Include AuthManager API endpoints in authmanager channel

Change-Id: I0fa6e9687d02a67c5d36e16b3827e7cc3beb8259

diff --git a/includes/api/ApiAMCreateAccount.php b/includes/api/ApiAMCreateAccount.php
index 52a7951..2511e3b 100644 (file)
--- a/includes/api/ApiAMCreateAccount.php
+++ b/includes/api/ApiAMCreateAccount.php
@@ -66,13 +66,15 @@ class ApiAMCreateAccount extends ApiBase {
                $helper = new ApiAuthManagerHelper( $this );
                $manager = AuthManager::singleton();
 
-               // Make sure it's possible to log in
+               // Make sure it's possible to create accounts
                if ( !$manager->canCreateAccounts() ) {
                        $this->getResult()->addValue( null, 'createaccount', $helper->formatAuthenticationResponse(
                                AuthenticationResponse::newFail(
                                        $this->msg( 'userlogin-cannot-' . AuthManager::ACTION_CREATE )
                                )
                        ) );
+                       $helper->logAuthenticationResult( 'accountcreation',
+                               'userlogin-cannot-' . AuthManager::ACTION_CREATE );
                        return;
                }
 
@@ -93,6 +95,7 @@ class ApiAMCreateAccount extends ApiBase {
 
                $this->getResult()->addValue( null, 'createaccount',
                        $helper->formatAuthenticationResponse( $res ) );
+               $helper->logAuthenticationResult( 'accountcreation', $res );
        }
 
        public function isReadMode() {

diff --git a/includes/api/ApiAuthManagerHelper.php b/includes/api/ApiAuthManagerHelper.php
index e30f22b..fe5675a 100644 (file)
--- a/includes/api/ApiAuthManagerHelper.php
+++ b/includes/api/ApiAuthManagerHelper.php
@@ -25,6 +25,7 @@ use MediaWiki\Auth\AuthManager;
 use MediaWiki\Auth\AuthenticationRequest;
 use MediaWiki\Auth\AuthenticationResponse;
 use MediaWiki\Auth\CreateFromLoginAuthenticationRequest;
+use MediaWiki\Logger\LoggerFactory;
 
 /**
  * Helper class for AuthManager-using API modules. Intended for use via
@@ -220,6 +221,30 @@ class ApiAuthManagerHelper {
                return $ret;
        }
 
+       /**
+        * Logs successful or failed authentication.
+        * @param string|AuthenticationResponse $result Response or error message
+        * @param string $event Event type (e.g. 'accountcreation')
+        */
+       public function logAuthenticationResult( $event, $result ) {
+               if ( is_string( $result ) ) {
+                       $status = Status::newFatal( $result );
+               } elseif ( $result->status === AuthenticationResponse::PASS ) {
+                       $status = Status::newGood();
+               } elseif ( $result->status === AuthenticationResponse::FAIL ) {
+                       $status = Status::newFatal( $result->message );
+               } else {
+                       return;
+               }
+
+               $module = $this->module->getModuleName();
+               LoggerFactory::getInstance( 'authmanager' )->info( "$module API attempt", [
+                       'event' => $event,
+                       'status' => $status,
+                       'module' => $module,
+               ] );
+       }
+
        /**
         * Fetch the preserved CreateFromLoginAuthenticationRequest, if any
         * @return CreateFromLoginAuthenticationRequest|null

diff --git a/includes/api/ApiClientLogin.php b/includes/api/ApiClientLogin.php
index 8e5a3c7..cbb1524 100644 (file)
--- a/includes/api/ApiClientLogin.php
+++ b/includes/api/ApiClientLogin.php
@@ -72,6 +72,7 @@ class ApiClientLogin extends ApiBase {
                        $this->getResult()->addValue( null, 'clientlogin', $helper->formatAuthenticationResponse(
                                AuthenticationResponse::newFail( $this->msg( 'userlogin-cannot-' . AuthManager::ACTION_LOGIN ) )
                        ) );
+                       $helper->logAuthenticationResult( 'login', 'userlogin-cannot-' . AuthManager::ACTION_LOGIN );
                        return;
                }
 
@@ -99,6 +100,7 @@ class ApiClientLogin extends ApiBase {
 
                $this->getResult()->addValue( null, 'clientlogin',
                        $helper->formatAuthenticationResponse( $res ) );
+               $helper->logAuthenticationResult( 'login', $res );
        }
 
        public function isReadMode() {