MediaWiki master
SpecialUserLogin.php
Go to the documentation of this file.
1<?php
7namespace MediaWiki\Specials;
8
9use LoginHelper;
10use MediaWiki\Auth\AuthManager;
11use MediaWiki\Logger\LoggerFactory;
12use MediaWiki\MainConfigNames;
13use MediaWiki\SpecialPage\LoginSignupSpecialPage;
14use MediaWiki\SpecialPage\SpecialPage;
15use MediaWiki\User\UserIdentity;
16use MediaWiki\User\UserIdentityUtils;
17use StatusValue;
18
25class SpecialUserLogin extends LoginSignupSpecialPage {
27 protected static $allowedActions = [
28 AuthManager::ACTION_LOGIN,
29 AuthManager::ACTION_LOGIN_CONTINUE
30 ];
31
33 protected static $messages = [
34 'authform-newtoken' => 'nocookiesforlogin',
35 'authform-notoken' => 'sessionfailure',
36 'authform-wrongtoken' => 'sessionfailure',
37 ];
38
39 private UserIdentityUtils $identityUtils;
40
41 public function __construct( AuthManager $authManager, UserIdentityUtils $identityUtils ) {
42 parent::__construct( 'Userlogin' );
43 $this->setAuthManager( $authManager );
44 $this->identityUtils = $identityUtils;
45 }
46
48 public function doesWrites() {
49 return true;
50 }
51
53 public function isListed() {
54 return $this->getAuthManager()->canAuthenticateNow();
55 }
56
58 protected function getLoginSecurityLevel() {
59 return false;
60 }
61
63 protected function getDefaultAction( $subPage ) {
64 return AuthManager::ACTION_LOGIN;
65 }
66
68 public function getDescription() {
69 return $this->msg( 'login' );
70 }
71
72 public function setHeaders() {
73 // override the page title if we are doing a forced reauthentication
74 parent::setHeaders();
75 if ( $this->securityLevel && $this->getUser()->isRegistered() ) {
76 $this->getOutput()->setPageTitleMsg( $this->msg( 'login-security' ) );
77 }
78 }
79
81 protected function isSignup() {
82 return false;
83 }
84
86 protected function beforeExecute( $subPage ) {
87 if ( $subPage === 'signup' || $this->getRequest()->getText( 'type' ) === 'signup' ) {
88 // B/C for old account creation URLs
89 $title = SpecialPage::getTitleFor( 'CreateAccount' );
90 $query = array_diff_key( $this->getRequest()->getQueryValues(),
91 array_fill_keys( [ 'type', 'title' ], true ) );
92 $url = $title->getFullURL( $query, false, PROTO_CURRENT );
93 $this->getOutput()->redirect( $url );
94 return false;
95 }
96 return parent::beforeExecute( $subPage );
97 }
98
110 protected function successfulAction( $direct = false, $extraMessages = null ) {
111 $secureLogin = $this->getConfig()->get( MainConfigNames::SecureLogin );
112
113 $user = $this->targetUser ?: $this->getUser();
114 $session = $this->getRequest()->getSession();
115
116 $injected_html = '';
117 if ( $direct ) {
118 $user->touch();
119 $user->debouncedDBTouch();
120
121 $this->clearToken();
122
123 if ( $user->requiresHTTPS() ) {
124 $this->mStickHTTPS = true;
125 }
126 $session->setForceHTTPS( $secureLogin && $this->mStickHTTPS );
127
128 # Run any hooks; display injected HTML if any, else redirect
129 $this->getHookRunner()->onUserLoginComplete(
130 $user, $injected_html, $direct );
131 }
132
133 if ( $injected_html !== '' || $extraMessages ) {
134 $this->showSuccessPage( 'success', $this->msg( 'loginsuccesstitle' ),
135 'loginsuccess', $injected_html, $extraMessages );
136 } else {
137 $helper = new LoginHelper( $this->getContext() );
138 $helper->showReturnToPage( 'successredirect', $this->mReturnTo, $this->mReturnToQuery,
139 $this->mStickHTTPS, $this->mReturnToAnchor );
140 }
141 }
142
144 protected function getToken() {
145 return $this->getRequest()->getSession()->getToken( '', 'login' );
146 }
147
148 protected function clearToken() {
149 $this->getRequest()->getSession()->resetToken( 'login' );
150 }
151
153 protected function getTokenName() {
154 return 'wpLoginToken';
155 }
156
158 protected function getGroupName() {
159 return 'login';
160 }
161
163 protected function logAuthResult( $success, UserIdentity $performer, $status = null ) {
164 LoggerFactory::getInstance( 'authevents' )->info( 'Login attempt', [
165 'event' => 'login',
166 'successful' => $success,
167 'accountType' => $this->identityUtils->getShortUserTypeInternal( $performer ),
168 'status' => strval( $status ),
169 ] );
170 }
171}
172
177class_alias( SpecialUserLogin::class, 'SpecialUserLogin' );
PROTO_CURRENT
const PROTO_CURRENT
Definition Defines.php:222
LoginHelper
Helper functions for the login form that need to be shared with other special pages (such as CentralA...
Definition LoginHelper.php:16
MediaWiki\Auth\AuthManager
AuthManager is the authentication system in MediaWiki and serves entry point for authentication.
