Assert\Assert; use Wikimedia\Assert\PreconditionException; use Wikimedia\DebugInfo\DebugInfoTrait; use Wikimedia\IPUtils; use Wikimedia\ObjectCache\WANObjectCache; use Wikimedia\Rdbms\Database; use Wikimedia\Rdbms\DBAccessObjectUtils; use Wikimedia\Rdbms\DBExpectedError; use Wikimedia\Rdbms\IDatabase; use Wikimedia\Rdbms\IDBAccessObject; use Wikimedia\Rdbms\IReadableDatabase; use Wikimedia\Rdbms\SelectQueryBuilder; use Wikimedia\ScopedCallback; use Wikimedia\Timestamp\ConvertibleTimestamp; /* * The User object encapsulates all of the user-specific settings (user_id, * name, rights, email address, options, last login time). Client * classes use the getXXX() functions to access these fields. These functions * do all the work of determining whether the user is logged in, * whether the requested option can be satisfied from cookies or * whether a database query is needed. Most of the settings needed * for rendering normal pages are set in the cookie to minimize use * of the database. * * @note User implements Authority to ease transition. Always prefer * using existing Authority or obtaining a proper Authority implementation. * * @note {@}newable in 1.35 only, the constructor is {@}internal since 1.36 / #[AllowDynamicProperties] class User implements Stringable, Authority, UserIdentity, UserEmailContact { use DebugInfoTrait; use ProtectedHookAccessorTrait; use WikiAwareEntityTrait; /* * @see IDBAccessObject::READ_EXCLUSIVE / public const READ_EXCLUSIVE = IDBAccessObject::READ_EXCLUSIVE; /* * @see IDBAccessObject::READ_LOCKING / public const READ_LOCKING = IDBAccessObject::READ_LOCKING; /* * Number of characters required for the user_token field. / public const TOKEN_LENGTH = 32; /* * An invalid string value for the user_token field. / public const INVALID_TOKEN = ' INVALID '; /* * Version number to tag cached versions of serialized User objects. Should be increased when * {@link $mCacheVars} or one of its members changes. / private const VERSION = 17; /* * Username used for various maintenance scripts. * @since 1.37 / public const MAINTENANCE_SCRIPT_USER = 'Maintenance script'; /* * List of member variables which are saved to the * shared cache (memcached). Any operation which changes the * corresponding database fields must call a cache-clearing function. * @showinitializer * @var string[] / protected static $mCacheVars = [ // user table 'mId', 'mName', 'mRealName', 'mEmail', 'mTouched', 'mToken', 'mEmailAuthenticated', 'mEmailToken', 'mEmailTokenExpires', 'mRegistration', // actor table 'mActorId', ]; /* Cache variables / // Some of these are public, including for use by the UserFactory, but they generally // should not be set manually // @{ /* @var int / public $mId; /* @var string / public $mName; /* * Switched from protected to public for use in UserFactory * * @var int\|null / public $mActorId; /* @var string / public $mRealName; /* @var string / public $mEmail; /* @var string TS_MW timestamp from the DB / public $mTouched; /* @var string\|null TS_MW timestamp from cache / protected $mQuickTouched; /* @var string\|null / protected $mToken; /* @var string\|null / public $mEmailAuthenticated; /* @var string\|null / protected $mEmailToken; /* @var string\|null / protected $mEmailTokenExpires; /* @var string\|null / protected $mRegistration; // @} // @{ /* * @var array\|bool Array with already loaded items or true if all items have been loaded. / protected $mLoadedItems = []; // @} /* * @var string Initialization data source if mLoadedItems!==true. May be one of: * - 'defaults' anonymous user initialised from class defaults * - 'name' initialise from mName * - 'id' initialise from mId * - 'actor' initialise from mActorId * - 'session' log in from session if possible * * Use the User::newFrom() family of functions to set this. / public $mFrom; /** * Lazy-initialized variables, invalidated with clearInstanceCache / /* @var string\|null / protected $mDatePreference; /* @var string\|false / protected $mHash; /* @var AbstractBlock / protected $mGlobalBlock; /* @var bool / protected $mLocked; /* @var WebRequest\|null / private $mRequest; /* @var int IDBAccessObject::READ_* constant bitfield used to load data / protected $queryFlagsUsed = IDBAccessObject::READ_NORMAL; /* * @var UserAuthority\|null lazy-initialized Authority of this user * @noVarDump / private $mThisAsAuthority; /* @var bool\|null / private $isTemp; /* * Lightweight constructor for an anonymous user. * * @stable to call since 1.35 * @internal since 1.36, use the UserFactory service instead * * @see MediaWiki\User\UserFactory * * @see newFromName() * @see newFromId() * @see newFromActorId() * @see newFromConfirmationCode() * @see newFromSession() * @see newFromRow() / public function __construct() { $this->clearInstanceCache( 'defaults' ); } /* * Returns self::LOCAL to indicate the user is associated with the local wiki. * * @since 1.36 * @return string\|false / public function getWikiId() { return self::LOCAL; } /* * @return string / public function __toString() { return $this->getName(); } public function &__get( $name ) { // A shortcut for $mRights deprecation phase if ( $name === 'mRights' ) { // hard deprecated since 1.40 wfDeprecated( 'User::$mRights', '1.34' ); $copy = MediaWikiServices::getInstance() ->getPermissionManager() ->getUserPermissions( $this ); return $copy; } elseif ( !property_exists( $this, $name ) ) { // T227688 - do not break $u->foo['bar'] = 1 wfLogWarning( 'tried to get non-existent property' ); $this->$name = null; return $this->$name; } else { wfLogWarning( 'tried to get non-visible property' ); $null = null; return $null; } } public function __set( $name, $value ) { // A shortcut for $mRights deprecation phase, only known legitimate use was for // testing purposes, other uses seem bad in principle if ( $name === 'mRights' ) { // hard deprecated since 1.40 wfDeprecated( 'User::$mRights', '1.34' ); MediaWikiServices::getInstance()->getPermissionManager()->overrideUserRightsForTesting( $this, $value ?? [] ); } elseif ( !property_exists( $this, $name ) ) { $this->$name = $value; } else { wfLogWarning( 'tried to set non-visible property' ); } } public function __sleep(): array { return array_diff( array_keys( get_object_vars( $this ) ), [ 'mThisAsAuthority' // memoization, will be recreated on demand. ] ); } /* * Test if it's safe to load this User object. * * You should typically check this before using $wgUser or * RequestContext::getUser in a method that might be called before the * system has been fully initialized. If the object is unsafe, you should * use an anonymous user: * \code * $user = $wgUser->isSafeToLoad() ? $wgUser : new User; * \endcode * * @since 1.27 * @return bool / public function isSafeToLoad() { global $wgFullyInitialised; // The user is safe to load if: // MW_NO_SESSION is undefined AND $wgFullyInitialised is true (safe to use session data) // * mLoadedItems === true (already loaded) // * mFrom !== 'session' (sessions not involved at all) return ( !defined( 'MW_NO_SESSION' ) && $wgFullyInitialised ) \|\| $this->mLoadedItems === true \|\| $this->mFrom !== 'session'; } /** * Load the user table data for this object from the source given by mFrom. * * @param int $flags IDBAccessObject::READ_* constant bitfield / public function load( $flags = IDBAccessObject::READ_NORMAL ) { global $wgFullyInitialised; if ( $this->mLoadedItems === true ) { return; } // Set it now to avoid infinite recursion in accessors $oldLoadedItems = $this->mLoadedItems; $this->mLoadedItems = true; $this->queryFlagsUsed = $flags; // If this is called too early, things are likely to break. if ( !$wgFullyInitialised && $this->mFrom === 'session' ) { LoggerFactory::getInstance( 'session' ) ->warning( 'User::loadFromSession called before the end of Setup.php', [ 'exception' => new RuntimeException( 'User::loadFromSession called before the end of Setup.php' ), ] ); $this->loadDefaults(); $this->mLoadedItems = $oldLoadedItems; return; } elseif ( $this->mFrom === 'session' && defined( 'MW_NO_SESSION' ) && MW_NO_SESSION !== 'warn' ) { // Even though we are throwing an exception, make sure the User object is left in a // clean state as sometimes these exceptions are caught and the object accessed again. $this->loadDefaults(); $this->mLoadedItems = $oldLoadedItems; $ep = defined( 'MW_ENTRY_POINT' ) ? MW_ENTRY_POINT : 'this'; throw new BadMethodCallException( "Sessions are disabled for $ep entry point" ); } switch ( $this->mFrom ) { case 'defaults': $this->loadDefaults(); break; case 'id': // Make sure this thread sees its own changes, if the ID isn't 0 if ( $this->mId != 0 ) { $lb = MediaWikiServices::getInstance()->getDBLoadBalancer(); if ( $lb->hasOrMadeRecentPrimaryChanges() ) { $flags \|= IDBAccessObject::READ_LATEST; $this->queryFlagsUsed = $flags; } } $this->loadFromId( $flags ); break; case 'actor': case 'name': // Make sure this thread sees its own changes $lb = MediaWikiServices::getInstance()->getDBLoadBalancer(); if ( $lb->hasOrMadeRecentPrimaryChanges() ) { $flags \|= IDBAccessObject::READ_LATEST; $this->queryFlagsUsed = $flags; } $dbr = DBAccessObjectUtils::getDBFromRecency( MediaWikiServices::getInstance()->getDBLoadBalancerFactory(), $flags ); $queryBuilder = $dbr->newSelectQueryBuilder() ->select( [ 'actor_id', 'actor_user', 'actor_name' ] ) ->from( 'actor' ) ->recency( $flags ); if ( $this->mFrom === 'name' ) { // make sure to use normalized form of IP for anonymous users $queryBuilder->where( [ 'actor_name' => IPUtils::sanitizeIP( $this->mName ) ] ); } else { $queryBuilder->where( [ 'actor_id' => $this->mActorId ] ); } $row = $queryBuilder->caller( __METHOD__ )->fetchRow(); if ( !$row ) { // Ugh. $this->loadDefaults( $this->mFrom === 'name' ? $this->mName : false ); } elseif ( $row->actor_user ) { $this->mId = $row->actor_user; $this->loadFromId( $flags ); } else { $this->loadDefaults( $row->actor_name, $row->actor_id ); } break; case 'session': if ( !$this->loadFromSession() ) { // Loading from session failed. Load defaults. $this->loadDefaults(); } $this->getHookRunner()->onUserLoadAfterLoadFromSession( $this ); break; default: throw new UnexpectedValueException( "Unrecognised value for User->mFrom: \"{$this->mFrom}\"" ); } } /* * Load user table data, given mId has already been set. * @param int $flags IDBAccessObject::READ_* constant bitfield * @return bool False if the ID does not exist, true otherwise / public function loadFromId( $flags = IDBAccessObject::READ_NORMAL ) { if ( $this->mId == 0 ) { // Anonymous users are not in the database (don't need cache) $this->loadDefaults(); return false; } // Try cache (unless this needs data from the primary DB). // NOTE: if this thread called saveSettings(), the cache was cleared. $latest = DBAccessObjectUtils::hasFlags( $flags, IDBAccessObject::READ_LATEST ); if ( $latest ) { if ( !$this->loadFromDatabase( $flags ) ) { // Can't load from ID return false; } } else { $this->loadFromCache(); } $this->mLoadedItems = true; $this->queryFlagsUsed = $flags; return true; } /* * @since 1.27 * @param string $dbDomain * @param int $userId / public static function purge( $dbDomain, $userId ) { $cache = MediaWikiServices::getInstance()->getMainWANObjectCache(); $key = $cache->makeGlobalKey( 'user', 'id', $dbDomain, $userId ); $cache->delete( $key ); } /* * @since 1.27 * @param WANObjectCache $cache * @return string / protected function getCacheKey( WANObjectCache $cache ) { $lbFactory = MediaWikiServices::getInstance()->getDBLoadBalancerFactory(); return $cache->makeGlobalKey( 'user', 'id', $lbFactory->getLocalDomainID(), $this->mId ); } /* * Load user data from shared cache, given mId has already been set. * * @return bool True * @since 1.25 / protected function loadFromCache() { global $wgFullyInitialised; $cache = MediaWikiServices::getInstance()->getMainWANObjectCache(); $data = $cache->getWithSetCallback( $this->getCacheKey( $cache ), $cache::TTL_HOUR, function ( $oldValue, &$ttl, array &$setOpts ) use ( $cache, $wgFullyInitialised ) { $setOpts += Database::getCacheSetOptions( MediaWikiServices::getInstance()->getConnectionProvider()->getReplicaDatabase() ); wfDebug( "User: cache miss for user {$this->mId}" ); $this->loadFromDatabase( IDBAccessObject::READ_NORMAL ); $data = []; foreach ( self::$mCacheVars as $name ) { $data[$name] = $this->$name; } $ttl = $cache->adaptiveTTL( (int)wfTimestamp( TS_UNIX, $this->mTouched ), $ttl ); if ( $wgFullyInitialised ) { $groupMemberships = MediaWikiServices::getInstance() ->getUserGroupManager() ->getUserGroupMemberships( $this, $this->queryFlagsUsed ); // if a user group membership is about to expire, the cache needs to // expire at that time (T163691) foreach ( $groupMemberships as $ugm ) { if ( $ugm->getExpiry() ) { $secondsUntilExpiry = (int)wfTimestamp( TS_UNIX, $ugm->getExpiry() ) - time(); if ( $secondsUntilExpiry > 0 && $secondsUntilExpiry < $ttl ) { $ttl = $secondsUntilExpiry; } } } } return $data; }, [ 'pcTTL' => $cache::TTL_PROC_LONG, 'version' => self::VERSION ] ); // Restore from cache foreach ( self::$mCacheVars as $name ) { $this->$name = $data[$name]; } return true; } /*************************************************************************/ // region newFrom() static factory methods /** @name newFrom() static factory methods @{ / /* * @see UserFactory::newFromName * * @deprecated since 1.36, use a UserFactory instead * * This is slightly less efficient than newFromId(), so use newFromId() if * you have both an ID and a name handy. * * @param string $name Username, validated by Title::newFromText() * @param string\|bool $validate Validate username.Type of validation to use: * - false No validation * - 'valid' Valid for batch processes * - 'usable' Valid for batch processes and login * - 'creatable' Valid for batch processes, login and account creation, * except that true is accepted as an alias for 'valid', for BC. * * @return User\|false User object, or false if the username is invalid * (e.g. if it contains illegal characters or is an IP address). If the * username is not present in the database, the result will be a user object * with a name, zero user ID and default settings. / public static function newFromName( $name, $validate = 'valid' ) { // Backwards compatibility with strings / false $validationLevels = [ 'valid' => UserRigorOptions::RIGOR_VALID, 'usable' => UserRigorOptions::RIGOR_USABLE, 'creatable' => UserRigorOptions::RIGOR_CREATABLE ]; if ( $validate === true ) { $validate = 'valid'; } if ( $validate === false ) { $validation = UserRigorOptions::RIGOR_NONE; } elseif ( array_key_exists( $validate, $validationLevels ) ) { $validation = $validationLevels[ $validate ]; } else { // Not a recognized value, probably a test for unsupported validation // levels, regardless, just pass it along $validation = $validate; } return MediaWikiServices::getInstance()->getUserFactory() ->newFromName( (string)$name, $validation ) ?? false; } /* * Static factory method for creation from a given user ID. * * @see UserFactory::newFromId * * @deprecated since 1.36, use a UserFactory instead * * @param int $id Valid user ID * @return User / public static function newFromId( $id ) { return MediaWikiServices::getInstance() ->getUserFactory() ->newFromId( (int)$id ); } /* * Static factory method for creation from a given actor ID. * * @see UserFactory::newFromActorId * * @deprecated since 1.36, use a UserFactory instead * * @since 1.31 * @param int $id Valid actor ID * @return User / public static function newFromActorId( $id ) { return MediaWikiServices::getInstance() ->getUserFactory() ->newFromActorId( (int)$id ); } /* * Returns a User object corresponding to the given UserIdentity. * * @see UserFactory::newFromUserIdentity * * @deprecated since 1.36, use a UserFactory instead * * @since 1.32 * * @param UserIdentity $identity * * @return User / public static function newFromIdentity( UserIdentity $identity ) { // Don't use the service if we already have a User object, // so that User::newFromIdentity calls don't break things in unit tests. if ( $identity instanceof User ) { return $identity; } return MediaWikiServices::getInstance() ->getUserFactory() ->newFromUserIdentity( $identity ); } /* * Static factory method for creation from an ID, name, and/or actor ID * * This does not check that the ID, name, and actor ID all correspond to * the same user. * * @see UserFactory::newFromAnyId * * @deprecated since 1.36, use a UserFactory instead * * @since 1.31 * @param int\|null $userId User ID, if known * @param string\|null $userName User name, if known * @param int\|null $actorId Actor ID, if known * @param string\|false $dbDomain remote wiki to which the User/Actor ID * applies, or false if none * @return User / public static function newFromAnyId( $userId, $userName, $actorId, $dbDomain = false ) { return MediaWikiServices::getInstance() ->getUserFactory() ->newFromAnyId( $userId, $userName, $actorId, $dbDomain ); } /* * Factory method to fetch whichever user has a given email confirmation code. * This code is generated when an account is created or its e-mail address * has changed. * * If the code is invalid or has expired, returns NULL. * * @see UserFactory::newFromConfirmationCode * * @deprecated since 1.36, use a UserFactory instead * * @param string $code Confirmation code * @param int $flags IDBAccessObject::READ_* bitfield * @return User\|null / public static function newFromConfirmationCode( $code, $flags = IDBAccessObject::READ_NORMAL ) { return MediaWikiServices::getInstance() ->getUserFactory() ->newFromConfirmationCode( (string)$code, $flags ); } /* * Create a new user object using data from session. If the login * credentials are invalid, the result is an anonymous user. * * @param WebRequest\|null $request Object to use; the global request will be used if omitted. * @return User / public static function newFromSession( ?WebRequest $request = null ) { $user = new User; $user->mFrom = 'session'; $user->mRequest = $request; return $user; } /* * Create a new user object from a user row. * The row should have the following fields from the user table in it: * - either user_name or user_id to load further data if needed (or both) * - user_real_name * - all other fields (email, etc.) * It is useless to provide the remaining fields if either user_id, * user_name and user_real_name are not provided because the whole row * will be loaded once more from the database when accessing them. * * @param stdClass $row A row from the user table * @param array\|null $data Further data to load into the object * (see User::loadFromRow for valid keys) * @return User / public static function newFromRow( $row, $data = null ) { $user = new User; $user->loadFromRow( $row, $data ); return $user; } /* * Static factory method for creation of a "system" user from username. * * A "system" user is an account that's used to attribute logged actions * taken by MediaWiki itself, as opposed to a bot or human user. Examples * might include the 'Maintenance script' or 'Conversion script' accounts * used by various scripts in the maintenance/ directory or accounts such * as 'MediaWiki message delivery' used by the MassMessage extension. * * This can optionally create the user if it doesn't exist, and "steal" the * account if it does exist. * * "Stealing" an existing user is intended to make it impossible for normal * authentication processes to use the account, effectively disabling the * account for normal use: * - Email is invalidated, to prevent account recovery by emailing a * temporary password and to disassociate the account from the existing * human. * - The token is set to a magic invalid value, to kill existing sessions * and to prevent $this->setToken() calls from resetting the token to a * valid value. * - SessionManager is instructed to prevent new sessions for the user, to * do things like deauthorizing OAuth consumers. * - AuthManager is instructed to revoke access, to invalidate or remove * passwords and other credentials. * * System users should usually be listed in $wgReservedUsernames. * * @param string $name Username * @param array $options Options are: * - validate: Type of validation to use: * - false No validation * - 'valid' Valid for batch processes * - 'usable' Valid for batch processes and login * - 'creatable' Valid for batch processes, login and account creation, * default 'valid'. Deprecated since 1.36. * - create: Whether to create the user if it doesn't already exist, default true * - steal: Whether to "disable" the account for normal use if it already * exists, default false * @return User\|null * @since 1.27 * @see self::isSystemUser() * @see MainConfigSchema::ReservedUsernames / public static function newSystemUser( $name, $options = [] ) { $options += [ 'validate' => UserRigorOptions::RIGOR_VALID, 'create' => true, 'steal' => false, ]; // Username validation // Backwards compatibility with strings / false $validationLevels = [ 'valid' => UserRigorOptions::RIGOR_VALID, 'usable' => UserRigorOptions::RIGOR_USABLE, 'creatable' => UserRigorOptions::RIGOR_CREATABLE ]; $validate = $options['validate']; // @phan-suppress-next-line PhanSuspiciousValueComparison if ( $validate === false ) { $validation = UserRigorOptions::RIGOR_NONE; } elseif ( array_key_exists( $validate, $validationLevels ) ) { $validation = $validationLevels[ $validate ]; } else { // Not a recognized value, probably a test for unsupported validation // levels, regardless, just pass it along $validation = $validate; } if ( $validation !