/** * Executes the log-in attempt using the parameters passed. If * the log-in succeeeds, it attaches a cookie to the session * and outputs the user id, username, and session token. If a * log-in fails, as the result of a bad password, a nonexistant * user, or any other reason, the host is cached with an expiry * and no log-in attempts will be accepted until that expiry * is reached. The expiry is $this->mLoginThrottle. * * @access public */ public function execute() { $name = $password = $domain = null; extract($this->extractRequestParams()); $result = array(); // Make sure noone is trying to guess the password brut-force $nextLoginIn = $this->getNextLoginTimeout(); if ($nextLoginIn > 0) { $result['result'] = 'NeedToWait'; $result['details'] = "Please wait {$nextLoginIn} seconds before next log-in attempt"; $result['wait'] = $nextLoginIn; $this->getResult()->addValue(null, 'login', $result); return; } $params = new FauxRequest(array('wpName' => $name, 'wpPassword' => $password, 'wpDomain' => $domain, 'wpRemember' => '')); // Init session if necessary if (session_id() == '') { wfSetupSession(); } $loginForm = new LoginForm($params); switch ($loginForm->authenticateUserData()) { case LoginForm::SUCCESS: global $wgUser, $wgCookiePrefix; $wgUser->setOption('rememberpassword', 1); $wgUser->setCookies(); $result['result'] = 'Success'; $result['lguserid'] = $_SESSION['wsUserID']; $result['lgusername'] = $_SESSION['wsUserName']; $result['lgtoken'] = $_SESSION['wsToken']; $result['cookieprefix'] = $wgCookiePrefix; $result['sessionid'] = session_id(); break; case LoginForm::NO_NAME: $result['result'] = 'NoName'; break; case LoginForm::ILLEGAL: $result['result'] = 'Illegal'; break; case LoginForm::WRONG_PLUGIN_PASS: $result['result'] = 'WrongPluginPass'; break; case LoginForm::NOT_EXISTS: $result['result'] = 'NotExists'; break; case LoginForm::WRONG_PASS: $result['result'] = 'WrongPass'; break; case LoginForm::EMPTY_PASS: $result['result'] = 'EmptyPass'; break; default: ApiBase::dieDebug(__METHOD__, 'Unhandled case value'); } if ($result['result'] != 'Success') { $result['wait'] = $this->cacheBadLogin(); $result['details'] = "Please wait " . self::THROTTLE_TIME . " seconds before next log-in attempt"; } // if we were allowed to try to login, memcache is fine $this->getResult()->addValue(null, 'login', $result); }
/** * Executes the log-in attempt using the parameters passed. If * the log-in succeeeds, it attaches a cookie to the session * and outputs the user id, username, and session token. If a * log-in fails, as the result of a bad password, a nonexistent * user, or any other reason, the host is cached with an expiry * and no log-in attempts will be accepted until that expiry * is reached. The expiry is $this->mLoginThrottle. * * @access public */ public function execute() { $params = $this->extractRequestParams(); $result = array(); $req = new FauxRequest(array('wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpDomain' => $params['domain'], 'wpRemember' => '')); // Init session if necessary if (session_id() == '') { wfSetupSession(); } $loginForm = new LoginForm($req); switch ($authRes = $loginForm->authenticateUserData()) { case LoginForm::SUCCESS: global $wgUser, $wgCookiePrefix; $wgUser->setOption('rememberpassword', 1); $wgUser->setCookies(); // Run hooks. FIXME: split back and frontend from this hook. // FIXME: This hook should be placed in the backend $injected_html = ''; wfRunHooks('UserLoginComplete', array(&$wgUser, &$injected_html)); $result['result'] = 'Success'; $result['lguserid'] = intval($wgUser->getId()); $result['lgusername'] = $wgUser->getName(); $result['lgtoken'] = $wgUser->getToken(); $result['cookieprefix'] = $wgCookiePrefix; $result['sessionid'] = session_id(); break; case LoginForm::NO_NAME: $result['result'] = 