MediaWiki  master
SpecialUserLogin.php
Go to the documentation of this file.
1 <?php
24 use MediaWiki\Auth\AuthManager;
25 use MediaWiki\Logger\LoggerFactory;
26 
32 class SpecialUserLogin extends LoginSignupSpecialPage {
33  protected static $allowedActions = [
34  AuthManager::ACTION_LOGIN,
35  AuthManager::ACTION_LOGIN_CONTINUE
36  ];
37 
38  protected static $messages = [
39  'authform-newtoken' => 'nocookiesforlogin',
40  'authform-notoken' => 'sessionfailure',
41  'authform-wrongtoken' => 'sessionfailure',
42  ];
43 
47  public function __construct( AuthManager $authManager ) {
48  parent::__construct( 'Userlogin' );
49  $this->setAuthManager( $authManager );
50  }
51 
52  public function doesWrites() {
53  return true;
54  }
55 
56  protected function getLoginSecurityLevel() {
57  return false;
58  }
59 
60  protected function getDefaultAction( $subPage ) {
61  return AuthManager::ACTION_LOGIN;
62  }
63 
64  public function getDescription() {
65  return $this->msg( 'login' )->text();
66  }
67 
68  public function setHeaders() {
69  // override the page title if we are doing a forced reauthentication
70  parent::setHeaders();
71  if ( $this->securityLevel && $this->getUser()->isRegistered() ) {
72  $this->getOutput()->setPageTitle( $this->msg( 'login-security' ) );
73  }
74  }
75 
76  protected function isSignup() {
77  return false;
78  }
79 
80  protected function beforeExecute( $subPage ) {
81  if ( $subPage === 'signup' || $this->getRequest()->getText( 'type' ) === 'signup' ) {
82  // B/C for old account creation URLs
83  $title = SpecialPage::getTitleFor( 'CreateAccount' );
84  $query = array_diff_key( $this->getRequest()->getValues(),
85  array_fill_keys( [ 'type', 'title' ], true ) );
86  $url = $title->getFullURL( $query, false, PROTO_CURRENT );
87  $this->getOutput()->redirect( $url );
88  return false;
89  }
90  return parent::beforeExecute( $subPage );
91  }
92 
104  protected function successfulAction( $direct = false, $extraMessages = null ) {
105  global $wgSecureLogin;
106 
107  $user = $this->targetUser ?: $this->getUser();
108  $session = $this->getRequest()->getSession();
109 
110  if ( $direct ) {
111  $user->touch();
112 
113  $this->clearToken();
114 
115  if ( $user->requiresHTTPS() ) {
116  $this->mStickHTTPS = true;
117  }
118  $session->setForceHTTPS( $wgSecureLogin && $this->mStickHTTPS );
119 
120  // If the user does not have a session cookie at this point, they probably need to
121  // do something to their browser.
122  if ( !$this->hasSessionCookie() ) {
123  $this->mainLoginForm( [ /*?*/ ], $session->getProvider()->whyNoSession() );
124  // TODO something more specific? This used to use nocookieslogin
125  return;
126  }
127  }
128 
129  # Run any hooks; display injected HTML if any, else redirect
130  $injected_html = '';
131  $this->getHookRunner()->onUserLoginComplete(
132  $user, $injected_html, $direct );
133 
134  if ( $injected_html !== '' || $extraMessages ) {
135  $this->showSuccessPage( 'success', $this->msg( 'loginsuccesstitle' ),
136  'loginsuccess', $injected_html, $extraMessages );
137  } else {
138  $helper = new LoginHelper( $this->getContext() );
139  $helper->showReturnToPage( 'successredirect', $this->mReturnTo, $this->mReturnToQuery,
140  $this->mStickHTTPS );
141  }
142  }
143 
144  protected function getToken() {
145  return $this->getRequest()->getSession()->getToken( '', 'login' );
146  }
147 
148  protected function clearToken() {
149  return $this->getRequest()->getSession()->resetToken( 'login' );
150  }
151 
152  protected function getTokenName() {
153  return 'wpLoginToken';
154  }
155 
156  protected function getGroupName() {
157  return 'login';
158  }
159 
160  protected function logAuthResult( $success, $status = null ) {
161  LoggerFactory::getInstance( 'authevents' )->info( 'Login attempt', [
162  'event' => 'login',
163  'successful' => $success,
164  'status' => $status,
165  ] );
166  }
167 }
SpecialPage\msg
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
Definition: SpecialPage.php:900
SpecialPage\getOutput
getOutput()
Get the OutputPage being used for this instance.
Definition: SpecialPage.php:788
SpecialUserLogin\getToken
getToken()
Returns the CSRF token.
