51 parent::__construct( $main, $action,
'lg' );
52 $this->authManager = $authManager;
56 if ( $this->
getConfig()->
get( MainConfigNames::EnableBotPasswords ) ) {
57 return 'apihelp-login-extended-description';
59 return 'apihelp-login-extended-description-nobotpasswords';
68 private function formatMessage( $message ) {
73 $message->useDatabase(
false )->inLanguage(
'en' )->text()
76 return $errorFormatter->formatMessage( $message );
93 $this->
getResult()->addValue(
null,
'login', [
94 'result' =>
'Aborted',
95 'reason' => $this->formatMessage(
'api-login-fail-sameorigin' ),
108 $session = MediaWiki\Session\SessionManager::getGlobalSession();
112 if ( !$session->canSetUser() ) {
113 $this->
getResult()->addValue(
null,
'login', [
114 'result' =>
'Aborted',
115 'reason' => $this->formatMessage( [
116 'api-login-fail-badsessionprovider',
117 $session->getProvider()->describe( $this->getErrorFormatter()->getLanguage() ),
128 $token = $session->getToken(
'',
'login' );
129 if ( !$params[
'token'] ) {
130 $authRes =
'NeedToken';
131 } elseif ( $token->wasNew() ) {
133 $message = ApiMessage::create(
'authpage-cannot-login-continue',
'sessionlost' );
134 } elseif ( !$token->match( $params[
'token'] ) ) {
135 $authRes =
'WrongToken';
140 $authRes ===
false && $this->
getConfig()->
get( MainConfigNames::EnableBotPasswords ) &&
141 ( $botLoginData = BotPassword::canonicalizeLoginData( $params[
'name'], $params[
'password'] ) )
143 $status = BotPassword::login(
144 $botLoginData[0], $botLoginData[1], $this->
getRequest()
146 if ( $status->isOK() ) {
147 $session = $status->getValue();
148 $authRes =
'Success';
149 $loginType =
'BotPassword';
151 $status->hasMessage(
'login-throttled' ) ||
152 $status->hasMessage(
'botpasswords-needs-reset' ) ||
153 $status->hasMessage(
'botpasswords-locked' )
156 $message = $status->getMessage();
157 LoggerFactory::getInstance(
'authentication' )->info(
158 'BotPassword login failed: ' . $status->getWikiText(
false,
false,
'en' )
164 if ( $authRes ===
false ) {
166 $reqs = AuthenticationRequest::loadRequestsFromSubmission(
167 $this->authManager->getAuthenticationRequests(
168 AuthManager::ACTION_LOGIN,
172 'username' => $params[
'name'],
173 'password' => $params[
'password'],
174 'domain' => $params[
'domain'],
175 'rememberMe' =>
true,
178 $res = $this->authManager->beginAuthentication( $reqs,
'null:' );
179 switch ( $res->status ) {
180 case AuthenticationResponse::PASS:
181 if ( $this->
getConfig()->
get( MainConfigNames::EnableBotPasswords ) ) {
182 $this->
addDeprecation(
'apiwarn-deprecation-login-botpw',
'main-account-login' );
184 $this->
addDeprecation(
'apiwarn-deprecation-login-nobotpw',
'main-account-login' );
186 $authRes =
'Success';
187 $loginType =
'AuthManager';
190 case AuthenticationResponse::FAIL:
193 $message = $res->message;
194 LoggerFactory::getInstance(
'authentication' )
195 ->info( __METHOD__ .
': Authentication failed: '
196 . $message->inLanguage(
'en' )->plain() );
200 LoggerFactory::getInstance(
'authentication' )
201 ->info( __METHOD__ .
': Authentication failed due to unsupported response type: '
202 . $res->status, $this->getAuthenticationResponseLogData( $res ) );
203 $authRes =
'Aborted';
208 $result[
'result'] = $authRes;
209 switch ( $authRes ) {
211 $user = $session->getUser();
215 $this->
getHookRunner()->onUserLoginComplete( $user, $injected_html,
true );
217 $result[
'lguserid'] = $user->getId();
218 $result[
'lgusername'] = $user->getName();
222 $result[
'token'] = $token->toString();
223 $this->
addDeprecation(
'apiwarn-deprecation-login-token',
'action=login&!lgtoken' );
232 $result[
'reason'] = $this->formatMessage( $message );
236 $result[
'reason'] = $this->formatMessage(
237 $this->
getConfig()->
get( MainConfigNames::EnableBotPasswords )
238 ?
'api-login-fail-aborted'
239 :
'api-login-fail-aborted-nobotpw'
250 $this->
getResult()->addValue(
null,
'login', $result );
252 LoggerFactory::getInstance(
'authevents' )->info(
'Login attempt', [
254 'successful' => $authRes ===
'Success',
255 'loginType' => $loginType,
256 'status' => $authRes,
261 return !$this->
getConfig()->get( MainConfigNames::EnableBotPasswords );
281 ParamValidator::PARAM_TYPE =>
'password',
285 ParamValidator::PARAM_TYPE =>
'string',
286 ParamValidator::PARAM_REQUIRED =>
false,
287 ParamValidator::PARAM_SENSITIVE =>
true,
295 'action=login&lgname=user&lgpassword=password&lgtoken=123ABC'
296 =>
'apihelp-login-example-login',
301 return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Login';
311 'status' => $response->status,
313 if ( $response->message ) {
314 $ret[
'responseMessage'] = $response->message->inLanguage(
'en' )->plain();
317 'neededRequests' => $response->neededRequests,
318 'createRequest' => $response->createRequest,
319 'linkRequest' => $response->linkRequest,
321 foreach ( $reqs as $k => $v ) {
323 $v = is_array( $v ) ? $v : [ $v ];
324 $reqClasses = array_unique( array_map(
'get_class', $v ) );
326 $ret[$k] = implode(
', ', $reqClasses );
This abstract class implements many basic API functions, and is the base of all API classes.
static dieDebug( $method, $message)
Internal code errors should be reported with this method.
requirePostedParameters( $params, $prefix='prefix')
Die if any of the specified parameters were found in the query part of the URL rather than the HTTP p...
addDeprecation( $msg, $feature, $data=[])
Add a deprecation warning for this module.
getResult()
Get the result object.
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
const PARAM_HELP_MSG
(string|array|Message) Specify an alternative i18n documentation message for this parameter.
getHookRunner()
Get an ApiHookRunner for running core API hooks.
lacksSameOriginSecurity()
Returns true if the current request breaks the same-origin policy.
Unit to authenticate log-in attempts to the current wiki.
getHelpUrls()
Return links to more detailed help pages about the module.
isWriteMode()
Indicates whether this module requires write mode.
getExtendedDescription()
Return the extended help text message.
isDeprecated()
Indicates whether this module is deprecated.
isReadMode()
Indicates whether this module requires read rights.
mustBePosted()
Indicates whether this module must be called with a POST request.
execute()
Executes the log-in attempt using the parameters passed.
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
getAuthenticationResponseLogData(AuthenticationResponse $response)
Turns an AuthenticationResponse into a hash suitable for passing to Logger.
__construct(ApiMain $main, $action, AuthManager $authManager)
getExamplesMessages()
Returns usage examples for this module.
This is the main API class, used for both external and internal processing.
A class containing constants representing the names of configuration variables.
static newFromSpecifier( $value)
Transform a MessageSpecifier or a primitive value used interchangeably with specifiers (a message key...