MediaWiki  1.23.16
ApiLogin.php
Go to the documentation of this file.
1 <?php
33 class ApiLogin extends ApiBase {
34 
35  public function __construct( $main, $action ) {
36  parent::__construct( $main, $action, 'lg' );
37  }
38 
48  public function execute() {
49  // If we're in JSON callback mode, no tokens can be obtained
50  if ( !is_null( $this->getMain()->getRequest()->getVal( 'callback' ) ) ) {
51  $this->getResult()->addValue( null, 'login', array(
52  'result' => 'Aborted',
53  'reason' => 'Cannot log in when using a callback',
54  ) );
55 
56  return;
57  }
58 
59  try {
60  $this->requirePostedParameters( array( 'password', 'token' ) );
61  } catch ( UsageException $ex ) {
62  // Make this a warning for now, upgrade to an error in 1.29.
63  $this->setWarning( $ex->getMessage() );
64  }
65 
66  $params = $this->extractRequestParams();
67 
68  $result = array();
69 
70  // Init session if necessary
71  if ( session_id() == '' ) {
72  wfSetupSession();
73  }
74 
75  $context = new DerivativeContext( $this->getContext() );
76  $context->setRequest( new DerivativeRequest(
77  $this->getContext()->getRequest(),
78  array(
79  'wpName' => $params['name'],
80  'wpPassword' => $params['password'],
81  'wpDomain' => $params['domain'],
82  'wpLoginToken' => $params['token'],
83  'wpRemember' => ''
84  )
85  ) );
86  $loginForm = new LoginForm();
87  $loginForm->setContext( $context );
88 
89  global $wgCookiePrefix, $wgPasswordAttemptThrottle;
90 
91  $authRes = $loginForm->authenticateUserData();
92  switch ( $authRes ) {
93  case LoginForm::SUCCESS:
94  $user = $context->getUser();
95  $this->getContext()->setUser( $user );
96  $user->setCookies( $this->getRequest() );
97 
98  ApiQueryInfo::resetTokenCache();
99 
100  // Run hooks.
101  // @todo FIXME: Split back and frontend from this hook.
102  // @todo FIXME: This hook should be placed in the backend
103  $injected_html = '';
104  wfRunHooks( 'UserLoginComplete', array( &$user, &$injected_html ) );
105 
106  $result['result'] = 'Success';
107  $result['lguserid'] = intval( $user->getId() );
108  $result['lgusername'] = $user->getName();
109  $result['lgtoken'] = $user->getToken();
110  $result['cookieprefix'] = $wgCookiePrefix;
111  $result['sessionid'] = session_id();
112  break;
113 
114  case LoginForm::NEED_TOKEN:
115  $result['result'] = 'NeedToken';
116  $result['token'] = $loginForm->getLoginToken();
117  $result['cookieprefix'] = $wgCookiePrefix;
118  $result['sessionid'] = session_id();
119  break;
120 
121  case LoginForm::WRONG_TOKEN:
122  $result['result'] = 'WrongToken';
123  break;
124 
125  case LoginForm::NO_NAME:
126  $result['result'] = 'NoName';
127  break;
128 
129  case LoginForm::ILLEGAL:
130  $result['result'] = 'Illegal';
131  break;
132 
133  case LoginForm::WRONG_PLUGIN_PASS:
134  $result['result'] = 'WrongPluginPass';
135  break;
136 
137  case LoginForm::NOT_EXISTS:
138  $result['result'] = 'NotExists';
139  break;
140 
141  // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
142  // The e-mailed temporary password should not be used for actual logins.