== UserRigorOptions::RIGOR_VALID ) { wfDeprecatedMsg( __METHOD__ . ' options["validation"] parameter must be omitted or set to "valid".', '1.36' ); } $services = MediaWikiServices::getInstance(); $userNameUtils = $services->getUserNameUtils(); $name = $userNameUtils->getCanonical( (string)$name, $validation ); if ( $name === false ) { return null; } $dbProvider = $services->getDBLoadBalancerFactory(); $dbr = $dbProvider->getReplicaDatabase(); $userQuery = self::newQueryBuilder( $dbr ) ->where( [ 'user_name' => $name ] ) ->caller( __METHOD__ ); $row = $userQuery->fetchRow(); if ( !$row ) { // Try the primary database $userQuery->connection( $dbProvider->getPrimaryDatabase() ); // Lock the row to prevent insertNewUser() returning null due to race conditions $userQuery->forUpdate(); $row = $userQuery->fetchRow(); } if ( !$row ) { // No user. Create it? // @phan-suppress-next-line PhanImpossibleCondition if ( !$options['create'] ) { // No. return null; } // If it's a reserved user that had an anonymous actor created for it at // some point, we need special handling. return self::insertNewUser( static function ( UserIdentity $actor, IDatabase $dbw ) { return MediaWikiServices::getInstance()->getActorStore() ->acquireSystemActorId( $actor, $dbw ); }, $name, [ 'token' => self::INVALID_TOKEN ] ); } $user = self::newFromRow( $row ); if ( !$user->isSystemUser() ) { // User exists. Steal it? // @phan-suppress-next-line PhanRedundantCondition if ( !$options['steal'] ) { return null; } $services->getAuthManager()->revokeAccessForUser( $name ); $user->invalidateEmail(); $user->mToken = self::INVALID_TOKEN; $user->saveSettings(); SessionManager::singleton()->preventSessionsForUser( $user->getName() ); } return $user; } /* @} / // endregion -- end of newFrom() static factory methods /** * Get the username corresponding to a given user ID * @deprecated since 1.43, Use UserIdentityLookup to get name from id * @param int $id User ID * @return string\|false The corresponding username / public static function whoIs( $id ) { return MediaWikiServices::getInstance()->getUserCache() ->getProp( $id, 'name' ); } /* * Get the real name of a user given their user ID * * @deprecated since 1.43, Use UserFactory to get user instance and use User::getRealName * @param int $id User ID * @return string\|false The corresponding user's real name / public static function whoIsReal( $id ) { return MediaWikiServices::getInstance()->getUserCache() ->getProp( $id, 'real_name' ); } /* * Return the users who are members of the given group(s). In case of multiple groups, * users who are members of at least one of them are returned. * * @param string\|array $groups A single group name or an array of group names * @param int $limit Max number of users to return. The actual limit will never exceed 5000 * records; larger values are ignored. * @param int\|null $after ID the user to start after * @return UserArrayFromResult\|ArrayIterator / public static function findUsersByGroup( $groups, $limit = 5000, $after = null ) { if ( $groups === [] ) { return UserArrayFromResult::newFromIDs( [] ); } $dbr = MediaWikiServices::getInstance()->getConnectionProvider()->getReplicaDatabase(); $queryBuilder = $dbr->newSelectQueryBuilder() ->select( 'ug_user' ) ->distinct() ->from( 'user_groups' ) ->where( [ 'ug_group' => array_unique( (array)$groups ) ] ) ->orderBy( 'ug_user' ) ->limit( min( 5000, $limit ) ); if ( $after !== null ) { $queryBuilder->andWhere( $dbr->expr( 'ug_user', '>', (int)$after ) ); } $ids = $queryBuilder->caller( __METHOD__ )->fetchFieldValues() ?: []; return UserArray::newFromIDs( $ids ); } /* * Is the input a valid password for this user? * * @param string $password Desired password * @return bool / public function isValidPassword( $password ) { // simple boolean wrapper for checkPasswordValidity return $this->checkPasswordValidity( $password )->isGood(); } /* * Check if this is a valid password for this user * * Returns a Status object with a set of messages describing * problems with the password. If the return status is fatal, * the action should be refused and the password should not be * checked at all (this is mainly meant for DoS mitigation). * If the return value is OK but not good, the password can be checked, * but the user should not be able to set their password to this. * The value of the returned Status object will be an array which * can have the following fields: * - forceChange (bool): if set to true, the user should not be * allowed to log with this password unless they change it during * the login process (see ResetPasswordSecondaryAuthenticationProvider). * - suggestChangeOnLogin (bool): if set to true, the user should be prompted for * a password change on login. * * @param string $password Desired password * @return Status * @since 1.23 / public function checkPasswordValidity( $password ) { $passwordPolicy = MediaWikiServices::getInstance()->getMainConfig() ->get( MainConfigNames::PasswordPolicy ); $upp = new UserPasswordPolicy( $passwordPolicy['policies'], $passwordPolicy['checks'] ); $status = Status::newGood( [] ); $result = false; // init $result to false for the internal checks if ( !$this->getHookRunner()->onIsValidPassword( $password, $result, $this ) ) { $status->error( $result ); return $status; } if ( $result === false ) { $status->merge( $upp->checkUserPassword( $this, $password ), true ); return $status; } if ( $result === true ) { return $status; } $status->error( $result ); return $status; // the isValidPassword hook set a string $result and returned true } /* * Set cached properties to default. * * @note This no longer clears uncached lazy-initialised properties; * the constructor does that instead. * * @param string\|false $name * @param int\|null $actorId / public function loadDefaults( $name = false, $actorId = null ) { $this->mId = 0; $this->mName = $name; $this->mActorId = $actorId; $this->mRealName = ''; $this->mEmail = ''; $this->isTemp = null; $loggedOut = $this->mRequest && !defined( 'MW_NO_SESSION' ) ? $this->mRequest->getSession()->getLoggedOutTimestamp() : 0; if ( $loggedOut !== 0 ) { $this->mTouched = wfTimestamp( TS_MW, $loggedOut ); } else { $this->mTouched = '1'; # Allow any pages to be cached } $this->mToken = null; // Don't run cryptographic functions till we need a token $this->mEmailAuthenticated = null; $this->mEmailToken = ''; $this->mEmailTokenExpires = null; $this->mRegistration = wfTimestamp( TS_MW ); $this->getHookRunner()->onUserLoadDefaults( $this, $name ); } /* * Return whether an item has been loaded. * * @param string $item Item to check. Current possibilities: * - id * - name * - realname * @param string $all 'all' to check if the whole object has been loaded * or any other string to check if only the item is available (e.g. * for optimisation) * @return bool / public function isItemLoaded( $item, $all = 'all' ) { return ( $this->mLoadedItems === true && $all === 'all' ) \|\| ( isset( $this->mLoadedItems[$item] ) && $this->mLoadedItems[$item] === true ); } /* * Set that an item has been loaded * * @internal Only public for use in UserFactory * * @param string $item / public function setItemLoaded( $item ) { if ( is_array( $this->mLoadedItems ) ) { $this->mLoadedItems[$item] = true; } } /* * Load user data from the session. * * @return bool True if the user is logged in, false otherwise. / private function loadFromSession() { // MediaWiki\Session\Session already did the necessary authentication of the user // returned here, so just use it if applicable. $session = $this->getRequest()->getSession(); $user = $session->getUser(); if ( $user->isRegistered() ) { $this->loadFromUserObject( $user ); // Other code expects these to be set in the session, so set them. $session->set( 'wsUserID', $this->getId() ); $session->set( 'wsUserName', $this->getName() ); $session->set( 'wsToken', $this->getToken() ); return true; } return false; } /* * Load user data from the database. * $this->mId must be set, this is how the user is identified. * * @param int $flags IDBAccessObject::READ_* constant bitfield * @return bool True if the user exists, false if the user is anonymous / public function loadFromDatabase( $flags = IDBAccessObject::READ_LATEST ) { // Paranoia $this->mId = intval( $this->mId ); if ( !$this->mId ) { // Anonymous users are not in the database $this->loadDefaults(); return false; } $db = DBAccessObjectUtils::getDBFromRecency( MediaWikiServices::getInstance()->getDBLoadBalancerFactory(), $flags ); $row = self::newQueryBuilder( $db ) ->where( [ 'user_id' => $this->mId ] ) ->recency( $flags ) ->caller( __METHOD__ ) ->fetchRow(); $this->queryFlagsUsed = $flags; if ( $row !== false ) { // Initialise user table data $this->loadFromRow( $row ); return true; } // Invalid user_id $this->mId = 0; $this->loadDefaults( 'Unknown user' ); return false; } /* * Initialize this object from a row from the user table. * * @param stdClass $row Row from the user table to load. * @param array\|null $data Further user data to load into the object * * user_groups Array of arrays or stdClass result rows out of the user_groups * table. Previously you were supposed to pass an array of strings * here, but we also need expiry info nowadays, so an array of * strings is ignored. / protected function loadFromRow( $row, $data = null ) { if ( !is_object( $row ) ) { throw new InvalidArgumentException( '$row must be an object' ); } $all = true; if ( isset( $row->actor_id ) ) { $this->mActorId = (int)$row->actor_id; if ( $this->mActorId !== 0 ) { $this->mFrom = 'actor'; } $this->setItemLoaded( 'actor' ); } else { $all = false; } if ( isset( $row->user_name ) && $row->user_name !== '' ) { $this->mName = $row->user_name; $this->mFrom = 'name'; $this->setItemLoaded( 'name' ); } else { $all = false; } if ( isset( $row->user_real_name ) ) { $this->mRealName = $row->user_real_name; $this->setItemLoaded( 'realname' ); } else { $all = false; } if ( isset( $row->user_id ) ) { $this->mId = intval( $row->user_id ); if ( $this->mId !== 0 ) { $this->mFrom = 'id'; } $this->setItemLoaded( 'id' ); } else { $all = false; } if ( isset( $row->user_editcount ) ) { // Don't try to set edit count for anonymous users // We check the id here and not in UserEditTracker because calling // User::getId() can trigger some other loading. This will result in // discarding the user_editcount field for rows if the id wasn't set. if ( $this->mId !== null && $this->mId !== 0 ) { MediaWikiServices::getInstance() ->getUserEditTracker() ->setCachedUserEditCount( $this, (int)$row->user_editcount ); } } else { $all = false; } if ( isset( $row->user_touched ) ) { $this->mTouched = wfTimestamp( TS_MW, $row->user_touched ); } else { $all = false; } if ( isset( $row->user_token ) ) { // The definition for the column is binary(32), so trim the NULs // that appends. The previous definition was char(32), so trim // spaces too. $this->mToken = rtrim( $row->user_token, " \0" ); if ( $this->mToken === '' ) { $this->mToken = null; } } else { $all = false; } if ( isset( $row->user_email ) ) { $this->mEmail = $row->user_email; $this->mEmailAuthenticated = wfTimestampOrNull( TS_MW, $row->user_email_authenticated ); $this->mEmailToken = $row->user_email_token; $this->mEmailTokenExpires = wfTimestampOrNull( TS_MW, $row->user_email_token_expires ); $this->mRegistration = wfTimestampOrNull( TS_MW, $row->user_registration ); } else { $all = false; } if ( $all ) { $this->mLoadedItems = true; } if ( is_array( $data ) ) { if ( isset( $data['user_groups'] ) && is_array( $data['user_groups'] ) ) { MediaWikiServices::getInstance() ->getUserGroupManager() ->loadGroupMembershipsFromArray( $this, $data['user_groups'], $this->queryFlagsUsed ); } } } /* * Load the data for this user object from another user object. * * @param User $user / protected function loadFromUserObject( $user ) { $user->load(); foreach ( self::$mCacheVars as $var ) { $this->$var = $user->$var; } } /* * Builds update conditions. Additional conditions may be added to $conditions to * protected against race conditions using a compare-and-set (CAS) mechanism * based on comparing $this->mTouched with the user_touched field. * * @param IReadableDatabase $db * @param array $conditions WHERE conditions for use with Database::update * @return array WHERE conditions for use with Database::update / protected function makeUpdateConditions( IReadableDatabase $db, array $conditions ) { if ( $this->mTouched ) { // CAS check: only update if the row wasn't changed since it was loaded. $conditions['user_touched'] = $db->timestamp( $this->mTouched ); } return $conditions; } /* * Bump user_touched if it didn't change since this object was loaded * * On success, the mTouched field is updated. * The user serialization cache is always cleared. * * @internal * @return bool Whether user_touched was actually updated * @since 1.26 / public function checkAndSetTouched() { $this->load(); if ( !$this->mId ) { return false; // anon } // Get a new user_touched that is higher than the old one $newTouched = $this->newTouchedTimestamp(); $dbw = MediaWikiServices::getInstance()->getConnectionProvider()->getPrimaryDatabase(); $dbw->newUpdateQueryBuilder() ->update( 'user' ) ->set( [ 'user_touched' => $dbw->timestamp( $newTouched ) ] ) ->where( $this->makeUpdateConditions( $dbw, [ 'user_id' => $this->mId, ] ) ) ->caller( __METHOD__ )->execute(); $success = ( $dbw->affectedRows() > 0 ); if ( $success ) { $this->mTouched = $newTouched; $this->clearSharedCache( 'changed' ); } else { // Clears on failure too since that is desired if the cache is stale $this->clearSharedCache( 'refresh' ); } return $success; } /* * Clear various cached data stored in this object. The cache of the user table * data (i.e. self::$mCacheVars) is not cleared unless $reloadFrom is given. * * @param bool\|string $reloadFrom Reload user and user_groups table data from a * given source. May be "name", "id", "actor", "defaults", "session", or false for no reload. / public function clearInstanceCache( $reloadFrom = false ) { global $wgFullyInitialised; $this->mDatePreference = null; $this->mHash = false; $this->mThisAsAuthority = null; if ( $wgFullyInitialised && $this->mFrom ) { $services = MediaWikiServices::getInstance(); if ( $services->peekService( 'PermissionManager' ) ) { $services->getPermissionManager()->invalidateUsersRightsCache( $this ); } if ( $services->peekService( 'UserOptionsManager' ) ) { $services->getUserOptionsManager()->clearUserOptionsCache( $this ); } if ( $services->peekService( 'TalkPageNotificationManager' ) ) { $services->getTalkPageNotificationManager()->clearInstanceCache( $this ); } if ( $services->peekService( 'UserGroupManager' ) ) { $services->getUserGroupManager()->clearCache( $this ); } if ( $services->peekService( 'UserEditTracker' ) ) { $services->getUserEditTracker()->clearUserEditCache( $this ); } if ( $services->peekService( 'BlockManager' ) ) { $services->getBlockManager()->clearUserCache( $this ); } } if ( $reloadFrom ) { if ( in_array( $reloadFrom, [ 'name', 'id', 'actor' ] ) ) { $this->mLoadedItems = [ $reloadFrom => true ]; } else { $this->mLoadedItems = []; } $this->mFrom = $reloadFrom; } } /* * Is this user subject to rate limiting? * * @return bool True if rate limited / public function isPingLimitable() { $limiter = MediaWikiServices::getInstance()->getRateLimiter(); $subject = $this->toRateLimitSubject(); return !$limiter->isExempt( $subject ); } /* * Primitive rate limits: enforce maximum actions per time period * to put a brake on flooding. * * The method generates both a generic profiling point and a per action one * (suffix being "-$action"). * * @note When using a shared cache like memcached, IP-address * last-hit counters will be shared across wikis. * * @param string $action Action to enforce; 'edit' if unspecified * @param int $incrBy Positive amount to increment counter by [defaults to 1] * * @return bool True if a rate limiter was tripped / public function pingLimiter( $action = 'edit', $incrBy = 1 ) { return $this->getThisAsAuthority()->limit( $action, $incrBy, null ); } /* * @internal for use by UserAuthority only! * @return RateLimitSubject / public function toRateLimitSubject(): RateLimitSubject { $flags = [ 'exempt' => $this->isAllowed( 'noratelimit' ), 'newbie' => $this->isNewbie(), ]; return new RateLimitSubject( $this, $this->getRequest()->getIP(), $flags ); } /* * Get the block affecting the user, or null if the user is not blocked * * @param int\|bool $freshness One of the IDBAccessObject::READ_XXX constants. * For backwards compatibility, a boolean is also accepted, * with true meaning READ_NORMAL and false meaning * READ_LATEST. * @param bool $disableIpBlockExemptChecking This is used internally to prevent * a infinite recursion with autopromote. See T270145. * * @return ?AbstractBlock / public function getBlock( $freshness = IDBAccessObject::READ_NORMAL, $disableIpBlockExemptChecking = false ): ?Block { if ( is_bool( $freshness ) ) { $fromReplica = $freshness; } else { $fromReplica = ( $freshness !== IDBAccessObject::READ_LATEST ); } if ( $disableIpBlockExemptChecking ) { $isExempt = false; } else { $isExempt = $this->isAllowed( 'ipblock-exempt' ); } // TODO: Block checking shouldn't really be done from the User object. Block // checking can involve checking for IP blocks, cookie blocks, and/or XFF blocks, // which need more knowledge of the request context than the User should have. // Since we do currently check blocks from the User, we have to do the following // here: // - Check if this is the user associated with the main request // - If so, pass the relevant request information to the block manager $request = null; if ( !$isExempt && $this->isGlobalSessionUser() ) { // This is the global user, so we need to pass the request $request = $this->getRequest(); } return MediaWikiServices::getInstance()->getBlockManager()->getBlock( $this, $request, $fromReplica, ); } /* * Check if user is blocked on all wikis. * Do not use for actual edit permission checks! * This is intended for quick UI checks. * * @param string $ip IP address, uses current client if none given * @return bool True if blocked, false otherwise * @deprecated since 1.40, emits deprecation warnings since 1.43. Use getBlock instead. / public function isBlockedGlobally( $ip = '' ) { wfDeprecated( __METHOD__, '1.40' ); return $this->getGlobalBlock( $ip ) instanceof AbstractBlock; } /* * Check if user is blocked on all wikis. * Do not use for actual edit permission checks! * This is intended for quick UI checks. * * @param string $ip IP address, uses current client if none given * @return AbstractBlock\|null Block object if blocked, null otherwise * @deprecated since 1.40. Use getBlock instead / public function getGlobalBlock( $ip = '' ) { if ( $this->mGlobalBlock !== null ) { return $this->mGlobalBlock ?: null; } // User is already an IP? if ( IPUtils::isIPAddress( $this->getName() ) ) { $ip = $this->getName(); } elseif ( !$ip ) { $ip = $this->getRequest()->getIP(); } $blocked = false; $block = null; $this->getHookRunner()->onUserIsBlockedGlobally( $this, $ip, $blocked, $block ); if ( $blocked && $block === null ) { // back-compat: UserIsBlockedGlobally didn't have $block param first $block = new SystemBlock( [ 'address' => $ip, 'systemBlock' => 'global-block' ] ); } $this->mGlobalBlock = $blocked ? $block : false; return $this->mGlobalBlock ?: null; } /* * Check if user account is locked * * @return bool True if locked, false otherwise / public function isLocked() { if ( $this->mLocked !== null ) { return $this->mLocked; } // Reset for hook $this->mLocked = false; $this->getHookRunner()->onUserIsLocked( $this, $this->mLocked ); return $this->mLocked; } /* * Check if user account is hidden * * @return bool True if hidden, false otherwise / public function isHidden() { $block = $this->getBlock(); return $block ? $block->getHideName() : false; } /* * Get the user's ID. * @param string\|false $wikiId The wiki ID expected by the caller. * @return int The user's ID; 0 if the user is anonymous or nonexistent / public function getId( $wikiId = self::LOCAL ): int { $this->assertWiki( $wikiId ); if ( $this->mId === null && $this->mName !== null ) { $userNameUtils = MediaWikiServices::getInstance()->getUserNameUtils(); if ( $userNameUtils->isIP( $this->mName ) \|\| ExternalUserNames::isExternal( $this->mName ) ) { // Special case, we know the user is anonymous // Note that "external" users are "local" (they have an actor ID that is relative to // the local wiki). return 0; } } if ( !