MediaWiki REL1_37
SpecialUserLogin.php
Go to the documentation of this file.
1<?php
24use MediaWiki\Auth\AuthManager;
25use MediaWiki\Logger\LoggerFactory;
26
32class SpecialUserLogin extends LoginSignupSpecialPage {
33 protected static $allowedActions = [
34 AuthManager::ACTION_LOGIN,
35 AuthManager::ACTION_LOGIN_CONTINUE
36 ];
37
38 protected static $messages = [
39 'authform-newtoken' => 'nocookiesforlogin',
40 'authform-notoken' => 'sessionfailure',
41 'authform-wrongtoken' => 'sessionfailure',
42 ];
43
47 public function __construct( AuthManager $authManager ) {
48 parent::__construct( 'Userlogin' );
49 $this->setAuthManager( $authManager );
50 }
51
52 public function doesWrites() {
53 return true;
54 }
55
56 protected function getLoginSecurityLevel() {
57 return false;
58 }
59
60 protected function getDefaultAction( $subPage ) {
61 return AuthManager::ACTION_LOGIN;
62 }
63
64 public function getDescription() {
65 return $this->msg( 'login' )->text();
66 }
67
68 public function setHeaders() {
69 // override the page title if we are doing a forced reauthentication
70 parent::setHeaders();
71 if ( $this->securityLevel && $this->getUser()->isRegistered() ) {
72 $this->getOutput()->setPageTitle( $this->msg( 'login-security' ) );
73 }
74 }
75
76 protected function isSignup() {
77 return false;
78 }
79
80 protected function beforeExecute( $subPage ) {
81 if ( $subPage === 'signup' || $this->getRequest()->getText( 'type' ) === 'signup' ) {
82 // B/C for old account creation URLs
83 $title = SpecialPage::getTitleFor( 'CreateAccount' );
84 $query = array_diff_key( $this->getRequest()->getValues(),
85 array_fill_keys( [ 'type', 'title' ], true ) );
86 $url = $title->getFullURL( $query, false, PROTO_CURRENT );
87 $this->getOutput()->redirect( $url );
88 return false;
89 }
90 return parent::beforeExecute( $subPage );
91 }
92
104 protected function successfulAction( $direct = false, $extraMessages = null ) {
105 global $wgSecureLogin;
106
107 $user = $this->targetUser ?: $this->getUser();
108 $session = $this->getRequest()->getSession();
109
110 if ( $direct ) {
111 $user->touch();
112
113 $this->clearToken();
114
115 if ( $user->requiresHTTPS() ) {
116 $this->mStickHTTPS = true;
117 }
118 $session->setForceHTTPS( $wgSecureLogin && $this->mStickHTTPS );
119
120 // If the user does not have a session cookie at this point, they probably need to
121 // do something to their browser.
122 if ( !$this->hasSessionCookie() ) {
123 $this->mainLoginForm( [ /*?*/ ], $session->getProvider()->whyNoSession() );
124 // TODO something more specific? This used to use nocookieslogin
125 return;
126 }
127 }
128
129 # Run any hooks; display injected HTML if any, else redirect
130 $injected_html = '';
131 $this->getHookRunner()->onUserLoginComplete(
132 $user, $injected_html, $direct );
133
134 if ( $injected_html !== '' || $extraMessages ) {
135 $this->showSuccessPage( 'success', $this->msg( 'loginsuccesstitle' ),
136 'loginsuccess', $injected_html, $extraMessages );
137 } else {
138 $helper = new LoginHelper( $this->getContext() );
139 $helper->showReturnToPage( 'successredirect', $this->mReturnTo, $this->mReturnToQuery,
140 $this->mStickHTTPS );
141 }
142 }
143
144 protected function getToken() {
145 return $this->getRequest()->getSession()->getToken( '', 'login' );
146 }
147
148 protected function clearToken() {
149 return $this->getRequest()->getSession()->resetToken( 'login' );
150 }
151
152 protected function getTokenName() {
153 return 'wpLoginToken';
154 }
155
156 protected function getGroupName() {
157 return 'login';
158 }
159
160 protected function logAuthResult( $success, $status = null ) {
161 LoggerFactory::getInstance( 'authevents' )->info( 'Login attempt', [
162 'event' => 'login',
163 'successful' => $success,
164 'status' => strval( $status ),
165 ] );
166 }
167}
$wgSecureLogin
$wgSecureLogin
This is to let user authenticate using https when they come from http.