143  case LoginForm::RESET_PASS:
144  case LoginForm::WRONG_PASS:
145  $result['result'] = 'WrongPass';
146  break;
147 
148  case LoginForm::EMPTY_PASS:
149  $result['result'] = 'EmptyPass';
150  break;
151 
152  case LoginForm::CREATE_BLOCKED:
153  $result['result'] = 'CreateBlocked';
154  $result['details'] = 'Your IP address is blocked from account creation';
155  break;
156 
157  case LoginForm::THROTTLED:
158  $result['result'] = 'Throttled';
159  $result['wait'] = intval( $wgPasswordAttemptThrottle['seconds'] );
160  break;
161 
162  case LoginForm::USER_BLOCKED:
163  $result['result'] = 'Blocked';
164  break;
165 
166  case LoginForm::ABORTED:
167  $result['result'] = 'Aborted';
168  $result['reason'] = $loginForm->mAbortLoginErrorMsg;
169  break;
170 
171  default:
172  ApiBase::dieDebug( __METHOD__, "Unhandled case value: {$authRes}" );
173  }
174 
175  $this->getResult()->addValue( null, 'login', $result );
176  }
177 
178  public function mustBePosted() {
179  return true;
180  }
181 
182  public function isReadMode() {
183  return false;
184  }
185 
186  public function getAllowedParams() {
187  return array(
188  'name' => null,
189  'password' => null,
190  'domain' => null,
191  'token' => null,
192  );
193  }
194 
195  public function getParamDescription() {
196  return array(
197  'name' => 'User Name',
198  'password' => 'Password',
199  'domain' => 'Domain (optional)',
200  'token' => 'Login token obtained in first request',
201  );
202  }
203 
204  public function getResultProperties() {
205  return array(
206  '' => array(
207  'result' => array(
208  ApiBase::PROP_TYPE => array(
209  'Success',
210  'NeedToken',
211  'WrongToken',
212  'NoName',
213  'Illegal',
214  'WrongPluginPass',
215  'NotExists',
216  'WrongPass',
217  'EmptyPass',
218  'CreateBlocked',
219  'Throttled',
220  'Blocked',
221  'Aborted'
222  )
223  ),
224  'lguserid' => array(
225  ApiBase::PROP_TYPE => 'integer',
226  ApiBase::PROP_NULLABLE => true
227  ),
228  'lgusername' => array(
229  ApiBase::PROP_TYPE => 'string',
230  ApiBase::PROP_NULLABLE => true
231  ),
232  'lgtoken' => array(
233  ApiBase::PROP_TYPE => 'string',
234  ApiBase::PROP_NULLABLE => true
235  ),
236  'cookieprefix' => array(
237  ApiBase::PROP_TYPE => 'string',
238  ApiBase::PROP_NULLABLE => true
239  ),
240  'sessionid' => array(
241  ApiBase::PROP_TYPE => 'string',
242  ApiBase::PROP_NULLABLE => true
243  ),
244  'token' => array(
245  ApiBase::PROP_TYPE => 'string',
246  ApiBase::PARAM_SENSITIVE => true,
247  ApiBase::PROP_NULLABLE => true
248  ),
249  'details' => array(
250  ApiBase::PROP_TYPE => 'string',
251  ApiBase::PROP_NULLABLE => true
252  ),
253  'wait' => array(
254  ApiBase::PROP_TYPE => 'integer',
255  ApiBase::PROP_NULLABLE => true
256  ),
257  'reason' => array(
258  ApiBase::PROP_TYPE => 'string',
259  ApiBase::PROP_NULLABLE => true
260  )
261  )
262  );
263  }
264 
265  public function getDescription() {
266  return array(
267  'Log in and get the authentication tokens.',
268  'In the event of a successful log-in, a cookie will be attached to your session.',
269  'In the event of a failed log-in, you will not be able to attempt another log-in',
270  'through this method for 5 seconds. This is to prevent password guessing by',
271  'automated password crackers.'
272  );
273  }
274 
275  public function getPossibleErrors() {
276  return array_merge( parent::getPossibleErrors(), array(
277  array(
278  'code' => 'NeedToken', 'info' => 'You need to resubmit your ' .
279  'login with the specified token. See ' .
280  'https://bugzilla.wikimedia.org/show_bug.cgi?id=23076'
281  ),
282  array( 'code' => 'WrongToken', 'info' => 'You specified an invalid token' ),
283  array( 'code' => 'NoName', 'info' => 'You didn\'t set the lgname parameter' ),
284  array( 'code' => 'Illegal', 'info' => 'You provided an illegal username' ),
285  array( 'code' => 'NotExists', 'info' => 'The username you provided doesn\'t exist' ),
286  array(
287  'code' => 'EmptyPass',
288  'info' => 'You didn\'t set the lgpassword parameter or you left it empty'
289  ),
290  array( 'code' => 'WrongPass', 'info' => 'The password you provided is incorrect' ),
291  array(
292  'code' => 'WrongPluginPass',
293  'info' => 'Same as "WrongPass", returned when an authentication ' .
