MediaWiki master
SpecialUserLogin.php
Go to the documentation of this file.
1<?php
24namespace MediaWiki\Specials;
25
26use LoginHelper;
27use MediaWiki\Auth\AuthManager;
28use MediaWiki\Logger\LoggerFactory;
29use MediaWiki\MainConfigNames;
30use MediaWiki\SpecialPage\LoginSignupSpecialPage;
31use MediaWiki\SpecialPage\SpecialPage;
32use StatusValue;
33
39class SpecialUserLogin extends LoginSignupSpecialPage {
40 protected static $allowedActions = [
41 AuthManager::ACTION_LOGIN,
42 AuthManager::ACTION_LOGIN_CONTINUE
43 ];
44
45 protected static $messages = [
46 'authform-newtoken' => 'nocookiesforlogin',
47 'authform-notoken' => 'sessionfailure',
48 'authform-wrongtoken' => 'sessionfailure',
49 ];
50
54 public function __construct( AuthManager $authManager ) {
55 parent::__construct( 'Userlogin' );
56 $this->setAuthManager( $authManager );
57 }
58
59 public function doesWrites() {
60 return true;
61 }
62
63 public function isListed() {
64 return $this->getAuthManager()->canAuthenticateNow();
65 }
66
67 protected function getLoginSecurityLevel() {
68 return false;
69 }
70
71 protected function getDefaultAction( $subPage ) {
72 return AuthManager::ACTION_LOGIN;
73 }
74
75 public function getDescription() {
76 return $this->msg( 'login' );
77 }
78
79 public function setHeaders() {
80 // override the page title if we are doing a forced reauthentication
81 parent::setHeaders();
82 if ( $this->securityLevel && $this->getUser()->isRegistered() ) {
83 $this->getOutput()->setPageTitleMsg( $this->msg( 'login-security' ) );
84 }
85 }
86
87 protected function isSignup() {
88 return false;
89 }
90
91 protected function beforeExecute( $subPage ) {
92 if ( $subPage === 'signup' || $this->getRequest()->getText( 'type' ) === 'signup' ) {
93 // B/C for old account creation URLs
94 $title = SpecialPage::getTitleFor( 'CreateAccount' );
95 $query = array_diff_key( $this->getRequest()->getValues(),
96 array_fill_keys( [ 'type', 'title' ], true ) );
97 $url = $title->getFullURL( $query, false, PROTO_CURRENT );
98 $this->getOutput()->redirect( $url );
99 return false;
100 }
101 return parent::beforeExecute( $subPage );
102 }
103
115 protected function successfulAction( $direct = false, $extraMessages = null ) {
116 $secureLogin = $this->getConfig()->get( MainConfigNames::SecureLogin );
117
118 $user = $this->targetUser ?: $this->getUser();
119 $session = $this->getRequest()->getSession();
120
121 $injected_html = '';
122 if ( $direct ) {
123 $user->touch();
124
125 $this->clearToken();
126
127 if ( $user->requiresHTTPS() ) {
128 $this->mStickHTTPS = true;
129 }
130 $session->setForceHTTPS( $secureLogin && $this->mStickHTTPS );
131
132 // If the user does not have a session cookie at this point, they probably need to
133 // do something to their browser.
134 if ( !$this->hasSessionCookie() ) {
135 $this->mainLoginForm( [ /*?*/ ], $session->getProvider()->whyNoSession() );
136 // TODO something more specific? This used to use nocookieslogin
137 return;
138 }
139
140 # Run any hooks; display injected HTML if any, else redirect
141 $this->getHookRunner()->onUserLoginComplete(
142 $user, $injected_html, $direct );
143 }
144
145 if ( $injected_html !== '' || $extraMessages ) {
146 $this->showSuccessPage( 'success', $this->msg( 'loginsuccesstitle' ),
147 'loginsuccess', $injected_html, $extraMessages );
148 } else {
149 $helper = new LoginHelper( $this->getContext() );
150 $helper->showReturnToPage( 'successredirect', $this->mReturnTo, $this->mReturnToQuery,
151 $this->mStickHTTPS );
152 }
153 }
154
155 protected function getToken() {
156 return $this->getRequest()->getSession()->getToken( '', 'login' );
157 }
158
159 protected function clearToken() {
160 $this->getRequest()->getSession()->resetToken( 'login' );
161 }
162
163 protected function getTokenName() {
164 return 'wpLoginToken';
165 }
166
167 protected function getGroupName() {
168 return 'login';
169 }
170
171 protected function logAuthResult( $success, $status = null ) {
172 LoggerFactory::getInstance( 'authevents' )->info( 'Login attempt', [
173 'event' => 'login',
174 'successful' => $success,
175 'status' => strval( $status ),
176 ] );
177 }
178}
179
184class_alias( SpecialUserLogin::class, 'SpecialUserLogin' );
PROTO_CURRENT
const PROTO_CURRENT
Definition Defines.php:196
LoginHelper
Helper functions for the login form that need to be shared with other special pages (such as CentralA...
