MediaWiki master
SpecialUserLogin.php
Go to the documentation of this file.
1<?php
21namespace MediaWiki\Specials;
22
23use LoginHelper;
31use StatusValue;
32
41 protected static $allowedActions = [
42 AuthManager::ACTION_LOGIN,
43 AuthManager::ACTION_LOGIN_CONTINUE
44 ];
45
47 protected static $messages = [
48 'authform-newtoken' => 'nocookiesforlogin',
49 'authform-notoken' => 'sessionfailure',
50 'authform-wrongtoken' => 'sessionfailure',
51 ];
52
53 private UserIdentityUtils $identityUtils;
54
55 public function __construct( AuthManager $authManager, UserIdentityUtils $identityUtils ) {
56 parent::__construct( 'Userlogin' );
57 $this->setAuthManager( $authManager );
58 $this->identityUtils = $identityUtils;
59 }
60
61 public function doesWrites() {
62 return true;
63 }
64
65 public function isListed() {
66 return $this->getAuthManager()->canAuthenticateNow();
67 }
68
69 protected function getLoginSecurityLevel() {
70 return false;
71 }
72
73 protected function getDefaultAction( $subPage ) {
74 return AuthManager::ACTION_LOGIN;
75 }
76
77 public function getDescription() {
78 return $this->msg( 'login' );
79 }
80
81 public function setHeaders() {
82 // override the page title if we are doing a forced reauthentication
83 parent::setHeaders();
84 if ( $this->securityLevel && $this->getUser()->isRegistered() ) {
85 $this->getOutput()->setPageTitleMsg( $this->msg( 'login-security' ) );
86 }
87 }
88
89 protected function isSignup() {
90 return false;
91 }
92
93 protected function beforeExecute( $subPage ) {
94 if ( $subPage === 'signup' || $this->getRequest()->getText( 'type' ) === 'signup' ) {
95 // B/C for old account creation URLs
96 $title = SpecialPage::getTitleFor( 'CreateAccount' );
97 $query = array_diff_key( $this->getRequest()->getQueryValues(),
98 array_fill_keys( [ 'type', 'title' ], true ) );
99 $url = $title->getFullURL( $query, false, PROTO_CURRENT );
100 $this->getOutput()->redirect( $url );
101 return false;
102 }
103 return parent::beforeExecute( $subPage );
104 }
105
117 protected function successfulAction( $direct = false, $extraMessages = null ) {
118 $secureLogin = $this->getConfig()->get( MainConfigNames::SecureLogin );
119
120 $user = $this->targetUser ?: $this->getUser();
121 $session = $this->getRequest()->getSession();
122
123 $injected_html = '';
124 if ( $direct ) {
125 $user->touch();
126
127 $this->clearToken();
128
129 if ( $user->requiresHTTPS() ) {
130 $this->mStickHTTPS = true;
131 }
132 $session->setForceHTTPS( $secureLogin && $this->mStickHTTPS );
133
134 // If the user does not have a session cookie at this point, they probably need to
135 // do something to their browser.
136 if ( !$this->hasSessionCookie() ) {
137 $this->mainLoginForm( [ /*?*/ ], $session->getProvider()->whyNoSession() );
138 // TODO something more specific? This used to use nocookieslogin
139 return;
140 }
141
142 # Run any hooks; display injected HTML if any, else redirect
143 $this->getHookRunner()->onUserLoginComplete(
144 $user, $injected_html, $direct );
145 }
146
147 if ( $injected_html !== '' || $extraMessages ) {
148 $this->showSuccessPage( 'success', $this->msg( 'loginsuccesstitle' ),
149 'loginsuccess', $injected_html, $extraMessages );
150 } else {
151 $helper = new LoginHelper( $this->getContext() );
152 $helper->showReturnToPage( 'successredirect', $this->mReturnTo, $this->mReturnToQuery,
153 $this->mStickHTTPS, $this->mReturnToAnchor );
154 }
155 }
156
157 protected function getToken() {
158 return $this->getRequest()->getSession()->getToken( '', 'login' );
159 }
160
161 protected function clearToken() {
162 $this->getRequest()->getSession()->resetToken( 'login' );
163 }
164
165 protected function getTokenName() {
166 return 'wpLoginToken';
167 }
168
169 protected function getGroupName() {
170 return 'login';
171 }
172
173 protected function logAuthResult( $success, UserIdentity $performer, $status = null ) {
174 LoggerFactory::getInstance( 'authevents' )->info( 'Login attempt', [
175 'event' => 'login',
176 'successful' => $success,
177 'accountType' => $this->identityUtils->getShortUserTypeInternal( $performer ),
178 'status' => strval( $status ),
179 ] );
180 }
181}
182
187class_alias( SpecialUserLogin::class, 'SpecialUserLogin' );
const PROTO_CURRENT
Definition Defines.php:236
Helper functions for the login form that need to be shared with other special pages (such as CentralA...
This serves as the entry point to the authentication system.
Create PSR-3 logger objects.
A class containing constants representing the names of configuration variables.
const SecureLogin
Name constant for the SecureLogin setting, for use with Config::get()
getRequest()
Get the WebRequest being used for this instance.
Holds shared logic for login and account creation pages.
showSuccessPage( $type, $title, $msgname, $injected_html, $extraMessages)
Show the success page.
mainLoginForm(array $requests, $msg='', $msgtype='error')
hasSessionCookie()
Check if a session cookie is present.
Parent class for all special pages.
static getTitleFor( $name, $subpage=false, $fragment='')
Get a localised Title object for a specified special page name If you don't need a full Title object,...
getUser()
Shortcut to get the User executing this instance.
setAuthManager(AuthManager $authManager)
Set the injected AuthManager from the special page constructor.
getConfig()
Shortcut to get main config object.
getContext()
Gets the context this SpecialPage is executed in.
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
getOutput()
Get the OutputPage being used for this instance.
Implements Special:UserLogin.
beforeExecute( $subPage)
Gets called before.SpecialPage::execute. Return false to prevent calling execute() (since 1....
isListed()
Whether this special page is listed in Special:SpecialPages.
getTokenName()
Returns the name of the CSRF token (under which it should be found in the POST or GET data).
successfulAction( $direct=false, $extraMessages=null)
Run any hooks registered for logins, then HTTP redirect to $this->mReturnTo (or Main Page if that's u...
doesWrites()
Indicates whether POST requests to this special page require write access to the wiki.
setHeaders()
Sets headers - this should be called from the execute() method of all derived classes!
logAuthResult( $success, UserIdentity $performer, $status=null)
Logs to the authmanager-stats channel.
getDescription()
Returns the name that goes in the <h1> in the special page itself, and also the name that will be l...
__construct(AuthManager $authManager, UserIdentityUtils $identityUtils)
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
getDefaultAction( $subPage)
Get the default action for this special page if none is given via URL/POST data.
Convenience functions for interpreting UserIdentity objects using additional services or config.
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Interface for objects representing user identity.