294  'plugin rather than MediaWiki itself rejected the password'
295  ),
296  array(
297  'code' => 'CreateBlocked',
298  'info' => 'The wiki tried to automatically create a new account ' .
299  'for you, but your IP address has been blocked from account creation'
300  ),
301  array( 'code' => 'Throttled', 'info' => 'You\'ve logged in too many times in a short time' ),
302  array( 'code' => 'Blocked', 'info' => 'User is blocked' ),
303  ) );
304  }
305 
306  public function getExamples() {
307  return array(
308  'api.php?action=login&lgname=user&lgpassword=password'
309  );
310  }
311 
312  public function getHelpUrls() {
313  return 'https://www.mediawiki.org/wiki/API:Login';
314  }
315 }
DerivativeRequest
Similar to FauxRequest, but only fakes URL parameters and method (POST or GET) and use the base reque...
Definition: WebRequest.php:1463
ContextSource\$context
IContextSource $context
Definition: ContextSource.php:33
ApiLogin\isReadMode
isReadMode()
Indicates whether this module requires read rights.
Definition: ApiLogin.php:182
$result
The index of the header message $result[1]=The index of the body text message $result[2 through n]=Parameters passed to body text message. Please note the header message cannot receive/use parameters. 'ImportHandleLogItemXMLTag':When parsing a XML tag in a log item. $reader:XMLReader object $logInfo:Array of information Return false to stop further processing of the tag 'ImportHandlePageXMLTag':When parsing a XML tag in a page. $reader:XMLReader object $pageInfo:Array of information Return false to stop further processing of the tag 'ImportHandleRevisionXMLTag':When parsing a XML tag in a page revision. $reader:XMLReader object $pageInfo:Array of page information $revisionInfo:Array of revision information Return false to stop further processing of the tag 'ImportHandleToplevelXMLTag':When parsing a top level XML tag. $reader:XMLReader object Return false to stop further processing of the tag 'ImportHandleUploadXMLTag':When parsing a XML tag in a file upload. $reader:XMLReader object $revisionInfo:Array of information Return false to stop further processing of the tag 'InfoAction':When building information to display on the action=info page. $context:IContextSource object & $pageInfo:Array of information 'InitializeArticleMaybeRedirect':MediaWiki check to see if title is a redirect. $title:Title object for the current page $request:WebRequest $ignoreRedirect:boolean to skip redirect check $target:Title/string of redirect target $article:Article object 'InterwikiLoadPrefix':When resolving if a given prefix is an interwiki or not. Return true without providing an interwiki to continue interwiki search. $prefix:interwiki prefix we are looking for. & $iwData:output array describing the interwiki with keys iw_url, iw_local, iw_trans and optionally iw_api and iw_wikiid. 'InternalParseBeforeSanitize':during Parser 's internalParse method just before the parser removes unwanted/dangerous HTML tags and after nowiki/noinclude/includeonly/onlyinclude and other processings. Ideal for syntax-extensions after template/parser function execution which respect nowiki and HTML-comments. & $parser:Parser object & $text:string containing partially parsed text & $stripState:Parser 's internal StripState object 'InternalParseBeforeLinks':during Parser 's internalParse method before links but after nowiki/noinclude/includeonly/onlyinclude and other processings. & $parser:Parser object & $text:string containing partially parsed text & $stripState:Parser 's internal StripState object 'InvalidateEmailComplete':Called after a user 's email has been invalidated successfully. $user:user(object) whose email is being invalidated 'IRCLineURL':When constructing the URL to use in an IRC notification. Callee may modify $url and $query, URL will be constructed as $url . $query & $url:URL to index.php & $query:Query string $rc:RecentChange object that triggered url generation 'IsFileCacheable':Override the result of Article::isFileCacheable()(if true) $article:article(object) being checked 'IsTrustedProxy':Override the result of wfIsTrustedProxy() $ip:IP being check $result:Change this value to override the result of wfIsTrustedProxy() 'IsUploadAllowedFromUrl':Override the result of UploadFromUrl::isAllowedUrl() $url:URL used to upload from & $allowed:Boolean indicating if uploading