Definition AuthManager.php:109
MediaWiki\Logger\LoggerFactory
Create PSR-3 logger objects.
Definition LoggerFactory.php:32
MediaWiki\MainConfigNames
A class containing constants representing the names of configuration variables.
Definition MainConfigNames.php:22
MediaWiki\MainConfigNames\SecureLogin
const SecureLogin
Name constant for the SecureLogin setting, for use with Config::get()
Definition MainConfigNames.php:2691
MediaWiki\SpecialPage\AuthManagerSpecialPage\getRequest
getRequest()
Get the WebRequest being used for this instance.WebRequest 1.18
Definition AuthManagerSpecialPage.php:96
MediaWiki\SpecialPage\LoginSignupSpecialPage
Holds shared logic for login and account creation pages.
Definition LoginSignupSpecialPage.php:47
MediaWiki\SpecialPage\LoginSignupSpecialPage\showSuccessPage
showSuccessPage( $type, $title, $msgname, $injected_html, $extraMessages)
Show the success page.
Definition LoginSignupSpecialPage.php:522
MediaWiki\SpecialPage\SpecialPage
Parent class for all special pages.
Definition SpecialPage.php:51
MediaWiki\SpecialPage\SpecialPage\getTitleFor
static getTitleFor( $name, $subpage=false, $fragment='')
Get a localised Title object for a specified special page name If you don't need a full Title object,...
Definition SpecialPage.php:139
MediaWiki\SpecialPage\SpecialPage\getUser
getUser()
Shortcut to get the User executing this instance.
Definition SpecialPage.php:884
MediaWiki\SpecialPage\SpecialPage\setAuthManager
setAuthManager(AuthManager $authManager)
Set the injected AuthManager from the special page constructor.
Definition SpecialPage.php:561
MediaWiki\SpecialPage\SpecialPage\getConfig
getConfig()
Shortcut to get main config object.
Definition SpecialPage.php:949
MediaWiki\SpecialPage\SpecialPage\getContext
getContext()
Gets the context this SpecialPage is executed in.
Definition SpecialPage.php:848
MediaWiki\SpecialPage\SpecialPage\msg
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
Definition SpecialPage.php:985
MediaWiki\SpecialPage\SpecialPage\getOutput
getOutput()
Get the OutputPage being used for this instance.
Definition SpecialPage.php:874
MediaWiki\Specials\SpecialUserLogin
Implements Special:UserLogin.
Definition SpecialUserLogin.php:25
MediaWiki\Specials\SpecialUserLogin\getToken
getToken()
Returns the CSRF token.to override Token
Definition SpecialUserLogin.php:144
MediaWiki\Specials\SpecialUserLogin\beforeExecute
beforeExecute( $subPage)
Gets called before execute.Return false to prevent calling execute() (since 1.27+)....
Definition SpecialUserLogin.php:86
MediaWiki\Specials\SpecialUserLogin\isListed
isListed()
Whether this special page is listed in Special:SpecialPages.to override 1.3 (r3583) bool
Definition SpecialUserLogin.php:53
MediaWiki\Specials\SpecialUserLogin\successfulAction
successfulAction( $direct=false, $extraMessages=null)
Run any hooks registered for logins, then HTTP redirect to $this->mReturnTo (or Main Page if that's u...
Definition SpecialUserLogin.php:110
MediaWiki\Specials\SpecialUserLogin\getLoginSecurityLevel
getLoginSecurityLevel()
to override bool|string
Definition SpecialUserLogin.php:58
MediaWiki\Specials\SpecialUserLogin\doesWrites
doesWrites()
Indicates whether POST requests to this special page require write access to the wiki....
Definition SpecialUserLogin.php:48
MediaWiki\Specials\SpecialUserLogin\setHeaders
setHeaders()
Sets headers - this should be called from the execute() method of all derived classes!
Definition SpecialUserLogin.php:72
MediaWiki\Specials\SpecialUserLogin\logAuthResult
logAuthResult( $success, UserIdentity $performer, $status=null)
Logs to the authmanager-stats channel.
Definition SpecialUserLogin.php:163
MediaWiki\Specials\SpecialUserLogin\getDescription
getDescription()
Returns the name that goes in the <h1> in the special page itself, and also the name that will be l...
Definition SpecialUserLogin.php:68
MediaWiki\Specials\SpecialUserLogin\__construct
__construct(AuthManager $authManager, UserIdentityUtils $identityUtils)
Definition SpecialUserLogin.php:41
MediaWiki\Specials\SpecialUserLogin\getGroupName
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
Definition SpecialUserLogin.php:158
MediaWiki\Specials\SpecialUserLogin\getDefaultAction
getDefaultAction( $subPage)
Get the default action for this special page if none is given via URL/POST data.Subclasses should ove...
Definition SpecialUserLogin.php:63
MediaWiki\User\UserIdentityUtils
Convenience functions for interpreting UserIdentity objects using additional services or config.
Definition UserIdentityUtils.php:13
StatusValue
Generic operation result class Has warning/error list, boolean status and arbitrary value.
Definition StatusValue.php:41
MediaWiki\User\UserIdentity
Interface for objects representing user identity.
Definition UserIdentity.php:24
$url
$url
Definition opensearch_desc.php:23