'NoName'; break; case LoginForm::ILLEGAL: $result['result'] = 'Illegal'; break; case LoginForm::WRONG_PLUGIN_PASS: $result['result'] = 'WrongPluginPass'; break; case LoginForm::NOT_EXISTS: $result['result'] = 'NotExists'; break; case LoginForm::WRONG_PASS: $result['result'] = 'WrongPass'; break; case LoginForm::EMPTY_PASS: $result['result'] = 'EmptyPass'; break; case LoginForm::CREATE_BLOCKED: $result['result'] = 'CreateBlocked'; $result['details'] = 'Your IP address is blocked from account creation'; break; case LoginForm::THROTTLED: global $wgPasswordAttemptThrottle; $result['result'] = 'Throttled'; $result['wait'] = intval($wgPasswordAttemptThrottle['seconds']); break; default: ApiBase::dieDebug(__METHOD__, "Unhandled case value: {$authRes}"); } $this->getResult()->addValue(null, 'login', $result); }
public function execute() { $name = $password = $domain = null; extract($this->extractRequestParams()); $params = new FauxRequest(array('wpName' => $name, 'wpPassword' => $password, 'wpDomain' => $domain, 'wpRemember' => '')); $result = array(); $loginForm = new LoginForm($params); switch ($loginForm->authenticateUserData()) { case LoginForm::SUCCESS: global $wgUser; $wgUser->setOption('rememberpassword', 1); $wgUser->setCookies(); $result['result'] = 'Success'; $result['lguserid'] = $_SESSION['wsUserID']; $result['lgusername'] = $_SESSION['wsUserName']; $result['lgtoken'] = $_SESSION['wsToken']; break; case LoginForm::NO_NAME: $result['result'] = 'NoName'; break; case LoginForm::ILLEGAL: $result['result'] = 'Illegal'; break; case LoginForm::WRONG_PLUGIN_PASS: $result['result'] = 'WrongPluginPass'; break; case LoginForm::NOT_EXISTS: $result['result'] = 'NotExists'; break; case LoginForm::WRONG_PASS: $result['result'] = 'WrongPass'; break; case LoginForm::EMPTY_PASS: $result['result'] = 'EmptyPass'; break; default: ApiBase::dieDebug(__METHOD__, 'Unhandled case value'); } $this->getResult()->addValue(null, 'login', $result); }
function processLoginRequest($user, $pass) { global $wgUser, $wgRequest; $userlogin = new LoginForm($wgRequest); $userlogin->mName = $user; $userlogin->mPassword = $pass; //$auth = $userlogin->authenticateUserData(); //$r= new AjaxResponse($auth); //return $r; $msg = ''; switch ($userlogin->authenticateUserData()) { case LoginForm::SUCCESS: $wgUser->setCookies(); $msg = wfMsgWikiHtml('loginsuccess', $wgUser->getName()); break; case LoginForm::NO_NAME: case LoginForm::ILLEGAL: $msg = wfMsgWikiHtml('noname'); break; case LoginForm::WRONG_PLUGIN_PASS: $msg = wfMsgWikiHtml('wrongpassword'); break; case LoginForm::NOT_EXISTS: $msg = wfMsgWikiHtml('nosuchuser', htmlspecialchars($user)); break; case LoginForm::WRONG_PASS: $msg = wfMsgWikiHtml('wrongpassword'); break; case LoginForm::EMPTY_PASS: $msg = wfMsgWikiHtml('wrongpasswordempty'); break; case LoginForm::RESET_PASS: $msg = wfMsgWikiHtml('resetpass_announce'); break; default: wfDebugDieBacktrace("Unhandled case value"); } return new AjaxResponse('<div class="pBody">' . $msg . '</div>'); }
/** * Executes the log-in attempt using the parameters passed. If * the log-in succeeeds, it attaches a cookie to the session * and outputs the user id, username, and session token. If a * log-in fails, as the result of a bad password, a nonexistent * user, or any other reason, the host is cached with an expiry * and no log-in attempts will be accepted until that expiry * is reached. The expiry is $this->mLoginThrottle. */ public function execute() { $params = $this->extractRequestParams(); $result = array(); // Init session if necessary if (session_id() == '') { wfSetupSession(); } $context = new DerivativeContext($this->getContext()); $context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpDomain' => $params['domain'], 'wpLoginToken' => $params['token'], 'wpRemember' => ''))); $loginForm = new LoginForm(); $loginForm->setContext($context); global $wgCookiePrefix, $wgPasswordAttemptThrottle; $authRes = $loginForm->authenticateUserData(); switch ($authRes) { case LoginForm::SUCCESS: $user = $context->getUser(); $this->getContext()->setUser($user); $user->setOption('rememberpassword', 1); $user->setCookies($this->getRequest()); ApiQueryInfo::resetTokenCache(); // Run hooks. // @todo FIXME: Split back and frontend from this hook. // @todo FIXME: This hook should be placed in the backend $injected_html = ''; wfRunHooks('UserLoginComplete', array(&$user, &$injected_html)); $result['result'] = 'Success'; $result['lguserid'] = intval($user->getId()); $result['lgusername'] = $user->getName(); $result['lgtoken'] = $user->getToken(); $result['cookieprefix'] = $wgCookiePrefix; $result['sessionid'] = session_id(); break; case LoginForm::NEED_TOKEN: $result['result'] = 'NeedToken'; $result['token'] = $loginForm->getLoginToken(); $result['cookieprefix'] = $wgCookiePrefix; $result['sessionid'] = session_id(); break; case LoginForm::WRONG_TOKEN: $result['result'] = 'WrongToken'; break; case LoginForm::NO_NAME: $result['result'] = 'NoName'; break; case LoginForm::ILLEGAL: $result['result'] = 'Illegal'; break; case LoginForm::WRONG_PLUGIN_PASS: $result['result'] = 'WrongPluginPass'; break; case LoginForm::NOT_EXISTS: $result['result'] = 'NotExists'; break; case LoginForm::RESET_PASS: // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin - "The e-mailed temporary password should not be used for actual logins;" // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin - "The e-mailed temporary password should not be used for actual logins;" case LoginForm::WRONG_PASS: $result['result'] = 'WrongPass'; break; case LoginForm::EMPTY_PASS: $result['result'] = 'EmptyPass'; break; case LoginForm::CREATE_BLOCKED: $result['result'] = 'CreateBlocked'; $result['details'] = 'Your IP address is blocked from account creation'; break; case LoginForm::THROTTLED: $result['result'] = 'Throttled'; $result['wait'] = intval($wgPasswordAttemptThrottle['seconds']); break; case LoginForm::USER_BLOCKED: $result['result'] = 'Blocked'; break; case LoginForm::ABORTED: $result['result'] = 'Aborted'; $result['reason'] = $loginForm->mAbortLoginErrorMsg; break; default: ApiBase::dieDebug(__METHOD__, "Unhandled case value: {$authRes}"); } $this->getResult()->addValue(null, 'login', $result); }
/** * Executes the log-in attempt using the parameters passed. If * the log-in succeeds, it attaches a cookie to the session * and outputs the user id, username, and session token. If a * log-in fails, as the result of a bad password, a nonexistent * user, or any other reason, the host is cached with an expiry * and no log-in attempts will be accepted until that expiry * is reached. The expiry is $this->mLoginThrottle. */ public function execute() { // If we're in a mode that breaks the same-origin policy, no tokens can // be obtained if ($this->lacksSameOriginSecurity()) { $this->getResult()->addValue(null, 'login', array('result' => 'Aborted', 'reason' => 'Cannot log in when the same-origin policy is not applied')); return; } $params = $this->extractRequestParams(); $result = array(); // Init session if necessary if (session_id() == '') { wfSetupSession(); } $context = new DerivativeContext($this->getContext()); $context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpDomain' => $params['domain'], 'wpLoginToken' => $params['token'], 'wpRemember' => ''))); $loginForm = new LoginForm(); $loginForm->setContext($context); $authRes = $loginForm->authenticateUserData(); switch ($authRes) { case LoginForm::SUCCESS: $user = $context->getUser(); $this->getContext()->setUser($user); $user->setCookies($this->getRequest(), null, true); ApiQueryInfo::resetTokenCache(); // Run hooks. // @todo