is allowed for given URL 'isValidEmailAddr':Override the result of User::isValidEmailAddr(), for instance to return false if the domain name doesn 't match your organization. $addr:The e-mail address entered by the user & $result:Set this and return false to override the internal checks 'isValidPassword':Override the result of User::isValidPassword() $password:The password entered by the user & $result:Set this and return false to override the internal checks $user:User the password is being validated for 'Language::getMessagesFileName':$code:The language code or the language we 're looking for a messages file for & $file:The messages file path, you can override this to change the location. 'LanguageGetNamespaces':Provide custom ordering for namespaces or remove namespaces. Do not use this hook to add namespaces. Use CanonicalNamespaces for that. & $namespaces:Array of namespaces indexed by their numbers 'LanguageGetMagic':DEPRECATED, use $magicWords in a file listed in $wgExtensionMessagesFiles instead. Use this to define synonyms of magic words depending of the language $magicExtensions:associative array of magic words synonyms $lang:language code(string) 'LanguageGetSpecialPageAliases':DEPRECATED, use $specialPageAliases in a file listed in $wgExtensionMessagesFiles instead. Use to define aliases of special pages names depending of the language $specialPageAliases:associative array of magic words synonyms $lang:language code(string) 'LanguageGetTranslatedLanguageNames':Provide translated language names. & $names:array of language code=> language name $code language of the preferred translations 'LanguageLinks':Manipulate a page 's language links. This is called in various places to allow extensions to define the effective language links for a page. $title:The page 's Title. & $links:Associative array mapping language codes to prefixed links of the form "language:title". & $linkFlags:Associative array mapping prefixed links to arrays of flags. Currently unused, but planned to provide support for marking individual language links in the UI, e.g. for featured articles. 'LinkBegin':Used when generating internal and interwiki links in Linker::link(), before processing starts. Return false to skip default processing and return $ret. See documentation for Linker::link() for details on the expected meanings of parameters. $skin:the Skin object $target:the Title that the link is pointing to & $html:the contents that the< a > tag should have(raw HTML) $result
Definition: hooks.txt:1528
ContextSource\getContext
getContext()
Get the RequestContext object.
Definition: ContextSource.php:40
ApiLogin\execute
execute()
Executes the log-in attempt using the parameters passed.
Definition: ApiLogin.php:48
LoginForm\USER_BLOCKED
const USER_BLOCKED
Definition: SpecialUserlogin.php:41
php
skin txt MediaWiki includes four core it has been set as the default in MediaWiki since the replacing Monobook it had been been the default skin since before being replaced by Vector largely rewritten in while keeping its appearance Several legacy skins were removed in the as the burden of supporting them became too heavy to bear Those in etc for skin dependent CSS etc for skin dependent JavaScript These can also be customised on a per user by etc This feature has led to a wide variety of user styles becoming that gallery is a good place to ending in php
Definition: skin.txt:62
LoginForm\WRONG_PASS
const WRONG_PASS
Definition: SpecialUserlogin.php:35
LoginForm\CREATE_BLOCKED
const CREATE_BLOCKED
Definition: SpecialUserlogin.php:39
wfSetupSession
wfSetupSession( $sessionId=false)
Initialise php session.
Definition: GlobalFunctions.php:3587
LoginForm\ILLEGAL
const ILLEGAL
Definition: SpecialUserlogin.php:32
LoginForm\SUCCESS
const SUCCESS
Definition: SpecialUserlogin.php:30
ApiLogin\mustBePosted
mustBePosted()
Indicates whether this module must be called with a POST request.
Definition: ApiLogin.php:178
ApiQueryInfo\resetTokenCache
static resetTokenCache()
Definition: ApiQueryInfo.php:114
ApiBase\getResult
getResult()
Get the result object.
Definition: ApiBase.php:212
$wgCookiePrefix
if( $wgRCFilterByAge) if( $wgSkipSkin) if( $wgLocalInterwiki) if( $wgSharedPrefix===false) if(! $wgCookiePrefix) $wgCookiePrefix
Definition: Setup.php:284
ApiLogin\getDescription
getDescription()
Returns the description string for this module.
