From: Gergő Tisza Date: Fri, 5 Aug 2016 02:17:28 +0000 (+0000) Subject: Include AuthManager API endpoints in authmanager channel X-Git-Tag: 1.31.0-rc.0~6146^2 X-Git-Url: http://git.cyclocoop.org/?a=commitdiff_plain;h=3fb272daee23c86598049fc2cc43088a7cd7fba3;p=lhc%2Fweb%2Fwiklou.git Include AuthManager API endpoints in authmanager channel Change-Id: I0fa6e9687d02a67c5d36e16b3827e7cc3beb8259 --- diff --git a/includes/api/ApiAMCreateAccount.php b/includes/api/ApiAMCreateAccount.php index 52a79513b4..2511e3be99 100644 --- a/includes/api/ApiAMCreateAccount.php +++ b/includes/api/ApiAMCreateAccount.php @@ -66,13 +66,15 @@ class ApiAMCreateAccount extends ApiBase { $helper = new ApiAuthManagerHelper( $this ); $manager = AuthManager::singleton(); - // Make sure it's possible to log in + // Make sure it's possible to create accounts if ( !$manager->canCreateAccounts() ) { $this->getResult()->addValue( null, 'createaccount', $helper->formatAuthenticationResponse( AuthenticationResponse::newFail( $this->msg( 'userlogin-cannot-' . AuthManager::ACTION_CREATE ) ) ) ); + $helper->logAuthenticationResult( 'accountcreation', + 'userlogin-cannot-' . AuthManager::ACTION_CREATE ); return; } @@ -93,6 +95,7 @@ class ApiAMCreateAccount extends ApiBase { $this->getResult()->addValue( null, 'createaccount', $helper->formatAuthenticationResponse( $res ) ); + $helper->logAuthenticationResult( 'accountcreation', $res ); } public function isReadMode() { diff --git a/includes/api/ApiAuthManagerHelper.php b/includes/api/ApiAuthManagerHelper.php index e30f22b64e..fe5675a840 100644 --- a/includes/api/ApiAuthManagerHelper.php +++ b/includes/api/ApiAuthManagerHelper.php @@ -25,6 +25,7 @@ use MediaWiki\Auth\AuthManager; use MediaWiki\Auth\AuthenticationRequest; use MediaWiki\Auth\AuthenticationResponse; use MediaWiki\Auth\CreateFromLoginAuthenticationRequest; +use MediaWiki\Logger\LoggerFactory; /** * Helper class for AuthManager-using API modules. Intended for use via @@ -220,6 +221,30 @@ class ApiAuthManagerHelper { return $ret; } + /** + * Logs successful or failed authentication. + * @param string|AuthenticationResponse $result Response or error message + * @param string $event Event type (e.g. 'accountcreation') + */ + public function logAuthenticationResult( $event, $result ) { + if ( is_string( $result ) ) { + $status = Status::newFatal( $result ); + } elseif ( $result->status === AuthenticationResponse::PASS ) { + $status = Status::newGood(); + } elseif ( $result->status === AuthenticationResponse::FAIL ) { + $status = Status::newFatal( $result->message ); + } else { + return; + } + + $module = $this->module->getModuleName(); + LoggerFactory::getInstance( 'authmanager' )->info( "$module API attempt", [ + 'event' => $event, + 'status' => $status, + 'module' => $module, + ] ); + } + /** * Fetch the preserved CreateFromLoginAuthenticationRequest, if any * @return CreateFromLoginAuthenticationRequest|null diff --git a/includes/api/ApiClientLogin.php b/includes/api/ApiClientLogin.php index 8e5a3c747c..cbb1524cc7 100644 --- a/includes/api/ApiClientLogin.php +++ b/includes/api/ApiClientLogin.php @@ -72,6 +72,7 @@ class ApiClientLogin extends ApiBase { $this->getResult()->addValue( null, 'clientlogin', $helper->formatAuthenticationResponse( AuthenticationResponse::newFail( $this->msg( 'userlogin-cannot-' . AuthManager::ACTION_LOGIN ) ) ) ); + $helper->logAuthenticationResult( 'login', 'userlogin-cannot-' . AuthManager::ACTION_LOGIN ); return; } @@ -99,6 +100,7 @@ class ApiClientLogin extends ApiBase { $this->getResult()->addValue( null, 'clientlogin', $helper->formatAuthenticationResponse( $res ) ); + $helper->logAuthenticationResult( 'login', $res ); } public function isReadMode() {