$this->isItemLoaded( 'id' ) ) { // Don't load if this was initialized from an ID $this->load(); } return (int)$this->mId; } /* * Set the user and reload all fields according to a given ID * @param int $v User ID to reload / public function setId( $v ) { $this->mId = $v; $this->clearInstanceCache( 'id' ); } /* * Get the user name, or the IP of an anonymous user * @return string User's name or IP address / public function getName(): string { if ( $this->isItemLoaded( 'name', 'only' ) ) { // Special case optimisation return $this->mName; } $this->load(); if ( $this->mName === false ) { // Clean up IPs $this->mName = IPUtils::sanitizeIP( $this->getRequest()->getIP() ); } return $this->mName; } /* * Set the user name. * * This does not reload fields from the database according to the given * name. Rather, it is used to create a temporary "nonexistent user" for * later addition to the database. It can also be used to set the IP * address for an anonymous user to something other than the current * remote IP. * * @note User::newFromName() has roughly the same function, when the named user * does not exist. * @param string $str New user name to set / public function setName( $str ) { $this->load(); $this->mName = $str; } /* * Get the user's actor ID. * @since 1.31 * @note This method was removed from the UserIdentity interface in 1.36, * but remains supported in the User class for now. * New code should use ActorNormalization::findActorId() or * ActorNormalization::acquireActorId() instead. * @param IDatabase\|string\|false $dbwOrWikiId Deprecated since 1.36. * If a database connection is passed, a new actor ID is assigned if needed. * ActorNormalization::acquireActorId() should be used for that purpose instead. * @return int The actor's ID, or 0 if no actor ID exists and $dbw was null * @throws PreconditionException if $dbwOrWikiId is a string and does not match the local wiki / public function getActorId( $dbwOrWikiId = self::LOCAL ): int { if ( $dbwOrWikiId ) { wfDeprecatedMsg( 'Passing a parameter to getActorId() is deprecated', '1.36' ); } if ( is_string( $dbwOrWikiId ) ) { $this->assertWiki( $dbwOrWikiId ); } if ( !$this->isItemLoaded( 'actor' ) ) { $this->load(); } if ( !$this->mActorId && $dbwOrWikiId instanceof IDatabase ) { MediaWikiServices::getInstance() ->getActorStoreFactory() ->getActorNormalization( $dbwOrWikiId->getDomainID() ) ->acquireActorId( $this, $dbwOrWikiId ); // acquireActorId will call setActorId on $this Assert::postcondition( $this->mActorId !== null, "Failed to acquire actor ID for user id {$this->mId} name {$this->mName}" ); } return (int)$this->mActorId; } /* * Sets the actor id. * For use by ActorStore only. * Should be removed once callers of getActorId() have been migrated to using ActorNormalization. * * @internal * @deprecated since 1.36 * @param int $actorId / public function setActorId( int $actorId ) { $this->mActorId = $actorId; $this->setItemLoaded( 'actor' ); } /* * Get the user's name escaped by underscores. * @return string Username escaped by underscores. / public function getTitleKey(): string { return str_replace( ' ', '_', $this->getName() ); } /* * Generate a current or new-future timestamp to be stored in the * user_touched field when we update things. * * @return string Timestamp in TS_MW format / private function newTouchedTimestamp() { $time = (int)ConvertibleTimestamp::now( TS_UNIX ); if ( $this->mTouched ) { $time = max( $time, (int)ConvertibleTimestamp::convert( TS_UNIX, $this->mTouched ) + 1 ); } return ConvertibleTimestamp::convert( TS_MW, $time ); } /* * Clear user data from memcached * * Use after applying updates to the database; caller's * responsibility to update user_touched if appropriate. * * Called implicitly from invalidateCache() and saveSettings(). * * @param string $mode Use 'refresh' to clear now or 'changed' to clear before DB commit / public function clearSharedCache( $mode = 'refresh' ) { if ( !$this->getId() ) { return; } $dbProvider = MediaWikiServices::getInstance()->getConnectionProvider(); $cache = MediaWikiServices::getInstance()->getMainWANObjectCache(); $key = $this->getCacheKey( $cache ); if ( $mode === 'refresh' ) { $cache->delete( $key, 1 ); // low tombstone/"hold-off" TTL } else { $dbProvider->getPrimaryDatabase()->onTransactionPreCommitOrIdle( static function () use ( $cache, $key ) { $cache->delete( $key ); }, __METHOD__ ); } } /* * Immediately touch the user data cache for this account * * Calls touch() and removes account data from memcached / public function invalidateCache() { $this->touch(); $this->clearSharedCache( 'changed' ); } /* * Update the "touched" timestamp for the user * * This is useful on various login/logout events when making sure that * a browser or proxy that has multiple tenants does not suffer cache * pollution where the new user sees the old users content. The value * of getTouched() is checked when determining 304 vs 200 responses. * Unlike invalidateCache(), this preserves the User object cache and * avoids database writes. * * @since 1.25 / public function touch() { $id = $this->getId(); if ( $id ) { $cache = MediaWikiServices::getInstance()->getMainWANObjectCache(); $key = $cache->makeKey( 'user-quicktouched', 'id', $id ); $cache->touchCheckKey( $key ); $this->mQuickTouched = null; } } /* * Validate the cache for this account. * @param string $timestamp A timestamp in TS_MW format * @return bool / public function validateCache( $timestamp ) { return ( $timestamp >= $this->getTouched() ); } /* * Get the user touched timestamp * * Use this value only to validate caches via inequalities * such as in the case of HTTP If-Modified-Since response logic * * @return string TS_MW Timestamp / public function getTouched() { $this->load(); if ( $this->mId ) { if ( $this->mQuickTouched === null ) { $cache = MediaWikiServices::getInstance()->getMainWANObjectCache(); $key = $cache->makeKey( 'user-quicktouched', 'id', $this->mId ); $this->mQuickTouched = wfTimestamp( TS_MW, $cache->getCheckKeyTime( $key ) ); } return max( $this->mTouched, $this->mQuickTouched ); } return $this->mTouched; } /* * Get the user_touched timestamp field (time of last DB updates) * @return string TS_MW Timestamp * @since 1.26 / public function getDBTouched() { $this->load(); return $this->mTouched; } /* * Changes credentials of the user. * * This is a convenience wrapper around AuthManager::changeAuthenticationData. * Note that this can return a status that isOK() but not isGood() on certain types of failures, * e.g. when no provider handled the change. * * @param array $data A set of authentication data in fieldname => value format. This is the * same data you would pass the changeauthenticationdata API - 'username', 'password' etc. * @return Status * @since 1.27 / public function changeAuthenticationData( array $data ) { $manager = MediaWikiServices::getInstance()->getAuthManager(); $reqs = $manager->getAuthenticationRequests( AuthManager::ACTION_CHANGE, $this ); $reqs = AuthenticationRequest::loadRequestsFromSubmission( $reqs, $data ); $status = Status::newGood( 'ignored' ); foreach ( $reqs as $req ) { $status->merge( $manager->allowsAuthenticationDataChange( $req ), true ); } if ( $status->getValue() === 'ignored' ) { $status->warning( 'authenticationdatachange-ignored' ); } if ( $status->isGood() ) { foreach ( $reqs as $req ) { $manager->changeAuthenticationData( $req ); } } return $status; } /* * Get the user's current token. * @param bool $forceCreation Force the generation of a new token if the * user doesn't have one (default=true for backwards compatibility). * @return string\|null Token / public function getToken( $forceCreation = true ) { $authenticationTokenVersion = MediaWikiServices::getInstance() ->getMainConfig()->get( MainConfigNames::AuthenticationTokenVersion ); $this->load(); if ( !$this->mToken && $forceCreation ) { $this->setToken(); } if ( !$this->mToken ) { // The user doesn't have a token, return null to indicate that. return null; } if ( $this->mToken === self::INVALID_TOKEN ) { // We return a random value here so existing token checks are very // likely to fail. return MWCryptRand::generateHex( self::TOKEN_LENGTH ); } if ( $authenticationTokenVersion === null ) { // $wgAuthenticationTokenVersion not in use, so return the raw secret return $this->mToken; } // $wgAuthenticationTokenVersion in use, so hmac it. $ret = MWCryptHash::hmac( $authenticationTokenVersion, $this->mToken, false ); // The raw hash can be overly long. Shorten it up. $len = max( 32, self::TOKEN_LENGTH ); if ( strlen( $ret ) < $len ) { // Should never happen, even md5 is 128 bits throw new \UnexpectedValueException( 'Hmac returned less than 128 bits' ); } return substr( $ret, -$len ); } /* * Set the random token (used for persistent authentication) * Called from loadDefaults() among other places. * * @param string\|false $token If specified, set the token to this value / public function setToken( $token = false ) { $this->load(); if ( $this->mToken === self::INVALID_TOKEN ) { LoggerFactory::getInstance( 'session' ) ->debug( __METHOD__ . ": Ignoring attempt to set token for system user \"$this\"" ); } elseif ( !$token ) { $this->mToken = MWCryptRand::generateHex( self::TOKEN_LENGTH ); } else { $this->mToken = $token; } } /* * Get the user's e-mail address * @return string User's email address / public function getEmail(): string { $this->load(); $email = $this->mEmail; $this->getHookRunner()->onUserGetEmail( $this, $email ); // In case a hook handler returns e.g. null $this->mEmail = is_string( $email ) ? $email : ''; return $this->mEmail; } /* * Get the timestamp of the user's e-mail authentication * @return string TS_MW timestamp / public function getEmailAuthenticationTimestamp() { $this->load(); $this->getHookRunner()->onUserGetEmailAuthenticationTimestamp( $this, $this->mEmailAuthenticated ); return $this->mEmailAuthenticated; } /* * Set the user's e-mail address * @param string $str New e-mail address / public function setEmail( string $str ) { $this->load(); if ( $str == $this->getEmail() ) { return; } $this->invalidateEmail(); $this->mEmail = $str; $this->getHookRunner()->onUserSetEmail( $this, $this->mEmail ); } /* * Set the user's e-mail address and send a confirmation mail if needed. * * @since 1.20 * @param string $str New e-mail address * @return Status / public function setEmailWithConfirmation( string $str ) { $config = MediaWikiServices::getInstance()->getMainConfig(); $enableEmail = $config->get( MainConfigNames::EnableEmail ); if ( !$enableEmail ) { return Status::newFatal( 'emaildisabled' ); } $oldaddr = $this->getEmail(); if ( $str === $oldaddr ) { return Status::newGood( true ); } $type = $oldaddr != '' ? 'changed' : 'set'; $notificationResult = null; $emailAuthentication = $config->get( MainConfigNames::EmailAuthentication ); if ( $emailAuthentication && $type === 'changed' ) { // Send the user an email notifying the user of the change in registered // email address on their previous email address $change = $str != '' ? 'changed' : 'removed'; $notificationResult = $this->sendMail( wfMessage( 'notificationemail_subject_' . $change )->text(), wfMessage( 'notificationemail_body_' . $change, $this->getRequest()->getIP(), $this->getName(), $str )->text() ); } $this->setEmail( $str ); if ( $str !== '' && $emailAuthentication ) { // Send a confirmation request to the new address if needed $result = $this->sendConfirmationMail( $type ); if ( $notificationResult !== null ) { $result->merge( $notificationResult ); } if ( $result->isGood() ) { // Say to the caller that a confirmation and notification mail has been sent $result->value = 'eauth'; } } else { $result = Status::newGood( true ); } return $result; } /* * Get the user's real name * @return string User's real name / public function getRealName(): string { if ( !$this->isItemLoaded( 'realname' ) ) { $this->load(); } return $this->mRealName; } /* * Set the user's real name * @param string $str New real name / public function setRealName( string $str ) { $this->load(); $this->mRealName = $str; } /* * Get a token stored in the preferences (like the watchlist one), * resetting it if it's empty (and saving changes). * * @param string $oname The option name to retrieve the token from * @return string\|false User's current value for the option, or false if this option is disabled. * @see resetTokenFromOption() * @see getOption() * @deprecated since 1.26 Applications should use the OAuth extension / public function getTokenFromOption( $oname ) { $hiddenPrefs = MediaWikiServices::getInstance()->getMainConfig()->get( MainConfigNames::HiddenPrefs ); $id = $this->getId(); if ( !$id \|\| in_array( $oname, $hiddenPrefs ) ) { return false; } $userOptionsLookup = MediaWikiServices::getInstance() ->getUserOptionsLookup(); $token = $userOptionsLookup->getOption( $this, (string)$oname ); if ( !$token ) { // Default to a value based on the user token to avoid space // wasted on storing tokens for all users. When this option // is set manually by the user, only then is it stored. $token = hash_hmac( 'sha1', "$oname:$id", $this->getToken() ); } return $token; } /* * Reset a token stored in the preferences (like the watchlist one). * Does not save user's preferences (similarly to UserOptionsManager::setOption()). * * @param string $oname The option name to reset the token in * @return string\|false New token value, or false if this option is disabled. * @see getTokenFromOption() * @see \MediaWiki\User\Options\UserOptionsManager::setOption / public function resetTokenFromOption( $oname ) { $hiddenPrefs = MediaWikiServices::getInstance()->getMainConfig()->get( MainConfigNames::HiddenPrefs ); if ( in_array( $oname, $hiddenPrefs ) ) { return false; } $token = MWCryptRand::generateHex( 40 ); MediaWikiServices::getInstance() ->getUserOptionsManager() ->setOption( $this, $oname, $token ); return $token; } /* * Get the user's preferred date format. * @return string User's preferred date format / public function getDatePreference() { // Important migration for old data rows if ( $this->mDatePreference === null ) { global $wgLang; $userOptionsLookup = MediaWikiServices::getInstance() ->getUserOptionsLookup(); $value = $userOptionsLookup->getOption( $this, 'date' ); $map = $wgLang->getDatePreferenceMigrationMap(); if ( isset( $map[$value] ) ) { $value = $map[$value]; } $this->mDatePreference = $value; } return $this->mDatePreference; } /* * Determine based on the wiki configuration and the user's options, * whether this user must be over HTTPS no matter what. * * @return bool / public function requiresHTTPS() { if ( !$this->isRegistered() ) { return false; } $services = MediaWikiServices::getInstance(); $config = $services->getMainConfig(); if ( $config->get( MainConfigNames::ForceHTTPS ) ) { return true; } if ( !$config->get( MainConfigNames::SecureLogin ) ) { return false; } return $services->getUserOptionsLookup() ->getBoolOption( $this, 'prefershttps' ); } /* * Get the user's edit count. * @return int\|null Null for anonymous users / public function getEditCount() { return MediaWikiServices::getInstance() ->getUserEditTracker() ->getUserEditCount( $this ); } /* * Get whether the user is registered. * * @return bool True if user is registered on this wiki, i.e., has a user ID. False if user is * anonymous or has no local account (which can happen when importing). This is equivalent to * getId() != 0 and is provided for code readability. * @since 1.34 / public function isRegistered(): bool { return $this->getId() != 0; } /* * Get whether the user is anonymous * @return bool / public function isAnon() { return !$this->isRegistered(); } /* * @return bool Whether this user is flagged as being a bot role account * @since 1.28 / public function isBot() { $userGroupManager = MediaWikiServices::getInstance()->getUserGroupManager(); if ( in_array( 'bot', $userGroupManager->getUserGroups( $this ) ) && $this->isAllowed( 'bot' ) ) { return true; } $isBot = false; $this->getHookRunner()->onUserIsBot( $this, $isBot ); return $isBot; } /* * Get whether the user is a system user * * A user is considered to exist as a non-system user if it can * authenticate, or has an email set, or has a non-invalid token. * * @return bool Whether this user is a system user * @since 1.35 / public function isSystemUser() { $this->load(); if ( $this->getEmail() \|\| $this->mToken !== self::INVALID_TOKEN \|\| MediaWikiServices::getInstance()->getAuthManager()->userCanAuthenticate( $this->mName ) ) { return false; } return true; } public function isAllowedAny( ...$permissions ): bool { return $this->getThisAsAuthority()->isAllowedAny( ...$permissions ); } public function isAllowedAll( ...$permissions ): bool { return $this->getThisAsAuthority()->isAllowedAll( ...$permissions ); } public function isAllowed( string $permission, ?PermissionStatus $status = null ): bool { return $this->getThisAsAuthority()->isAllowed( $permission, $status ); } /* * Check whether to enable recent changes patrol features for this user * @return bool True or false / public function useRCPatrol() { $useRCPatrol = MediaWikiServices::getInstance()->getMainConfig()->get( MainConfigNames::UseRCPatrol ); return $useRCPatrol && $this->isAllowedAny( 'patrol', 'patrolmarks' ); } /* * Check whether to enable new pages patrol features for this user * @return bool True or false / public function useNPPatrol() { $useRCPatrol = MediaWikiServices::getInstance()->getMainConfig()->get( MainConfigNames::UseRCPatrol ); $useNPPatrol = MediaWikiServices::getInstance()->getMainConfig()->get( MainConfigNames::UseNPPatrol ); return ( ( $useRCPatrol \|\| $useNPPatrol ) && ( $this->isAllowedAny( 'patrol', 'patrolmarks' ) ) ); } /* * Check whether to enable new files patrol features for this user * @return bool True or false / public function useFilePatrol() { $useRCPatrol = MediaWikiServices::getInstance()->getMainConfig()->get( MainConfigNames::UseRCPatrol ); $useFilePatrol = MediaWikiServices::getInstance()->getMainConfig() ->get( MainConfigNames::UseFilePatrol ); return ( ( $useRCPatrol \|\| $useFilePatrol ) && ( $this->isAllowedAny( 'patrol', 'patrolmarks' ) ) ); } /* * Get the WebRequest object to use with this object * * @return WebRequest / public function getRequest(): WebRequest { return $this->mRequest ?? RequestContext::getMain()->getRequest(); } /* * Compute experienced level based on edit count and registration date. * * @return string\|false 'newcomer', 'learner', or 'experienced', false for anonymous users / public function getExperienceLevel() { $mainConfig = MediaWikiServices::getInstance()->getMainConfig(); $learnerEdits = $mainConfig->get( MainConfigNames::LearnerEdits ); $experiencedUserEdits = $mainConfig->get( MainConfigNames::ExperiencedUserEdits ); $learnerMemberSince = $mainConfig->get( MainConfigNames::LearnerMemberSince ); $experiencedUserMemberSince = $mainConfig->get( MainConfigNames::ExperiencedUserMemberSince ); if ( $this->isAnon() ) { return false; } $editCount = $this->getEditCount(); $registration = $this->getRegistration(); $now = time(); $learnerRegistration = wfTimestamp( TS_MW, $now - $learnerMemberSince 86400 ); $experiencedRegistration = wfTimestamp( TS_MW, $now - $experiencedUserMemberSince * 86400 ); if ( $registration === null ) { // for some very old accounts, this information is missing in the database // treat them as old enough to be 'experienced' $registration = $experiencedRegistration; } if ( $editCount < $learnerEdits \|\| $registration > $learnerRegistration ) { return 'newcomer'; } if ( $editCount > $experiencedUserEdits && $registration <= $experiencedRegistration ) { return 'experienced'; } return 'learner'; } /** * Persist this user's session (e.g. set cookies) * * @param WebRequest\|null $request WebRequest object to use; the global request * will be used if null is passed. * @param bool\|null $secure Whether to force secure/insecure cookies or use default * @param bool $rememberMe Whether to add a Token cookie for elongated sessions / public function setCookies( $request = null, $secure = null, $rememberMe = false ) { $this->load(); if ( $this->mId == 0 ) { return; } $session = $this->getRequest()->getSession(); if ( $request && $session->getRequest() !== $request ) { $session = $session->sessionWithRequest( $request ); } $delay = $session->delaySave(); if ( !$session->getUser()->equals( $this ) ) { if ( !$session->canSetUser() ) { LoggerFactory::getInstance( 'session' ) ->warning( __METHOD__ . ": Cannot save user \"$this\" to a user " . "\"{$session->getUser()}\"'s immutable session" ); return; } $session->setUser( $this ); } $session->setRememberUser( $rememberMe ); if ( $secure !== null ) { $session->setForceHTTPS( $secure ); } $session->persist(); ScopedCallback::consume( $delay ); } /* * Log this user out. / public function logout() { if ( $this->getHookRunner()->onUserLogout( $this ) ) { $this->doLogout(); } } /* * Clear the user's session, and reset the instance cache. * @see logout() / public function doLogout() { $session = $this->getRequest()->getSession(); if ( !$session->canSetUser() ) { LoggerFactory::getInstance( 'session' ) ->warning( __METHOD__ . ": Cannot log out of an immutable session" ); $error = 'immutable'; } elseif ( !