5 * Created on Sep 19, 2006
7 * Copyright © 2006-2007 Yuri Astrakhan "<Firstname><Lastname>@gmail.com",
8 * Daniel Cannon (cannon dot danielc at gmail dot com)
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
23 * http://www.gnu.org/copyleft/gpl.html
27 use MediaWiki\Logger\LoggerFactory
;
30 * Unit to authenticate log-in attempts to the current wiki.
34 class ApiLogin
extends ApiBase
{
36 public function __construct( ApiMain
$main, $action ) {
37 parent
::__construct( $main, $action, 'lg' );
41 * Executes the log-in attempt using the parameters passed. If
42 * the log-in succeeds, it attaches a cookie to the session
43 * and outputs the user id, username, and session token. If a
44 * log-in fails, as the result of a bad password, a nonexistent
45 * user, or any other reason, the host is cached with an expiry
46 * and no log-in attempts will be accepted until that expiry
47 * is reached. The expiry is $this->mLoginThrottle.
49 public function execute() {
50 // If we're in a mode that breaks the same-origin policy, no tokens can
52 if ( $this->lacksSameOriginSecurity() ) {
53 $this->getResult()->addValue( null, 'login', array(
54 'result' => 'Aborted',
55 'reason' => 'Cannot log in when the same-origin policy is not applied',
61 $params = $this->extractRequestParams();
65 // Init session if necessary
66 if ( session_id() == '' ) {
70 $context = new DerivativeContext( $this->getContext() );
71 $context->setRequest( new DerivativeRequest(
72 $this->getContext()->getRequest(),
74 'wpName' => $params['name'],
75 'wpPassword' => $params['password'],
76 'wpDomain' => $params['domain'],
77 'wpLoginToken' => $params['token'],
81 $loginForm = new LoginForm();
82 $loginForm->setContext( $context );
84 $authRes = $loginForm->authenticateUserData();
86 case LoginForm
::SUCCESS
:
87 $user = $context->getUser();
88 $this->getContext()->setUser( $user );
89 $user->setCookies( $this->getRequest(), null, true );
91 ApiQueryInfo
::resetTokenCache();
94 // @todo FIXME: Split back and frontend from this hook.
95 // @todo FIXME: This hook should be placed in the backend
97 Hooks
::run( 'UserLoginComplete', array( &$user, &$injected_html ) );
99 $result['result'] = 'Success';
100 $result['lguserid'] = intval( $user->getId() );
101 $result['lgusername'] = $user->getName();
102 $result['lgtoken'] = $user->getToken();
103 $result['cookieprefix'] = $this->getConfig()->get( 'CookiePrefix' );
104 $result['sessionid'] = session_id();
107 case LoginForm
::NEED_TOKEN
:
108 $result['result'] = 'NeedToken';
109 $result['token'] = $loginForm->getLoginToken();
110 $result['cookieprefix'] = $this->getConfig()->get( 'CookiePrefix' );
111 $result['sessionid'] = session_id();
114 case LoginForm
::WRONG_TOKEN
:
115 $result['result'] = 'WrongToken';
118 case LoginForm
::NO_NAME
:
119 $result['result'] = 'NoName';
122 case LoginForm
::ILLEGAL
:
123 $result['result'] = 'Illegal';
126 case LoginForm
::WRONG_PLUGIN_PASS
:
127 $result['result'] = 'WrongPluginPass';
130 case LoginForm
::NOT_EXISTS
:
131 $result['result'] = 'NotExists';
134 // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
135 // The e-mailed temporary password should not be used for actual logins.
136 case LoginForm
::RESET_PASS
:
137 case LoginForm
::WRONG_PASS
:
138 $result['result'] = 'WrongPass';
141 case LoginForm
::EMPTY_PASS
:
142 $result['result'] = 'EmptyPass';
145 case LoginForm
::CREATE_BLOCKED
:
146 $result['result'] = 'CreateBlocked';
147 $result['details'] = 'Your IP address is blocked from account creation';
148 $result = array_merge(
150 ApiQueryUserInfo
::getBlockInfo( $context->getUser()->getBlock() )
154 case LoginForm
::THROTTLED
:
155 $result['result'] = 'Throttled';
156 $throttle = $this->getConfig()->get( 'PasswordAttemptThrottle' );
157 $result['wait'] = intval( $throttle['seconds'] );
160 case LoginForm
::USER_BLOCKED
:
161 $result['result'] = 'Blocked';
162 $result = array_merge(
164 ApiQueryUserInfo
::getBlockInfo( User
::newFromName( $params['name'] )->getBlock() )
168 case LoginForm
::ABORTED
:
169 $result['result'] = 'Aborted';
170 $result['reason'] = $loginForm->mAbortLoginErrorMsg
;
174 ApiBase
::dieDebug( __METHOD__
, "Unhandled case value: {$authRes}" );
177 $this->getResult()->addValue( null, 'login', $result );
179 LoggerFactory
::getInstance( 'authmanager' )->info( 'Login attempt', array(
181 'successful' => $authRes === LoginForm
::SUCCESS
,
182 'status' => LoginForm
::$statusCodes[$authRes],
186 public function mustBePosted() {
190 public function isReadMode() {
194 public function getAllowedParams() {
198 ApiBase
::PARAM_TYPE
=> 'password',
205 protected function getExamplesMessages() {
207 'action=login&lgname=user&lgpassword=password'
208 => 'apihelp-login-example-gettoken',
209 'action=login&lgname=user&lgpassword=password&lgtoken=123ABC'
210 => 'apihelp-login-example-login',
214 public function getHelpUrls() {
215 return 'https://www.mediawiki.org/wiki/API:Login';