FIXME: Split back and frontend from this hook. // @todo FIXME: This hook should be placed in the backend $injected_html = ''; Hooks::run('UserLoginComplete', array(&$user, &$injected_html)); $result['result'] = 'Success'; $result['lguserid'] = intval($user->getId()); $result['lgusername'] = $user->getName(); $result['lgtoken'] = $user->getToken(); $result['cookieprefix'] = $this->getConfig()->get('CookiePrefix'); $result['sessionid'] = session_id(); break; case LoginForm::NEED_TOKEN: $result['result'] = 'NeedToken'; $result['token'] = $loginForm->getLoginToken(); $result['cookieprefix'] = $this->getConfig()->get('CookiePrefix'); $result['sessionid'] = session_id(); break; case LoginForm::WRONG_TOKEN: $result['result'] = 'WrongToken'; break; case LoginForm::NO_NAME: $result['result'] = 'NoName'; break; case LoginForm::ILLEGAL: $result['result'] = 'Illegal'; break; case LoginForm::WRONG_PLUGIN_PASS: $result['result'] = 'WrongPluginPass'; break; case LoginForm::NOT_EXISTS: $result['result'] = 'NotExists'; break; // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin: // The e-mailed temporary password should not be used for actual logins. // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin: // The e-mailed temporary password should not be used for actual logins. case LoginForm::RESET_PASS: case LoginForm::WRONG_PASS: $result['result'] = 'WrongPass'; break; case LoginForm::EMPTY_PASS: $result['result'] = 'EmptyPass'; break; case LoginForm::CREATE_BLOCKED: $result['result'] = 'CreateBlocked'; $result['details'] = 'Your IP address is blocked from account creation'; $block = $context->getUser()->getBlock(); if ($block) { $result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block)); } break; case LoginForm::THROTTLED: $result['result'] = 'Throttled'; $throttle = $this->getConfig()->get('PasswordAttemptThrottle'); $result['wait'] = intval($throttle['seconds']); break; case LoginForm::USER_BLOCKED: $result['result'] = 'Blocked'; $block = User::newFromName($params['name'])->getBlock(); if ($block) { $result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block)); } break; case LoginForm::ABORTED: $result['result'] = 'Aborted'; $result['reason'] = $loginForm->mAbortLoginErrorMsg; break; default: ApiBase::dieDebug(__METHOD__, "Unhandled case value: {$authRes}"); } $this->getResult()->addValue(null, 'login', $result); LoggerFactory::getInstance('authmanager')->info('Login attempt', array('event' => 'login', 'successful' => $authRes === LoginForm::SUCCESS, 'status' => LoginForm::$statusCodes[$authRes])); }
public function execute() { $Name = $Password = $Remember = $Loginattempt = $Mailmypassword = $LoginToken = null; extract($this->extractRequestParams()); if (!empty($Loginattempt)) { // Login attempt $params = new FauxRequest(array('wpName' => $Name, 'wpPassword' => $Password, 'wpRemember' => $Remember, 'wpLoginattempt' => $Loginattempt, 'wpLoginToken' => $LoginToken)); // Init session if necessary if (session_id() == '') { wfSetupSession(); } $result = array(); $loginForm = new LoginForm($params); $caseCode = $loginForm->authenticateUserData(); switch ($caseCode) { case LoginForm::RESET_PASS: $result['result'] = 'Reset'; break; case LoginForm::SUCCESS: global $wgUser; $injected_html = ''; wfRunHooks('UserLoginComplete', array(&$wgUser, &$injected_html)); $wgUser->setGlobalPreference('rememberpassword', $Remember ? 