2006-06-17 23:07:16 +00:00
|
|
|
<?php
|
|
|
|
|
/**
|
2013-05-29 04:45:44 +00:00
|
|
|
* Creates an account and grants it rights.
|
2006-06-17 23:07:16 +00:00
|
|
|
*
|
2009-08-02 19:35:17 +00:00
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License along
|
|
|
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
|
* http://www.gnu.org/copyleft/gpl.html
|
|
|
|
|
*
|
2010-10-03 09:25:28 +00:00
|
|
|
* @file
|
WARNING: HUGE COMMIT
Doxygen documentation update:
* Changed alls @addtogroup to @ingroup. @addtogroup adds the comment to the group description, but doesn't add the file, class, function, ... to the group like @ingroup does. See for example http://svn.wikimedia.org/doc/group__SpecialPage.html where it's impossible to see related files, classes, ... that should belong to that group.
* Added @file to file description, it seems that it should be explicitely decalred for file descriptions, otherwise doxygen will think that the comment document the first class, variabled, function, ... that is in that file.
* Removed some empty comments
* Removed some ?>
Added following groups:
* ExternalStorage
* JobQueue
* MaintenanceLanguage
One more thing: there are still a lot of warnings when generating the doc.
2008-05-20 17:13:28 +00:00
|
|
|
* @ingroup Maintenance
|
2006-06-17 23:07:16 +00:00
|
|
|
* @author Rob Church <robchur@gmail.com>
|
2012-08-30 23:54:20 +00:00
|
|
|
* @author Pablo Castellano <pablo@anche.no>
|
2006-06-17 23:07:16 +00:00
|
|
|
*/
|
2007-07-06 23:24:10 +00:00
|
|
|
|
2013-05-17 00:16:59 +00:00
|
|
|
require_once __DIR__ . '/Maintenance.php';
|
2009-08-02 19:35:17 +00:00
|
|
|
|
2020-03-31 18:51:49 +00:00
|
|
|
use MediaWiki\MediaWikiServices;
|
2023-02-23 20:44:38 +00:00
|
|
|
use MediaWiki\WikiMap\WikiMap;
|
2020-03-31 18:51:49 +00:00
|
|
|
|
2012-06-16 20:35:13 +00:00
|
|
|
/**
|
2013-05-29 04:45:44 +00:00
|
|
|
* Maintenance script to create an account and grant it rights.
|
2012-06-16 20:35:13 +00:00
|
|
|
*
|
|
|
|
|
* @ingroup Maintenance
|
|
|
|
|
*/
|
2009-08-02 19:35:17 +00:00
|
|
|
class CreateAndPromote extends Maintenance {
|
2018-03-20 22:44:27 +00:00
|
|
|
private static $permitRoles = [ 'sysop', 'bureaucrat', 'interface-admin', 'bot' ];
|
2012-08-30 23:54:20 +00:00
|
|
|
|
2009-08-02 19:35:17 +00:00
|
|
|
public function __construct() {
|
|
|
|
|
parent::__construct();
|
2016-01-30 02:48:47 +00:00
|
|
|
$this->addDescription( 'Create a new user account and/or grant it additional rights' );
|
2014-04-23 09:22:55 +00:00
|
|
|
$this->addOption(
|
|
|
|
|
'force',
|
2022-04-27 16:10:29 +00:00
|
|
|
'If account exists already, just grant it rights or change password.'
