MediaWiki  master
ApiLogin.php
Go to the documentation of this file.
1 <?php
29 
35 class ApiLogin extends ApiBase {
36 
37  public function __construct( ApiMain $main, $action ) {
38  parent::__construct( $main, $action, 'lg' );
39  }
40 
41  protected function getExtendedDescription() {
42  if ( $this->getConfig()->get( 'EnableBotPasswords' ) ) {
43  return 'apihelp-login-extended-description';
44  } else {
45  return 'apihelp-login-extended-description-nobotpasswords';
46  }
47  }
48 
54  private function formatMessage( $message ) {
55  $message = Message::newFromSpecifier( $message );
56  $errorFormatter = $this->getErrorFormatter();
57  if ( $errorFormatter instanceof ApiErrorFormatter_BackCompat ) {
59  $message->useDatabase( false )->inLanguage( 'en' )->text()
60  );
61  } else {
62  return $errorFormatter->formatMessage( $message );
63  }
64  }
65 
75  public function execute() {
76  // If we're in a mode that breaks the same-origin policy, no tokens can
77  // be obtained
78  if ( $this->lacksSameOriginSecurity() ) {
79  $this->getResult()->addValue( null, 'login', [
80  'result' => 'Aborted',
81  'reason' => $this->formatMessage( 'api-login-fail-sameorigin' ),
82  ] );
83 
84  return;
85  }
86 
87  $this->requirePostedParameters( [ 'password', 'token' ] );
88 
89  $params = $this->extractRequestParams();
90 
91  $result = [];
92 
93  // Make sure session is persisted
95  $session->persist();
96 
97  // Make sure it's possible to log in
98  if ( !$session->canSetUser() ) {
99  $this->getResult()->addValue( null, 'login', [
100  'result' => 'Aborted',
101  'reason' => $this->formatMessage( [
102  'api-login-fail-badsessionprovider',
103  $session->getProvider()->describe( $this->getErrorFormatter()->getLanguage() ),
104  ] )
105  ] );
106 
107  return;
108  }
109 
110  $authRes = false;
111  $loginType = 'N/A';
112 
113  // Check login token
114  $token = $session->getToken( '', 'login' );
115  if ( !$params['token'] ) {
116  $authRes = 'NeedToken';
117  } elseif ( $token->wasNew() ) {
118  $authRes = 'Failed';
119  $message = ApiMessage::create( 'authpage-cannot-login-continue', 'sessionlost' );
120  } elseif ( !$token->match( $params['token'] ) ) {
121  $authRes = 'WrongToken';
122  }
123 
124  // Try bot passwords
125  if (
126  $authRes === false && $this->getConfig()->get( 'EnableBotPasswords' ) &&
127  ( $botLoginData = BotPassword::canonicalizeLoginData( $params['name'], $params['password'] ) )
128  ) {
129  $status = BotPassword::login(
130  $botLoginData[0], $botLoginData[1], $this->getRequest()
131  );
132  if ( $status->isOK() ) {
133  $session = $status->getValue();
134  $authRes = 'Success';
135  $loginType = 'BotPassword';
136  } elseif (
137  $status->hasMessage( 'login-throttled' ) ||
138  $status->hasMessage( 'botpasswords-needs-reset' ) ||
139  $status->hasMessage( 'botpasswords-locked' )
140  ) {
141  $authRes = 'Failed';
142  $message = $status->getMessage();
143  LoggerFactory::getInstance( 'authentication' )->info(
144  'BotPassword login failed: ' . $status->getWikiText( false, false, 'en' )
145  );
146  }
147  // For other errors, let's see if it's a valid non-bot login
148  }
149 
150  if ( $authRes === false ) {
151  // Simplified AuthManager login, for backwards compatibility
152  $manager = MediaWikiServices::getInstance()->getAuthManager();
153  $reqs = AuthenticationRequest::loadRequestsFromSubmission(
154  $manager->getAuthenticationRequests( AuthManager::ACTION_LOGIN, $this->getUser() ),
155  [
156  'username' => $params['name'],
157  'password' => $params['password'],
158  'domain' => $params['domain'],
159  'rememberMe' => true,
160  ]
161  );
162  $res = $manager->beginAuthentication( $reqs, 'null:' );
163  switch ( $res->status ) {
164  case AuthenticationResponse::PASS:
165  if ( $this->getConfig()->get( 'EnableBotPasswords' ) ) {
166  $this->addDeprecation( 'apiwarn-deprecation-login-botpw', 'main-account-login' );
167  } else {
168  $this->addDeprecation( 'apiwarn-deprecation-login-nobotpw', 'main-account-login' );
169  }
170  $authRes = 'Success';
171  $loginType = 'AuthManager';
172  break;
173 
174  case AuthenticationResponse::FAIL:
175  // Hope it's not a PreAuthenticationProvider that failed...