$session->getUser()->equals( $this ) ) { LoggerFactory::getInstance( 'session' ) ->warning( __METHOD__ . ": Cannot log user \"$this\" out of a user \"{$session->getUser()}\"'s session" ); // But we still may as well make this user object anon $this->clearInstanceCache( 'defaults' ); $error = 'wronguser'; } else { $this->clearInstanceCache( 'defaults' ); $delay = $session->delaySave(); $session->unpersist(); // Clear cookies (T127436) $session->setLoggedOutTimestamp( time() ); $session->setUser( new User ); $session->set( 'wsUserID', 0 ); // Other code expects this $session->resetAllTokens(); ScopedCallback::consume( $delay ); $error = false; } LoggerFactory::getInstance( 'authevents' )->info( 'Logout', [ 'event' => 'logout', 'successful' => $error === false, 'status' => $error ?: 'success', ] ); } /* * Save this user's settings into the database. * @todo Only rarely do all these fields need to be set! / public function saveSettings() { if ( MediaWikiServices::getInstance()->getReadOnlyMode()->isReadOnly() ) { // @TODO: caller should deal with this instead! // This should really just be an exception. MWExceptionHandler::logException( new DBExpectedError( null, "Could not update user with ID '{$this->mId}'; DB is read-only." ) ); return; } $this->load(); if ( $this->mId == 0 ) { return; // anon } // Get a new user_touched that is higher than the old one. // This will be used for a CAS check as a last-resort safety // check against race conditions and replica DB lag. $newTouched = $this->newTouchedTimestamp(); $dbw = MediaWikiServices::getInstance()->getConnectionProvider()->getPrimaryDatabase(); $dbw->doAtomicSection( __METHOD__, function ( IDatabase $dbw, $fname ) use ( $newTouched ) { $dbw->newUpdateQueryBuilder() ->update( 'user' ) ->set( [ 'user_name' => $this->mName, 'user_real_name' => $this->mRealName, 'user_email' => $this->mEmail, 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ), 'user_touched' => $dbw->timestamp( $newTouched ), 'user_token' => strval( $this->mToken ), 'user_email_token' => $this->mEmailToken, 'user_email_token_expires' => $dbw->timestampOrNull( $this->mEmailTokenExpires ), ] ) ->where( $this->makeUpdateConditions( $dbw, [ / WHERE / 'user_id' => $this->mId, ] ) ) ->caller( $fname )->execute(); if ( !$dbw->affectedRows() ) { // Maybe the problem was a missed cache update; clear it to be safe $this->clearSharedCache( 'refresh' ); // User was changed in the meantime or loaded with stale data $from = ( $this->queryFlagsUsed & IDBAccessObject::READ_LATEST ) ? 'primary' : 'replica'; LoggerFactory::getInstance( 'preferences' )->warning( "CAS update failed on user_touched for user ID '{user_id}' ({db_flag} read)", [ 'user_id' => $this->mId, 'db_flag' => $from ] ); throw new RuntimeException( "CAS update failed on user_touched. " . "The version of the user to be saved is older than the current version." ); } $dbw->newUpdateQueryBuilder() ->update( 'actor' ) ->set( [ 'actor_name' => $this->mName ] ) ->where( [ 'actor_user' => $this->mId ] ) ->caller( $fname )->execute(); MediaWikiServices::getInstance()->getActorStore()->deleteUserIdentityFromCache( $this ); } ); $this->mTouched = $newTouched; if ( $this->isNamed() ) { MediaWikiServices::getInstance()->getUserOptionsManager()->saveOptionsInternal( $this ); } $this->getHookRunner()->onUserSaveSettings( $this ); $this->clearSharedCache( 'changed' ); $hcu = MediaWikiServices::getInstance()->getHtmlCacheUpdater(); $hcu->purgeTitleUrls( $this->getUserPage(), $hcu::PURGE_INTENT_TXROUND_REFLECTED ); } /* * If only this user's username is known, and it exists, return the user ID. * * @param int $flags Bitfield of IDBAccessObject::READ_* constants; useful for existence checks * @return int / public function idForName( $flags = IDBAccessObject::READ_NORMAL ) { $s = trim( $this->getName() ); if ( $s === '' ) { return 0; } $db = DBAccessObjectUtils::getDBFromRecency( MediaWikiServices::getInstance()->getDBLoadBalancerFactory(), $flags ); $id = $db->newSelectQueryBuilder() ->select( 'user_id' ) ->from( 'user' ) ->where( [ 'user_name' => $s ] ) ->recency( $flags ) ->caller( __METHOD__ )->fetchField(); return (int)$id; } /* * Add a user to the database, return the user object * * @param string $name Username to add * @param array $params Array of Strings Non-default parameters to save to * the database as user_* fields: * - email: The user's email address. * - email_authenticated: The email authentication timestamp. * - real_name: The user's real name. * - token: Random authentication token. Do not set. * - registration: Registration timestamp. Do not set. * @return User\|null User object, or null if the username already exists. / public static function createNew( $name, $params = [] ) { return self::insertNewUser( static function ( UserIdentity $actor, IDatabase $dbw ) { return MediaWikiServices::getInstance()->getActorStore()->createNewActor( $actor, $dbw ); }, $name, $params ); } /* * See ::createNew * @param callable $insertActor ( UserIdentity $actor, IDatabase $dbw ): int actor ID, * @param string $name * @param array $params * @return User\|null User object, or null if the username already exists. / private static function insertNewUser( callable $insertActor, $name, $params = [] ) { foreach ( [ 'password', 'newpassword', 'newpass_time', 'password_expires' ] as $field ) { if ( isset( $params[$field] ) ) { wfDeprecated( __METHOD__ . " with param '$field'", '1.27' ); unset( $params[$field] ); } } $user = new User; $user->load(); $user->setToken(); // init token $dbw = MediaWikiServices::getInstance()->getConnectionProvider()->getPrimaryDatabase(); $noPass = PasswordFactory::newInvalidPassword()->toString(); $fields = [ 'user_name' => $name, 'user_password' => $noPass, 'user_newpassword' => $noPass, 'user_email' => $user->mEmail, 'user_email_authenticated' => $dbw->timestampOrNull( $user->mEmailAuthenticated ), 'user_real_name' => $user->mRealName, 'user_token' => strval( $user->mToken ), 'user_registration' => $dbw->timestamp( $user->mRegistration ), 'user_editcount' => 0, 'user_touched' => $dbw->timestamp( $user->newTouchedTimestamp() ), ]; foreach ( $params as $name => $value ) { $fields["user_$name"] = $value; } return $dbw->doAtomicSection( __METHOD__, static function ( IDatabase $dbw, $fname ) use ( $fields, $insertActor ) { $dbw->newInsertQueryBuilder() ->insertInto( 'user' ) ->ignore() ->row( $fields ) ->caller( $fname )->execute(); if ( $dbw->affectedRows() ) { $newUser = self::newFromId( $dbw->insertId() ); $newUser->mName = $fields['user_name']; // Don't pass $this, since calling ::getId, ::getName might force ::load // and this user might not be ready for the yet. $newUser->mActorId = $insertActor( new UserIdentityValue( $newUser->mId, $newUser->mName ), $dbw ); // Load the user from primary DB to avoid replica lag $newUser->load( IDBAccessObject::READ_LATEST ); } else { $newUser = null; } return $newUser; } ); } /* * Add this existing user object to the database. If the user already * exists, a fatal status object is returned, and the user object is * initialised with the data from the database. * * Previously, this function generated a DB error due to a key conflict * if the user already existed. Many extension callers use this function * in code along the lines of: * * $user = User::newFromName( $name ); * if ( !$user->isRegistered() ) { * $user->addToDatabase(); * } * // do something with $user... * * However, this was vulnerable to a race condition (T18020). By * initialising the user object if the user exists, we aim to support this * calling sequence as far as possible. * * Note that if the user exists, this function will acquire a write lock, * so it is still advisable to make the call conditional on isRegistered(), * and to commit the transaction after calling. * * @return Status / public function addToDatabase() { $this->load(); if ( !$this->mToken ) { $this->setToken(); // init token } if ( !is_string( $this->mName ) ) { throw new RuntimeException( "User name field is not set." ); } $this->mTouched = $this->newTouchedTimestamp(); $dbw = MediaWikiServices::getInstance()->getConnectionProvider()->getPrimaryDatabase(); $status = $dbw->doAtomicSection( __METHOD__, function ( IDatabase $dbw, $fname ) { $noPass = PasswordFactory::newInvalidPassword()->toString(); $dbw->newInsertQueryBuilder() ->insertInto( 'user' ) ->ignore() ->row( [ 'user_name' => $this->mName, 'user_password' => $noPass, 'user_newpassword' => $noPass, 'user_email' => $this->mEmail, 'user_email_authenticated' => $dbw->timestampOrNull( $this->mEmailAuthenticated ), 'user_real_name' => $this->mRealName, 'user_token' => strval( $this->mToken ), 'user_registration' => $dbw->timestamp( $this->mRegistration ), 'user_editcount' => 0, 'user_touched' => $dbw->timestamp( $this->mTouched ), 'user_is_temp' => $this->isTemp(), ] ) ->caller( $fname )->execute(); if ( !$dbw->affectedRows() ) { // Use locking reads to bypass any REPEATABLE-READ snapshot. $this->mId = $dbw->newSelectQueryBuilder() ->select( 'user_id' ) ->lockInShareMode() ->from( 'user' ) ->where( [ 'user_name' => $this->mName ] ) ->caller( $fname )->fetchField(); $loaded = false; if ( $this->mId && $this->loadFromDatabase( IDBAccessObject::READ_LOCKING ) ) { $loaded = true; } if ( !$loaded ) { throw new RuntimeException( $fname . ": hit a key conflict attempting " . "to insert user '{$this->mName}' row, but it was not present in select!" ); } return Status::newFatal( 'userexists' ); } $this->mId = $dbw->insertId(); // Don't pass $this, since calling ::getId, ::getName might force ::load // and this user might not be ready for the yet. $this->mActorId = MediaWikiServices::getInstance() ->getActorNormalization() ->acquireActorId( new UserIdentityValue( $this->mId, $this->mName ), $dbw ); return Status::newGood(); } ); if ( !$status->isGood() ) { return $status; } // Clear instance cache other than user table data and actor, which is already accurate $this->clearInstanceCache(); if ( $this->isNamed() ) { MediaWikiServices::getInstance()->getUserOptionsManager()->saveOptions( $this ); } return Status::newGood(); } /* * If this user is logged-in and blocked, block any IP address they've successfully logged in from. * Calls the "SpreadAnyEditBlock" hook, so this may block the IP address using a non-core blocking mechanism. * * @return bool A block was spread / public function spreadAnyEditBlock() { if ( !$this->isRegistered() ) { return false; } $blockWasSpread = false; $this->getHookRunner()->onSpreadAnyEditBlock( $this, $blockWasSpread ); if ( $this->getBlock() ) { $blockWasSpread = $blockWasSpread \|\| $this->spreadBlock(); } return $blockWasSpread; } /* * If this (non-anonymous) user is blocked, * block the IP address they've successfully logged in from. * @return bool A block was spread / protected function spreadBlock() { wfDebug( __METHOD__ . "()" ); $this->load(); if ( $this->mId == 0 ) { return false; } $blockStore = MediaWikiServices::getInstance()->getDatabaseBlockStore(); $userblock = $blockStore->newFromTarget( $this->getName() ); if ( !$userblock ) { return false; } return (bool)$blockStore->doAutoblock( $userblock, $this->getRequest()->getIP() ); } /* * Get whether the user is blocked from using Special:Emailuser. * @return bool * @deprecated since 1.41, emits deprecation warnings since 1.43. EmailUser::canSend * checks blocks amongst other things. If you only need this check, use * ::getBlock()->appliesToRight( 'sendemail' ). / public function isBlockedFromEmailuser() { wfDeprecated( __METHOD__, '1.41' ); $block = $this->getBlock(); return $block && $block->appliesToRight( 'sendemail' ); } /* * Get whether the user is blocked from using Special:Upload * * @since 1.33 * @return bool / public function isBlockedFromUpload() { $block = $this->getBlock(); return $block && $block->appliesToRight( 'upload' ); } /* * Get whether the user is allowed to create an account. * @return bool / public function isAllowedToCreateAccount() { return $this->getThisAsAuthority()->isDefinitelyAllowed( 'createaccount' ); } /* * Get this user's personal page title. * * @return Title User's personal page title / public function getUserPage() { return Title::makeTitle( NS_USER, $this->getName() ); } /* * Get this user's talk page title. * * @return Title / public function getTalkPage() { $title = $this->getUserPage(); return $title->getTalkPage(); } /* * Determine whether the user is a newbie. Newbies are one of: * - IP address editors * - temporary accounts * - most recently created full accounts. * @return bool / public function isNewbie() { // IP users and temp account users are excluded from the autoconfirmed group. return !$this->isAllowed( 'autoconfirmed' ); } /* * Initialize (if necessary) and return a session token value * which can be used in edit forms to show that the user's * login credentials aren't being hijacked with a foreign form * submission. * * @since 1.27 * @deprecated since 1.37. Use CsrfTokenSet::getToken instead * @param string\|string[] $salt Optional function-specific data for hashing * @param WebRequest\|null $request WebRequest object to use, or null to use the global request * @return Token The new edit token / public function getEditTokenObject( $salt = '', $request = null ) { if ( $this->isAnon() ) { return new LoggedOutEditToken(); } if ( !$request ) { $request = $this->getRequest(); } return $request->getSession()->getToken( $salt ); } /* * Initialize (if necessary) and return a session token value * which can be used in edit forms to show that the user's * login credentials aren't being hijacked with a foreign form * submission. * * The $salt for 'edit' and 'csrf' tokens is the default (empty string). * * @since 1.19 * @deprecated since 1.37. Use CsrfTokenSet::getToken instead * @param string\|string[] $salt Optional function-specific data for hashing * @param WebRequest\|null $request WebRequest object to use, or null to use the global request * @return string The new edit token / public function getEditToken( $salt = '', $request = null ) { return $this->getEditTokenObject( $salt, $request )->toString(); } /* * Check given value against the token value stored in the session. * A match should confirm that the form was submitted from the * user's own login session, not a form submission from a third-party * site. * * @deprecated since 1.37. Use CsrfTokenSet::matchToken instead * @param string\|null $val Input value to compare * @param string\|array $salt Optional function-specific data for hashing * @param WebRequest\|null $request Object to use, or null to use the global request * @param int\|null $maxage Fail tokens older than this, in seconds * @return bool Whether the token matches / public function matchEditToken( $val, $salt = '', $request = null, $maxage = null ) { return $this->getEditTokenObject( $salt, $request )->match( $val, $maxage ); } /* * Generate a new e-mail confirmation token and send a confirmation/invalidation * mail to the user's given address. * * @param string $type Message to send, either "created", "changed" or "set" * @return Status / public function sendConfirmationMail( $type = 'created' ) { global $wgLang; $expiration = null; // gets passed-by-ref and defined in next line. $token = $this->confirmationToken( $expiration ); $url = $this->confirmationTokenUrl( $token ); $invalidateURL = $this->invalidationTokenUrl( $token ); $this->saveSettings(); if ( $type == 'created' \|\| $type === false ) { $message = 'confirmemail_body'; $type = 'created'; } elseif ( $type === true ) { $message = 'confirmemail_body_changed'; $type = 'changed'; } else { // Messages: confirmemail_body_changed, confirmemail_body_set $message = 'confirmemail_body_' . $type; } $mail = [ 'subject' => wfMessage( 'confirmemail_subject' )->text(), 'body' => wfMessage( $message, $this->getRequest()->getIP(), $this->getName(), $url, $wgLang->userTimeAndDate( $expiration, $this ), $invalidateURL, $wgLang->userDate( $expiration, $this ), $wgLang->userTime( $expiration, $this ) )->text(), 'from' => null, 'replyTo' => null, ]; $info = [ 'type' => $type, 'ip' => $this->getRequest()->getIP(), 'confirmURL' => $url, 'invalidateURL' => $invalidateURL, 'expiration' => $expiration ]; $this->getHookRunner()->onUserSendConfirmationMail( $this, $mail, $info ); return $this->sendMail( $mail['subject'], $mail['body'], $mail['from'], $mail['replyTo'] ); } /* * Send an e-mail to this user's account. Does not check for * confirmed status or validity. * * @param string $subject Message subject * @param string\|string[] $body Message body or array containing keys text and html * @param User\|null $from Optional sending user; if unspecified, default * $wgPasswordSender will be used. * @param MailAddress\|null $replyto Reply-To address * @return Status / public function sendMail( $subject, $body, $from = null, $replyto = null ) { $passwordSender = MediaWikiServices::getInstance()->getMainConfig() ->get( MainConfigNames::PasswordSender ); if ( $from instanceof User ) { $sender = MailAddress::newFromUser( $from ); } else { $sender = new MailAddress( $passwordSender, wfMessage( 'emailsender' )->inContentLanguage()->text() ); } $to = MailAddress::newFromUser( $this ); if ( is_array( $body ) ) { $bodyText = $body['text'] ?? ''; $bodyHtml = $body['html'] ?? null; } else { $bodyText = $body; $bodyHtml = null; } return Status::wrap( MediaWikiServices::getInstance()->getEmailer() ->send( [ $to ], $sender, $subject, $bodyText, $bodyHtml, [ 'replyTo' => $replyto ] ) ); } /* * Generate, store, and return a new e-mail confirmation code. * A hash (unsalted, since it's used as a key) is stored. * * @note Call saveSettings() after calling this function to commit * this change to the database. * * @param string &$expiration Accepts the expiration time @phan-output-reference * @return string New token / protected function confirmationToken( &$expiration ) { $userEmailConfirmationTokenExpiry = MediaWikiServices::getInstance() ->getMainConfig()->get( MainConfigNames::UserEmailConfirmationTokenExpiry ); $now = time(); $expires = $now + $userEmailConfirmationTokenExpiry; $expiration = wfTimestamp( TS_MW, $expires ); $this->load(); $token = MWCryptRand::generateHex( 32 ); $hash = md5( $token ); $this->mEmailToken = $hash; $this->mEmailTokenExpires = $expiration; return $token; } /* * Check if the given email confirmation token is well-formed (to detect mangling by * email clients). This does not check whether the token is valid. * @param string $token * @return bool / public static function isWellFormedConfirmationToken( string $token ): bool { return preg_match( '/^[a-f0-9]{32}$/', $token ); } /* * Return a URL the user can use to confirm their email address. * @param string $token Accepts the email confirmation token * @return string New token URL / protected function confirmationTokenUrl( $token ) { return $this->getTokenUrl( 'ConfirmEmail', $token ); } /* * Return a URL the user can use to invalidate their email address. * @param string $token Accepts the email confirmation token * @return string New token URL / protected function invalidationTokenUrl( $token ) { return $this->getTokenUrl( 'InvalidateEmail', $token ); } /* * Internal function to format the e-mail validation/invalidation URLs. * This uses a quickie hack to use the * hardcoded English names of the Special: pages, for ASCII safety. * * @note Since these URLs get dropped directly into emails, using the * short English names avoids really long URL-encoded links, which * also sometimes can get corrupted in some browsers/mailers * (T8957 with Gmail and Internet Explorer). * * @param string $page Special page * @param string $token * @return string Formatted URL / protected function getTokenUrl( $page, $token ) { // Hack to bypass localization of 'Special:' $title = Title::makeTitle( NS_MAIN, "Special:$page/$token" ); return $title->getCanonicalURL(); } /* * Mark the e-mail address confirmed. * * @note Call saveSettings() after calling this function to commit the change. * * @return bool / public function confirmEmail() { // Check if it's already confirmed, so we don't touch the database // and fire the ConfirmEmailComplete hook on redundant confirmations. if ( !$this->isEmailConfirmed() ) { $this->setEmailAuthenticationTimestamp( wfTimestampNow() ); $this->getHookRunner()->onConfirmEmailComplete( $this ); } return true; } /* * Invalidate the user's e-mail confirmation, and unauthenticate the e-mail * address if it was already confirmed. * * @note Call saveSettings() after calling this function to commit the change. * @return bool Returns true / public function invalidateEmail() { $this->load(); $this->mEmailToken = null; $this->mEmailTokenExpires = null; $this->setEmailAuthenticationTimestamp( null ); $this->mEmail = ''; $this->getHookRunner()->onInvalidateEmailComplete( $this ); return true; } /* * Set the e-mail authentication timestamp. * @param string\|null $timestamp TS_MW timestamp / public function setEmailAuthenticationTimestamp( $timestamp ) { $this->load(); $this->mEmailAuthenticated = $timestamp; $this->getHookRunner()->onUserSetEmailAuthenticationTimestamp( $this, $this->mEmailAuthenticated ); } /* * Is this user allowed to send e-mails within limits of current * site configuration? * @deprecated since 1.41, emits deprecation warnings since 1.43. * Use EmailUser::canSend() instead. * @return bool / public function canSendEmail() { wfDeprecated( __METHOD__, '1.41' ); $permError = MediaWikiServices::getInstance()->getEmailUserFactory() ->newEmailUser( $this->getThisAsAuthority() ) ->canSend(); return $permError->isGood(); } /* * Is this user allowed to receive e-mails within limits of current * site configuration? * @return bool / public function canReceiveEmail() { $userOptionsLookup = MediaWikiServices::getInstance() ->getUserOptionsLookup(); return $this->isEmailConfirmed() && !$userOptionsLookup->getOption( $this, 'disablemail' ); } /* * Is this user's e-mail address valid-looking and confirmed within * limits of the current site configuration? * * @note If $wgEmailAuthentication is on, this may require the user to have * confirmed their address by returning a code or using a password * sent to the address from the wiki. * * @return bool / public function isEmailConfirmed(): bool { $emailAuthentication = MediaWikiServices::getInstance()->getMainConfig() ->get( MainConfigNames::EmailAuthentication ); $this->load(); $confirmed = true; if ( $this->getHookRunner()->onEmailConfirmed( $this, $confirmed ) ) { return !