1 : 0); $wgUser->setCookies(); $result['result'] = 'Success'; $result['lguserid'] = $_SESSION['wsUserID']; $result['lgusername'] = $_SESSION['wsUserName']; $result['lgtoken'] = $_SESSION['wsToken']; break; case LoginForm::NO_NAME: $result['result'] = 'NoName'; $result['text'] = wfMsg('noname'); break; case LoginForm::ILLEGAL: $result['result'] = 'Illegal'; $result['text'] = wfMsg('noname'); break; case LoginForm::WRONG_PLUGIN_PASS: $result['result'] = 'WrongPluginPass'; $result['text'] = wfMsg('wrongpassword'); break; case LoginForm::NOT_EXISTS: $result['result'] = 'NotExists'; $result['text'] = wfMsg('nosuchuser', htmlspecialchars($Name)); break; case LoginForm::WRONG_PASS: $result['result'] = 'WrongPass'; $result['text'] = wfMsg('wrongpassword'); #set default normal message $attemptedUser = User::newFromName($Name); if (!is_null($attemptedUser)) { $disOpt = $attemptedUser->getGlobalFlag('disabled'); if (!empty($disOpt) || defined('CLOSED_ACCOUNT_FLAG') && $attemptedUser->getRealName() == CLOSED_ACCOUNT_FLAG) { #either closed account flag was present, override fail message $result['text'] = wfMsg('edit-account-closed-flag'); } } break; case LoginForm::EMPTY_PASS: $result['result'] = 'EmptyPass'; $result['text'] = wfMsg('wrongpasswordempty'); break; case LoginForm::NEED_TOKEN: case LoginForm::WRONG_TOKEN: $result['result'] = 'NeedToken'; $result['text'] = wfMsg('sessionfailure'); break; case LoginForm::THROTTLED: $result['result'] = 'Throttled'; $result['text'] = wfMsg('login-throttled'); break; case LoginForm::ABORTED: $result['result'] = 'Aborted'; $result['text'] = wfMsg($loginForm->mAbortLoginErrorMsg); break; default: ApiBase::dieDebug(__METHOD__, "Unhandled case value: \"{$caseCode}\""); } $dbw = wfGetDB(DB_MASTER); $dbw->commit(); $this->getResult()->addValue(null, 'ajaxlogin', $result); } else { if (!empty($Mailmypassword)) { // Remind password attemp $params = new FauxRequest(array('wpName' => $Name)); $result = array(); $loginForm = new LoginForm($params); $loginForm->load(); global $wgUser, $wgOut, $wgAuth; if (!$wgAuth->allowPasswordChange()) { $result['result'] = 'resetpass_forbidden'; $result['text'] = wfMsg('resetpass_forbidden'); } else { if ($wgUser->isBlocked()) { $result['result'] = 'blocked-mailpassword'; $result['text'] = wfMsg('blocked-mailpassword'); } else { if ('' == $loginForm->mUsername) { $result['result'] = 'noname'; $result['text'] = wfMsg('noname'); } else { $u = User::newFromName($loginForm->mUsername); if (empty($u)) { $result['result'] = 'noname'; $result['text'] = wfMsg('noname'); } else { if (0 == $u->getID()) { $result['result'] = 'nosuchuser'; $result['text'] = wfMsg('nosuchuser', $u->getName()); } else { if ($u->isPasswordReminderThrottled()) { global $wgPasswordReminderResendTime; $result['result'] = 'throttled-mailpassword'; $result['text'] = wfMsg('throttled-mailpassword', round($wgPasswordReminderResendTime, 3)); } else { $res = $loginForm->mailPasswordInternal($u, true); if (!$res->isOK()) { $result['result'] = 'mailerror'; $result['text'] = wfMsg('mailerror', $res->getMessage()); } else { $result['result'] = 'OK'; $result['text'] = wfMsg('passwordsent', $u->getName()); } } } } } } } $dbw = wfGetDB(DB_MASTER); $dbw->commit(); $this->getResult()->addValue(null, 'ajaxlogin', $result); } } }
/** * Logs in a user with given login name and password. If keeploggedin, sets a cookie. * * @requestParam string username * @requestParam string password * @requestParam string keeploggedin [true/false] * @responseParam string result [ok/error/unconfirm/resetpass] * @responseParam string msg - result message * @responseParam string errParam - error param */ public function login() { // Init session if necessary if (session_id() == '') { wfSetupSession(); } $loginForm = new LoginForm($this->wg->request); $loginForm->load(); // MW1.19 uses different form fields names // set variables if ($this->wg->request->getText('username', '') != '') { $loginForm->mUsername = $this->wg->request->getText('username'); } if ($this->wg->request->getText('password', '') != '') { $loginForm->mPassword = $this->wg->request->getText('password'); } if ($this->wg->request->getText('keeploggedin', '') != '') { $loginForm->mRemember = $this->wg->request->getCheck('keeploggedin'); } if ($this->wg->request->getVal('loginToken', '') != '') { $loginForm->mToken = $this->wg->request->getVal('loginToken'); } if ($this->wg->request->getVal('returnto', '') != '') { $loginForm->mReturnTo = $this->wg->request->getVal('returnto'); } $loginCase = $loginForm->authenticateUserData(); switch ($loginCase) { case LoginForm::SUCCESS: // first check if user has confirmed email after sign up if ($this->wg->User->getGlobalFlag(self::NOT_CONFIRMED_SIGNUP_OPTION_NAME) && $this->wg->User->getGlobalAttribute(self::NOT_CONFIRMED_LOGIN_OPTION_NAME) !== self::NOT_CONFIRMED_LOGIN_ALLOWED) { // User not confirmed on signup LoginForm::clearLoginToken(); $this->userLoginHelper->setNotConfirmedUserSession($this->wg->User->getId()); $this->userLoginHelper->clearPasswordThrottle($loginForm->mUsername); $this->response->setValues(['result' => 'unconfirm', 'msg' => wfMessage('usersignup-confirmation-email-sent', $this->wg->User->getEmail())->parse()]); } else { $result = ''; $resultMsg = ''; if (!wfRunHooks('WikiaUserLoginSuccess', array($this->wg->User, &$result, &$resultMsg))) { $this->response->setValues(['result' => $result, 'msg' => $resultMsg]); break; } // Login succesful $injected_html = ''; wfRunHooks('UserLoginComplete', array(&$this->wg->User, &$injected_html)); // set rememberpassword option if ((bool) $loginForm->mRemember != (bool) $this->wg->User->getGlobalPreference('rememberpassword')) { $this->wg->User->setGlobalPreference('rememberpassword', $loginForm->mRemember ? 1 : 0); $this->wg->User->saveSettings(); } else { $this->wg->User->invalidateCache(); } $this->wg->User->setCookies(); LoginForm::clearLoginToken(); UserLoginHelper::clearNotConfirmedUserSession(); $this->userLoginHelper->clearPasswordThrottle($loginForm->mUsername); // we're sure at this point we'll need the private field' // value in the template let's pass them then $this->response->setValues(['username' => $loginForm->mUsername, 'result' => 'ok']); // regenerate session ID on user login (the approach MW's core SpecialUserLogin uses) // to avoid race conditions with long running requests logging the user back in & out // @see PLATFORM-1028 wfResetSessionID(); } break; case LoginForm::NEED_TOKEN: case LoginForm::WRONG_TOKEN: $this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-sessionfailure')->escaped()]); break; case LoginForm::NO_NAME: $this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-noname')->escaped(), 'errParam' => 'username']); break; case LoginForm::NOT_EXISTS: case LoginForm::ILLEGAL: $this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-nosuchuser')->escaped(), 'errParam' => 'username']); break; case LoginForm::WRONG_PLUGIN_PASS: $this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-wrongpassword')->escaped(), 'errParam' => 'password']); break; case LoginForm::WRONG_PASS: $this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-wrongpassword')->escaped(), 'errParam' => 'password']); $attemptedUser = User::newFromName($loginForm->mUsername); if (!is_null($attemptedUser)) { $disOpt = $attemptedUser->getGlobalFlag('disabled'); if (!empty($disOpt) || defined('CLOSED_ACCOUNT_FLAG') && $attemptedUser->getRealName() == CLOSED_ACCOUNT_FLAG) { # either closed account flag was present, override fail message $this->response->setValues(['msg' => wfMessage('userlogin-error-edit-account-closed-flag')->escaped(), 'errParam' => '']); } } break; case LoginForm::EMPTY_PASS: $this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-wrongpasswordempty')->escaped(), 'errParam' => 'password']); break; case LoginForm::RESET_PASS: $this->response->setVal('result', 'resetpass'); break; case LoginForm::THROTTLED: $this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-login-throttled')->escaped()]); break; case LoginForm::CREATE_BLOCKED: $this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-cantcreateaccount-text')->escaped()]); break; case LoginForm::USER_BLOCKED: $this->response->setValues(['result' => 'error', 'msg' => wfMessage('userlogin-error-login-userblocked')->escaped()]); break; case LoginForm::ABORTED: $this->result = 'error'; $this->msg = wfMessage($loginForm->mAbortLoginErrorMsg)->escaped(); break; default: throw new MWException("Unhandled case value"); } }
