search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge "Remove not used private member variable mParserWarnings from OutputPage"
[mediawiki.git] / includes / api / ApiLogin.php
blobeb376d3f80d38bb74deef0f76141613bf9bfd5a0
1 <?php
2 /**
3 *
4 *
5 * Created on Sep 19, 2006
6 *
7 * Copyright © 2006-2007 Yuri Astrakhan "<Firstname><Lastname>@gmail.com",
8 * Daniel Cannon (cannon dot danielc at gmail dot com)
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
23 * http://www.gnu.org/copyleft/gpl.html
24 *
25 * @file
26 */
27 use MediaWiki\Logger\LoggerFactory;
28
29 /**
30 * Unit to authenticate log-in attempts to the current wiki.
31 *
32 * @ingroup API
33 */
34 class ApiLogin extends ApiBase {
35
36 public function __construct( ApiMain $main, $action ) {
37 parent::__construct( $main, $action, 'lg' );
38 }
39
40 /**
41 * Executes the log-in attempt using the parameters passed. If
42 * the log-in succeeds, it attaches a cookie to the session
43 * and outputs the user id, username, and session token. If a
44 * log-in fails, as the result of a bad password, a nonexistent
45 * user, or any other reason, the host is cached with an expiry
46 * and no log-in attempts will be accepted until that expiry
47 * is reached. The expiry is $this->mLoginThrottle.
48 */
49 public function execute() {
50 // If we're in a mode that breaks the same-origin policy, no tokens can
51 // be obtained
52 if ( $this->lacksSameOriginSecurity() ) {
53 $this->getResult()->addValue( null, 'login', array(
54 'result' => 'Aborted',
55 'reason' => 'Cannot log in when the same-origin policy is not applied',
56 ) );
57
58 return;
59 }
60
61 $params = $this->extractRequestParams();
62
63 $result = array();
64
65 // Init session if necessary
66 if ( session_id() == '' ) {
67 wfSetupSession();
68 }
69
70 $context = new DerivativeContext( $this->getContext() );
71 $context->setRequest( new DerivativeRequest(
72 $this->getContext()->getRequest(),
73 array(
74 'wpName' => $params['name'],
75 'wpPassword' => $params['password'],
76 'wpDomain' => $params['domain'],
77 'wpLoginToken' => $params['token'],
78 'wpRemember' => ''
79 )
80 ) );
81 $loginForm = new LoginForm();
82 $loginForm->setContext( $context );
83
84 $authRes = $loginForm->authenticateUserData();
85 switch ( $authRes ) {
86 case LoginForm::SUCCESS:
87 $user = $context->getUser();
88 $this->getContext()->setUser( $user );
89 $user->setCookies( $this->getRequest(), null, true );
90
91 ApiQueryInfo::resetTokenCache();
92
93 // Run hooks.
94 // @todo FIXME: Split back and frontend from this hook.
95 // @todo FIXME: This hook should be placed in the backend
96 $injected_html = '';
97 Hooks::run( 'UserLoginComplete', array( &$user, &$injected_html ) );
98
99 $result['result'] = 'Success';
100 $result['lguserid'] = intval( $user->getId() );
101 $result['lgusername'] = $user->getName();
102
103 // @todo: These are deprecated, and should be removed at some
104 // point (1.28 at the earliest, and see T121527). They were ok
105 // when the core cookie-based login was the only thing, but
106 // CentralAuth broke that a while back and
107 // SessionManager/AuthManager are *really* going to break it.
108 $result['lgtoken'] = $user->getToken();
109 $result['cookieprefix'] = $this->getConfig()->get( 'CookiePrefix' );
110 $result['sessionid'] = session_id();
111 break;
112
113 case LoginForm::NEED_TOKEN:
114 $result['result'] = 'NeedToken';
115 $result['token'] = $loginForm->getLoginToken();
116
117 // @todo: See above about deprecation
118 $result['cookieprefix'] = $this->getConfig()->get( 'CookiePrefix' );
119 $result['sessionid'] = session_id();
120 break;
121
122 case LoginForm::WRONG_TOKEN:
123 $result['result'] = 'WrongToken';
124 break;
125
126 case LoginForm::NO_NAME:
127 $result['result'] = 'NoName';
128 break;
129
130 case LoginForm::ILLEGAL:
131 $result['result'] = 'Illegal';
132 break;
133
134 case LoginForm::WRONG_PLUGIN_PASS:
135 $result['result'] = 'WrongPluginPass';
136 break;
137
138 case LoginForm::NOT_EXISTS:
139 $result['result'] = 'NotExists';
140 break;
141
142 // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
143 // The e-mailed temporary password should not be used for actual logins.
144 case LoginForm::RESET_PASS:
145 case LoginForm::WRONG_PASS:
146 $result['result'] = 'WrongPass';
147 break;
148
149 case LoginForm::EMPTY_PASS:
150 $result['result'] = 'EmptyPass';
151 break;
152
153 case LoginForm::CREATE_BLOCKED:
154 $result['result'] = 'CreateBlocked';
155 $result['details'] = 'Your IP address is blocked from account creation';
156 $block = $context->getUser()->getBlock();
157 if ( $block ) {
158 $result = array_merge( $result, ApiQueryUserInfo::getBlockInfo( $block ) );
159 }
160 break;
161
162 case LoginForm::THROTTLED:
163 $result['result'] = 'Throttled';
164 $throttle = $this->getConfig()->get( 'PasswordAttemptThrottle' );
165 $result['wait'] = intval( $throttle['seconds'] );
166 break;
167
168 case LoginForm::USER_BLOCKED:
169 $result['result'] = 'Blocked';
170 $block = User::newFromName( $params['name'] )->getBlock();
171 if ( $block ) {
172 $result = array_merge( $result, ApiQueryUserInfo::getBlockInfo( $block ) );
173 }
174 break;
175
176 case LoginForm::ABORTED:
177 $result['result'] = 'Aborted';
178 $result['reason'] = $loginForm->mAbortLoginErrorMsg;
179 break;
180
181 default:
182 ApiBase::dieDebug( __METHOD__, "Unhandled case value: {$authRes}" );
183 }
184
185 $this->getResult()->addValue( null, 'login', $result );
186
187 LoggerFactory::getInstance( 'authmanager' )->info( 'Login attempt', array(
188 'event' => 'login',
189 'successful' => $authRes === LoginForm::SUCCESS,
190 'status' => LoginForm::$statusCodes[$authRes],
191 ) );
192 }
193
194 public function mustBePosted() {
195 return true;
196 }
197
198 public function isReadMode() {
199 return false;
200 }
201
202 public function getAllowedParams() {
203 return array(
204 'name' => null,
205 'password' => array(
206 ApiBase::PARAM_TYPE => 'password',
207 ),
208 'domain' => null,
209 'token' => null,
210 );
211 }
212
213 protected function getExamplesMessages() {
214 return array(
215 'action=login&lgname=user&lgpassword=password'
216 => 'apihelp-login-example-gettoken',
217 'action=login&lgname=user&lgpassword=password&lgtoken=123ABC'
218 => 'apihelp-login-example-login',
219 );
220 }
221
222 public function getHelpUrls() {
223 return 'https://www.mediawiki.org/wiki/API:Login';
224 }
225 }
MediaWiki Core