Definition DefaultSettings.php:5769
PROTO_CURRENT
const PROTO_CURRENT
Definition Defines.php:195
AuthManagerSpecialPage\$subPage
string $subPage
Subpage of the special page.
Definition AuthManagerSpecialPage.php:39
AuthManagerSpecialPage\getRequest
getRequest()
Get the WebRequest being used for this instance.
Definition AuthManagerSpecialPage.php:72
LoginHelper
Helper functions for the login form that need to be shared with other special pages (such as CentralA...
Definition LoginHelper.php:10
LoginSignupSpecialPage
Holds shared logic for login and account creation pages.
Definition LoginSignupSpecialPage.php:38
LoginSignupSpecialPage\mainLoginForm
mainLoginForm(array $requests, $msg='', $msgtype='error')
Definition LoginSignupSpecialPage.php:518
LoginSignupSpecialPage\showSuccessPage
showSuccessPage( $type, $title, $msgname, $injected_html, $extraMessages)
Show the success page.
Definition LoginSignupSpecialPage.php:439
LoginSignupSpecialPage\hasSessionCookie
hasSessionCookie()
Check if a session cookie is present.
Definition LoginSignupSpecialPage.php:1067
MediaWiki\Auth\AuthManager
This serves as the entry point to the authentication system.
Definition AuthManager.php:102
MediaWiki\Logger\LoggerFactory
PSR-3 logger instance factory.
Definition LoggerFactory.php:45
SpecialPage\getOutput
getOutput()
Get the OutputPage being used for this instance.
Definition SpecialPage.php:790
SpecialPage\getUser
getUser()
Shortcut to get the User executing this instance.
Definition SpecialPage.php:800
SpecialPage\getTitleFor
static getTitleFor( $name, $subpage=false, $fragment='')
Get a localised Title object for a specified special page name If you don't need a full Title object,...
Definition SpecialPage.php:107
SpecialPage\$authManager
AuthManager null $authManager
Definition SpecialPage.php:88
SpecialPage\getContext
getContext()
Gets the context this SpecialPage is executed in.
Definition SpecialPage.php:764
SpecialPage\msg
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
Definition SpecialPage.php:912
SpecialPage\setAuthManager
setAuthManager(AuthManager $authManager)
Set the injected AuthManager from the special page constructor.
Definition SpecialPage.php:510
SpecialUserLogin
Implements Special:UserLogin.
Definition SpecialUserLogin.php:32
SpecialUserLogin\getDescription
getDescription()
Returns the name that goes in the <h1> in the special page itself, and also the name that will be l...
Definition SpecialUserLogin.php:64
SpecialUserLogin\getGroupName
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
Definition SpecialUserLogin.php:156
SpecialUserLogin\getDefaultAction
getDefaultAction( $subPage)
Get the default action for this special page, if none is given via URL/POST data.
Definition SpecialUserLogin.php:60
SpecialUserLogin\logAuthResult
logAuthResult( $success, $status=null)
Logs to the authmanager-stats channel.
Definition SpecialUserLogin.php:160
SpecialUserLogin\setHeaders
setHeaders()
Sets headers - this should be called from the execute() method of all derived classes!
Definition SpecialUserLogin.php:68
SpecialUserLogin\getTokenName
getTokenName()
Returns the name of the CSRF token (under which it should be found in the POST or GET data).
Definition SpecialUserLogin.php:152
SpecialUserLogin\__construct
__construct(AuthManager $authManager)
Definition SpecialUserLogin.php:47
SpecialUserLogin\successfulAction
successfulAction( $direct=false, $extraMessages=null)
Run any hooks registered for logins, then HTTP redirect to $this->mReturnTo (or Main Page if that's u...
Definition SpecialUserLogin.php:104
SpecialUserLogin\doesWrites
doesWrites()
Indicates whether this special page may perform database writes.
Definition SpecialUserLogin.php:52
SpecialUserLogin\getToken
getToken()
Returns the CSRF token.
Definition SpecialUserLogin.php:144