MediaWiki master
SpecialUserLogin.php
Go to the documentation of this file.
1<?php
21namespace MediaWiki\Specials;
22
23use LoginHelper;
24use MediaWiki\Auth\AuthManager;
25use MediaWiki\Logger\LoggerFactory;
26use MediaWiki\MainConfigNames;
27use MediaWiki\SpecialPage\LoginSignupSpecialPage;
28use MediaWiki\SpecialPage\SpecialPage;
29use StatusValue;
30
37class SpecialUserLogin extends LoginSignupSpecialPage {
38 protected static $allowedActions = [
39 AuthManager::ACTION_LOGIN,
40 AuthManager::ACTION_LOGIN_CONTINUE
41 ];
42
43 protected static $messages = [
44 'authform-newtoken' => 'nocookiesforlogin',
45 'authform-notoken' => 'sessionfailure',
46 'authform-wrongtoken' => 'sessionfailure',
47 ];
48
52 public function __construct( AuthManager $authManager ) {
53 parent::__construct( 'Userlogin' );
54 $this->setAuthManager( $authManager );
55 }
56
57 public function doesWrites() {
58 return true;
59 }
60
61 public function isListed() {
62 return $this->getAuthManager()->canAuthenticateNow();
63 }
64
65 protected function getLoginSecurityLevel() {
66 return false;
67 }
68
69 protected function getDefaultAction( $subPage ) {
70 return AuthManager::ACTION_LOGIN;
71 }
72
73 public function getDescription() {
74 return $this->msg( 'login' );
75 }
76
77 public function setHeaders() {
78 // override the page title if we are doing a forced reauthentication
79 parent::setHeaders();
80 if ( $this->securityLevel && $this->getUser()->isRegistered() ) {
81 $this->getOutput()->setPageTitleMsg( $this->msg( 'login-security' ) );
82 }
83 }
84
85 protected function isSignup() {
86 return false;
87 }
88
89 protected function beforeExecute( $subPage ) {
90 if ( $subPage === 'signup' || $this->getRequest()->getText( 'type' ) === 'signup' ) {
91 // B/C for old account creation URLs
92 $title = SpecialPage::getTitleFor( 'CreateAccount' );
93 $query = array_diff_key( $this->getRequest()->getValues(),
94 array_fill_keys( [ 'type', 'title' ], true ) );
95 $url = $title->getFullURL( $query, false, PROTO_CURRENT );
96 $this->getOutput()->redirect( $url );
97 return false;
98 }
99 return parent::beforeExecute( $subPage );
100 }
101
113 protected function successfulAction( $direct = false, $extraMessages = null ) {
114 $secureLogin = $this->getConfig()->get( MainConfigNames::SecureLogin );
115
116 $user = $this->targetUser ?: $this->getUser();
117 $session = $this->getRequest()->getSession();
118
119 $injected_html = '';
120 if ( $direct ) {
121 $user->touch();
122
123 $this->clearToken();
124
125 if ( $user->requiresHTTPS() ) {
126 $this->mStickHTTPS = true;
127 }
128 $session->setForceHTTPS( $secureLogin && $this->mStickHTTPS );
129
130 // If the user does not have a session cookie at this point, they probably need to
131 // do something to their browser.
132 if ( !$this->hasSessionCookie() ) {
133 $this->mainLoginForm( [ /*?*/ ], $session->getProvider()->whyNoSession() );
134 // TODO something more specific? This used to use nocookieslogin
135 return;
136 }
137
138 # Run any hooks; display injected HTML if any, else redirect
139 $this->getHookRunner()->onUserLoginComplete(
140 $user, $injected_html, $direct );
141 }
142
143 if ( $injected_html !== '' || $extraMessages ) {
144 $this->showSuccessPage( 'success', $this->msg( 'loginsuccesstitle' ),
145 'loginsuccess', $injected_html, $extraMessages );
146 } else {
147 $helper = new LoginHelper( $this->getContext() );
148 $helper->showReturnToPage( 'successredirect', $this->mReturnTo, $this->mReturnToQuery,
149 $this->mStickHTTPS, $this->mReturnToAnchor );
150 }
151 }
152
153 protected function getToken() {
154 return $this->getRequest()->getSession()->getToken( '', 'login' );
155 }
156
157 protected function clearToken() {
158 $this->getRequest()->getSession()->resetToken( 'login' );
159 }
160
161 protected function getTokenName() {
162 return 'wpLoginToken';
163 }
164
165 protected function getGroupName() {
166 return 'login';
167 }
168
169 protected function logAuthResult( $success, $status = null ) {
170 LoggerFactory::getInstance( 'authevents' )->info( 'Login attempt', [
171 'event' => 'login',
172 'successful' => $success,
173 'status' => strval( $status ),
174 ] );
175 }
176}
177
182class_alias( SpecialUserLogin::class, 'SpecialUserLogin' );
PROTO_CURRENT
const PROTO_CURRENT
Definition Defines.php:209
LoginHelper
Helper functions for the login form that need to be shared with other special pages (such as CentralA...