$this->isAnon() && Sanitizer::validateEmail( $this->getEmail() ) && ( !$emailAuthentication \|\| $this->getEmailAuthenticationTimestamp() ); } return $confirmed; } /* * Check whether there is an outstanding request for e-mail confirmation. * @return bool / public function isEmailConfirmationPending() { $emailAuthentication = MediaWikiServices::getInstance()->getMainConfig() ->get( MainConfigNames::EmailAuthentication ); return $emailAuthentication && !$this->isEmailConfirmed() && $this->mEmailToken && $this->mEmailTokenExpires > wfTimestamp(); } /* * Get the timestamp of account creation. * * @return string\|false\|null Timestamp of account creation, false for * non-existent/anonymous user accounts, or null if existing account * but information is not in database. / public function getRegistration() { if ( $this->isAnon() ) { return false; } $this->load(); return $this->mRegistration; } /* * Get the description of a given right as wikitext * * @since 1.29 * @param string $right Right to query * @return string Localized description of the right / public static function getRightDescription( $right ) { $key = "right-$right"; $msg = wfMessage( $key ); return $msg->isDisabled() ? $right : $msg->text(); } /* * Get the description of a given right as rendered HTML * * @since 1.42 * @param string $right Right to query * @return string HTML description of the right / public static function getRightDescriptionHtml( $right ) { return wfMessage( "right-$right" )->parse(); } /* * Return the tables, fields, and join conditions to be selected to create * a new user object. * @since 1.31 * @return array[] With three keys: * - tables: (string[]) to include in the `$table` to `IDatabase->select()` * or `SelectQueryBuilder::tables` * - fields: (string[]) to include in the `$vars` to `IDatabase->select()` * or `SelectQueryBuilder::fields` * - joins: (array) to include in the `$join_conds` to `IDatabase->select()` * or `SelectQueryBuilder::joinConds` * @phan-return array{tables:string[],fields:string[],joins:array} / public static function getQueryInfo() { $ret = [ 'tables' => [ 'user', 'user_actor' => 'actor' ], 'fields' => [ 'user_id', 'user_name', 'user_real_name', 'user_email', 'user_touched', 'user_token', 'user_email_authenticated', 'user_email_token', 'user_email_token_expires', 'user_registration', 'user_editcount', 'user_actor.actor_id', ], 'joins' => [ 'user_actor' => [ 'JOIN', 'user_actor.actor_user = user_id' ], ], ]; return $ret; } /* * Get a SelectQueryBuilder with the tables, fields and join conditions * needed to create a new User object. * * The return value is a plain SelectQueryBuilder, not a UserSelectQueryBuilder. * That way, there is no need for an ActorStore. * * @return SelectQueryBuilder / public static function newQueryBuilder( IReadableDatabase $db ) { return $db->newSelectQueryBuilder() ->select( [ 'user_id', 'user_name', 'user_real_name', 'user_email', 'user_touched', 'user_token', 'user_email_authenticated', 'user_email_token', 'user_email_token_expires', 'user_registration', 'user_editcount', 'user_actor.actor_id', ] ) ->from( 'user' ) ->join( 'actor', 'user_actor', 'user_actor.actor_user = user_id' ); } /* * Factory function for fatal permission-denied errors * * @since 1.22 * @deprecated since 1.41, use Authority::isAllowed instead. * Core code can also use PermissionManager::newFatalPermissionDeniedStatus. * * @param string $permission User right required * @return Status / public static function newFatalPermissionDeniedStatus( $permission ) { return Status::wrap( MediaWikiServices::getInstance()->getPermissionManager() ->newFatalPermissionDeniedStatus( $permission, RequestContext::getMain() ) ); } /* * Get a new instance of this user that was loaded from the primary DB via a locking read * * Use this instead of the main context User when updating that user. This avoids races * where that user was loaded from a replica DB or even the primary DB but without proper locks. * * @return User\|null Returns null if the user was not found in the DB * @since 1.27 / public function getInstanceForUpdate() { if ( !$this->getId() ) { return null; // anon } $user = self::newFromId( $this->getId() ); if ( !$user->loadFromId( IDBAccessObject::READ_EXCLUSIVE ) ) { return null; } return $user; } /* * Checks if two user objects point to the same user. * * @since 1.25 ; takes a UserIdentity instead of a User since 1.32 * @param UserIdentity\|null $user * @return bool / public function equals( ?UserIdentity $user ): bool { if ( !$user ) { return false; } // XXX it's not clear whether central ID providers are supposed to obey this return $this->getName() === $user->getName(); } /* * @note This is only here for compatibility with the Authority interface. * @since 1.36 * @return UserIdentity $this / public function getUser(): UserIdentity { return $this; } /* * @since 1.36 * @param string $action * @param PageIdentity $target * @param PermissionStatus\|null $status * @return bool / public function probablyCan( string $action, PageIdentity $target, ?PermissionStatus $status = null ): bool { return $this->getThisAsAuthority()->probablyCan( $action, $target, $status ); } /* * @since 1.36 * @param string $action * @param PageIdentity $target * @param PermissionStatus\|null $status * @return bool / public function definitelyCan( string $action, PageIdentity $target, ?PermissionStatus $status = null ): bool { return $this->getThisAsAuthority()->definitelyCan( $action, $target, $status ); } /* * @inheritDoc * * @since 1.41 * @param string $action * @param PermissionStatus\|null $status * @return bool / public function isDefinitelyAllowed( string $action, ?PermissionStatus $status = null ): bool { return $this->getThisAsAuthority()->isDefinitelyAllowed( $action, $status ); } /* * @inheritDoc * * @since 1.41 * @param string $action * @param PermissionStatus\|null $status * @return bool / public function authorizeAction( string $action, ?PermissionStatus $status = null ): bool { return $this->getThisAsAuthority()->authorizeAction( $action, $status ); } /* * @since 1.36 * @param string $action * @param PageIdentity $target * @param PermissionStatus\|null $status * @return bool / public function authorizeRead( string $action, PageIdentity $target, ?PermissionStatus $status = null ): bool { return $this->getThisAsAuthority()->authorizeRead( $action, $target, $status ); } /* * @since 1.36 * @param string $action * @param PageIdentity $target * @param PermissionStatus\|null $status * @return bool / public function authorizeWrite( string $action, PageIdentity $target, ?PermissionStatus $status = null ): bool { return $this->getThisAsAuthority()->authorizeWrite( $action, $target, $status ); } /* * Returns the Authority of this User if it's the main request context user. * This is intended to exist only for the period of transition to Authority. * @return UserAuthority / private function getThisAsAuthority(): UserAuthority { if ( !$this->mThisAsAuthority ) { // TODO: For users that are not User::isGlobalSessionUser, // creating a UserAuthority here is incorrect, since it depends // on global WebRequest, but that is what we've used to do before Authority. // When PermissionManager is refactored into Authority, we need // to provide base implementation, based on just user groups/rights, // and use it here. $request = $this->getRequest(); $uiContext = RequestContext::getMain(); $services = MediaWikiServices::getInstance(); $this->mThisAsAuthority = new UserAuthority( $this, $request, $uiContext, $services->getPermissionManager(), $services->getRateLimiter(), $services->getFormatterFactory()->getBlockErrorFormatter( $uiContext ) ); } return $this->mThisAsAuthority; } /* * Check whether this is the global session user. * @return bool / private function isGlobalSessionUser(): bool { // The session user is set up towards the end of Setup.php. Until then, // assume it's a logged-out user. $sessionUser = RequestContext::getMain()->getUser(); $globalUserName = $sessionUser->isSafeToLoad() ? $sessionUser->getName() : IPUtils::sanitizeIP( $sessionUser->getRequest()->getIP() ); return $this->getName() === $globalUserName; } /* * Is the user an autocreated temporary user? * @since 1.39 * @return bool / public function isTemp(): bool { if ( $this->isTemp === null ) { $this->isTemp = MediaWikiServices::getInstance()->getUserIdentityUtils() ->isTemp( $this ); } return $this->isTemp; } /* * Is the user a normal non-temporary registered user? * * @since 1.39 * @return bool / public function isNamed(): bool { return $this->isRegistered() && !$this->isTemp(); } } /* @deprecated class alias since 1.41 / class_alias( User::class, 'User' ); PK��!��:��:��UserGroupExpiryJob.phpnu��Iw��<?php /* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / use MediaWiki\MediaWikiServices; /* * Job that purges expired user group memberships. * * @internal For use by \MediaWiki\User\UserGroupManager * @ingroup JobQueue / class UserGroupExpiryJob extends Job implements GenericParameterJob { public function __construct( array $params ) { parent::__construct( 'userGroupExpiry', $params ); $this->removeDuplicates = true; } /* * Run the job * @return bool Success / public function run() { MediaWikiServices::getInstance()->getUserGroupManager()->purgeExpired(); return true; } } PK��!�;��,z��z��UserGroupManagerFactory.phpnu��Iw��<?php /* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User; use MediaWiki\Config\ServiceOptions; use MediaWiki\HookContainer\HookContainer; use MediaWiki\JobQueue\JobQueueGroupFactory; use MediaWiki\Permissions\GroupPermissionsLookup; use MediaWiki\User\TempUser\TempUserConfig; use Psr\Log\LoggerInterface; use Wikimedia\Rdbms\ILBFactory; use Wikimedia\Rdbms\ReadOnlyMode; /* * Factory service for UserGroupManager instances. This allows UserGroupManager to be created for * cross-wiki access. * * @since 1.35 / class UserGroupManagerFactory { private ServiceOptions $options; private ReadOnlyMode $readOnlyMode; private ILBFactory $dbLoadBalancerFactory; private UserEditTracker $userEditTracker; private GroupPermissionsLookup $groupPermissionLookup; private JobQueueGroupFactory $jobQueueGroupFactory; private LoggerInterface $logger; /* @var callable[] / private $clearCacheCallbacks; private HookContainer $hookContainer; private TempUserConfig $tempUserConfig; /* * @var UserGroupManager[] User group manager instances indexed by wiki / private $instances = []; /* * @param ServiceOptions $options * @param ReadOnlyMode $readOnlyMode * @param ILBFactory $dbLoadBalancerFactory * @param HookContainer $hookContainer * @param UserEditTracker $userEditTracker * @param GroupPermissionsLookup $groupPermissionsLookup * @param JobQueueGroupFactory $jobQueueGroupFactory * @param LoggerInterface $logger * @param TempUserConfig $tempUserConfig Assumed to be the same across all domains. * @param callable[] $clearCacheCallbacks / public function __construct( ServiceOptions $options, ReadOnlyMode $readOnlyMode, ILBFactory $dbLoadBalancerFactory, HookContainer $hookContainer, UserEditTracker $userEditTracker, GroupPermissionsLookup $groupPermissionsLookup, JobQueueGroupFactory $jobQueueGroupFactory, LoggerInterface $logger, TempUserConfig $tempUserConfig, array $clearCacheCallbacks = [] ) { $this->options = $options; $this->readOnlyMode = $readOnlyMode; $this->dbLoadBalancerFactory = $dbLoadBalancerFactory; $this->hookContainer = $hookContainer; $this->userEditTracker = $userEditTracker; $this->groupPermissionLookup = $groupPermissionsLookup; $this->jobQueueGroupFactory = $jobQueueGroupFactory; $this->logger = $logger; $this->tempUserConfig = $tempUserConfig; $this->clearCacheCallbacks = $clearCacheCallbacks; } /* * @param string\|false $wikiId * @return UserGroupManager / public function getUserGroupManager( $wikiId = UserIdentity::LOCAL ): UserGroupManager { if ( is_string( $wikiId ) && $this->dbLoadBalancerFactory->getLocalDomainID() === $wikiId ) { $wikiId = UserIdentity::LOCAL; } $key = (string)$wikiId; if ( !isset( $this->instances[$key] ) ) { $this->instances[$key] = new UserGroupManager( $this->options, $this->readOnlyMode, $this->dbLoadBalancerFactory, $this->hookContainer, $this->userEditTracker, $this->groupPermissionLookup, $this->jobQueueGroupFactory->makeJobQueueGroup( $wikiId ), $this->logger, $this->tempUserConfig, $this->clearCacheCallbacks, $wikiId ); } return $this->instances[$key]; } } PK��!��?q��/��/��UserNameUtils.phpnu��Iw��<?php /* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file * @author DannyS712 / namespace MediaWiki\User; use InvalidArgumentException; use MediaWiki\Config\ServiceOptions; use MediaWiki\HookContainer\HookContainer; use MediaWiki\HookContainer\HookRunner; use MediaWiki\Language\Language; use MediaWiki\MainConfigNames; use MediaWiki\Title\MalformedTitleException; use MediaWiki\Title\TitleParser; use MediaWiki\User\TempUser\TempUserConfig; use Psr\Log\LoggerInterface; use Wikimedia\IPUtils; use Wikimedia\Message\ITextFormatter; use Wikimedia\Message\MessageValue; /* * UserNameUtils service * * @since 1.35 / class UserNameUtils implements UserRigorOptions { /* * @internal For use by ServiceWiring / public const CONSTRUCTOR_OPTIONS = [ MainConfigNames::MaxNameChars, MainConfigNames::ReservedUsernames, MainConfigNames::InvalidUsernameCharacters ]; /* * For use by isIP() and isLikeIPv4DashRange() / private const IPV4_ADDRESS = '\d{1,3}\.\d{1,3}\.\d{1,3}\.(?:xxx\|\d{1,3})'; // RIGOR_ constants are inherited from UserRigorOptions // phpcs:ignore MediaWiki.Commenting.PropertyDocumentation.WrongStyle private ServiceOptions $options; private Language $contentLang; private LoggerInterface $logger; private TitleParser $titleParser; private ITextFormatter $textFormatter; /** * @var string[]\|false Cache for isUsable() / private $reservedUsernames = false; private HookRunner $hookRunner; private TempUserConfig $tempUserConfig; /* * @param ServiceOptions $options * @param Language $contentLang * @param LoggerInterface $logger * @param TitleParser $titleParser * @param ITextFormatter $textFormatter the text formatter for the current content language * @param HookContainer $hookContainer * @param TempUserConfig $tempUserConfig / public function __construct( ServiceOptions $options, Language $contentLang, LoggerInterface $logger, TitleParser $titleParser, ITextFormatter $textFormatter, HookContainer $hookContainer, TempUserConfig $tempUserConfig ) { $options->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS ); $this->options = $options; $this->contentLang = $contentLang; $this->logger = $logger; $this->titleParser = $titleParser; $this->textFormatter = $textFormatter; $this->hookRunner = new HookRunner( $hookContainer ); $this->tempUserConfig = $tempUserConfig; } /* * Is the input a valid username? * * Checks if the input is a valid username, we don't want an empty string, * an IP address, any type of IP range, anything that contains slashes * (would mess up subpages), is longer than the maximum allowed username * size or doesn't begin with a capital letter. * * @param string $name Name to match * @return bool / public function isValid( string $name ): bool { if ( $name === '' \|\| $this->isIP( $name ) \|\| $this->isValidIPRange( $name ) \|\| $this->isLikeIPv4DashRange( $name ) \|\| str_contains( $name, '/' ) \|\| strlen( $name ) > $this->options->get( MainConfigNames::MaxNameChars ) \|\| $name !== $this->contentLang->ucfirst( $name ) ) { return false; } // Ensure that the name can't be misresolved as a different title, // such as with extra namespace keys at the start. try { $title = $this->titleParser->parseTitle( $name ); } catch ( MalformedTitleException $_ ) { $title = null; } if ( $title === null \|\| $title->getNamespace() \|\| strcmp( $name, $title->getText() ) ) { return false; } // Check an additional list of troublemaker characters. // Should these be merged into the title char list? $unicodeList = '/[' . '\x{0080}-\x{009f}' . # iso-8859-1 control chars '\x{00a0}' . # non-breaking space '\x{2000}-\x{200f}' . # various whitespace '\x{2028}-\x{202f}' . # breaks and control chars '\x{3000}' . # ideographic space '\x{e000}-\x{f8ff}' . # private use ']/u'; if ( preg_match( $unicodeList, $name ) ) { return false; } return true; } /* * Usernames which fail to pass this function will be blocked * from user login and new account registrations, but may be used * internally by batch processes. * * If an account already exists in this form, login will be blocked * by a failure to pass this function. * * @param string $name Name to match * @return bool / public function isUsable( string $name ): bool { // Must be a valid username, obviously ;) if ( !$this->isValid( $name ) ) { return false; } if ( !$this->reservedUsernames ) { $reservedUsernames = $this->options->get( MainConfigNames::ReservedUsernames ); $this->hookRunner->onUserGetReservedNames( $reservedUsernames ); foreach ( $reservedUsernames as &$reserved ) { if ( str_starts_with( $reserved, 'msg:' ) ) { $reserved = $this->textFormatter->format( MessageValue::new( substr( $reserved, 4 ) ) ); } } $this->reservedUsernames = $reservedUsernames; } // Certain names may be reserved for batch processes. if ( in_array( $name, $this->reservedUsernames, true ) ) { return false; } // Treat this name as not usable if it is reserved by the temp user system and either: // Temporary account creation is disabled // * The name is not a temporary account // This is necessary to ensure that CentralAuth auto-creation will be denied (T342475). if ( $this->isTempReserved( $name ) && ( !$this->tempUserConfig->isEnabled() \|\| !$this->isTemp( $name ) ) ) { return false; } return true; } /** * Usernames which fail to pass this function will be blocked * from new account registrations, but may be used internally * either by batch processes or by user accounts which have * already been created. * * Additional preventions may be added here rather than in * isValid() to avoid disrupting existing accounts. * * @param string $name String to match * @return bool / public function isCreatable( string $name ): bool { // Ensure that the username isn't longer than 235 bytes, so that // (at least for the builtin skins) user javascript and css files // will work. (T25080) if ( strlen( $name ) > 235 ) { $this->logger->debug( __METHOD__ . ": '$name' uncreatable due to length" ); return false; } $invalid = $this->options->get( MainConfigNames::InvalidUsernameCharacters ); // Preg yells if you try to give it an empty string if ( $invalid !== '' && preg_match( '/[' . preg_quote( $invalid, '/' ) . ']/', $name ) ) { $this->logger->debug( __METHOD__ . ": '$name' uncreatable due to wgInvalidUsernameCharacters" ); return false; } if ( $this->isTempReserved( $name ) ) { $this->logger->debug( __METHOD__ . ": '$name' uncreatable due to TempUserConfig" ); return false; } return $this->isUsable( $name ); } /* * Given unvalidated user input, return a canonical username, or false if * the username is invalid. * @param string $name User input * @param string $validate Type of validation to use * Use of public constants RIGOR_* is preferred * - RIGOR_NONE No validation * - RIGOR_VALID Valid for batch processes * - RIGOR_USABLE Valid for batch processes and login * - RIGOR_CREATABLE Valid for batch processes, login and account creation * * @throws InvalidArgumentException * @return string\|false / public function getCanonical( string $name, string $validate = self::RIGOR_VALID ) { // Force usernames to capital $name = $this->contentLang->ucfirst( $name ); // Reject names containing '#'; these will be cleaned up // with title normalisation, but then it's too late to // check elsewhere if ( strpos( $name, '#' ) !== false ) { return false; } // No need to proceed if no validation is requested, just // clean up underscores and user namespace prefix (see T283915). if ( $validate === self::RIGOR_NONE ) { // This is only needed here because if validation is // not self::RIGOR_NONE, it would be done at title parsing stage. $nsPrefix = $this->contentLang->getNsText( NS_USER ) . ':'; if ( str_starts_with( $name, $nsPrefix ) ) { $name = str_replace( $nsPrefix, '', $name ); } $name = strtr( $name, '_', ' ' ); return $name; } // Clean up name according to title rules, // but only when validation is requested (T14654) try { $title = $this->titleParser->parseTitle( $name, NS_USER ); } catch ( MalformedTitleException $_ ) { $title = null; } // Check for invalid titles if ( $title === null \|\| $title->getNamespace() !== NS_USER \|\| $title->isExternal() ) { return false; } $name = $title->getText(); // RIGOR_NONE handled above switch ( $validate ) { case self::RIGOR_VALID: return $this->isValid( $name ) ? $name : false; case self::RIGOR_USABLE: return $this->isUsable( $name ) ? $name : false; case self::RIGOR_CREATABLE: return $this->isCreatable( $name ) ? $name : false; default: throw new InvalidArgumentException( "Invalid parameter value for validation ($validate) in " . __METHOD__ ); } } /* * Does the string match an anonymous IP address? * * This function exists for username validation, in order to reject * usernames which are similar in form to IP addresses. Strings such * as 300.300.300.300 will return true because it looks like an IP * address, despite not being strictly valid. * * We match "\d{1,3}\.\d{1,3}\.