MediaWiki master
SpecialUserLogin.php
Go to the documentation of this file.
1<?php
21namespace MediaWiki\Specials;
22
23use LoginHelper;
31use StatusValue;
32
41 protected static $allowedActions = [
42 AuthManager::ACTION_LOGIN,
43 AuthManager::ACTION_LOGIN_CONTINUE
44 ];
45
47 protected static $messages = [
48 'authform-newtoken' => 'nocookiesforlogin',
49 'authform-notoken' => 'sessionfailure',
50 'authform-wrongtoken' => 'sessionfailure',
51 ];
52
53 private UserIdentityUtils $identityUtils;
54
58 public function __construct( AuthManager $authManager, UserIdentityUtils $identityUtils ) {
59 parent::__construct( 'Userlogin' );
60 $this->setAuthManager( $authManager );
61 $this->identityUtils = $identityUtils;
62 }
63
64 public function doesWrites() {
65 return true;
66 }
67
68 public function isListed() {
69 return $this->getAuthManager()->canAuthenticateNow();
70 }
71
72 protected function getLoginSecurityLevel() {
73 return false;
74 }
75
76 protected function getDefaultAction( $subPage ) {
77 return AuthManager::ACTION_LOGIN;
78 }
79
80 public function getDescription() {
81 return $this->msg( 'login' );
82 }
83
84 public function setHeaders() {
85 // override the page title if we are doing a forced reauthentication
86 parent::setHeaders();
87 if ( $this->securityLevel && $this->getUser()->isRegistered() ) {
88 $this->getOutput()->setPageTitleMsg( $this->msg( 'login-security' ) );
89 }
90 }
91
92 protected function isSignup() {
93 return false;
94 }
95
96 protected function beforeExecute( $subPage ) {
97 if ( $subPage === 'signup' || $this->getRequest()->getText( 'type' ) === 'signup' ) {
98 // B/C for old account creation URLs
99 $title = SpecialPage::getTitleFor( 'CreateAccount' );
100 $query = array_diff_key( $this->getRequest()->getQueryValues(),
101 array_fill_keys( [ 'type', 'title' ], true ) );
102 $url = $title->getFullURL( $query, false, PROTO_CURRENT );
103 $this->getOutput()->redirect( $url );
104 return false;
105 }
106 return parent::beforeExecute( $subPage );
107 }
108
120 protected function successfulAction( $direct = false, $extraMessages = null ) {
121 $secureLogin = $this->getConfig()->get( MainConfigNames::SecureLogin );
122
123 $user = $this->targetUser ?: $this->getUser();
124 $session = $this->getRequest()->getSession();
125
126 $injected_html = '';
127 if ( $direct ) {
128 $user->touch();
129
130 $this->clearToken();
131
132 if ( $user->requiresHTTPS() ) {
133 $this->mStickHTTPS = true;
134 }
135 $session->setForceHTTPS( $secureLogin && $this->mStickHTTPS );
136
137 // If the user does not have a session cookie at this point, they probably need to
138 // do something to their browser.
139 if ( !$this->hasSessionCookie() ) {
140 $this->mainLoginForm( [ /*?*/ ], $session->getProvider()->whyNoSession() );
141 // TODO something more specific? This used to use nocookieslogin
142 return;
143 }
144
145 # Run any hooks; display injected HTML if any, else redirect
146 $this->getHookRunner()->onUserLoginComplete(
147 $user, $injected_html, $direct );
148 }
149
150 if ( $injected_html !== '' || $extraMessages ) {
151 $this->showSuccessPage( 'success', $this->msg( 'loginsuccesstitle' ),
152 'loginsuccess', $injected_html, $extraMessages );
153 } else {
154 $helper = new LoginHelper( $this->getContext() );
155 $helper->showReturnToPage( 'successredirect', $this->mReturnTo, $this->mReturnToQuery,
156 $this->mStickHTTPS, $this->mReturnToAnchor );
157 }
158 }
159
160 protected function getToken() {
161 return $this->getRequest()->getSession()->getToken( '', 'login' );
162 }
163
164 protected function clearToken() {
165 $this->getRequest()->getSession()->resetToken( 'login' );
166 }
167
168 protected function getTokenName() {
169 return 'wpLoginToken';
170 }
171
172 protected function getGroupName() {
173 return 'login';
174 }
175
176 protected function logAuthResult( $success, UserIdentity $performer, $status = null ) {
177 LoggerFactory::getInstance( 'authevents' )->info( 'Login attempt', [
178 'event' => 'login',
179 'successful' => $success,
180 'accountType' => $this->identityUtils->getShortUserTypeInternal( $performer ),
181 'status' => strval( $status ),
182 ] );
183 }
184}
185
190class_alias( SpecialUserLogin::class, 'SpecialUserLogin' );
const PROTO_CURRENT
Definition Defines.php:215
Helper functions for the login form that need to be shared with other special pages (such as CentralA...
This serves as the entry point to the authentication system.
Create PSR-3 logger objects.
A class containing constants representing the names of configuration variables.
const SecureLogin
Name constant for the SecureLogin setting, for use with Config::get()
getRequest()
Get the WebRequest being used for this instance.
Holds shared logic for login and account creation pages.
showSuccessPage( $type, $title, $msgname, $injected_html, $extraMessages)
Show the success page.
mainLoginForm(array $requests, $msg='', $msgtype='error')
hasSessionCookie()
Check if a session cookie is present.
Parent class for all special pages.
static getTitleFor( $name, $subpage=false, $fragment='')
Get a localised Title object for a specified special page name If you don't need a full Title object,...
getUser()
Shortcut to get the User executing this instance.
setAuthManager(AuthManager $authManager)
Set the injected AuthManager from the special page constructor.
getConfig()
Shortcut to get main config object.
getContext()
Gets the context this SpecialPage is executed in.
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
getOutput()
Get the OutputPage being used for this instance.
Implements Special:UserLogin.
isListed()
Whether this special page is listed in Special:SpecialPages.
getTokenName()
Returns the name of the CSRF token (under which it should be found in the POST or GET data).
successfulAction( $direct=false, $extraMessages=null)
Run any hooks registered for logins, then HTTP redirect to $this->mReturnTo (or Main Page if that's u...
doesWrites()
Indicates whether POST requests to this special page require write access to the wiki.
setHeaders()
Sets headers - this should be called from the execute() method of all derived classes!
logAuthResult( $success, UserIdentity $performer, $status=null)
Logs to the authmanager-stats channel.
getDescription()
Returns the name that goes in the <h1> in the special page itself, and also the name that will be l...
__construct(AuthManager $authManager, UserIdentityUtils $identityUtils)
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
getDefaultAction( $subPage)
Get the default action for this special page if none is given via URL/POST data.
Convenience functions for interpreting UserIdentity objects using additional services or config.
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Interface for objects representing user identity.