|
2014-04-23 09:22:55 +00:00
|
|
|
);
|
2013-04-17 14:52:47 +00:00
|
|
|
foreach ( self::$permitRoles as $role ) {
|
2012-08-30 23:54:20 +00:00
|
|
|
$this->addOption( $role, "Add the account to the {$role} group" );
|
|
|
|
|
}
|
2015-07-01 07:21:53 +00:00
|
|
|
|
|
|
|
|
$this->addOption(
|
|
|
|
|
'custom-groups',
|
|
|
|
|
'Comma-separated list of groups to add the user to',
|
|
|
|
|
false,
|
|
|
|
|
true
|
|
|
|
|
);
|
|
|
|
|
|
2023-01-09 22:01:32 +00:00
|
|
|
$this->addOption(
|
|
|
|
|
'reason',
|
|
|
|
|
'Reason for account creation and user rights assignment to log to wiki',
|
|
|
|
|
false,
|
|
|
|
|
true
|
|
|
|
|
);
|
|
|
|
|
|
2023-05-19 09:35:17 +00:00
|
|
|
$this->addArg( 'username', 'Username of new user' );
|
|
|
|
|
$this->addArg( 'password', 'Password to set', false );
|
2009-08-02 19:35:17 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function execute() {
|
2010-05-22 16:50:39 +00:00
|
|
|
$username = $this->getArg( 0 );
|
|
|
|
|
$password = $this->getArg( 1 );
|
2012-08-30 23:54:20 +00:00
|
|
|
$force = $this->hasOption( 'force' );
|
2016-02-17 09:09:32 +00:00
|
|
|
$inGroups = [];
|
2021-07-01 10:32:24 +00:00
|
|
|
$services = MediaWikiServices::getInstance();
|
2010-12-04 03:20:14 +00:00
|
|
|
|
2021-07-01 10:32:24 +00:00
|
|
|
$user = $services->getUserFactory()->newFromName( $username );
|
2010-05-22 16:50:39 +00:00
|
|
|
if ( !is_object( $user ) ) {
|
2023-05-19 09:35:17 +00:00
|
|
|
$this->fatalError( 'invalid username.' );
|
2009-08-02 19:35:17 +00:00
|
|
|
}
|
|
|
|
|
|
2018-06-30 09:43:00 +00:00
|
|
|
$exists = ( $user->idForName() !== 0 );
|
2012-08-30 23:54:20 +00:00
|
|
|
|
|
|
|
|
if ( $exists && !$force ) {
|
2023-05-19 09:35:17 +00:00
|
|
|
$this->fatalError( 'Account exists. Perhaps you want the --force option?' );
|
2013-04-17 14:52:47 +00:00
|
|
|
} elseif ( !$exists && !$password ) {
|
2023-05-19 09:35:17 +00:00
|
|
|
$this->error( 'Argument <password> required!' );
|
2012-08-30 23:54:20 +00:00
|
|
|
$this->maybeHelp( true );
|
2013-04-17 14:52:47 +00:00
|
|
|
} elseif ( $exists ) {
|
2021-07-01 10:32:24 +00:00
|
|
|
$inGroups = $services->getUserGroupManager()->getUserGroups( $user );
|
2009-08-02 19:35:17 +00:00
|
|
|
}
|
|
|
|
|
|
2016-02-17 09:09:32 +00:00
|
|
|
$groups = array_filter( self::$permitRoles, [ $this, 'hasOption' ] );
|
2015-07-01 07:21:53 +00:00
|
|
|
if ( $this->hasOption( 'custom-groups' ) ) {
|
2021-07-01 10:32:24 +00:00
|
|
|
$allGroups = array_fill_keys( $services->getUserGroupManager()->listAllGroups(), true );
|
2015-07-01 07:21:53 +00:00
|
|
|
$customGroupsText = $this->getOption( 'custom-groups' );
|
|
|
|
|
if ( $customGroupsText !== '' ) {
|
|
|
|
|
$customGroups = explode( ',', $customGroupsText );
|
|
|
|
|
foreach ( $customGroups as $customGroup ) {
|
2016-04-03 11:28:48 +00:00