\d{1,3}\.xxx" as an anonymous IP * address because the usemod software would "cloak" anonymous IP * addresses like this, if we allowed accounts like this to be created * new users could get the old edits of these anonymous users. * * This does //not// match IPv6 ranges (T239527) * * @param string $name Name to check * @return bool / public function isIP( string $name ): bool { $anyIPv4 = '/^' . self::IPV4_ADDRESS . '$/'; $validIP = IPUtils::isValid( $name ); return $validIP \|\| preg_match( $anyIPv4, $name ); } /* * Wrapper for IPUtils::isValidRange * * @param string $range Range to check * @return bool / public function isValidIPRange( string $range ): bool { return IPUtils::isValidRange( $range ); } /* * Validates IPv4 and IPv4-like ranges in the form of 1.2.3.4-5.6.7.8, * (which we'd like to avoid as a username/title pattern). * * @since 1.42 * @param string $range IPv4 dash range to check * @return bool / public function isLikeIPv4DashRange( string $range ): bool { return preg_match( '/^' . self::IPV4_ADDRESS . '-' . self::IPV4_ADDRESS . '$/', $range ); } /* * Does the username indicate a temporary user? * * @since 1.39 * @param string $name * @return bool / public function isTemp( string $name ) { return $this->tempUserConfig->isTempName( $name ); } /* * Is the username uncreatable due to it being reserved by the temp username * system? Note that unlike isTemp(), this does not imply that a user having * this name is an actual temp account. This should only be used to deny * account creation. * * @since 1.41 * @param string $name * @return bool / public function isTempReserved( string $name ) { return $this->tempUserConfig->isReservedName( $name ); } /* * Get a placeholder name for a temporary user before serial acquisition * * @since 1.39 * @return string / public function getTempPlaceholder() { return $this->tempUserConfig->getPlaceholderName(); } } PK��!��b��b��ActorStore.phpnu��Iw��<?php /* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User; use CannotCreateActorException; use InvalidArgumentException; use MediaWiki\Block\HideUserUtils; use MediaWiki\DAO\WikiAwareEntity; use MediaWiki\User\TempUser\TempUserConfig; use Psr\Log\LoggerInterface; use stdClass; use Wikimedia\Assert\Assert; use Wikimedia\IPUtils; use Wikimedia\Rdbms\DBQueryError; use Wikimedia\Rdbms\IDatabase; use Wikimedia\Rdbms\IDBAccessObject; use Wikimedia\Rdbms\ILoadBalancer; use Wikimedia\Rdbms\IReadableDatabase; /* * Service for interacting with the actor table. * * @package MediaWiki\User * @since 1.36 / class ActorStore implements UserIdentityLookup, ActorNormalization { public const UNKNOWN_USER_NAME = 'Unknown user'; private const LOCAL_CACHE_SIZE = 100; private ILoadBalancer $loadBalancer; private UserNameUtils $userNameUtils; private TempUserConfig $tempUserConfig; private LoggerInterface $logger; private HideUserUtils $hideUserUtils; /* @var string\|false / private $wikiId; private ActorCache $cache; private bool $allowCreateIpActors; /* * @param ILoadBalancer $loadBalancer * @param UserNameUtils $userNameUtils * @param TempUserConfig $tempUserConfig * @param LoggerInterface $logger * @param HideUserUtils $hideUserUtils * @param string\|false $wikiId / public function __construct( ILoadBalancer $loadBalancer, UserNameUtils $userNameUtils, TempUserConfig $tempUserConfig, LoggerInterface $logger, HideUserUtils $hideUserUtils, $wikiId = WikiAwareEntity::LOCAL ) { Assert::parameterType( [ 'string', 'false' ], $wikiId, '$wikiId' ); $this->loadBalancer = $loadBalancer; $this->userNameUtils = $userNameUtils; $this->tempUserConfig = $tempUserConfig; $this->logger = $logger; $this->hideUserUtils = $hideUserUtils; $this->wikiId = $wikiId; $this->cache = new ActorCache( self::LOCAL_CACHE_SIZE ); $this->allowCreateIpActors = !$this->tempUserConfig->isEnabled(); } /* * Instantiate a new UserIdentity object based on a $row from the actor table. * * Use this method when an actor row was already fetched from the DB via a join. * This method just constructs a new instance and does not try fetching missing * values from the DB again, use {@link UserIdentityLookup} for that. * * @param stdClass $row with the following fields: * - int actor_id * - string actor_name * - int\|null actor_user * @return UserIdentity * @throws InvalidArgumentException / public function newActorFromRow( stdClass $row ): UserIdentity { $actorId = (int)$row->actor_id; $userId = isset( $row->actor_user ) ? (int)$row->actor_user : 0; if ( $actorId === 0 ) { throw new InvalidArgumentException( "Actor ID is 0 for {$row->actor_name} and {$userId}" ); } $normalizedName = $this->normalizeUserName( $row->actor_name ); if ( $normalizedName === null ) { $this->logger->warning( 'Encountered invalid actor name in database', [ 'user_id' => $userId, 'actor_id' => $actorId, 'actor_name' => $row->actor_name, 'wiki_id' => $this->wikiId ?: 'local' ] ); // TODO: once we have guaranteed db only contains valid actor names, // we can skip normalization here - T273933 if ( $row->actor_name === '' ) { throw new InvalidArgumentException( "Actor name can not be empty for {$userId} and {$actorId}" ); } } $actor = new UserIdentityValue( $userId, $row->actor_name, $this->wikiId ); $this->cache->add( $actorId, $actor ); return $actor; } /* * Instantiate a new UserIdentity object based on field values from a DB row. * * Until {@link ActorMigration} is completed, the actor table joins alias actor field names * to legacy field names. This method is convenience to construct the UserIdentity based on * legacy field names. It's more relaxed with typing then ::newFromRow to better support legacy * code, so always prefer ::newFromRow in new code. Eventually, once {@link ActorMigration} * is completed and all queries use explicit join with actor table, this method will be * deprecated and removed. * * @throws InvalidArgumentException * @param int\|null $userId * @param string\|null $name * @param int\|null $actorId * @return UserIdentity / public function newActorFromRowFields( $userId, $name, $actorId ): UserIdentity { // For backwards compatibility we are quite relaxed about what to accept, // but try not to create entirely incorrect objects. As we move more code // from ActorMigration aliases to proper join with the actor table, // we should use ::newActorFromRow more, and eventually deprecate this method. $userId = $userId === null ? 0 : (int)$userId; $name ??= ''; if ( $actorId === null ) { throw new InvalidArgumentException( "Actor ID is null for {$name} and {$userId}" ); } if ( (int)$actorId === 0 ) { throw new InvalidArgumentException( "Actor ID is 0 for {$name} and {$userId}" ); } $normalizedName = $this->normalizeUserName( $name ); if ( $normalizedName === null ) { $this->logger->warning( 'Encountered invalid actor name in database', [ 'user_id' => $userId, 'actor_id' => $actorId, 'actor_name' => $name, 'wiki_id' => $this->wikiId ?: 'local' ] ); // TODO: once we have guaranteed the DB entries only exist for normalized names, // we can skip normalization here - T273933 if ( $name === '' ) { throw new InvalidArgumentException( "Actor name can not be empty for {$userId} and {$actorId}" ); } } $actorId = (int)$actorId; $actor = new UserIdentityValue( $userId, $name, $this->wikiId ); $this->cache->add( $actorId, $actor ); return $actor; } /* * @param UserIdentity $actor * @internal for use in User object only / public function deleteUserIdentityFromCache( UserIdentity $actor ) { $this->cache->remove( $actor ); } /* * Find an actor by $id. * * @param int $actorId * @param IReadableDatabase $db The database connection to operate on. * The database must correspond to ActorStore's wiki ID. * @return UserIdentity\|null Returns null if no actor with this $actorId exists in the database. / public function getActorById( int $actorId, IReadableDatabase $db ): ?UserIdentity { $this->checkDatabaseDomain( $db ); if ( !$actorId ) { return null; } return $this->cache->getActor( ActorCache::KEY_ACTOR_ID, $actorId ) ?? $this->newSelectQueryBuilder( $db ) ->caller( __METHOD__ ) ->conds( [ 'actor_id' => $actorId ] ) ->fetchUserIdentity() ?? // The actor ID mostly comes from DB, so if we can't find an actor by ID, // it's most likely due to lagged replica and not cause it doesn't actually exist. // Probably we just inserted it? Try primary database. $this->newSelectQueryBuilder( IDBAccessObject::READ_LATEST ) ->caller( __METHOD__ ) ->conds( [ 'actor_id' => $actorId ] ) ->fetchUserIdentity(); } /* * Find an actor by $name * * @param string $name * @param int $queryFlags one of IDBAccessObject constants * @return UserIdentity\|null / public function getUserIdentityByName( string $name, int $queryFlags = IDBAccessObject::READ_NORMAL ): ?UserIdentity { $normalizedName = $this->normalizeUserName( $name ); if ( $normalizedName === null ) { return null; } return $this->cache->getActor( ActorCache::KEY_USER_NAME, $normalizedName ) ?? $this->newSelectQueryBuilder( $queryFlags ) ->caller( __METHOD__ ) ->whereUserNames( $normalizedName ) ->fetchUserIdentity(); } /* * Find an actor by $userId * * @param int $userId * @param int $queryFlags one of IDBAccessObject constants * @return UserIdentity\|null / public function getUserIdentityByUserId( int $userId, int $queryFlags = IDBAccessObject::READ_NORMAL ): ?UserIdentity { if ( !$userId ) { return null; } return $this->cache->getActor( ActorCache::KEY_USER_ID, $userId ) ?? $this->newSelectQueryBuilder( $queryFlags ) ->caller( __METHOD__ ) ->whereUserIds( $userId ) ->fetchUserIdentity(); } /* * Attach the actor ID to $user for backwards compatibility. * * @todo remove this method when no longer needed (T273974). * * @param UserIdentity $user * @param int $id * @param bool $assigned whether a new actor ID was just assigned. / private function attachActorId( UserIdentity $user, int $id, bool $assigned ) { if ( $user instanceof User ) { $user->setActorId( $id ); if ( $assigned ) { $user->invalidateCache(); } } } /* * Detach the actor ID from $user for backwards compatibility. * * @todo remove this method when no longer needed (T273974). * * @param UserIdentity $user / private function detachActorId( UserIdentity $user ) { if ( $user instanceof User ) { $user->setActorId( 0 ); } } /* * Find the actor_id of the given $user. * * @param UserIdentity $user * @param IReadableDatabase $db The database connection to operate on. * The database must correspond to ActorStore's wiki ID. * @return int\|null / public function findActorId( UserIdentity $user, IReadableDatabase $db ): ?int { // TODO: we want to assert this user belongs to the correct wiki, // but User objects are always local and we used to use them // on a non-local DB connection. We need to first deprecate this // possibility and then throw on mismatching User object - T273972 // $user->assertWiki( $this->wikiId ); $this->deprecateInvalidCrossWikiParam( $user ); // TODO: In the future we would be able to assume UserIdentity name is ok // and will be able to skip normalization here - T273933 $name = $this->normalizeUserName( $user->getName() ); if ( $name === null ) { $this->logger->warning( 'Encountered a UserIdentity with invalid name', [ 'user_name' => $user->getName() ] ); return null; } $id = $this->findActorIdInternal( $name, $db ); // Set the actor ID in the User object. To be removed, see T274148. if ( $id && $user instanceof User ) { $user->setActorId( $id ); } return $id; } /* * Find the actor_id of the given $name. * * @param string $name * @param IReadableDatabase $db The database connection to operate on. * The database must correspond to ActorStore's wiki ID. * @return int\|null / public function findActorIdByName( $name, IReadableDatabase $db ): ?int { $name = $this->normalizeUserName( $name ); if ( $name === null ) { return null; } return $this->findActorIdInternal( $name, $db ); } /* * Find actor_id of the given $user using the passed $db connection. * * @param string $name * @param IReadableDatabase $db The database connection to operate on. * The database must correspond to ActorStore's wiki ID. * @param bool $lockInShareMode * @return int\|null / private function findActorIdInternal( string $name, IReadableDatabase $db, bool $lockInShareMode = false ): ?int { // Note: UserIdentity::getActorId will be deprecated and removed, // and this is the replacement for it. Can't call User::getActorId, cause // User always thinks it's local, so we could end up fetching the ID // from the wrong database. $cachedValue = $this->cache->getActorId( ActorCache::KEY_USER_NAME, $name ); if ( $cachedValue ) { return $cachedValue; } $queryBuilder = $db->newSelectQueryBuilder() ->select( [ 'actor_user', 'actor_name', 'actor_id' ] ) ->from( 'actor' ) ->where( [ 'actor_name' => $name ] ); if ( $lockInShareMode ) { $queryBuilder->lockInShareMode(); } $row = $queryBuilder->caller( __METHOD__ )->fetchRow(); if ( !$row \|\| !$row->actor_id ) { return null; } // to cache row $this->newActorFromRow( $row ); return (int)$row->actor_id; } /* * Attempt to assign an actor ID to the given $user. If it is already assigned, * return the existing ID. * * @note If called within a transaction, the returned ID might become invalid * if the transaction is rolled back, so it should not be passed outside of the * transaction context. * * @param UserIdentity $user * @param IDatabase $dbw The database connection to acquire the ID from. * The database must correspond to ActorStore's wiki ID. * @return int actor ID greater then 0 * @throws CannotCreateActorException if no actor ID has been assigned to this $user / public function acquireActorId( UserIdentity $user, IDatabase $dbw ): int { $this->checkDatabaseDomain( $dbw ); [ $userId, $userName ] = $this->validateActorForInsertion( $user ); // allow cache to be used, because if it is in the cache, it already has an actor ID $existingActorId = $this->findActorIdInternal( $userName, $dbw ); if ( $existingActorId ) { $this->attachActorId( $user, $existingActorId, false ); return $existingActorId; } $dbw->newInsertQueryBuilder() ->insertInto( 'actor' ) ->ignore() ->row( [ 'actor_user' => $userId, 'actor_name' => $userName ] ) ->caller( __METHOD__ )->execute(); if ( $dbw->affectedRows() ) { $actorId = $dbw->insertId(); } else { // Outdated cache? // Use LOCK IN SHARE MODE to bypass any MySQL REPEATABLE-READ snapshot. $actorId = $this->findActorIdInternal( $userName, $dbw, true ); if ( !$actorId ) { throw new CannotCreateActorException( "Failed to create actor ID for " . "user_id={$userId} user_name=\"{$userName}\"" ); } } $this->attachActorId( $user, $actorId, true ); // Cache row we've just created $cachedUserIdentity = $this->newActorFromRowFields( $userId, $userName, $actorId ); $this->setUpRollbackHandler( $dbw, $cachedUserIdentity, $user ); return $actorId; } /* * Create a new actor for the given $user. If an actor with this name already exists, * this method throws. * * @note If called within a transaction, the returned ID might become invalid * if the transaction is rolled back, so it should not be passed outside of the * transaction context. * * @param UserIdentity $user * @param IDatabase $dbw * @return int actor ID greater then 0 * @throws CannotCreateActorException if an actor with this name already exist. * @internal for use in user account creation only. / public function createNewActor( UserIdentity $user, IDatabase $dbw ): int { $this->checkDatabaseDomain( $dbw ); [ $userId, $userName ] = $this->validateActorForInsertion( $user ); try { $dbw->newInsertQueryBuilder() ->insertInto( 'actor' ) ->row( [ 'actor_user' => $userId, 'actor_name' => $userName ] ) ->caller( __METHOD__ )->execute(); } catch ( DBQueryError $e ) { // We rely on the database to crash on unique actor_name constraint. throw new CannotCreateActorException( $e->getMessage() ); } $actorId = $dbw->insertId(); $this->attachActorId( $user, $actorId, true ); // Cache row we've just created $cachedUserIdentity = $this->newActorFromRowFields( $userId, $userName, $actorId ); $this->setUpRollbackHandler( $dbw, $cachedUserIdentity, $user ); return $actorId; } /* * Attempt to assign an ID to an actor for a system user. If an actor ID already * exists, return it. * * @note For reserved user names this method will overwrite the user ID of the * existing anon actor. * * @note If called within a transaction, the returned ID might become invalid * if the transaction is rolled back, so it should not be passed outside of the * transaction context. * * @param UserIdentity $user * @param IDatabase $dbw * @return int actor ID greater then zero * @throws CannotCreateActorException if the existing actor is associated with registered user. * @internal for use in user account creation only. / public function acquireSystemActorId( UserIdentity $user, IDatabase $dbw ): int { $this->checkDatabaseDomain( $dbw ); [ $userId, $userName ] = $this->validateActorForInsertion( $user ); $existingActorId = $this->findActorIdInternal( $userName, $dbw ); if ( $existingActorId ) { // It certainly will be cached if we just found it. $existingActor = $this->cache->getActor( ActorCache::KEY_ACTOR_ID, $existingActorId ); // If we already have an existing actor with a matching user ID // just return it, nothing to do here. if ( $existingActor->getId( $this->wikiId ) === $user->getId( $this->wikiId ) ) { return $existingActorId; } // Allow overwriting user ID for already existing actor with reserved user name, see T236444 if ( $this->userNameUtils->isUsable( $userName ) \|\| $existingActor->isRegistered() ) { throw new CannotCreateActorException( 'Cannot replace user for existing actor: ' . "actor_id=$existingActorId, new user_id=$userId" ); } } $dbw->newInsertQueryBuilder() ->insertInto( 'actor' ) ->row( [ 'actor_name' => $userName, 'actor_user' => $userId ] ) ->onDuplicateKeyUpdate() ->uniqueIndexFields( [ 'actor_name' ] ) ->set( [ 'actor_user' => $userId ] ) ->caller( __METHOD__ )->execute(); if ( !$dbw->affectedRows() ) { throw new CannotCreateActorException( 'Failed to replace user for actor: ' . "actor_id=$existingActorId, new user_id=$userId" ); } $actorId = $dbw->insertId() ?: $existingActorId; $this->cache->remove( $user ); $this->attachActorId( $user, $actorId, true ); // Cache row we've just created $cachedUserIdentity = $this->newActorFromRowFields( $userId, $userName, $actorId ); $this->setUpRollbackHandler( $dbw, $cachedUserIdentity, $user ); return $actorId; } /* * Delete the actor from the actor table * * @warning this method does very limited validation and is extremely * dangerous since it can break referential integrity of the database * if used incorrectly. Use at your own risk! * * @since 1.37 * @param UserIdentity $actor * @param IDatabase $dbw * @return bool true on success, false if nothing was deleted. / public function deleteActor( UserIdentity $actor, IDatabase $dbw ): bool { $this->checkDatabaseDomain( $dbw ); $this->deprecateInvalidCrossWikiParam( $actor ); $normalizedName = $this->normalizeUserName( $actor->getName() ); if ( $normalizedName === null ) { throw new InvalidArgumentException( "Unable to normalize the provided actor name {$actor->getName()}" ); } $dbw->newDeleteQueryBuilder() ->deleteFrom( 'actor' ) ->where( [ 'actor_name' => $normalizedName ] ) ->caller( __METHOD__ )->execute(); if ( $dbw->affectedRows() !== 0 ) { $this->cache->remove( $actor ); return true; } return false; } /* * Returns a canonical form of user name suitable for storage. * * @internal * @param string $name * * @return string\|null / public function normalizeUserName( string $name ): ?string { if ( $this->userNameUtils->isIP( $name ) ) { return IPUtils::sanitizeIP( $name ); } elseif ( ExternalUserNames::isExternal( $name ) ) { // TODO: ideally, we should probably canonicalize external usernames, // but it was not done before, so we can not start doing it unless we // fix existing DB rows - T273933 return $name; } else { $normalized = $this->userNameUtils->getCanonical( $name ); return $normalized === false ? null : $normalized; } } /* * Validates actor before insertion. * * @param UserIdentity $user * @return array [ $normalizedUserId, $normalizedName ] / private function validateActorForInsertion( UserIdentity $user ): array { // TODO: we want to assert this user belongs to the correct wiki, // but User objects are always local and we used to use them // on a non-local DB connection. We need to first deprecate this // possibility and then throw on mismatching User object - T273972 // $user->assertWiki( $this->wikiId ); $this->deprecateInvalidCrossWikiParam( $user ); $userName = $this->normalizeUserName( $user->getName() ); if ( $userName === null \|\| $userName === '' ) { $userIdForErrorMessage = $user->getId( $this->wikiId ); throw new CannotCreateActorException( 'Cannot create an actor for a user with no name: ' . "user_id={$userIdForErrorMessage} user_name=\"{$user->getName()}\"" ); } $userId = $user->getId( $this->wikiId ) ?: null; if ( $userId === null && $this->userNameUtils->isUsable( $user->getName() ) ) { throw new CannotCreateActorException( 'Cannot create an actor for a usable name that is not an existing user: ' . "user_name=\"{$user->getName()}\"" ); } if ( !