176  $authRes = 'Failed';
177  $message = $res->message;
179  ->info( __METHOD__ . ': Authentication failed: '
180  . $message->inLanguage( 'en' )->plain() );
181  break;
182 
183  default:
185  ->info( __METHOD__ . ': Authentication failed due to unsupported response type: '
186  . $res->status, $this->getAuthenticationResponseLogData( $res ) );
187  $authRes = 'Aborted';
188  break;
189  }
190  }
191 
192  $result['result'] = $authRes;
193  switch ( $authRes ) {
194  case 'Success':
195  $user = $session->getUser();
196 
198 
199  // Deprecated hook
200  $injected_html = '';
201  $this->getHookRunner()->onUserLoginComplete( $user, $injected_html, true );
202 
203  $result['lguserid'] = (int)$user->getId();
204  $result['lgusername'] = $user->getName();
205  break;
206 
207  case 'NeedToken':
208  $result['token'] = $token->toString();
209  $this->addDeprecation( 'apiwarn-deprecation-login-token', 'action=login&!lgtoken' );
210  break;
211 
212  case 'WrongToken':
213  break;
214 
215  case 'Failed':
216  $result['reason'] = $this->formatMessage( $message );
217  break;
218 
219  case 'Aborted':
220  $result['reason'] = $this->formatMessage(
221  $this->getConfig()->get( 'EnableBotPasswords' )
222  ? 'api-login-fail-aborted'
223  : 'api-login-fail-aborted-nobotpw'
224  );
225  break;
226 
227  // @codeCoverageIgnoreStart
228  // Unreachable
229  default:
230  ApiBase::dieDebug( __METHOD__, "Unhandled case value: {$authRes}" );
231  // @codeCoverageIgnoreEnd
232  }
233 
234  $this->getResult()->addValue( null, 'login', $result );
235 
236  LoggerFactory::getInstance( 'authevents' )->info( 'Login attempt', [
237  'event' => 'login',
238  'successful' => $authRes === 'Success',
239  'loginType' => $loginType,
240  'status' => $authRes,
241  ] );
242  }
243 
244  public function isDeprecated() {
245  return !$this->getConfig()->get( 'EnableBotPasswords' );
246  }
247 
248  public function mustBePosted() {
249  return true;
250  }
251 
252  public function isReadMode() {
253  return false;
254  }
255 
256  public function getAllowedParams() {
257  return [
258  'name' => null,
259  'password' => [
260  ApiBase::PARAM_TYPE => 'password',
261  ],
262  'domain' => null,
263  'token' => [
264  ApiBase::PARAM_TYPE => 'string',
265  ApiBase::PARAM_REQUIRED => false, // for BC
266  ApiBase::PARAM_SENSITIVE => true,
267  ApiBase::PARAM_HELP_MSG => [ 'api-help-param-token', 'login' ],
268  ],
269  ];
270  }
271 
272  protected function getExamplesMessages() {
273  return [
274  'action=login&lgname=user&lgpassword=password&lgtoken=123ABC'
275  => 'apihelp-login-example-login',
276  ];
277  }
278 
279  public function getHelpUrls() {
280  return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Login';
281  }
282 
289  $ret = [
290  'status' => $response->status,
291  ];
292  if ( $response->message ) {
293  $ret['responseMessage'] = $response->message->inLanguage( 'en' )->plain();
294  }
295  $reqs = [
296  'neededRequests' => $response->neededRequests,
297  'createRequest' => $response->createRequest,
298  'linkRequest' => $response->linkRequest,
299  ];
300  foreach ( $reqs as $k => $v ) {
301  if ( $v ) {
302  $v = is_array( $v ) ? $v : [ $v ];
303  $reqClasses = array_unique( array_map( 'get_class', $v ) );
304  sort( $reqClasses );
305  $ret[$k] = implode( ', ', $reqClasses );
306  }
307  }
308  return $ret;
309  }
310 }
ApiMain
This is the main API class, used for both external and internal processing.
Definition: ApiMain.php:47
ContextSource\getConfig
getConfig()
Definition: ContextSource.php:67
ApiLogin\isReadMode
isReadMode()
Indicates whether this module requires read rights Stable to override.
Definition: ApiLogin.php:252
Message\newFromSpecifier
static newFromSpecifier( $value)
Transform a MessageSpecifier or a primitive value used interchangeably with specifiers (a message key...
Definition: Message.php:436
ApiLogin\execute
execute()
Executes the log-in attempt using the parameters passed.
Definition: ApiLogin.php:75
ApiErrorFormatter_BackCompat
Format errors and warnings in the old style, for backwards compatibility.
Definition: ApiErrorFormatter_BackCompat.php:30
ApiBase\PARAM_REQUIRED
const PARAM_REQUIRED
(boolean) Inverse of IntegerDef::PARAM_IGNORE_RANGE
Definition: ApiBase.php:77
BotPassword\canonicalizeLoginData
static canonicalizeLoginData( $username, $password)
There are two ways to login with a bot password: "username@appId", "password" and "username",...