|
|
|
if ( isset( $allGroups[$customGroup] ) ) {
|
|
|
|
|
$groups[] = trim( $customGroup );
|
|
|
|
|
} else {
|
|
|
|
|
$this->output( "$customGroup is not a valid group, ignoring!\n" );
|
|
|
|
|
}
|
2015-07-01 07:21:53 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-04-23 09:22:55 +00:00
|
|
|
$promotions = array_diff(
|
2015-07-01 07:21:53 +00:00
|
|
|
$groups,
|
2014-04-23 09:22:55 +00:00
|
|
|
$inGroups
|
|
|
|
|
);
|
2010-12-04 03:20:14 +00:00
|
|
|
|
2012-08-30 23:54:20 +00:00
|
|
|
if ( $exists && !$password && count( $promotions ) === 0 ) {
|
|
|
|
|
$this->output( "Account exists and nothing to do.\n" );
|
2014-04-23 18:08:42 +00:00
|
|
|
|
2012-08-30 23:54:20 +00:00
|
|
|
return;
|
2013-04-17 14:52:47 +00:00
|
|
|
} elseif ( count( $promotions ) !== 0 ) {
|
2019-07-04 07:31:06 +00:00
|
|
|
$dbDomain = WikiMap::getCurrentWikiDbDomain()->getId();
|
2012-08-30 23:54:20 +00:00
|
|
|
$promoText = "User:{$username} into " . implode( ', ', $promotions ) . "...\n";
|
|
|
|
|
if ( $exists ) {
|
2019-07-04 07:31:06 +00:00
|
|
|
$this->output( "$dbDomain: Promoting $promoText" );
|
2012-08-30 23:54:20 +00:00
|
|
|
} else {
|
2019-07-04 07:31:06 +00:00
|
|
|
$this->output( "$dbDomain: Creating and promoting $promoText" );
|
2012-08-30 23:54:20 +00:00
|
|
|
}
|
2011-05-05 05:11:50 +00:00
|
|
|
}
|
2012-08-30 23:54:20 +00:00
|
|
|
|
2015-10-30 15:19:12 +00:00
|
|
|
if ( !$exists ) {
|
2023-05-06 08:42:39 +00:00
|
|
|
// Verify the password meets the password requirements before creating.
|
|
|
|
|
// This check is repeated below to account for differences between
|
|
|
|
|
// the password policy for regular users and for users in certain groups.
|
|
|
|
|
if ( $password ) {
|
|
|
|
|
$status = $user->checkPasswordValidity( $password );
|
|
|
|
|
|
|
|
|
|
if ( !$status->isGood() ) {
|
|
|
|
|
$this->fatalError( $status->getMessage( false, false, 'en' )->text() );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-30 02:41:27 +00:00
|
|
|
// Create the user via AuthManager as there may be various side
|
2019-08-20 00:47:01 +00:00
|
|
|
// effects that are performed by the configured AuthManager chain.
|
2020-03-31 18:51:49 +00:00
|
|
|
$status = MediaWikiServices::getInstance()->getAuthManager()->autoCreateUser(
|
2018-12-30 02:41:27 +00:00
|
|
|
$user,
|
|
|
|
|
MediaWiki\Auth\AuthManager::AUTOCREATE_SOURCE_MAINT,
|
|
|
|
|
false
|
|
|
|
|
);
|
|
|
|
|
if ( !$status->isGood() ) {
|
2019-08-19 16:12:32 +00:00
|
|
|
$this->fatalError( $status->getMessage( false, false, 'en' )->text() );
|
2018-12-30 02:41:27 +00:00
|
|
|
}
|
2015-10-30 15:19:12 +00:00
|
|
|
}
|
|
|
|
|
|
2023-06-30 16:56:27 +00:00
|
|
|
if ( $promotions ) {
|
|
|
|
|
// Add groups before changing password, as the password policy for certain groups has
|
|
|
|
|
// stricter requirements.