Definition: ApiLogin.php:265
$params
$params
Definition: styleTest.css.php:40
LoginForm\RESET_PASS
const RESET_PASS
Definition: SpecialUserlogin.php:37
ApiLogin\getPossibleErrors
getPossibleErrors()
Returns a list of all possible errors returned by the module.
Definition: ApiLogin.php:275
LoginForm\THROTTLED
const THROTTLED
Definition: SpecialUserlogin.php:40
ContextSource\getRequest
getRequest()
Get the WebRequest object.
Definition: ContextSource.php:77
ApiBase
This abstract class implements many basic API functions, and is the base of all API classes.
Definition: ApiBase.php:42
ApiLogin\getParamDescription
getParamDescription()
Returns an array of parameter descriptions.
Definition: ApiLogin.php:195
ApiBase\PARAM_SENSITIVE
const PARAM_SENSITIVE
(boolean) Is the parameter sensitive? Note 'password'-type fields are always sensitive regardless of ...
Definition: ApiBase.php:73
LoginForm\EMPTY_PASS
const EMPTY_PASS
Definition: SpecialUserlogin.php:36
ApiLogin\getHelpUrls
getHelpUrls()
Definition: ApiLogin.php:312
DerivativeContext
An IContextSource implementation which will inherit context from another source but allow individual ...
Definition: DerivativeContext.php:32
LoginForm\ABORTED
const ABORTED
Definition: SpecialUserlogin.php:38
UsageException
This exception will be thrown when dieUsage is called to stop module execution.
Definition: ApiMain.php:1463
LoginForm\NOT_EXISTS
const NOT_EXISTS
Definition: SpecialUserlogin.php:34
wfRunHooks
wfRunHooks( $event, array $args=array(), $deprecatedVersion=null)
Call hook functions defined in $wgHooks.
Definition: GlobalFunctions.php:4066
array
the array() calling protocol came about after MediaWiki 1.4rc1.
List of Api Query prop modules.
global
when a variable name is used in a it is silently declared as a new masking the global
Definition: design.txt:93
LoginForm
Implements Special:UserLogin.
Definition: SpecialUserlogin.php:29
ApiBase\PROP_TYPE
const PROP_TYPE
Definition: ApiBase.php:81
ApiLogin\__construct
__construct( $main, $action)
Definition: ApiLogin.php:35
ApiBase\extractRequestParams
extractRequestParams( $parseLimit=true)
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition: ApiBase.php:715
ApiLogin\getAllowedParams
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
Definition: ApiLogin.php:186
LoginForm\WRONG_TOKEN
const WRONG_TOKEN
Definition: SpecialUserlogin.php:43
ApiBase\PROP_NULLABLE
const PROP_NULLABLE
Definition: ApiBase.php:83
IContextSource\getUser
getUser()
Get the User object.
$user
please add to it if you re going to add events to the MediaWiki code where normally authentication against an external auth plugin would be creating a account $user
Definition: hooks.txt:237
ApiLogin\getResultProperties
getResultProperties()
Returns possible properties in the result, grouped by the value of the prop parameter that shows them...
Definition: ApiLogin.php:204
ApiLogin\getExamples
getExamples()
Returns usage examples for this module.
Definition: ApiLogin.php:306
ApiBase\setWarning
setWarning( $warning)
Set warning section for this module.
Definition: ApiBase.php:252
LoginForm\NEED_TOKEN
const NEED_TOKEN
Definition: SpecialUserlogin.php:42
LoginForm\NO_NAME
const NO_NAME
Definition: SpecialUserlogin.php:31
ApiBase\getMain
getMain()
Get the main module.
Definition: ApiBase.php:195
ApiLogin
Unit to authenticate log-in attempts to the current wiki.
Definition: ApiLogin.php:33
ApiBase\dieDebug
static dieDebug( $method, $message)
Internal code errors should be reported with this method.
Definition: ApiBase.php:2076
ApiBase\requirePostedParameters
requirePostedParameters( $params, $prefix='prefix')
Die if any of the specified parameters were found in the query part of the URL rather than the post b...
Definition: ApiBase.php:861
LoginForm\WRONG_PLUGIN_PASS
const WRONG_PLUGIN_PASS
Definition: SpecialUserlogin.php:33