$this->allowCreateIpActors && $this->userNameUtils->isIP( $userName ) ) { throw new CannotCreateActorException( 'Cannot create an actor for an IP user when temporary accounts are enabled' ); } return [ $userId, $userName ]; } /* * Clear in-process caches if transaction gets rolled back. * * @param IDatabase $dbw * @param UserIdentity $cachedActor * @param UserIdentity $originalActor / private function setUpRollbackHandler( IDatabase $dbw, UserIdentity $cachedActor, UserIdentity $originalActor ) { if ( $dbw->trxLevel() ) { // If called within a transaction and it was rolled back, the cached actor ID // becomes invalid, so cache needs to be invalidated as well. See T277795. $dbw->onTransactionResolution( function ( int $trigger ) use ( $cachedActor, $originalActor ) { if ( $trigger === IDatabase::TRIGGER_ROLLBACK ) { $this->cache->remove( $cachedActor ); $this->detachActorId( $originalActor ); } }, __METHOD__ ); } } /* * Throws an exception if the given database connection does not belong to the wiki this * ActorStore is bound to. * * @param IReadableDatabase $db / private function checkDatabaseDomain( IReadableDatabase $db ) { $dbDomain = $db->getDomainID(); $storeDomain = $this->loadBalancer->resolveDomainID( $this->wikiId ); if ( $dbDomain !== $storeDomain ) { throw new InvalidArgumentException( "DB connection domain '$dbDomain' does not match '$storeDomain'" ); } } /* * In case all reasonable attempts of initializing a proper actor from the * database have failed, entities can be attributed to special 'Unknown user' actor. * * @return UserIdentity / public function getUnknownActor(): UserIdentity { $actor = $this->getUserIdentityByName( self::UNKNOWN_USER_NAME ); if ( $actor ) { return $actor; } $actor = new UserIdentityValue( 0, self::UNKNOWN_USER_NAME, $this->wikiId ); $db = $this->loadBalancer->getConnection( DB_PRIMARY, [], $this->wikiId ); $this->acquireActorId( $actor, $db ); return $actor; } /* * Returns a specialized SelectQueryBuilder for querying the UserIdentity objects. * * @param IReadableDatabase\|int $dbOrQueryFlags The database connection to perform the query on, * or one of IDBAccessObject::READ_* constants. * @return UserSelectQueryBuilder / public function newSelectQueryBuilder( $dbOrQueryFlags = IDBAccessObject::READ_NORMAL ): UserSelectQueryBuilder { if ( $dbOrQueryFlags instanceof IReadableDatabase ) { [ $db, $flags ] = [ $dbOrQueryFlags, IDBAccessObject::READ_NORMAL ]; $this->checkDatabaseDomain( $db ); } else { if ( ( $dbOrQueryFlags & IDBAccessObject::READ_LATEST ) == IDBAccessObject::READ_LATEST ) { $db = $this->loadBalancer->getConnection( DB_PRIMARY, [], $this->wikiId ); } else { $db = $this->loadBalancer->getConnection( DB_REPLICA, [], $this->wikiId ); } $flags = $dbOrQueryFlags; } $builder = new UserSelectQueryBuilder( $db, $this, $this->tempUserConfig, $this->hideUserUtils ); return $builder->recency( $flags ); } /* * @internal For use immediately after construction only * @param bool $allow / public function setAllowCreateIpActors( bool $allow ): void { $this->allowCreateIpActors = $allow; } /* * Emits a deprecation warning if $user does not belong to the * same wiki this store belongs to. * * @param UserIdentity $user / private function deprecateInvalidCrossWikiParam( UserIdentity $user ) { if ( $user->getWikiId() !== $this->wikiId ) { $expected = $this->wikiIdToString( $user->getWikiId() ); $actual = $this->wikiIdToString( $this->wikiId ); wfDeprecatedMsg( 'Deprecated passing invalid cross-wiki user. ' . "Expected: {$expected}, Actual: {$actual}.", '1.37' ); } } /* * Convert $wikiId to a string for logging. * * @param string\|false $wikiId * @return string / private function wikiIdToString( $wikiId ): string { return $wikiId === WikiAwareEntity::LOCAL ? 'the local wiki' : "'{$wikiId}'"; } } PK��!��,��R.��R.��PasswordReset.phpnu��Iw��<?php /* * User password reset helper for MediaWiki. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User; use Iterator; use LogicException; use MapCacheLRU; use MediaWiki\Auth\AuthManager; use MediaWiki\Auth\TemporaryPasswordAuthenticationRequest; use MediaWiki\Config\ServiceOptions; use MediaWiki\Deferred\DeferredUpdates; use MediaWiki\Deferred\SendPasswordResetEmailUpdate; use MediaWiki\HookContainer\HookContainer; use MediaWiki\HookContainer\HookRunner; use MediaWiki\MainConfigNames; use MediaWiki\Message\Message; use MediaWiki\Parser\Sanitizer; use MediaWiki\User\Options\UserOptionsLookup; use Psr\Log\LoggerAwareInterface; use Psr\Log\LoggerAwareTrait; use Psr\Log\LoggerInterface; use StatusValue; /* * Helper class for the password reset functionality shared by the web UI and the API. * * Requires the TemporaryPasswordPrimaryAuthenticationProvider and the * EmailNotificationSecondaryAuthenticationProvider (or something providing equivalent * functionality) to be enabled. / class PasswordReset implements LoggerAwareInterface { use LoggerAwareTrait; private ServiceOptions $config; private AuthManager $authManager; private HookRunner $hookRunner; private UserIdentityLookup $userIdentityLookup; private UserFactory $userFactory; private UserNameUtils $userNameUtils; private UserOptionsLookup $userOptionsLookup; /* * In-process cache for isAllowed lookups, by username. * Contains a StatusValue object / private MapCacheLRU $permissionCache; /* * @internal For use by ServiceWiring / public const CONSTRUCTOR_OPTIONS = [ MainConfigNames::EnableEmail, MainConfigNames::PasswordResetRoutes, ]; /* * This class is managed by MediaWikiServices, don't instantiate directly. * * @param ServiceOptions $config * @param LoggerInterface $logger * @param AuthManager $authManager * @param HookContainer $hookContainer * @param UserIdentityLookup $userIdentityLookup * @param UserFactory $userFactory * @param UserNameUtils $userNameUtils * @param UserOptionsLookup $userOptionsLookup / public function __construct( ServiceOptions $config, LoggerInterface $logger, AuthManager $authManager, HookContainer $hookContainer, UserIdentityLookup $userIdentityLookup, UserFactory $userFactory, UserNameUtils $userNameUtils, UserOptionsLookup $userOptionsLookup ) { $config->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS ); $this->config = $config; $this->logger = $logger; $this->authManager = $authManager; $this->hookRunner = new HookRunner( $hookContainer ); $this->userIdentityLookup = $userIdentityLookup; $this->userFactory = $userFactory; $this->userNameUtils = $userNameUtils; $this->userOptionsLookup = $userOptionsLookup; $this->permissionCache = new MapCacheLRU( 1 ); } /* * Check if a given user has permission to use this functionality. * @param User $user * @since 1.29 Second argument for displayPassword removed. * @return StatusValue / public function isAllowed( User $user ) { return $this->permissionCache->getWithSetCallback( $user->getName(), function () use ( $user ) { return $this->computeIsAllowed( $user ); } ); } /* * @since 1.42 * @return StatusValue / public function isEnabled(): StatusValue { $resetRoutes = $this->config->get( MainConfigNames::PasswordResetRoutes ); if ( !is_array( $resetRoutes ) \|\| !in_array( true, $resetRoutes, true ) ) { // Maybe password resets are disabled, or there are no allowable routes return StatusValue::newFatal( 'passwordreset-disabled' ); } $providerStatus = $this->authManager->allowsAuthenticationDataChange( new TemporaryPasswordAuthenticationRequest(), false ); if ( !$providerStatus->isGood() ) { // Maybe the external auth plugin won't allow local password changes return StatusValue::newFatal( 'resetpass_forbidden-reason', $providerStatus->getMessage() ); } if ( !$this->config->get( MainConfigNames::EnableEmail ) ) { // Maybe email features have been disabled return StatusValue::newFatal( 'passwordreset-emaildisabled' ); } return StatusValue::newGood(); } /* * @param User $user * @return StatusValue / private function computeIsAllowed( User $user ): StatusValue { $enabledStatus = $this->isEnabled(); if ( !$enabledStatus->isGood() ) { return $enabledStatus; } if ( !$user->isAllowed( 'editmyprivateinfo' ) ) { // Maybe not all users have permission to change private data return StatusValue::newFatal( 'badaccess' ); } if ( $this->isBlocked( $user ) ) { // Maybe the user is blocked (check this here rather than relying on the parent // method as we have a more specific error message to use here, and we want to // ignore some types of blocks) return StatusValue::newFatal( 'blocked-mailpassword' ); } return StatusValue::newGood(); } /* * Do a password reset. Authorization is the caller's responsibility. * * Process the form. * * At this point, we know that the user passes all the criteria in * userCanExecute(), and if the data array contains 'Username', etc., then Username * resets are allowed. * * @since 1.29 Fourth argument for displayPassword removed. * @param User $performingUser The user that does the password reset * @param string\|null $username The user whose password is reset * @param string\|null $email Alternative way to specify the user * @return StatusValue / public function execute( User $performingUser, $username = null, $email = null ) { if ( !$this->isAllowed( $performingUser )->isGood() ) { throw new LogicException( 'User ' . $performingUser->getName() . ' is not allowed to reset passwords' ); } // Check against the rate limiter. If the $wgRateLimit is reached, we want to pretend // that the request was good to avoid displaying an error message. if ( $performingUser->pingLimiter( 'mailpassword' ) ) { return StatusValue::newGood(); } // We need to have a valid IP address for the hook 'User::mailPasswordInternal', but per T20347, // we should send the user's name if they're logged in. $ip = $performingUser->getRequest()->getIP(); if ( !$ip ) { return StatusValue::newFatal( 'badipaddress' ); } $resetRoutes = $this->config->get( MainConfigNames::PasswordResetRoutes ) + [ 'username' => false, 'email' => false ]; if ( !$resetRoutes['username'] \|\| $username === '' ) { $username = null; } if ( !$resetRoutes['email'] \|\| $email === '' ) { $email = null; } if ( $username !== null && !$this->userNameUtils->getCanonical( $username ) ) { return StatusValue::newFatal( 'noname' ); } if ( $email !== null && !Sanitizer::validateEmail( $email ) ) { return StatusValue::newFatal( 'passwordreset-invalidemail' ); } // At this point, $username and $email are either valid or not provided /* @var User[] $users / $users = []; if ( $username !== null ) { $user = $this->userFactory->newFromName( $username ); // User must have an email address to attempt sending a password reset email if ( $user && $user->isRegistered() && $user->getEmail() && ( !$this->userOptionsLookup->getBoolOption( $user, 'requireemail' ) \|\| $user->getEmail() === $email ) ) { // Either providing the email in the form is not required to request a reset, // or the correct email was provided $users[] = $user; } } elseif ( $email !== null ) { foreach ( $this->getUsersByEmail( $email ) as $userIdent ) { // Skip users whose preference 'requireemail' is on since the username was not submitted if ( $this->userOptionsLookup->getBoolOption( $userIdent, 'requireemail' ) ) { continue; } $users[] = $this->userFactory->newFromUserIdentity( $userIdent ); } } else { // The user didn't supply any data return StatusValue::newFatal( 'passwordreset-nodata' ); } // Check for hooks (captcha etc.), and allow them to modify the list of users $data = [ 'Username' => $username, 'Email' => $email, ]; $error = []; if ( !$this->hookRunner->onSpecialPasswordResetOnSubmit( $users, $data, $error ) ) { return StatusValue::newFatal( Message::newFromSpecifier( $error ) ); } if ( !$users ) { // Don't reveal whether a username or email address is in use return StatusValue::newGood(); } // Get the first element in $users by using `reset` function since // the key '0' might have been unset from $users array by a hook handler. $firstUser = reset( $users ); $this->hookRunner->onUser__mailPasswordInternal( $performingUser, $ip, $firstUser ); $result = StatusValue::newGood(); $reqs = []; foreach ( $users as $user ) { $req = TemporaryPasswordAuthenticationRequest::newRandom(); $req->username = $user->getName(); $req->mailpassword = true; $req->caller = $performingUser->getName(); $status = $this->authManager->allowsAuthenticationDataChange( $req, true ); // If the status is good and the value is 'throttled-mailpassword', we want to pretend // that the request was good to avoid displaying an error message and disclose // if a reset password was previously sent. if ( $status->isGood() && $status->getValue() === 'throttled-mailpassword' ) { return StatusValue::newGood(); } if ( $status->isGood() && $status->getValue() !== 'ignored' ) { $reqs[] = $req; } elseif ( $result->isGood() ) { // only record the first error, to avoid exposing the number of users having the // same email address if ( $status->getValue() === 'ignored' ) { $status = StatusValue::newFatal( 'passwordreset-ignored' ); } $result->merge( $status ); } } $logContext = [ 'requestingIp' => $ip, 'requestingUser' => $performingUser->getName(), 'targetUsername' => $username, 'targetEmail' => $email, ]; if ( !$result->isGood() ) { $this->logger->info( "{requestingUser} attempted password reset of {targetUsername} but failed", $logContext + [ 'errors' => $result->getErrors() ] ); return $result; } DeferredUpdates::addUpdate( new SendPasswordResetEmailUpdate( $this->authManager, $reqs, $logContext ), DeferredUpdates::POSTSEND ); return StatusValue::newGood(); } /* * Check whether the user is blocked. * Ignores certain types of system blocks that are only meant to force users to log in. * @param User $user * @return bool * @since 1.30 / private function isBlocked( User $user ) { $block = $user->getBlock(); return $block && $block->appliesToPasswordReset(); } /* * @note This is protected to allow configuring in tests. This class is not stable to extend. * * @param string $email * * @return Iterator<UserIdentity> / protected function getUsersByEmail( $email ) { return $this->userIdentityLookup->newSelectQueryBuilder() ->join( 'user', null, [ "actor_user=user_id" ] ) ->where( [ 'user_email' => $email ] ) ->caller( __METHOD__ ) ->fetchUserIdentities(); } } /* @deprecated class alias since 1.41 / class_alias( PasswordReset::class, 'PasswordReset' ); PK��!��H��H��ExternalUserNames.phpnu��Iw��<?php /* * Class to parse and build external user names * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User; use MediaWiki\HookContainer\HookRunner; use MediaWiki\MediaWikiServices; use MediaWiki\SpecialPage\SpecialPage; use MediaWiki\Title\Title; use Wikimedia\Rdbms\IDBAccessObject; /* * Class to parse and build external user names * @since 1.31 / class ExternalUserNames { private string $usernamePrefix; private bool $assignKnownUsers; /* * @var bool[] / private $triedCreations = []; /* * @param string $usernamePrefix Prefix to apply to unknown (and possibly also known) usernames * @param bool $assignKnownUsers Whether to apply the prefix to usernames that exist locally / public function __construct( $usernamePrefix, $assignKnownUsers ) { $this->usernamePrefix = rtrim( (string)$usernamePrefix, ':>' ); $this->assignKnownUsers = (bool)$assignKnownUsers; } /* * Get a target Title to link a username. * * @param string $userName Username to link * * @return null\|Title / public static function getUserLinkTitle( $userName ) { $pos = strpos( $userName, '>' ); $services = MediaWikiServices::getInstance(); if ( $pos !== false ) { $iw = explode( ':', substr( $userName, 0, $pos ) ); $firstIw = array_shift( $iw ); $interwikiLookup = $services->getInterwikiLookup(); if ( $interwikiLookup->isValidInterwiki( $firstIw ) ) { $title = $services->getNamespaceInfo()->getCanonicalName( NS_USER ) . ':' . substr( $userName, $pos + 1 ); if ( $iw ) { $title = implode( ':', $iw ) . ':' . $title; } return Title::makeTitle( NS_MAIN, $title, '', $firstIw ); } return null; } else { // Protect against invalid user names from old corrupt database rows, T232451 if ( $services->getUserNameUtils()->isIP( $userName ) \|\| $services->getUserNameUtils()->isValidIPRange( $userName ) \|\| $services->getUserNameUtils()->isValid( $userName ) ) { return SpecialPage::getTitleFor( 'Contributions', $userName ); } else { // Bad user name, no link return null; } } } /* * Add an interwiki prefix to the username, if appropriate * * This method does have a side-effect on SUL (single user login) wikis: Calling this calls the * ImportHandleUnknownUser hook from the CentralAuth extension, which assigns a local ID to the * global user name, if possible. No prefix is applied if this is successful. * * @see https://meta.wikimedia.org/wiki/Help:Unified_login * @see https://www.mediawiki.org/wiki/Manual:Hooks/ImportHandleUnknownUser * * @param string $name * @return string Either the unchanged username if it's a known local user (or not a valid * username), otherwise the name with the prefix prepended. / public function applyPrefix( $name ) { $services = MediaWikiServices::getInstance(); $userNameUtils = $services->getUserNameUtils(); if ( $userNameUtils->getCanonical( $name, UserRigorOptions::RIGOR_USABLE ) === false ) { return $name; } if ( $this->assignKnownUsers ) { $userIdentityLookup = $services->getUserIdentityLookup(); $userIdentity = $userIdentityLookup->getUserIdentityByName( $name ); if ( $userIdentity && $userIdentity->isRegistered() ) { return $name; } // See if any extension wants to create it. if ( !isset( $this->triedCreations[$name] ) ) { $this->triedCreations[$name] = true; if ( !( new HookRunner( $services->getHookContainer() ) )->onImportHandleUnknownUser( $name ) ) { $userIdentity = $userIdentityLookup->getUserIdentityByName( $name, IDBAccessObject::READ_LATEST ); if ( $userIdentity && $userIdentity->isRegistered() ) { return $name; } } } } return $this->addPrefix( $name ); } /* * Add an interwiki prefix to the username regardless of circumstances * * @param string $name * @return string Prefixed username, using ">" as separator / public function addPrefix( $name ) { return substr( $this->usernamePrefix . '>' . $name, 0, 255 ); } /* * Tells whether the username is external or not * * @param string $username Username to check * @return bool true if it's external, false otherwise. / public static function isExternal( $username ) { return str_contains( $username, '>' ); } /* * Get local part of the user name * * @param string $username Username to get * @return string / public static function getLocal( $username ) { if ( !self::isExternal( $username ) ) { return $username; } return substr( $username, strpos( $username, '>' ) + 1 ); } } /* @deprecated class alias since 1.41 / class_alias( ExternalUserNames::class, 'ExternalUserNames' ); PK��!�� l��CentralId/LocalIdLookup.phpnu��Iw��<?php /* * A central user id lookup service implementation * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User\CentralId; use MediaWiki\Block\HideUserUtils; use MediaWiki\Config\Config; use MediaWiki\MainConfigNames; use MediaWiki\User\UserIdentity; use MediaWiki\WikiMap\WikiMap; use Wikimedia\Rdbms\DBAccessObjectUtils; use Wikimedia\Rdbms\IConnectionProvider; use Wikimedia\Rdbms\IDBAccessObject; /* * A CentralIdLookup provider that just uses local IDs. Useful if the wiki * isn't part of a cluster or you're using shared user tables. * * @note Shared user table support expects that all wikis involved have * $wgSharedDB and $wgSharedTables set, and that all wikis involved in the * sharing are listed in $wgLocalDatabases, and that no wikis not involved in * the sharing are listed in $wgLocalDatabases. * @since 1.27 / class LocalIdLookup extends CentralIdLookup { private IConnectionProvider $dbProvider; private HideUserUtils $hideUserUtils; /* @var string\|null / private $sharedDB; /* @var string[] / private $sharedTables; /* @var string[] / private $localDatabases; /* * @param Config $config * @param IConnectionProvider $dbProvider * @param HideUserUtils $hideUserUtils / public function __construct( Config $config, IConnectionProvider $dbProvider, HideUserUtils $hideUserUtils ) { $this->sharedDB = $config->get( MainConfigNames::SharedDB ); $this->sharedTables = $config->get( MainConfigNames::SharedTables ); $this->localDatabases = $config->get( MainConfigNames::LocalDatabases ); $this->dbProvider = $dbProvider; $this->hideUserUtils = $hideUserUtils; } public function isAttached( UserIdentity $user, $wikiId = UserIdentity::LOCAL ): bool { // If the user has no ID, it can't be attached if ( !$user->isRegistered() ) { return false; } // Easy case, we're checking locally if ( !$wikiId \|\| WikiMap::isCurrentWikiId( $wikiId ) ) { return true; } // Assume that shared user tables are set up as described above, if // they're being used at all. return $this->sharedDB !== null && in_array( 'user', $this->sharedTables, true ) && in_array( $wikiId, $this->localDatabases, true ); } public function lookupCentralIds( array $idToName, $audience = self::AUDIENCE_PUBLIC, $flags = IDBAccessObject::READ_NORMAL ): array { if ( !$idToName ) { return []; } $audience = $this->checkAudience( $audience ); $db = DBAccessObjectUtils::getDBFromRecency( $this->dbProvider, $flags ); $queryBuilder = $db->newSelectQueryBuilder(); $queryBuilder ->select( [ 'user_id', 'user_name' ] ) ->from( 'user' ) ->where( [ 'user_id' => array_map( 'intval', array_keys( $idToName ) ) ] ) ->recency( $flags ); if ( $audience && !$audience->isAllowed( 'hideuser' ) ) { $this->hideUserUtils->addFieldToBuilder( $queryBuilder ); } $res = $queryBuilder->caller( __METHOD__ )->fetchResultSet(); foreach ( $res as $row ) { $idToName[$row->user_id] = empty( $row->hu_deleted ) ? $row->user_name : ''; } return $idToName; } public function lookupUserNames( array $nameToId, $audience = self::AUDIENCE_PUBLIC, $flags = IDBAccessObject::READ_NORMAL ): array { if ( !