52 parent::__construct( $main, $action,
'lg' );
53 $this->authManager = $authManager;
57 if ( $this->
getConfig()->
get( MainConfigNames::EnableBotPasswords ) ) {
58 return 'apihelp-login-extended-description';
60 return 'apihelp-login-extended-description-nobotpasswords';
69 private function formatMessage( $message ) {
70 $message = Message::newFromSpecifier( $message );
74 $message->useDatabase(
false )->inLanguage(
'en' )->text()
77 return $errorFormatter->formatMessage( $message );
94 $this->
getResult()->addValue(
null,
'login', [
95 'result' =>
'Aborted',
96 'reason' => $this->formatMessage(
'api-login-fail-sameorigin' ),
109 $session = MediaWiki\Session\SessionManager::getGlobalSession();
113 if ( !$session->canSetUser() ) {
114 $this->
getResult()->addValue(
null,
'login', [
115 'result' =>
'Aborted',
116 'reason' => $this->formatMessage( [
117 'api-login-fail-badsessionprovider',
118 $session->getProvider()->describe( $this->getErrorFormatter()->getLanguage() ),
129 $token = $session->getToken(
'',
'login' );
131 $authRes =
'NeedToken';
132 } elseif ( $token->wasNew() ) {
134 $message = ApiMessage::create(
'authpage-cannot-login-continue',
'sessionlost' );
135 } elseif ( !$token->match(
$params[
'token'] ) ) {
136 $authRes =
'WrongToken';
141 $authRes ===
false && $this->
getConfig()->
get( MainConfigNames::EnableBotPasswords ) &&
142 ( $botLoginData = BotPassword::canonicalizeLoginData(
$params[
'name'],
$params[
'password'] ) )
144 $status = BotPassword::login(
145 $botLoginData[0], $botLoginData[1], $this->
getRequest()
147 if ( $status->isOK() ) {
148 $session = $status->getValue();
149 $authRes =
'Success';
150 $loginType =
'BotPassword';
152 $status->hasMessage(
'login-throttled' ) ||
153 $status->hasMessage(
'botpasswords-needs-reset' ) ||
154 $status->hasMessage(
'botpasswords-locked' )
157 $message = $status->getMessage();
158 LoggerFactory::getInstance(
'authentication' )->info(
159 'BotPassword login failed: ' . $status->getWikiText(
false,
false,
'en' )
165 if ( $authRes ===
false ) {
167 $reqs = AuthenticationRequest::loadRequestsFromSubmission(
168 $this->authManager->getAuthenticationRequests(
169 AuthManager::ACTION_LOGIN,
174 'password' =>
$params[
'password'],
176 'rememberMe' =>
true,
179 $res = $this->authManager->beginAuthentication( $reqs,
'null:' );
180 switch ( $res->status ) {
181 case AuthenticationResponse::PASS:
182 if ( $this->
getConfig()->
get( MainConfigNames::EnableBotPasswords ) ) {
183 $this->
addDeprecation(
'apiwarn-deprecation-login-botpw',
'main-account-login' );
185 $this->
addDeprecation(
'apiwarn-deprecation-login-nobotpw',
'main-account-login' );
187 $authRes =
'Success';
188 $loginType =
'AuthManager';
191 case AuthenticationResponse::FAIL:
194 $message = $res->message;
195 LoggerFactory::getInstance(
'authentication' )
196 ->info( __METHOD__ .
': Authentication failed: '
197 . $message->inLanguage(
'en' )->plain() );
201 LoggerFactory::getInstance(
'authentication' )
202 ->info( __METHOD__ .
': Authentication failed due to unsupported response type: '
203 . $res->status, $this->getAuthenticationResponseLogData( $res ) );
204 $authRes =
'Aborted';
209 $result[
'result'] = $authRes;
210 switch ( $authRes ) {
212 $user = $session->getUser();
216 $this->
getHookRunner()->onUserLoginComplete( $user, $injected_html,
true );
218 $result[
'lguserid'] = $user->getId();
219 $result[
'lgusername'] = $user->getName();
223 $result[
'token'] = $token->toString();
224 $this->
addDeprecation(
'apiwarn-deprecation-login-token',
'action=login&!lgtoken' );
233 $result[
'reason'] = $this->formatMessage( $message );
237 $result[
'reason'] = $this->formatMessage(
238 $this->
getConfig()->
get( MainConfigNames::EnableBotPasswords )
239 ?
'api-login-fail-aborted'
240 :
'api-login-fail-aborted-nobotpw'
251 $this->
getResult()->addValue(
null,
'login', $result );
253 LoggerFactory::getInstance(
'authevents' )->info(
'Login attempt', [
255 'successful' => $authRes ===
'Success',
256 'loginType' => $loginType,
257 'status' => $authRes,
262 return !$this->
getConfig()->get( MainConfigNames::EnableBotPasswords );
282 ParamValidator::PARAM_TYPE =>
'password',
286 ParamValidator::PARAM_TYPE =>
'string',
287 ParamValidator::PARAM_REQUIRED =>
false,
288 ParamValidator::PARAM_SENSITIVE =>
true,
296 'action=login&lgname=user&lgpassword=password&lgtoken=123ABC'
297 =>
'apihelp-login-example-login',
302 return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Login';
312 'status' => $response->status,
314 if ( $response->message ) {
315 $ret[
'responseMessage'] = $response->message->inLanguage(
'en' )->plain();
318 'neededRequests' => $response->neededRequests,
319 'createRequest' => $response->createRequest,
320 'linkRequest' => $response->linkRequest,
322 foreach ( $reqs as $k => $v ) {
324 $v = is_array( $v ) ? $v : [ $v ];
325 $reqClasses = array_unique( array_map(
'get_class', $v ) );
327 $ret[$k] = implode(
', ', $reqClasses );
array $params
The job parameters.
This abstract class implements many basic API functions, and is the base of all API classes.
static dieDebug( $method, $message)
Internal code errors should be reported with this method.
requirePostedParameters( $params, $prefix='prefix')
Die if any of the specified parameters were found in the query part of the URL rather than the HTTP p...
addDeprecation( $msg, $feature, $data=[])
Add a deprecation warning for this module.
getResult()
Get the result object.
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
const PARAM_HELP_MSG
(string|array|Message) Specify an alternative i18n documentation message for this parameter.
getHookRunner()
Get an ApiHookRunner for running core API hooks.
lacksSameOriginSecurity()
Returns true if the current request breaks the same-origin policy.
Unit to authenticate log-in attempts to the current wiki.
getHelpUrls()
Return links to more detailed help pages about the module.
isWriteMode()
Indicates whether this module requires write mode.
getExtendedDescription()
Return the extended help text message.
isDeprecated()
Indicates whether this module is deprecated.
isReadMode()
Indicates whether this module requires read rights.
mustBePosted()
Indicates whether this module must be called with a POST request.
execute()
Executes the log-in attempt using the parameters passed.
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
getAuthenticationResponseLogData(AuthenticationResponse $response)
Turns an AuthenticationResponse into a hash suitable for passing to Logger.
__construct(ApiMain $main, $action, AuthManager $authManager)
getExamplesMessages()
Returns usage examples for this module.
This is the main API class, used for both external and internal processing.
A class containing constants representing the names of configuration variables.