Definition LoginHelper.php:16
MediaWiki\Auth\AuthManager
This serves as the entry point to the authentication system.
Definition AuthManager.php:113
MediaWiki\Logger\LoggerFactory
Create PSR-3 logger objects.
Definition LoggerFactory.php:45
MediaWiki\MainConfigNames
A class containing constants representing the names of configuration variables.
Definition MainConfigNames.php:22
MediaWiki\MainConfigNames\SecureLogin
const SecureLogin
Name constant for the SecureLogin setting, for use with Config::get()
Definition MainConfigNames.php:2661
MediaWiki\SpecialPage\AuthManagerSpecialPage\getRequest
getRequest()
Get the WebRequest being used for this instance.
Definition AuthManagerSpecialPage.php:89
MediaWiki\SpecialPage\LoginSignupSpecialPage
Holds shared logic for login and account creation pages.
Definition LoginSignupSpecialPage.php:61
MediaWiki\SpecialPage\LoginSignupSpecialPage\showSuccessPage
showSuccessPage( $type, $title, $msgname, $injected_html, $extraMessages)
Show the success page.
Definition LoginSignupSpecialPage.php:510
MediaWiki\SpecialPage\LoginSignupSpecialPage\mainLoginForm
mainLoginForm(array $requests, $msg='', $msgtype='error')
Definition LoginSignupSpecialPage.php:549
MediaWiki\SpecialPage\LoginSignupSpecialPage\hasSessionCookie
hasSessionCookie()
Check if a session cookie is present.
Definition LoginSignupSpecialPage.php:1181
MediaWiki\SpecialPage\SpecialPage
Parent class for all special pages.
Definition SpecialPage.php:66
MediaWiki\SpecialPage\SpecialPage\getTitleFor
static getTitleFor( $name, $subpage=false, $fragment='')
Get a localised Title object for a specified special page name If you don't need a full Title object,...
Definition SpecialPage.php:154
MediaWiki\SpecialPage\SpecialPage\getUser
getUser()
Shortcut to get the User executing this instance.
Definition SpecialPage.php:892
MediaWiki\SpecialPage\SpecialPage\setAuthManager
setAuthManager(AuthManager $authManager)
Set the injected AuthManager from the special page constructor.
Definition SpecialPage.php:572
MediaWiki\SpecialPage\SpecialPage\getConfig
getConfig()
Shortcut to get main config object.
Definition SpecialPage.php:957
MediaWiki\SpecialPage\SpecialPage\getContext
getContext()
Gets the context this SpecialPage is executed in.
Definition SpecialPage.php:856
MediaWiki\SpecialPage\SpecialPage\msg
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
Definition SpecialPage.php:991
MediaWiki\SpecialPage\SpecialPage\getOutput
getOutput()
Get the OutputPage being used for this instance.
Definition SpecialPage.php:882
MediaWiki\Specials\SpecialUserLogin
Implements Special:UserLogin.
Definition SpecialUserLogin.php:37
MediaWiki\Specials\SpecialUserLogin\__construct
__construct(AuthManager $authManager)
Definition SpecialUserLogin.php:52
MediaWiki\Specials\SpecialUserLogin\isListed
isListed()
Whether this special page is listed in Special:SpecialPages.
Definition SpecialUserLogin.php:61
MediaWiki\Specials\SpecialUserLogin\getTokenName
getTokenName()
Returns the name of the CSRF token (under which it should be found in the POST or GET data).
Definition SpecialUserLogin.php:161
MediaWiki\Specials\SpecialUserLogin\successfulAction
successfulAction( $direct=false, $extraMessages=null)
Run any hooks registered for logins, then HTTP redirect to $this->mReturnTo (or Main Page if that's u...
Definition SpecialUserLogin.php:113
MediaWiki\Specials\SpecialUserLogin\doesWrites
doesWrites()
Indicates whether this special page may perform database writes.
Definition SpecialUserLogin.php:57
MediaWiki\Specials\SpecialUserLogin\setHeaders
setHeaders()
Sets headers - this should be called from the execute() method of all derived classes!
Definition SpecialUserLogin.php:77
MediaWiki\Specials\SpecialUserLogin\getDescription
getDescription()
Returns the name that goes in the <h1> in the special page itself, and also the name that will be l...
Definition SpecialUserLogin.php:73
MediaWiki\Specials\SpecialUserLogin\getGroupName
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
Definition SpecialUserLogin.php:165
MediaWiki\Specials\SpecialUserLogin\logAuthResult
logAuthResult( $success, $status=null)
Logs to the authmanager-stats channel.
Definition SpecialUserLogin.php:169
MediaWiki\Specials\SpecialUserLogin\getDefaultAction
getDefaultAction( $subPage)
Get the default action for this special page if none is given via URL/POST data.
Definition SpecialUserLogin.php:69
StatusValue
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition StatusValue.php:49
$url
$url
Definition opensearch_desc.php:37