|
|
|
|
|
$userGroupManager = $services->getUserGroupManager();
|
|
|
|
|
$userGroupManager->addUserToMultipleGroups( $user, $promotions );
|
|
|
|
|
$reason = $this->getOption( 'reason' ) ?: '';
|
|
|
|
|
$this->addLogEntry( $user, $inGroups, array_merge( $inGroups, $promotions ), $reason );
|
|
|
|
|
}
|
2023-05-06 08:42:39 +00:00
|
|
|
|
2012-08-30 23:54:20 +00:00
|
|
|
if ( $password ) {
|
|
|
|
|
# Try to set the password
|
|
|
|
|
try {
|
2016-04-01 16:49:26 +00:00
|
|
|
$status = $user->changeAuthenticationData( [
|
|
|
|
|
'username' => $user->getName(),
|
|
|
|
|
'password' => $password,
|
|
|
|
|
'retype' => $password,
|
|
|
|
|
] );
|
|
|
|
|
if ( !$status->isGood() ) {
|
2019-08-19 16:12:32 +00:00
|
|
|
throw new PasswordError( $status->getMessage( false, false, 'en' )->text() );
|
2016-06-08 20:08:45 +00:00
|
|
|
}
|
2012-08-30 23:54:20 +00:00
|
|
|
if ( $exists ) {
|
|
|
|
|
$this->output( "Password set.\n" );
|
|
|
|
|
$user->saveSettings();
|
|
|
|
|
}
|
|
|
|
|
} catch ( PasswordError $pwe ) {
|
2023-05-05 20:26:54 +00:00
|
|
|
$this->fatalError( 'Setting the password failed: ' . $pwe->getMessage() );
|
2012-08-30 23:54:20 +00:00
|
|
|
}
|
2011-05-05 05:11:50 +00:00
|
|
|
}
|
2010-12-04 03:20:14 +00:00
|
|
|
|
2012-08-30 23:54:20 +00:00
|
|
|
if ( !$exists ) {
|
|
|
|
|
# Increment site_stats.ss_users
|
2019-07-06 06:26:17 +00:00
|
|
|
$ssu = SiteStatsUpdate::factory( [ 'users' => 1 ] );
|
2012-08-30 23:54:20 +00:00
|
|
|
$ssu->doUpdate();
|
|
|
|
|
}
|
2010-12-04 03:20:14 +00:00
|
|
|
|
2009-08-02 19:35:17 +00:00
|
|
|
$this->output( "done.\n" );
|
|
|
|
|
}
|
2023-01-09 22:01:32 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Add a rights log entry for an action.
|
|
|
|
|
*
|
2023-07-25 20:10:50 +00:00
|
|
|
* @param User $user
|
2023-01-09 22:01:32 +00:00
|
|
|
* @param array $oldGroups
|
|
|
|
|
* @param array $newGroups
|
|
|
|
|
* @param string $reason
|
|
|
|
|
*
|
|
|
|
|
* @throws MWException
|
|
|
|
|
*/
|
|
|
|
|
private function addLogEntry( $user, array $oldGroups, array $newGroups, string $reason ) {
|
|
|
|
|
$logEntry = new ManualLogEntry( 'rights', 'rights' );
|
|
|
|
|
$logEntry->setPerformer( User::newSystemUser( User::MAINTENANCE_SCRIPT_USER, [ 'steal' => true ] ) );
|
|
|
|
|
$logEntry->setTarget( $user->getUserPage() );
|
|
|
|
|
$logEntry->setComment( $reason );
|
|
|
|
|
$logEntry->setParameters( [
|
|
|
|
|
'4::oldgroups' => $oldGroups,
|
|
|
|
|
'5::newgroups' => $newGroups
|
|
|
|
|
] );
|
|
|
|
|
$logid = $logEntry->insert();
|
|
|
|
|
$logEntry->publish( $logid );
|
|
|
|
|
}
|
2006-06-17 23:07:16 +00:00
|
|
|
}
|
|
|
|
|
|
2018-01-13 00:02:09 +00:00
|
|
|
$maintClass = CreateAndPromote::class;
|
2013-05-07 23:00:15 +00:00
|
|
|
require_once RUN_MAINTENANCE_IF_MAIN;
|
