maintenance/createAndPromote.php
<?php
/**
* Creates an account and grants it rights.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* http://www.gnu.org/copyleft/gpl.html
*
* @file
* @ingroup Maintenance
* @author Rob Church <robchur@gmail.com>
* @author Pablo Castellano <pablo@anche.no>
*/
require_once __DIR__ . '/Maintenance.php';
use MediaWiki\Auth\AuthManager;
use MediaWiki\Deferred\SiteStatsUpdate;
use MediaWiki\Password\PasswordError;
use MediaWiki\User\User;
use MediaWiki\WikiMap\WikiMap;
/**
* Maintenance script to create an account and grant it rights.
*
* @ingroup Maintenance
*/
class CreateAndPromote extends Maintenance {
private static $permitRoles = [ 'sysop', 'bureaucrat', 'interface-admin', 'bot' ];
public function __construct() {
parent::__construct();
$this->addDescription( 'Create a new user account and/or grant it additional rights' );
$this->addOption(
'force',
'If account exists already, just grant it rights or change password.'
);
foreach ( self::$permitRoles as $role ) {
$this->addOption( $role, "Add the account to the {$role} group" );
}
$this->addOption(
'custom-groups',
'Comma-separated list of groups to add the user to',
false,
true
);
$this->addOption(
'reason',
'Reason for account creation and user rights assignment to log to wiki',
false,
true
);
$this->addArg( 'username', 'Username of new user' );
$this->addArg( 'password', 'Password to set', false );
}
public function execute() {
$username = $this->getArg( 0 );
$password = $this->getArg( 1 );
$force = $this->hasOption( 'force' );
$inGroups = [];
$services = $this->getServiceContainer();
$user = $services->getUserFactory()->newFromName( $username );
if ( !is_object( $user ) ) {
$this->fatalError( 'invalid username.' );
}
$exists = ( $user->idForName() !== 0 );
if ( $exists && !$force ) {
$this->fatalError( 'Account exists. Perhaps you want the --force option?' );
} elseif ( !$exists && !$password ) {
$this->error( 'Argument <password> required!' );
$this->maybeHelp( true );
} elseif ( $exists ) {
$inGroups = $services->getUserGroupManager()->getUserGroups( $user );
}
$groups = array_filter( self::$permitRoles, [ $this, 'hasOption' ] );
if ( $this->hasOption( 'custom-groups' ) ) {
$allGroups = array_fill_keys( $services->getUserGroupManager()->listAllGroups(), true );
$customGroupsText = $this->getOption( 'custom-groups' );
if ( $customGroupsText !== '' ) {
$customGroups = explode( ',', $customGroupsText );
foreach ( $customGroups as $customGroup ) {
if ( isset( $allGroups[$customGroup] ) ) {
$groups[] = trim( $customGroup );
} else {
$this->output( "$customGroup is not a valid group, ignoring!\n" );
}
}
}
}
$promotions = array_diff(
$groups,
$inGroups
);
if ( $exists && !$password && count( $promotions ) === 0 ) {
$this->output( "Account exists and nothing to do.\n" );
return;
} elseif ( count( $promotions ) !== 0 ) {
$dbDomain = WikiMap::getCurrentWikiDbDomain()->getId();
$promoText = "User:{$username} into " . implode( ', ', $promotions ) . "...\n";
if ( $exists ) {
$this->output( "$dbDomain: Promoting $promoText" );
} else {
$this->output( "$dbDomain: Creating and promoting $promoText" );
}
}
if ( !$exists ) {
// Verify the password meets the password requirements before creating.
// This check is repeated below to account for differences between
// the password policy for regular users and for users in certain groups.
if ( $password ) {
$status = $user->checkPasswordValidity( $password );
if ( !$status->isGood() ) {
$this->fatalError( $status->getMessage( false, false, 'en' )->text() );
}
}
// Create the user via AuthManager as there may be various side
// effects that are performed by the configured AuthManager chain.
$status = $this->getServiceContainer()->getAuthManager()->autoCreateUser(
$user,
AuthManager::AUTOCREATE_SOURCE_MAINT,
false
);
if ( !$status->isGood() ) {
$this->fatalError( $status->getMessage( false, false, 'en' )->text() );
}
}
if ( $promotions ) {
// Add groups before changing password, as the password policy for certain groups has
// stricter requirements.
$userGroupManager = $services->getUserGroupManager();
$userGroupManager->addUserToMultipleGroups( $user, $promotions );
$reason = $this->getOption( 'reason' ) ?: '';
$this->addLogEntry( $user, $inGroups, array_merge( $inGroups, $promotions ), $reason );
}
if ( $password ) {
# Try to set the password
try {
$status = $user->changeAuthenticationData( [
'username' => $user->getName(),
'password' => $password,
'retype' => $password,
] );
if ( !$status->isGood() ) {
throw new PasswordError( $status->getMessage( false, false, 'en' )->text() );
}
if ( $exists ) {
$this->output( "Password set.\n" );
$user->saveSettings();
}
} catch ( PasswordError $pwe ) {
$this->fatalError( 'Setting the password failed: ' . $pwe->getMessage() );
}
}
if ( !$exists ) {
# Increment site_stats.ss_users
$ssu = SiteStatsUpdate::factory( [ 'users' => 1 ] );
$ssu->doUpdate();
}
$this->output( "done.\n" );
}
/**
* Add a rights log entry for an action.
*
* @param User $user
* @param array $oldGroups
* @param array $newGroups
* @param string $reason
*/
private function addLogEntry( $user, array $oldGroups, array $newGroups, string $reason ) {
$logEntry = new ManualLogEntry( 'rights', 'rights' );
$logEntry->setPerformer( User::newSystemUser( User::MAINTENANCE_SCRIPT_USER, [ 'steal' => true ] ) );
$logEntry->setTarget( $user->getUserPage() );
$logEntry->setComment( $reason );
$logEntry->setParameters( [
'4::oldgroups' => $oldGroups,
'5::newgroups' => $newGroups
] );
$logid = $logEntry->insert();
$logEntry->publish( $logid );
}
}
$maintClass = CreateAndPromote::class;
require_once RUN_MAINTENANCE_IF_MAIN;