Definition: BotPassword.php:420
MediaWiki\MediaWikiServices
MediaWikiServices is the service locator for the application scope of MediaWiki.
Definition: MediaWikiServices.php:154
MediaWiki\Logger\LoggerFactory\getInstance
static getInstance( $channel)
Get a named logger instance from the currently configured logger factory.
Definition: LoggerFactory.php:92
ApiBase\PARAM_HELP_MSG
const PARAM_HELP_MSG
(string|array|Message) Specify an alternative i18n documentation message for this parameter.
Definition: ApiBase.php:107
ApiLogin\mustBePosted
mustBePosted()
Indicates whether this module must be called with a POST request Stable to override.
Definition: ApiLogin.php:248
ApiQueryInfo\resetTokenCache
static resetTokenCache()
Definition: ApiQueryInfo.php:126
ApiLogin\isDeprecated
isDeprecated()
Indicates whether this module is deprecated.
Definition: ApiLogin.php:244
ApiBase\PARAM_TYPE
const PARAM_TYPE
(boolean) Inverse of IntegerDef::PARAM_IGNORE_RANGE
Definition: ApiBase.php:71
ApiBase\getResult
getResult()
Get the result object.
Definition: ApiBase.php:565
ApiLogin\getExamplesMessages
getExamplesMessages()
Returns usage examples for this module.
Definition: ApiLogin.php:272
ContextSource\getRequest
getRequest()
Definition: ContextSource.php:76
$res
$res
Definition: testCompression.php:57
ApiBase\lacksSameOriginSecurity
lacksSameOriginSecurity()
Returns true if the current request breaks the same-origin policy.
Definition: ApiBase.php:493
ApiBase
This abstract class implements many basic API functions, and is the base of all API classes.
Definition: ApiBase.php:52
ApiBase\PARAM_SENSITIVE
const PARAM_SENSITIVE
(boolean) Inverse of IntegerDef::PARAM_IGNORE_RANGE
Definition: ApiBase.php:82
ApiLogin\getHelpUrls
getHelpUrls()
Return links to more detailed help pages about the module.
Definition: ApiLogin.php:279
MediaWiki\Logger\LoggerFactory
PSR-3 logger instance factory.
Definition: LoggerFactory.php:45
ApiErrorFormatter\stripMarkup
static stripMarkup( $text)
Turn wikitext into something resembling plaintext.
Definition: ApiErrorFormatter.php:291
MediaWiki\Auth\AuthenticationResponse
This is a value object to hold authentication response data.
Definition: AuthenticationResponse.php:37
ApiBase\extractRequestParams
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition: ApiBase.php:717
ApiMessage\create
static create( $msg, $code=null, array $data=null)
Create an IApiMessage for the message.
Definition: ApiMessage.php:42
ApiLogin\getAuthenticationResponseLogData
getAuthenticationResponseLogData(AuthenticationResponse $response)
Turns an AuthenticationResponse into a hash suitable for passing to Logger.
Definition: ApiLogin.php:288
MediaWiki\Session\SessionManager\getGlobalSession
static getGlobalSession()
Get the "global" session.
Definition: SessionManager.php:114
ApiLogin\getAllowedParams
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
Definition: ApiLogin.php:256
ApiBase\addDeprecation
addDeprecation( $msg, $feature, $data=[])
Add a deprecation warning for this module.
Definition: ApiBase.php:1315
ApiLogin\getExtendedDescription
getExtendedDescription()
Return the extended help text message.
Definition: ApiLogin.php:41
BotPassword\login
static login( $username, $password, WebRequest $request)
Try to log the user in.
Definition: BotPassword.php:446
MediaWiki\Auth\AuthManager
This serves as the entry point to the authentication system.
Definition: AuthManager.php:88
ApiLogin\formatMessage
formatMessage( $message)
Format a message for the response.
Definition: ApiLogin.php:54
ApiLogin
Unit to authenticate log-in attempts to the current wiki.
Definition: ApiLogin.php:35
ApiBase\getHookRunner
getHookRunner()
Get an ApiHookRunner for running core API hooks.
Definition: ApiBase.php:662
ApiLogin\__construct
__construct(ApiMain $main, $action)
Definition: ApiLogin.php:37
ApiBase\dieDebug
static dieDebug( $method, $message)
Internal code errors should be reported with this method.
Definition: ApiBase.php:1574
ApiBase\getErrorFormatter
getErrorFormatter()
Get the error formatter Stable to override.
Definition: ApiBase.php:580
ApiBase\requirePostedParameters
requirePostedParameters( $params, $prefix='prefix')
Die if any of the specified parameters were found in the query part of the URL rather than the post b...
Definition: ApiBase.php:941
MediaWiki\Auth\AuthenticationRequest
This is a value object for authentication requests.
Definition: AuthenticationRequest.php:38