5 * Created on Sep 19, 2006
7 * Copyright © 2006-2007 Yuri Astrakhan "<Firstname><Lastname>@gmail.com",
8 * Daniel Cannon (cannon dot danielc at gmail dot com)
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
23 * http://www.gnu.org/copyleft/gpl.html
27 use MediaWiki\Logger\LoggerFactory
;
30 * Unit to authenticate log-in attempts to the current wiki.
34 class ApiLogin
extends ApiBase
{
36 public function __construct( ApiMain
$main, $action ) {
37 parent
::__construct( $main, $action, 'lg' );
41 * Executes the log-in attempt using the parameters passed. If
42 * the log-in succeeds, it attaches a cookie to the session
43 * and outputs the user id, username, and session token. If a
44 * log-in fails, as the result of a bad password, a nonexistent
45 * user, or any other reason, the host is cached with an expiry
46 * and no log-in attempts will be accepted until that expiry
47 * is reached. The expiry is $this->mLoginThrottle.
49 public function execute() {
50 // If we're in a mode that breaks the same-origin policy, no tokens can
52 if ( $this->lacksSameOriginSecurity() ) {
53 $this->getResult()->addValue( null, 'login', array(
54 'result' => 'Aborted',
55 'reason' => 'Cannot log in when the same-origin policy is not applied',
61 $params = $this->extractRequestParams();
65 // Init session if necessary
66 if ( session_id() == '' ) {
70 $context = new DerivativeContext( $this->getContext() );
71 $context->setRequest( new DerivativeRequest(
72 $this->getContext()->getRequest(),
74 'wpName' => $params['name'],
75 'wpPassword' => $params['password'],
76 'wpDomain' => $params['domain'],
77 'wpLoginToken' => $params['token'],
81 $loginForm = new LoginForm();
82 $loginForm->setContext( $context );
84 $authRes = $loginForm->authenticateUserData();
86 case LoginForm
::SUCCESS
:
87 $user = $context->getUser();
88 $this->getContext()->setUser( $user );
89 $user->setCookies( $this->getRequest(), null, true );
91 ApiQueryInfo
::resetTokenCache();
94 // @todo FIXME: Split back and frontend from this hook.
95 // @todo FIXME: This hook should be placed in the backend
97 Hooks
::run( 'UserLoginComplete', array( &$user, &$injected_html ) );
99 $result['result'] = 'Success';
100 $result['lguserid'] = intval( $user->getId() );
101 $result['lgusername'] = $user->getName();
103 // @todo: These are deprecated, and should be removed at some
104 // point (1.28 at the earliest, and see T121527). They were ok
105 // when the core cookie-based login was the only thing, but
106 // CentralAuth broke that a while back and
107 // SessionManager/AuthManager are *really* going to break it.
108 $result['lgtoken'] = $user->getToken();
109 $result['cookieprefix'] = $this->getConfig()->get( 'CookiePrefix' );
110 $result['sessionid'] = session_id();
113 case LoginForm
::NEED_TOKEN
:
114 $result['result'] = 'NeedToken';
115 $result['token'] = $loginForm->getLoginToken();
117 // @todo: See above about deprecation
118 $result['cookieprefix'] = $this->getConfig()->get( 'CookiePrefix' );
119 $result['sessionid'] = session_id();
122 case LoginForm
::WRONG_TOKEN
:
123 $result['result'] = 'WrongToken';
126 case LoginForm
::NO_NAME
:
127 $result['result'] = 'NoName';
130 case LoginForm
::ILLEGAL
:
131 $result['result'] = 'Illegal';
134 case LoginForm
::WRONG_PLUGIN_PASS
:
135 $result['result'] = 'WrongPluginPass';
138 case LoginForm
::NOT_EXISTS
:
139 $result['result'] = 'NotExists';
142 // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
143 // The e-mailed temporary password should not be used for actual logins.
144 case LoginForm
::RESET_PASS
:
145 case LoginForm
::WRONG_PASS
:
146 $result['result'] = 'WrongPass';
149 case LoginForm
::EMPTY_PASS
:
150 $result['result'] = 'EmptyPass';
153 case LoginForm
::CREATE_BLOCKED
:
154 $result['result'] = 'CreateBlocked';
155 $result['details'] = 'Your IP address is blocked from account creation';
156 $block = $context->getUser()->getBlock();
158 $result = array_merge( $result, ApiQueryUserInfo
::getBlockInfo( $block ) );
162 case LoginForm
::THROTTLED
:
163 $result['result'] = 'Throttled';
164 $throttle = $this->getConfig()->get( 'PasswordAttemptThrottle' );
165 $result['wait'] = intval( $throttle['seconds'] );
168 case LoginForm
::USER_BLOCKED
:
169 $result['result'] = 'Blocked';
170 $block = User
::newFromName( $params['name'] )->getBlock();
172 $result = array_merge( $result, ApiQueryUserInfo
::getBlockInfo( $block ) );
176 case LoginForm
::ABORTED
:
177 $result['result'] = 'Aborted';
178 $result['reason'] = $loginForm->mAbortLoginErrorMsg
;
182 ApiBase
::dieDebug( __METHOD__
, "Unhandled case value: {$authRes}" );
185 $this->getResult()->addValue( null, 'login', $result );
187 LoggerFactory
::getInstance( 'authmanager' )->info( 'Login attempt', array(
189 'successful' => $authRes === LoginForm
::SUCCESS
,
190 'status' => LoginForm
::$statusCodes[$authRes],
194 public function mustBePosted() {
198 public function isReadMode() {
202 public function getAllowedParams() {
206 ApiBase
::PARAM_TYPE
=> 'password',
213 protected function getExamplesMessages() {
215 'action=login&lgname=user&lgpassword=password'
216 => 'apihelp-login-example-gettoken',
217 'action=login&lgname=user&lgpassword=password&lgtoken=123ABC'
218 => 'apihelp-login-example-login',
222 public function getHelpUrls() {
223 return 'https://www.mediawiki.org/wiki/API:Login';
dépôts / lhc / web / wiklou.git / blob