wfMsgForContentNoTrans() was removed
[mediawiki.git] / includes / api / ApiLogin.php
blobeb376d3f80d38bb74deef0f76141613bf9bfd5a0
1 <?php
2 /**
5 * Created on Sep 19, 2006
7 * Copyright © 2006-2007 Yuri Astrakhan "<Firstname><Lastname>@gmail.com",
8 * Daniel Cannon (cannon dot danielc at gmail dot com)
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
23 * http://www.gnu.org/copyleft/gpl.html
25 * @file
27 use MediaWiki\Logger\LoggerFactory;
29 /**
30 * Unit to authenticate log-in attempts to the current wiki.
32 * @ingroup API
34 class ApiLogin extends ApiBase {
36 public function __construct( ApiMain $main, $action ) {
37 parent::__construct( $main, $action, 'lg' );
40 /**
41 * Executes the log-in attempt using the parameters passed. If
42 * the log-in succeeds, it attaches a cookie to the session
43 * and outputs the user id, username, and session token. If a
44 * log-in fails, as the result of a bad password, a nonexistent
45 * user, or any other reason, the host is cached with an expiry
46 * and no log-in attempts will be accepted until that expiry
47 * is reached. The expiry is $this->mLoginThrottle.
49 public function execute() {
50 // If we're in a mode that breaks the same-origin policy, no tokens can
51 // be obtained
52 if ( $this->lacksSameOriginSecurity() ) {
53 $this->getResult()->addValue( null, 'login', array(
54 'result' => 'Aborted',
55 'reason' => 'Cannot log in when the same-origin policy is not applied',
56 ) );
58 return;
61 $params = $this->extractRequestParams();
63 $result = array();
65 // Init session if necessary
66 if ( session_id() == '' ) {
67 wfSetupSession();
70 $context = new DerivativeContext( $this->getContext() );
71 $context->setRequest( new DerivativeRequest(
72 $this->getContext()->getRequest(),
73 array(
74 'wpName' => $params['name'],
75 'wpPassword' => $params['password'],
76 'wpDomain' => $params['domain'],
77 'wpLoginToken' => $params['token'],
78 'wpRemember' => ''
80 ) );
81 $loginForm = new LoginForm();
82 $loginForm->setContext( $context );
84 $authRes = $loginForm->authenticateUserData();
85 switch ( $authRes ) {
86 case LoginForm::SUCCESS:
87 $user = $context->getUser();
88 $this->getContext()->setUser( $user );
89 $user->setCookies( $this->getRequest(), null, true );
91 ApiQueryInfo::resetTokenCache();
93 // Run hooks.
94 // @todo FIXME: Split back and frontend from this hook.
95 // @todo FIXME: This hook should be placed in the backend
96 $injected_html = '';
97 Hooks::run( 'UserLoginComplete', array( &$user, &$injected_html ) );
99 $result['result'] = 'Success';
100 $result['lguserid'] = intval( $user->getId() );
101 $result['lgusername'] = $user->getName();
103 // @todo: These are deprecated, and should be removed at some
104 // point (1.28 at the earliest, and see T121527). They were ok
105 // when the core cookie-based login was the only thing, but
106 // CentralAuth broke that a while back and
107 // SessionManager/AuthManager are *really* going to break it.
108 $result['lgtoken'] = $user->getToken();
109 $result['cookieprefix'] = $this->getConfig()->get( 'CookiePrefix' );
110 $result['sessionid'] = session_id();
111 break;
113 case LoginForm::NEED_TOKEN:
114 $result['result'] = 'NeedToken';
115 $result['token'] = $loginForm->getLoginToken();
117 // @todo: See above about deprecation
118 $result['cookieprefix'] = $this->getConfig()->get( 'CookiePrefix' );
119 $result['sessionid'] = session_id();
120 break;
122 case LoginForm::WRONG_TOKEN:
123 $result['result'] = 'WrongToken';
124 break;
126 case LoginForm::NO_NAME:
127 $result['result'] = 'NoName';
128 break;
130 case LoginForm::ILLEGAL:
131 $result['result'] = 'Illegal';
132 break;
134 case LoginForm::WRONG_PLUGIN_PASS:
135 $result['result'] = 'WrongPluginPass';
136 break;
138 case LoginForm::NOT_EXISTS:
139 $result['result'] = 'NotExists';
140 break;
142 // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
143 // The e-mailed temporary password should not be used for actual logins.
144 case LoginForm::RESET_PASS:
145 case LoginForm::WRONG_PASS:
146 $result['result'] = 'WrongPass';
147 break;
149 case LoginForm::EMPTY_PASS:
150 $result['result'] = 'EmptyPass';
151 break;
153 case LoginForm::CREATE_BLOCKED:
154 $result['result'] = 'CreateBlocked';
155 $result['details'] = 'Your IP address is blocked from account creation';
156 $block = $context->getUser()->getBlock();
157 if ( $block ) {
158 $result = array_merge( $result, ApiQueryUserInfo::getBlockInfo( $block ) );
160 break;
162 case LoginForm::THROTTLED:
163 $result['result'] = 'Throttled';
164 $throttle = $this->getConfig()->get( 'PasswordAttemptThrottle' );
165 $result['wait'] = intval( $throttle['seconds'] );
166 break;
168 case LoginForm::USER_BLOCKED:
169 $result['result'] = 'Blocked';
170 $block = User::newFromName( $params['name'] )->getBlock();
171 if ( $block ) {
172 $result = array_merge( $result, ApiQueryUserInfo::getBlockInfo( $block ) );
174 break;
176 case LoginForm::ABORTED:
177 $result['result'] = 'Aborted';
178 $result['reason'] = $loginForm->mAbortLoginErrorMsg;
179 break;
181 default:
182 ApiBase::dieDebug( __METHOD__, "Unhandled case value: {$authRes}" );
185 $this->getResult()->addValue( null, 'login', $result );
187 LoggerFactory::getInstance( 'authmanager' )->info( 'Login attempt', array(
188 'event' => 'login',
189 'successful' => $authRes === LoginForm::SUCCESS,
190 'status' => LoginForm::$statusCodes[$authRes],
191 ) );
194 public function mustBePosted() {
195 return true;
198 public function isReadMode() {
199 return false;
202 public function getAllowedParams() {
203 return array(
204 'name' => null,
205 'password' => array(
206 ApiBase::PARAM_TYPE => 'password',
208 'domain' => null,
209 'token' => null,
213 protected function getExamplesMessages() {
214 return array(
215 'action=login&lgname=user&lgpassword=password'
216 => 'apihelp-login-example-gettoken',
217 'action=login&lgname=user&lgpassword=password&lgtoken=123ABC'
218 => 'apihelp-login-example-login',
222 public function getHelpUrls() {
223 return 'https://www.mediawiki.org/wiki/API:Login';