Definition: SpecialUserLogin.php:144
SpecialUserLogin\getTokenName
getTokenName()
Returns the name of the CSRF token (under which it should be found in the POST or GET data).
Definition: SpecialUserLogin.php:152
LoginSignupSpecialPage\showSuccessPage
showSuccessPage( $type, $title, $msgname, $injected_html, $extraMessages)
Show the success page.
Definition: LoginSignupSpecialPage.php:441
SpecialUserLogin\beforeExecute
beforeExecute( $subPage)
Stable to override.
Definition: SpecialUserLogin.php:80
SpecialUserLogin\$allowedActions
static $allowedActions
Definition: SpecialUserLogin.php:33
SpecialPage\getTitleFor
static getTitleFor( $name, $subpage=false, $fragment='')
Get a localised Title object for a specified special page name If you don't need a full Title object,...
Definition: SpecialPage.php:106
$success
$success
Definition: NoLocalSettings.php:42
SpecialUserLogin\$messages
static $messages
Definition: SpecialUserLogin.php:38
SpecialUserLogin\setHeaders
setHeaders()
Sets headers - this should be called from the execute() method of all derived classes!...
Definition: SpecialUserLogin.php:68
SpecialUserLogin\logAuthResult
logAuthResult( $success, $status=null)
Logs to the authmanager-stats channel.
Definition: SpecialUserLogin.php:160
LoginHelper
Helper functions for the login form that need to be shared with other special pages (such as CentralA...
Definition: LoginHelper.php:10
SpecialUserLogin\getDescription
getDescription()
Returns the name that goes in the <h1> in the special page itself, and also the name that will be l...
Definition: SpecialUserLogin.php:64
SpecialUserLogin\successfulAction
successfulAction( $direct=false, $extraMessages=null)
Run any hooks registered for logins, then HTTP redirect to $this->mReturnTo (or Main Page if that's u...
Definition: SpecialUserLogin.php:104
SpecialPage\$authManager
AuthManager null $authManager
Definition: SpecialPage.php:87
AuthManagerSpecialPage\$subPage
string $subPage
Subpage of the special page.
Definition: AuthManagerSpecialPage.php:39
SpecialPage\getHookRunner
getHookRunner()
Definition: SpecialPage.php:1083
MediaWiki\Logger\LoggerFactory
PSR-3 logger instance factory.
Definition: LoggerFactory.php:45
LoginSignupSpecialPage
Holds shared logic for login and account creation pages.
Definition: LoginSignupSpecialPage.php:38
SpecialPage\setAuthManager
setAuthManager(AuthManager $authManager)
Set the injected AuthManager from the special page constructor.
Definition: SpecialPage.php:508
SpecialUserLogin\getDefaultAction
getDefaultAction( $subPage)
Get the default action for this special page, if none is given via URL/POST data.
Definition: SpecialUserLogin.php:60
LoginSignupSpecialPage\mainLoginForm
mainLoginForm(array $requests, $msg='', $msgtype='error')
Definition: LoginSignupSpecialPage.php:520
$title
$title
Definition: testCompression.php:38
SpecialPage\getUser
getUser()
Shortcut to get the User executing this instance.
Definition: SpecialPage.php:798
LoginSignupSpecialPage\hasSessionCookie
hasSessionCookie()
Check if a session cookie is present.
Definition: LoginSignupSpecialPage.php:1073
SpecialPage\getContext
getContext()
Gets the context this SpecialPage is executed in.
Definition: SpecialPage.php:762
SpecialUserLogin\getGroupName
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
Definition: SpecialUserLogin.php:156
PROTO_CURRENT
const PROTO_CURRENT
Definition: Defines.php:206
SpecialUserLogin\doesWrites
doesWrites()
Indicates whether this special page may perform database writes.
Definition: SpecialUserLogin.php:52
SpecialUserLogin\getLoginSecurityLevel
getLoginSecurityLevel()
Stable to override.
Definition: SpecialUserLogin.php:56
SpecialUserLogin\isSignup
isSignup()
Definition: SpecialUserLogin.php:76
MediaWiki\Auth\AuthManager
This serves as the entry point to the authentication system.
Definition: AuthManager.php:93
SpecialUserLogin\__construct
__construct(AuthManager $authManager)
Definition: SpecialUserLogin.php:47
SpecialUserLogin\clearToken
clearToken()
Definition: SpecialUserLogin.php:148
AuthManagerSpecialPage\getRequest
getRequest()
Get the WebRequest being used for this instance.
Definition: AuthManagerSpecialPage.php:72
SpecialUserLogin
Implements Special:UserLogin.
Definition: SpecialUserLogin.php:32
$wgSecureLogin
$wgSecureLogin
This is to let user authenticate using https when they come from http.
Definition: DefaultSettings.php:5447