MediaWiki master
SpecialUserLogin.php
Go to the documentation of this file.
1<?php
21namespace MediaWiki\Specials;
22
23use LoginHelper;
29use StatusValue;
30
38 protected static $allowedActions = [
39 AuthManager::ACTION_LOGIN,
40 AuthManager::ACTION_LOGIN_CONTINUE
41 ];
42
43 protected static $messages = [
44 'authform-newtoken' => 'nocookiesforlogin',
45 'authform-notoken' => 'sessionfailure',
46 'authform-wrongtoken' => 'sessionfailure',
47 ];
48
52 public function __construct( AuthManager $authManager ) {
53 parent::__construct( 'Userlogin' );
54 $this->setAuthManager( $authManager );
55 }
56
57 public function doesWrites() {
58 return true;
59 }
60
61 public function isListed() {
62 return $this->getAuthManager()->canAuthenticateNow();
63 }
64
65 protected function getLoginSecurityLevel() {
66 return false;
67 }
68
69 protected function getDefaultAction( $subPage ) {
70 return AuthManager::ACTION_LOGIN;
71 }
72
73 public function getDescription() {
74 return $this->msg( 'login' );
75 }
76
77 public function setHeaders() {
78 // override the page title if we are doing a forced reauthentication
79 parent::setHeaders();
80 if ( $this->securityLevel && $this->getUser()->isRegistered() ) {
81 $this->getOutput()->setPageTitleMsg( $this->msg( 'login-security' ) );
82 }
83 }
84
85 protected function isSignup() {
86 return false;
87 }
88
89 protected function beforeExecute( $subPage ) {
90 if ( $subPage === 'signup' || $this->getRequest()->getText( 'type' ) === 'signup' ) {
91 // B/C for old account creation URLs
92 $title = SpecialPage::getTitleFor( 'CreateAccount' );
93 $query = array_diff_key( $this->getRequest()->getValues(),
94 array_fill_keys( [ 'type', 'title' ], true ) );
95 $url = $title->getFullURL( $query, false, PROTO_CURRENT );
96 $this->getOutput()->redirect( $url );
97 return false;
98 }
99 return parent::beforeExecute( $subPage );
100 }
101
113 protected function successfulAction( $direct = false, $extraMessages = null ) {
114 $secureLogin = $this->getConfig()->get( MainConfigNames::SecureLogin );
115
116 $user = $this->targetUser ?: $this->getUser();
117 $session = $this->getRequest()->getSession();
118
119 $injected_html = '';
120 if ( $direct ) {
121 $user->touch();
122
123 $this->clearToken();
124
125 if ( $user->requiresHTTPS() ) {
126 $this->mStickHTTPS = true;
127 }
128 $session->setForceHTTPS( $secureLogin && $this->mStickHTTPS );
129
130 // If the user does not have a session cookie at this point, they probably need to
131 // do something to their browser.
132 if ( !$this->hasSessionCookie() ) {
133 $this->mainLoginForm( [ /*?*/ ], $session->getProvider()->whyNoSession() );
134 // TODO something more specific? This used to use nocookieslogin
135 return;
136 }
137
138 # Run any hooks; display injected HTML if any, else redirect
139 $this->getHookRunner()->onUserLoginComplete(
140 $user, $injected_html, $direct );
141 }
142
143 if ( $injected_html !== '' || $extraMessages ) {
144 $this->showSuccessPage( 'success', $this->msg( 'loginsuccesstitle' ),
145 'loginsuccess', $injected_html, $extraMessages );
146 } else {
147 $helper = new LoginHelper( $this->getContext() );
148 $helper->showReturnToPage( 'successredirect', $this->mReturnTo, $this->mReturnToQuery,
149 $this->mStickHTTPS );
150 }
151 }
152
153 protected function getToken() {
154 return $this->getRequest()->getSession()->getToken( '', 'login' );
155 }
156
157 protected function clearToken() {
158 $this->getRequest()->getSession()->resetToken( 'login' );
159 }
160
161 protected function getTokenName() {
162 return 'wpLoginToken';
163 }
164
165 protected function getGroupName() {
166 return 'login';
167 }
168
169 protected function logAuthResult( $success, $status = null ) {
170 LoggerFactory::getInstance( 'authevents' )->info( 'Login attempt', [
171 'event' => 'login',
172 'successful' => $success,
173 'status' => strval( $status ),
174 ] );
175 }
176}
177
182class_alias( SpecialUserLogin::class, 'SpecialUserLogin' );
const PROTO_CURRENT
Definition Defines.php:208
Helper functions for the login form that need to be shared with other special pages (such as CentralA...
This serves as the entry point to the authentication system.
Create PSR-3 logger objects.
A class containing constants representing the names of configuration variables.
const SecureLogin
Name constant for the SecureLogin setting, for use with Config::get()
getRequest()
Get the WebRequest being used for this instance.
Holds shared logic for login and account creation pages.
showSuccessPage( $type, $title, $msgname, $injected_html, $extraMessages)
Show the success page.
mainLoginForm(array $requests, $msg='', $msgtype='error')
hasSessionCookie()
Check if a session cookie is present.
Parent class for all special pages.
static getTitleFor( $name, $subpage=false, $fragment='')
Get a localised Title object for a specified special page name If you don't need a full Title object,...
getUser()
Shortcut to get the User executing this instance.
setAuthManager(AuthManager $authManager)
Set the injected AuthManager from the special page constructor.
getConfig()
Shortcut to get main config object.
getContext()
Gets the context this SpecialPage is executed in.
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
getOutput()
Get the OutputPage being used for this instance.
Implements Special:UserLogin.
__construct(AuthManager $authManager)
isListed()
Whether this special page is listed in Special:SpecialPages.
getTokenName()
Returns the name of the CSRF token (under which it should be found in the POST or GET data).
successfulAction( $direct=false, $extraMessages=null)
Run any hooks registered for logins, then HTTP redirect to $this->mReturnTo (or Main Page if that's u...
doesWrites()
Indicates whether this special page may perform database writes.
setHeaders()
Sets headers - this should be called from the execute() method of all derived classes!
getDescription()
Returns the name that goes in the <h1> in the special page itself, and also the name that will be l...
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
logAuthResult( $success, $status=null)
Logs to the authmanager-stats channel.
getDefaultAction( $subPage)
Get the default action for this special page if none is given via URL/POST data.
Generic operation result class Has warning/error list, boolean status and arbitrary value.