MediaWiki  master
SpecialUserLogin.php
Go to the documentation of this file.
1 <?php
27 
34  protected static $allowedActions = [
35  AuthManager::ACTION_LOGIN,
36  AuthManager::ACTION_LOGIN_CONTINUE
37  ];
38 
39  protected static $messages = [
40  'authform-newtoken' => 'nocookiesforlogin',
41  'authform-notoken' => 'sessionfailure',
42  'authform-wrongtoken' => 'sessionfailure',
43  ];
44 
48  public function __construct( AuthManager $authManager ) {
49  parent::__construct( 'Userlogin' );
50  $this->setAuthManager( $authManager );
51  }
52 
53  public function doesWrites() {
54  return true;
55  }
56 
57  protected function getLoginSecurityLevel() {
58  return false;
59  }
60 
61  protected function getDefaultAction( $subPage ) {
62  return AuthManager::ACTION_LOGIN;
63  }
64 
65  public function getDescription() {
66  return $this->msg( 'login' )->text();
67  }
68 
69  public function setHeaders() {
70  // override the page title if we are doing a forced reauthentication
71  parent::setHeaders();
72  if ( $this->securityLevel && $this->getUser()->isRegistered() ) {
73  $this->getOutput()->setPageTitle( $this->msg( 'login-security' ) );
74  }
75  }
76 
77  protected function isSignup() {
78  return false;
79  }
80 
81  protected function beforeExecute( $subPage ) {
82  if ( $subPage === 'signup' || $this->getRequest()->getText( 'type' ) === 'signup' ) {
83  // B/C for old account creation URLs
84  $title = SpecialPage::getTitleFor( 'CreateAccount' );
85  $query = array_diff_key( $this->getRequest()->getValues(),
86  array_fill_keys( [ 'type', 'title' ], true ) );
87  $url = $title->getFullURL( $query, false, PROTO_CURRENT );
88  $this->getOutput()->redirect( $url );
89  return false;
90  }
91  return parent::beforeExecute( $subPage );
92  }
93 
105  protected function successfulAction( $direct = false, $extraMessages = null ) {
106  $secureLogin = $this->getConfig()->get( MainConfigNames::SecureLogin );
107 
108  $user = $this->targetUser ?: $this->getUser();
109  $session = $this->getRequest()->getSession();
110 
111  if ( $direct ) {
112  $user->touch();
113 
114  $this->clearToken();
115 
116  if ( $user->requiresHTTPS() ) {
117  $this->mStickHTTPS = true;
118  }
119  $session->setForceHTTPS( $secureLogin && $this->mStickHTTPS );
120 
121  // If the user does not have a session cookie at this point, they probably need to
122  // do something to their browser.
123  if ( !$this->hasSessionCookie() ) {
124  $this->mainLoginForm( [ /*?*/ ], $session->getProvider()->whyNoSession() );
125  // TODO something more specific? This used to use nocookieslogin
126  return;
127  }
128  }
129 
130  # Run any hooks; display injected HTML if any, else redirect
131  $injected_html = '';
132  $this->getHookRunner()->onUserLoginComplete(
133  $user, $injected_html, $direct );
134 
135  if ( $injected_html !== '' || $extraMessages ) {
136  $this->showSuccessPage( 'success', $this->msg( 'loginsuccesstitle' ),
137  'loginsuccess', $injected_html, $extraMessages );
138  } else {
139  $helper = new LoginHelper( $this->getContext() );
140  $helper->showReturnToPage( 'successredirect', $this->mReturnTo, $this->mReturnToQuery,
141  $this->mStickHTTPS );
142  }
143  }
144 
145  protected function getToken() {
146  return $this->getRequest()->getSession()->getToken( '', 'login' );
147  }
148 
149  protected function clearToken() {
150  return $this->getRequest()->getSession()->resetToken( 'login' );
151  }
152 
153  protected function getTokenName() {
154  return 'wpLoginToken';
155  }
156 
157  protected function getGroupName() {
158  return 'login';
159  }
160 
161  protected function logAuthResult( $success, $status = null ) {
162  LoggerFactory::getInstance( 'authevents' )->info( 'Login attempt', [
163  'event' => 'login',
164  'successful' => $success,
165  'status' => strval( $status ),
166  ] );
167  }
168 }
const PROTO_CURRENT
Definition: Defines.php:197
$success
string $subPage
Subpage of the special page.
getRequest()
Get the WebRequest being used for this instance.
Helper functions for the login form that need to be shared with other special pages (such as CentralA...
Definition: LoginHelper.php:11
Holds shared logic for login and account creation pages.
mainLoginForm(array $requests, $msg='', $msgtype='error')
showSuccessPage( $type, $title, $msgname, $injected_html, $extraMessages)
Show the success page.
hasSessionCookie()
Check if a session cookie is present.
This serves as the entry point to the authentication system.
PSR-3 logger instance factory.
A class containing constants representing the names of configuration variables.
getOutput()
Get the OutputPage being used for this instance.
getUser()
Shortcut to get the User executing this instance.
static getTitleFor( $name, $subpage=false, $fragment='')
Get a localised Title object for a specified special page name If you don't need a full Title object,...
AuthManager null $authManager
Definition: SpecialPage.php:89
getContext()
Gets the context this SpecialPage is executed in.
msg( $key,... $params)
Wrapper around wfMessage that sets the current context.
getConfig()
Shortcut to get main config object.
setAuthManager(AuthManager $authManager)
Set the injected AuthManager from the special page constructor.
Implements Special:UserLogin.
getDescription()
Returns the name that goes in the <h1> in the special page itself, and also the name that will be l...
getGroupName()
Under which header this special page is listed in Special:SpecialPages See messages 'specialpages-gro...
getDefaultAction( $subPage)
Get the default action for this special page, if none is given via URL/POST data.
beforeExecute( $subPage)
logAuthResult( $success, $status=null)
Logs to the authmanager-stats channel.
setHeaders()
Sets headers - this should be called from the execute() method of all derived classes!
getTokenName()
Returns the name of the CSRF token (under which it should be found in the POST or GET data).
__construct(AuthManager $authManager)
successfulAction( $direct=false, $extraMessages=null)
Run any hooks registered for logins, then HTTP redirect to $this->mReturnTo (or Main Page if that's u...
doesWrites()
Indicates whether this special page may perform database writes.
getToken()
Returns the CSRF token.