Definition LoginHelper.php:14
MediaWiki\Auth\AuthManager
This serves as the entry point to the authentication system.
Definition AuthManager.php:108
MediaWiki\Logger\LoggerFactory
Create PSR-3 logger objects.
Definition LoggerFactory.php:45
MediaWiki\MainConfigNames
A class containing constants representing the names of configuration variables.
Definition MainConfigNames.php:22
MediaWiki\MainConfigNames\SecureLogin
const SecureLogin
Name constant for the SecureLogin setting, for use with Config::get()
Definition MainConfigNames.php:2705
MediaWiki\SpecialPage\AuthManagerSpecialPage\getRequest
getRequest()
Get the WebRequest being used for this instance.
Definition AuthManagerSpecialPage.php:87
MediaWiki\SpecialPage\LoginSignupSpecialPage
Holds shared logic for login and account creation pages.
Definition LoginSignupSpecialPage.php:62
MediaWiki\SpecialPage\LoginSignupSpecialPage\showSuccessPage
showSuccessPage( $type, $title, $msgname, $injected_html, $extraMessages)
Show the success page.
Definition LoginSignupSpecialPage.php:458
MediaWiki\SpecialPage\LoginSignupSpecialPage\mainLoginForm
mainLoginForm(array $requests, $msg='', $msgtype='error')
Definition LoginSignupSpecialPage.php:541
MediaWiki\SpecialPage\LoginSignupSpecialPage\hasSessionCookie
hasSessionCookie()
Check if a session cookie is present.
Definition LoginSignupSpecialPage.php:1193
MediaWiki\SpecialPage\SpecialPage
Parent class for all special pages.
Definition SpecialPage.php:65
MediaWiki\SpecialPage\SpecialPage\getTitleFor
static getTitleFor( $name, $subpage=false, $fragment='')
Get a localised Title object for a specified special page name If you don't need a full Title object,...
Definition SpecialPage.php:153
MediaWiki\SpecialPage\SpecialPage\getUser
getUser()
Shortcut to get the User executing this instance.
Definition SpecialPage.php:900
MediaWiki\SpecialPage\SpecialPage\setAuthManager
setAuthManager(AuthManager $authManager)
Set the injected AuthManager from the special page constructor.
Definition SpecialPage.php:574
MediaWiki\SpecialPage\SpecialPage\getConfig
getConfig()
Shortcut to get main config object.
Definition SpecialPage.php:965
MediaWiki\SpecialPage\SpecialPage\getContext
getContext()
Gets the context this SpecialPage is executed in.
Definition SpecialPage.php:864
MediaWiki\SpecialPage\SpecialPage\msg
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
Definition SpecialPage.php:999
MediaWiki\SpecialPage\SpecialPage\getOutput
getOutput()
Get the OutputPage being used for this instance.
Definition SpecialPage.php:890
MediaWiki\Specials\SpecialUserLogin
Implements Special:UserLogin.
Definition SpecialUserLogin.php:39
MediaWiki\Specials\SpecialUserLogin\__construct
__construct(AuthManager $authManager)
Definition SpecialUserLogin.php:54
MediaWiki\Specials\SpecialUserLogin\isListed
isListed()
Whether this special page is listed in Special:SpecialPages.
Definition SpecialUserLogin.php:63
MediaWiki\Specials\SpecialUserLogin\getTokenName
getTokenName()
Returns the name of the CSRF token (under which it should be found in the POST or GET data).
Definition SpecialUserLogin.php:163
MediaWiki\Specials\SpecialUserLogin\successfulAction
successfulAction( $direct=false, $extraMessages=null)
Run any hooks registered for logins, then HTTP redirect to $this->mReturnTo (or Main Page if that's u...
Definition SpecialUserLogin.php:115
MediaWiki\Specials\SpecialUserLogin\doesWrites
doesWrites()
Indicates whether this special page may perform database writes.
Definition SpecialUserLogin.php:59
MediaWiki\Specials\SpecialUserLogin\setHeaders
setHeaders()
Sets headers - this should be called from the execute() method of all derived classes!
Definition SpecialUserLogin.php:79
MediaWiki\Specials\SpecialUserLogin\getDescription
getDescription()
Returns the name that goes in the <h1> in the special page itself, and also the name that will be l...
Definition SpecialUserLogin.php:75
MediaWiki\Specials\SpecialUserLogin\getGroupName
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
Definition SpecialUserLogin.php:167
MediaWiki\Specials\SpecialUserLogin\logAuthResult
logAuthResult( $success, $status=null)
Logs to the authmanager-stats channel.
Definition SpecialUserLogin.php:171
MediaWiki\Specials\SpecialUserLogin\getDefaultAction
getDefaultAction( $subPage)
Get the default action for this special page, if none is given via URL/POST data.
Definition SpecialUserLogin.php:71
StatusValue
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition StatusValue.php:46
MediaWiki\Specials
This program is free software; you can redistribute it and/or modify it under the terms of the GNU Ge...