Go to the documentation of this file.
37 parent::__construct( $main, $action,
'lg' );
41 if ( $this->
getConfig()->
get(
'EnableBotPasswords' ) ) {
42 return 'apihelp-login-extended-description';
44 return 'apihelp-login-extended-description-nobotpasswords';
54 $message = Message::newFromSpecifier( $message );
58 $message->useDatabase(
false )->inLanguage(
'en' )->text()
61 return $errorFormatter->formatMessage( $message );
78 $this->
getResult()->addValue(
null,
'login', [
79 'result' =>
'Aborted',
80 'reason' => $this->
formatMessage(
'api-login-fail-sameorigin' ),
97 if ( !$session->canSetUser() ) {
98 $this->
getResult()->addValue(
null,
'login', [
99 'result' =>
'Aborted',
101 'api-login-fail-badsessionprovider',
113 $token = $session->getToken(
'',
'login' );
114 if ( $token->wasNew() || !$params[
'token'] ) {
115 $authRes =
'NeedToken';
116 } elseif ( !$token->match( $params[
'token'] ) ) {
117 $authRes =
'WrongToken';
122 $authRes ===
false && $this->
getConfig()->get(
'EnableBotPasswords' ) &&
126 $botLoginData[0], $botLoginData[1], $this->
getRequest()
129 $session =
$status->getValue();
130 $authRes =
'Success';
131 $loginType =
'BotPassword';
133 $status->hasMessage(
'login-throttled' ) ||
134 $status->hasMessage(
'botpasswords-needs-reset' ) ||
135 $status->hasMessage(
'botpasswords-locked' )
138 $message =
$status->getMessage();
139 LoggerFactory::getInstance(
'authentication' )->info(
140 'BotPassword login failed: ' .
$status->getWikiText(
false,
false,
'en' )
146 if ( $authRes ===
false ) {
148 $manager = AuthManager::singleton();
149 $reqs = AuthenticationRequest::loadRequestsFromSubmission(
150 $manager->getAuthenticationRequests( AuthManager::ACTION_LOGIN, $this->getUser() ),
152 'username' => $params[
'name'],
153 'password' => $params[
'password'],
154 'domain' => $params[
'domain'],
155 'rememberMe' =>
true,
158 $res = AuthManager::singleton()->beginAuthentication( $reqs,
'null:' );
159 switch (
$res->status ) {
160 case AuthenticationResponse::PASS:
161 if ( $this->
getConfig()->
get(
'EnableBotPasswords' ) ) {
162 $this->
addDeprecation(
'apiwarn-deprecation-login-botpw',
'main-account-login' );
164 $this->
addDeprecation(
'apiwarn-deprecation-login-nobotpw',
'main-account-login' );
166 $authRes =
'Success';
167 $loginType =
'AuthManager';
170 case AuthenticationResponse::FAIL:
173 $message =
$res->message;
175 ->info( __METHOD__ .
': Authentication failed: '
176 . $message->inLanguage(
'en' )->plain() );
181 ->info( __METHOD__ .
': Authentication failed due to unsupported response type: '
182 .
$res->status, $this->getAuthenticationResponseLogData(
$res ) );
183 $authRes =
'Aborted';
188 $result[
'result'] = $authRes;
189 switch ( $authRes ) {
191 $user = $session->getUser();
197 Hooks::run(
'UserLoginComplete', [ &$user, &$injected_html,
true ] );
199 $result[
'lguserid'] = (int)$user->getId();
200 $result[
'lgusername'] = $user->getName();
204 $result[
'token'] = $token->toString();
205 $this->
addDeprecation(
'apiwarn-deprecation-login-token',
'action=login&!lgtoken' );
217 $this->
getConfig()->
get(
'EnableBotPasswords' )
218 ?
'api-login-fail-aborted'
219 :
'api-login-fail-aborted-nobotpw'
230 $this->
getResult()->addValue(
null,
'login', $result );
232 LoggerFactory::getInstance(
'authevents' )->info(
'Login attempt', [
234 'successful' => $authRes ===
'Success',
235 'loginType' => $loginType,
236 'status' => $authRes,
241 return !$this->
getConfig()->get(
'EnableBotPasswords' );
270 'action=login&lgname=user&lgpassword=password&lgtoken=123ABC'
271 =>
'apihelp-login-example-login',
276 return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Login';
289 $ret[
'message'] =
$response->message->inLanguage(
'en' )->plain();
292 'neededRequests' =>
$response->neededRequests,
293 'createRequest' =>
$response->createRequest,
296 foreach ( $reqs as $k => $v ) {
298 $v = is_array( $v ) ? $v : [ $v ];
299 $reqClasses = array_unique( array_map(
'get_class', $v ) );
301 $ret[$k] = implode(
', ', $reqClasses );
This is the main API class, used for both external and internal processing.
isReadMode()
Indicates whether this module requires read rights.
execute()
Executes the log-in attempt using the parameters passed.
const PARAM_REQUIRED
(boolean) Is the parameter required?
static canonicalizeLoginData( $username, $password)
There are two ways to login with a bot password: "username@appId", "password" and "username",...
const PARAM_HELP_MSG
(string|array|Message) Specify an alternative i18n documentation message for this parameter.
mustBePosted()
Indicates whether this module must be called with a POST request.
isDeprecated()
Indicates whether this module is deprecated.
const PARAM_TYPE
(string|string[]) Either an array of allowed value strings, or a string type as described below.
getResult()
Get the result object.
getExamplesMessages()
Returns usage examples for this module.
lacksSameOriginSecurity()
Returns true if the current request breaks the same-origin policy.
This abstract class implements many basic API functions, and is the base of all API classes.
const PARAM_SENSITIVE
(boolean) Is the parameter sensitive? Note 'password'-type fields are always sensitive regardless of ...
getHelpUrls()
Return links to more detailed help pages about the module.
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
getAuthenticationResponseLogData(AuthenticationResponse $response)
Turns an AuthenticationResponse into a hash suitable for passing to Logger.
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
addDeprecation( $msg, $feature, $data=[])
Add a deprecation warning for this module.
getExtendedDescription()
Return the extended help text message.
static login( $username, $password, WebRequest $request)
Try to log the user in.
formatMessage( $message)
Format a message for the response.
Unit to authenticate log-in attempts to the current wiki.
static run( $event, array $args=[], $deprecatedVersion=null)
Call hook functions defined in Hooks::register and $wgHooks.
__construct(ApiMain $main, $action)
static dieDebug( $method, $message)
Internal code errors should be reported with this method.
getErrorFormatter()
Get the error formatter.
requirePostedParameters( $params, $prefix='prefix')
Die if any of the specified parameters were found in the query part of the URL rather than the post b...