$nameToId ) { return []; } $audience = $this->checkAudience( $audience ); $db = DBAccessObjectUtils::getDBFromRecency( $this->dbProvider, $flags ); $queryBuilder = $db->newSelectQueryBuilder(); $queryBuilder ->select( [ 'user_id', 'user_name' ] ) ->from( 'user' ) ->where( [ 'user_name' => array_map( 'strval', array_keys( $nameToId ) ) ] ) ->recency( $flags ); if ( $audience && !$audience->isAllowed( 'hideuser' ) ) { $queryBuilder->andWhere( $this->hideUserUtils->getExpression( $db ) ); } $res = $queryBuilder->caller( __METHOD__ )->fetchResultSet(); foreach ( $res as $row ) { $nameToId[$row->user_name] = (int)$row->user_id; } return $nameToId; } } /* @deprecated class alias since 1.41 / class_alias( LocalIdLookup::class, 'LocalIdLookup' ); PK��!�ͫk��$��CentralId/CentralIdLookupFactory.phpnu��Iw��<?php /* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User\CentralId; use InvalidArgumentException; use MediaWiki\Config\ServiceOptions; use MediaWiki\MainConfigNames; use MediaWiki\User\UserFactory; use MediaWiki\User\UserIdentityLookup; use Wikimedia\ObjectFactory\ObjectFactory; /* * @since 1.37 * @package MediaWiki\User\CentralId / class CentralIdLookupFactory { /* * @internal / public const CONSTRUCTOR_OPTIONS = [ MainConfigNames::CentralIdLookupProviders, MainConfigNames::CentralIdLookupProvider, ]; /* @var array ObjectFactory specs indexed by provider name / private $providers; /* @var string / private $defaultProvider; /* @var ObjectFactory / private $objectFactory; /* @var UserIdentityLookup / private $userIdentityLookup; private UserFactory $userFactory; /* @var CentralIdLookup[] / private $instanceCache = []; /* * @param ServiceOptions $options * @param ObjectFactory $objectFactory * @param UserIdentityLookup $userIdentityLookup / public function __construct( ServiceOptions $options, ObjectFactory $objectFactory, UserIdentityLookup $userIdentityLookup, UserFactory $userFactory ) { $options->assertRequiredOptions( self::CONSTRUCTOR_OPTIONS ); $this->providers = $options->get( MainConfigNames::CentralIdLookupProviders ); $this->defaultProvider = $options->get( MainConfigNames::CentralIdLookupProvider ); $this->objectFactory = $objectFactory; $this->userIdentityLookup = $userIdentityLookup; $this->userFactory = $userFactory; } /* * Get the IDs of the registered central ID lookup providers. * * @return string[] / public function getProviderIds(): array { return array_keys( $this->providers ); } /* * Get the ID of the default central ID provider. * * @return string / public function getDefaultProviderId(): string { return $this->defaultProvider; } /* * Get an instance of a CentralIdLookup. * * @param string\|null $providerId Provider ID from $wgCentralIdLookupProviders or null * to use the provider configured in $wgCentralIdLookupProvider * @return CentralIdLookup * @throws InvalidArgumentException if $providerId is not properly configured / public function getLookup( ?string $providerId = null ): CentralIdLookup { $providerId ??= $this->defaultProvider; if ( !array_key_exists( $providerId, $this->instanceCache ) ) { $providerSpec = $this->providers[$providerId] ?? null; if ( !$providerSpec ) { throw new InvalidArgumentException( "Invalid central ID provider $providerId" ); } $provider = $this->objectFactory->createObject( $providerSpec, [ 'assertClass' => CentralIdLookup::class ] ); $provider->init( $providerId, $this->userIdentityLookup, $this->userFactory ); $this->instanceCache[$providerId] = $provider; } return $this->instanceCache[$providerId]; } /* * Returns a CentralIdLookup that is guaranteed to be non-local. * If no such guarantee can be made, returns null. * * If this function returns a non-null CentralIdLookup, that lookup is expected to provide IDs * that are shared with some set of other wikis. However, you should still be cautious * when using those IDs, as they will not necessarily work with all other wikis, and it can be * hard to tell if another wiki is in the same set as this one or not. * * @param string\|null $providerID Provider ID from $wgCentralIdLookupProviders or null * to use the provider configured in $wgCentralIdLookupProvider * @return ?CentralIdLookup * @throws InvalidArgumentException if $providerId is not properly configured / public function getNonLocalLookup( ?string $providerID = null ): ?CentralIdLookup { $centralIdLookup = $this->getLookup( $providerID ); if ( $centralIdLookup instanceof LocalIdLookup ) { / * A LocalIdLookup (which is the default) may actually be non-local, * if shared user tables are used. * However, we cannot know that here, so play it safe and refuse to return it. * See also T163277 and T170996. / return null; } return $centralIdLookup; } } PK��!��X+��X+��CentralId/CentralIdLookup.phpnu��Iw��<?php /* * A central user id lookup service * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User\CentralId; use InvalidArgumentException; use LogicException; use MediaWiki\MediaWikiServices; use MediaWiki\Permissions\Authority; use MediaWiki\User\UserFactory; use MediaWiki\User\UserIdentity; use MediaWiki\User\UserIdentityLookup; use Throwable; use Wikimedia\Rdbms\IDBAccessObject; /* * The CentralIdLookup service allows for connecting local users with * cluster-wide IDs. * * @since 1.27 * @stable to extend / abstract class CentralIdLookup { // Audience options for accessors public const AUDIENCE_PUBLIC = 1; public const AUDIENCE_RAW = 2; /* @var string / private $providerId; /* @var UserIdentityLookup / private $userIdentityLookup; private UserFactory $userFactory; /* * Fetch a CentralIdLookup * @deprecated since 1.37 Use MediaWikiServices to obtain an instance. * @param string\|null $providerId Provider ID from $wgCentralIdLookupProviders * @return CentralIdLookup\|null / public static function factory( $providerId = null ) { wfDeprecated( __METHOD__, '1.37' ); try { return MediaWikiServices::getInstance() ->getCentralIdLookupFactory() ->getLookup( $providerId ); } catch ( Throwable $unused ) { return null; } } /* * Initialize the provider. * * @param string $providerId * @param UserIdentityLookup $userIdentityLookup * @internal / public function init( string $providerId, UserIdentityLookup $userIdentityLookup, UserFactory $userFactory ) { if ( $this->providerId !== null ) { throw new LogicException( "CentralIdProvider $providerId already initialized" ); } $this->providerId = $providerId; $this->userIdentityLookup = $userIdentityLookup; $this->userFactory = $userFactory; } /* * Get the provider id. * * @return string / public function getProviderId(): string { return $this->providerId; } /* * Check that the "audience" parameter is valid * @param int\|Authority $audience One of the audience constants, or a specific authority * @return Authority\|null authority to check against, or null if no checks are needed * @throws InvalidArgumentException / protected function checkAudience( $audience ): ?Authority { if ( $audience instanceof Authority ) { return $audience; } if ( $audience === self::AUDIENCE_PUBLIC ) { // TODO: when available, inject AuthorityFactory // via init and use it to create anon authority return $this->userFactory->newAnonymous(); } if ( $audience === self::AUDIENCE_RAW ) { return null; } throw new InvalidArgumentException( 'Invalid audience' ); } /* * Check that a user is attached on the specified wiki. * * If unattached local accounts don't exist in your extension, this comes * down to a check whether the central account exists at all and that * $wikiId is using the same central database. * * @param UserIdentity $user * @param string\|false $wikiId Wiki to check attachment status. If false, check the current wiki. * @return bool / abstract public function isAttached( UserIdentity $user, $wikiId = UserIdentity::LOCAL ): bool; /* * Check that a username is owned by the central user on the specified wiki. * * This should return true if the local account exists and is attached (see isAttached()), * or if it does not exist but is reserved for the central user (it's guaranteed that * if it's ever created, then it will be attached to the central user). * * @since 1.43 * @stable to override * @param UserIdentity $user * @param string\|false $wikiId Wiki to check attachment status. If false, check the current wiki. * @return bool / public function isOwned( UserIdentity $user, $wikiId = UserIdentity::LOCAL ): bool { return $this->isAttached( $user, $wikiId ); } /* * Given central user IDs, return the (local) user names * @note There's no requirement that the user names actually exist locally, * or if they do that they're actually attached to the central account. * @param array $idToName Array with keys being central user IDs * @param int\|Authority $audience One of the audience constants, or a specific authority * @param int $flags IDBAccessObject read flags * @return string[] Copy of $idToName with values set to user names (or * empty-string if the user exists but $audience lacks the rights needed * to see it). IDs not corresponding to a user are unchanged. / abstract public function lookupCentralIds( array $idToName, $audience = self::AUDIENCE_PUBLIC, $flags = IDBAccessObject::READ_NORMAL ): array; /* * Given (local) user names, return the central IDs * @note There's no requirement that the user names actually exist locally, * or if they do that they're actually attached to the central account. * @param array $nameToId Array with keys being canonicalized user names * @param int\|Authority $audience One of the audience constants, or a specific authority * @param int $flags IDBAccessObject read flags * @return int[] Copy of $nameToId with values set to central IDs. * Names not corresponding to a user (or $audience lacks the rights needed * to see it) are unchanged. / abstract public function lookupUserNames( array $nameToId, $audience = self::AUDIENCE_PUBLIC, $flags = IDBAccessObject::READ_NORMAL ): array; /* * Given a central user ID, return the (local) user name * @note There's no requirement that the user name actually exists locally, * or if it does that it's actually attached to the central account. * @param int $id Central user ID * @param int\|Authority $audience One of the audience constants, or a specific authority * @param int $flags IDBAccessObject read flags * @return string\|null user name, or empty string if $audience lacks the * rights needed to see it, or null if $id doesn't correspond to a user / public function nameFromCentralId( $id, $audience = self::AUDIENCE_PUBLIC, $flags = IDBAccessObject::READ_NORMAL ): ?string { $idToName = $this->lookupCentralIds( [ $id => null ], $audience, $flags ); return $idToName[$id]; } /* * Given a an array of central user IDs, return the (local) user names. * @param int[] $ids Central user IDs * @param int\|Authority $audience One of the audience constants, or a specific authority * @param int $flags IDBAccessObject read flags * @return string[] user names * @since 1.30 / public function namesFromCentralIds( array $ids, $audience = self::AUDIENCE_PUBLIC, $flags = IDBAccessObject::READ_NORMAL ): array { $idToName = array_fill_keys( $ids, false ); $names = $this->lookupCentralIds( $idToName, $audience, $flags ); $names = array_unique( $names ); $names = array_filter( $names, static function ( $name ) { return $name !== false && $name !== ''; } ); return array_values( $names ); } /* * Given a (local) user name, return the central ID * @note There's no requirement that the user name actually exists locally, * or if it does that it's actually attached to the central account. * @param string $name Canonicalized user name * @param int\|Authority $audience One of the audience constants, or a specific authority * @param int $flags IDBAccessObject read flags * @return int user ID; 0 if the name does not correspond to a user or * $audience lacks the rights needed to see it. / public function centralIdFromName( $name, $audience = self::AUDIENCE_PUBLIC, $flags = IDBAccessObject::READ_NORMAL ): int { $nameToId = $this->lookupUserNames( [ $name => 0 ], $audience, $flags ); return $nameToId[$name]; } /* * Given an array of (local) user names, return the central IDs. * @param string[] $names Canonicalized user names * @param int\|Authority $audience One of the audience constants, or a specific authority * @param int $flags IDBAccessObject read flags * @return int[] user IDs * @since 1.30 / public function centralIdsFromNames( array $names, $audience = self::AUDIENCE_PUBLIC, $flags = IDBAccessObject::READ_NORMAL ): array { $nameToId = array_fill_keys( $names, false ); $ids = $this->lookupUserNames( $nameToId, $audience, $flags ); $ids = array_unique( $ids ); $ids = array_filter( $ids, static function ( $id ) { return $id !== false; } ); return array_values( $ids ); } /* * Given a central user ID, return a local user object * @note Unlike nameFromCentralId(), this does guarantee that the local * user exists and is attached to the central account. * @stable to override * @param int $id Central user ID * @param int\|Authority $audience One of the audience constants, or a specific authority * @param int $flags IDBAccessObject read flags * @return UserIdentity\|null Local user, or null if: $id doesn't correspond to a * user, $audience lacks the rights needed to see the user, the user * doesn't exist locally, or the user isn't locally attached. / public function localUserFromCentralId( $id, $audience = self::AUDIENCE_PUBLIC, $flags = IDBAccessObject::READ_NORMAL ): ?UserIdentity { $name = $this->nameFromCentralId( $id, $audience, $flags ); if ( !$name ) { return null; } $user = $this->userIdentityLookup->getUserIdentityByName( $name ); if ( $user && $user->isRegistered() && $this->isAttached( $user ) ) { return $user; } return null; } /* * Given a local UserIdentity object, return the central ID * @stable to override * @note Unlike centralIdFromName(), this does guarantee that the local * user is attached to the central account. * @param UserIdentity $user Local user * @param int\|Authority $audience One of the audience constants, or a specific authority * @param int $flags IDBAccessObject read flags * @return int user ID; 0 if the local user does not correspond to a * central user, $audience lacks the rights needed to see it, or the * central user isn't locally attached. / public function centralIdFromLocalUser( UserIdentity $user, $audience = self::AUDIENCE_PUBLIC, $flags = IDBAccessObject::READ_NORMAL ): int { return $this->isAttached( $user ) ? $this->centralIdFromName( $user->getName(), $audience, $flags ) : 0; } } /* @deprecated class alias since 1.41 / class_alias( CentralIdLookup::class, 'CentralIdLookup' ); PK��!��Z�� UserIdentity.phpnu��Iw��<?php /* * Interface for objects representing user identity. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * http://www.gnu.org/copyleft/gpl.html * * @file / namespace MediaWiki\User; use MediaWiki\DAO\WikiAwareEntity; /* * Interface for objects representing user identity. * * This represents the identity of a user in the context of page revisions and log entries. * * @note Starting MediaWiki 1.37, UserIdentity objects should no longer expose an actor ID. * The actor ID is considered a storage layer optimization and should not be exposed to * and used by application logic. Storage layer code should use ActorNormalization to * get an actor ID for a UserIdentity. * * @since 1.31 / interface UserIdentity extends WikiAwareEntity { /* * @since 1.31 * * @param string\|false $wikiId The wiki ID expected by the caller * @return int The user ID. May be 0 for anonymous users or for users with no local account. * / public function getId( $wikiId = self::LOCAL ): int; /* * @since 1.31 * * @return string The user's logical name. May be an IPv4 or IPv6 address for anonymous users. / public function getName(): string; /* * @since 1.32 * * @param UserIdentity\|null $user * @return bool / public function equals( ?UserIdentity $user ): bool; /* * This must be equivalent to getId() != 0 and is provided for code readability. There is no * equivalent utility for checking whether a user is temporary, since that would introduce a * service dependency. Use UserIdentityUtils::isTemp (or UserNameUtils::isTemp) instead. * * @since 1.34 * * @return bool True if user is registered on this wiki, i.e., has a user ID. False if user is * anonymous or has no local account (which can happen when importing). / public function isRegistered(): bool; } PK��!��(�F��test_user_copy.shnu�ȯ��PK��!��h\��Makefilenu��[��PK��!��, �� ActorStoreFactory.phpnu��Iw��PK��!�ۢ[O��%��Options/UserOptionsLookup.phpnu��Iw��PK��!�}q�\��\��</��Options/UserOptionsManager.phpnu��Iw��PK��!��P�)��)��!��Options/LocalUserOptionsStore.phpnu��Iw��PK��!��^4��#��Options/StaticUserOptionsLookup.phpnu��Iw��PK��!�5ou�m��m��!��W��Options/UserOptionsCacheEntry.phpnu��Iw��PK��!�"Gֵ��$��Options/Hook/LoadUserOptionsHook.phpnu��Iw��PK��!�.w�}a��a��$��Options/Hook/SaveUserOptionsHook.phpnu��Iw��PK��!��7��7��:��Options/Hook/ConditionalDefaultOptionsAddConditionHook.phpnu��Iw��PK��!�}+ �,��,�� [��Options/DefaultOptionsLookup.phpnu��Iw��PK��!�pUE�P��P��Options/UserOptionsStore.phpnu��Iw��PK��!�\|��%��s��Options/ConditionalDefaultsLookup.phpnu��Iw��PK��!��R��UserSelectQueryBuilder.phpnu��Iw��PK��!�ɘ�<��<��#��UserNamePrefixSearch_deprecated.phpnu��Iw��PK��!��j\|�8��8��LoggedOutEditToken.phpnu��Iw��PK��!�?�!t��ActorCache.phpnu��Iw��PK��!��kj�� &�UserTimeCorrection.phpnu��Iw��PK��!�7s�7�.��.��VG�BotPasswordStore.phpnu��Iw��PK��!��'��?��?��(v�UserIdentityLookup.phpnu��Iw��PK��!��1U��U��~�TempUser/CreateStatus.phpnu��Iw��PK��!��!�@ ��@ ��K��TempUser/TempUserConfig.phpnu��Iw��PK��!�`�j��֍�TempUser/DBSerialProvider.phpnu��Iw��PK��!�� TempUser/ScrambleMapping.phpnu��Iw��PK��!�9��7��&��TempUser/PlainNumericSerialMapping.phpnu��Iw��PK��!��'�� ɣ�TempUser/Pattern.phpnu��Iw��PK��!�tnTZ��'��-��TempUser/FilteredRadixSerialMapping.phpnu��Iw��PK��!�h�ù.��.��TempUser/TempUserCreator.phpnu��Iw��PK��!�؋�~��~��TempUser/SerialMapping.phpnu��Iw��PK��!��>����d��TempUser/LocalizedNumericSerialMapping.phpnu��Iw��PK��!�9We!7��7��z��TempUser/RealTempUserConfig.phpnu��Iw��PK��!�� TempUser/LocalSerialProvider.phpnu��Iw��PK��!�.��S�TempUser/SerialProvider.phpnu��Iw��PK��!�tz(f�!��!��F �UserGroupMembership.phpnu��Iw��PK��!�-��j��j��},�UserGroupManager.phpnu��Iw��PK��!��'��+��UserIdentityUtils.phpnu��Iw��PK��!�UT)�Z��Z��UserEditTracker.phpnu��Iw��PK��!� -��r��r��UserArrayFromResult.phpnu��Iw��PK��!��\|&N ��N ��k��UserNamePrefixSearch.phpnu��Iw��PK��!��A�� ActorMigration.phpnu��Iw��PK��!�<�iW����)�Registration/IUserRegistrationProvider.phpnu��Iw��PK��!� \B��.��G�Registration/LocalUserRegistrationProvider.phpnu��Iw��PK��!��'��?�Registration/UserRegistrationLookup.phpnu��Iw��PK��!�=��m�UserEditCountInitJob.phpnu��Iw��PK��!�� :�� :��%�BotPassword.phpnu��Iw��PK��!�<-T��-��-��`�UserFactory.phpnu��Iw��PK��!��t,�1��1��ActorMigrationBase.phpnu��Iw��PK��!�_��!��T��Hook/UserPrivilegedGroupsHook.phpnu��Iw��PK��!��{�i�� Hook/UserEffectiveGroupsHook.phpnu��Iw��PK��!��D��0��e��Hook/UserSetEmailAuthenticationTimestampHook.phpnu��Iw��PK��!�J�� Hook/UserArrayFromResultHook.phpnu��Iw��PK��!��6�Oc��c��Hook/UserSetEmailHook.phpnu��Iw��PK��!��@0A��A��"��Hook/UserIsBlockedGloballyHook.phpnu��Iw��PK��!�GiU?��?��!��E��Hook/UserGetReservedNamesHook.phpnu��Iw��PK��!��ú5��5��'��Hook/User__mailPasswordInternalHook.phpnu��Iw��PK��!�cH�u;��;��a��Hook/UserLoadDefaultsHook.phpnu��Iw��PK��!��M=��=��)��Hook/UserClearNewTalkNotificationHook.phpnu��Iw��PK��!�cM&��!��Hook/GetAutoPromoteGroupsHook.phpnu��Iw��PK��!�֏U��U��k��Hook/UserIsBotHook.phpnu��Iw��PK��!��Hook/UserGroupsChangedHook.phpnu��Iw��PK��!�v�M��Hook/PingLimiterHook.phpnu��Iw��PK��!��S��0��Hook/UserGetEmailAuthenticationTimestampHook.phpnu��Iw��PK��!��;ۉ��"��!��Hook/UserGetDefaultOptionsHook.phpnu��Iw��PK��!��. 5��5��Hook/EmailConfirmedHook.phpnu��Iw��PK��!��U�#��#��\|��Hook/UserAddGroupHook.phpnu��Iw��PK��!��,��,��)��Hook/SpecialPasswordResetOnSubmitHook.phpnu��Iw��PK��!�� [��[��m�Hook/UserGetEmailHook.phpnu��Iw��PK��!��˼�#��#��Hook/UserLogoutHook.phpnu��Iw��PK��!��Z�[��[��!��{ �Hook/ConfirmEmailCompleteHook.phpnu��Iw��PK��!�<��'�Hook/UserRemoveGroupHook.phpnu��Iw��PK��!�j�cq2��2��Hook/IsValidPasswordHook.phpnu��Iw��PK��!��2��!��Hook/AutopromoteConditionHook.phpnu��Iw��PK��!��Kgh��h��$��Hook/InvalidateEmailCompleteHook.phpnu��Iw��PK��!��ZH��m�Hook/UserSaveSettingsHook.phpnu��Iw��PK��!�'�=��)��Hook/UserLoadAfterLoadFromSessionHook.phpnu��Iw��PK��!��.]Qy��y��Hook/UserIsLockedHook.phpnu��Iw��PK��!��Ox �� f!�Hook/UserCanSendEmailHook.phpnu��Iw��PK��!��g��N��N��%��$�Hook/UserSendConfirmationMailHook.phpnu��Iw��PK��!�TP��P��P�� c+�UserArray.phpnu��Iw��PK��!�ЏE��9�UserIdentityValue.phpnu��Iw��PK��!�<?6u��L�ActorNormalization.phpnu��Iw��PK��!��\|L��^�UserRigorOptions.phpnu��Iw��PK��!��ˋ)��)��c�TalkPageNotificationManager.phpnu��Iw��PK��!��D��ٍ�User.phpnu��Iw��PK��!��:��:��$�UserGroupExpiryJob.phpnu��Iw��PK��!�;��,z��z��0*�UserGroupManagerFactory.phpnu��Iw��PK��!��?q��/��/��9�UserNameUtils.phpnu��Iw��PK��!��b��b��j�ActorStore.phpnu��Iw��PK��!��,��R.��R.��C��PasswordReset.phpnu��Iw��PK��!��H��H��ExternalUserNames.phpnu��Iw��PK��!�� l��c�CentralId/LocalIdLookup.phpnu��Iw��PK��!�ͫk��$��F$�CentralId/CentralIdLookupFactory.phpnu��Iw��PK��!��X+��X+��7�CentralId/CentralIdLookup.phpnu��Iw��PK��!��Z�� Gc�UserIdentity.phpnu��Iw��PK��_�_�3"��Tm��

| ver. 1.1 | | . | PHP 8.4.18 | Ð“ÐµÐ½ÐµÑ€Ð°Ñ†Ð¸Ñ ÑÑ‚Ñ€Ð°Ð½Ð¸Ñ†Ñ‹: 0.04 | proxy | phpinfo | ÐÐ°ÑÑ‚Ñ€Ð¾Ð¹ÐºÐ°