function authenticateUserData() { $this->authenticateStatus = parent::authenticateUserData(); return $this->authenticateStatus; }
/** * Executes the log-in attempt using the parameters passed. If * the log-in succeeds, it attaches a cookie to the session * and outputs the user id, username, and session token. If a * log-in fails, as the result of a bad password, a nonexistent * user, or any other reason, the host is cached with an expiry * and no log-in attempts will be accepted until that expiry * is reached. The expiry is $this->mLoginThrottle. */ public function execute() { // If we're in a mode that breaks the same-origin policy, no tokens can // be obtained if ($this->lacksSameOriginSecurity()) { $this->getResult()->addValue(null, 'login', array('result' => 'Aborted', 'reason' => 'Cannot log in when the same-origin policy is not applied')); return; } $params = $this->extractRequestParams(); $result = array(); // Make sure session is persisted $session = MediaWiki\Session\SessionManager::getGlobalSession(); $session->persist(); // Make sure it's possible to log in if (!$session->canSetUser()) { $this->getResult()->addValue(null, 'login', array('result' => 'Aborted', 'reason' => 'Cannot log in when using ' . $session->getProvider()->describe(Language::factory('en')))); return; } $authRes = false; $context = new DerivativeContext($this->getContext()); $loginType = 'N/A'; // Check login token $token = LoginForm::getLoginToken(); if (!$token) { LoginForm::setLoginToken(); $authRes = LoginForm::NEED_TOKEN; } elseif (!$params['token']) { $authRes = LoginForm::NEED_TOKEN; } elseif ($token !== $params['token']) { $authRes = LoginForm::WRONG_TOKEN; } // Try bot passwords if ($authRes === false && $this->getConfig()->get('EnableBotPasswords') && strpos($params['name'], BotPassword::getSeparator()) !== false) { $status = BotPassword::login($params['name'], $params['password'], $this->getRequest()); if ($status->isOk()) { $session = $status->getValue(); $authRes = LoginForm::SUCCESS; $loginType = 'BotPassword'; } else { LoggerFactory::getInstance('authmanager')->info('BotPassword login failed: ' . $status->getWikiText()); } } // Normal login if ($authRes === false) { $context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpDomain' => $params['domain'], 'wpLoginToken' => $params['token'], 'wpRemember' => ''))); $loginForm = new LoginForm(); $loginForm->setContext($context); $authRes = $loginForm->authenticateUserData(); $loginType = 'LoginForm'; } switch ($authRes) { case LoginForm::SUCCESS: $user = $context->getUser(); $this->getContext()->setUser($user); $user->setCookies($this->getRequest(), null, true); ApiQueryInfo::resetTokenCache(); // Run hooks. // @todo FIXME: Split back and frontend from this hook. // @todo FIXME: This hook should be placed in the backend $injected_html = ''; Hooks::run('UserLoginComplete', array(&$user, &$injected_html)); $result['result'] = 'Success'; $result['lguserid'] = intval($user->getId()); $result['lgusername'] = $user->getName(); // @todo: These are deprecated, and should be removed at some // point (1.28 at the earliest, and see T121527). They were ok // when the core cookie-based login was the only thing, but // CentralAuth broke that a while back and // SessionManager/AuthManager are *really* going to break it. $result['lgtoken'] = $user->getToken(); $result['cookieprefix'] = $this->getConfig()->get('CookiePrefix'); $result['sessionid'] = $session->getId(); break; case LoginForm::NEED_TOKEN: $result['result'] = 'NeedToken'; $result['token'] = LoginForm::getLoginToken(); // @todo: See above about deprecation $result['cookieprefix'] = $this->getConfig()->get('CookiePrefix'); $result['sessionid'] = $session->getId(); break; case LoginForm::WRONG_TOKEN: $result['result'] = 'WrongToken'; break; case LoginForm::NO_NAME: $result['result'] = 'NoName'; break; case LoginForm::ILLEGAL: $result['result'] = 'Illegal'; break; case LoginForm::WRONG_PLUGIN_PASS: $result['result'] = 'WrongPluginPass'; break; case LoginForm::NOT_EXISTS: $result['result'] = 'NotExists'; break; // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin: // The e-mailed temporary password should not be used for actual logins. // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin: // The e-mailed temporary password should not be used for actual logins. case LoginForm::RESET_PASS: case LoginForm::WRONG_PASS: $result['result'] = 'WrongPass'; break; case LoginForm::EMPTY_PASS: $result['result'] = 'EmptyPass'; break; case LoginForm::CREATE_BLOCKED: $result['result'] = 'CreateBlocked'; $result['details'] = 'Your IP address is blocked from account creation'; $block = $context->getUser()->getBlock(); if ($block) { $result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block)); } break; case LoginForm::THROTTLED: $result['result'] = 'Throttled'; $throttle = $this->getConfig()->get('PasswordAttemptThrottle'); $result['wait'] = intval($throttle['seconds']); break; case LoginForm::USER_BLOCKED: $result['result'] = 'Blocked'; $block = User::newFromName($params['name'])->getBlock(); if ($block) { $result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block)); } break; case LoginForm::ABORTED: $result['result'] = 'Aborted'; $result['reason'] = $loginForm->mAbortLoginErrorMsg; break; default: ApiBase::dieDebug(__METHOD__, "Unhandled case value: {$authRes}"); } $this->getResult()->addValue(null, 'login', $result); LoggerFactory::getInstance('authmanager')->info('Login attempt', array('event' => 'login', 'successful' => $authRes === LoginForm::SUCCESS, 'loginType' => $loginType, 'status' => LoginForm::$statusCodes[$authRes])); }
/** * This hook is registered by the Auth_remoteuser constructor. It will be * called on every page load. It serves the function of automatically logging * in the user. The Auth_remoteuser class is an AuthPlugin and handles the * actual authentication, user creation, etc. * * Details: * 1. Check to see if the user has a session and is not anonymous. If this is * true, check whether REMOTE_USER matches the session user. If so, we can * just return; otherwise we must logout the session user and login as the * REMOTE_USER. * 2. If the user doesn't have a session, we create a login form with our own * fake request and ask the form to authenticate the user. If the user does * not exist authenticateUserData will attempt to create one. The login form * uses our Auth_remoteuser class as an AuthPlugin. * * Note: If cookies are disabled, an infinite loop /might/ occur? */ function Auth_remote_user_hook() { global $wgUser, $wgRequest, $wgAuthRemoteuserDomain, $wgAuth; // For a few special pages, don't do anything. $title = $wgRequest->getVal('title'); if ($title == Title::makeName(NS_SPECIAL, 'UserLogout') || $title == Title::makeName(NS_SPECIAL, 'UserLogin')) { return; } // Process the username if required if (!isset($_SERVER['REMOTE_USER'])) { return; } if (isset($wgAuthRemoteuserDomain) && strlen($wgAuthRemoteuserDomain)) { $username = str_replace("{$wgAuthRemoteuserDomain}\\", "", $_SERVER['REMOTE_USER']); $username = str_replace("@{$wgAuthRemoteuserDomain}", "", $username); } else { $username = $_SERVER['REMOTE_USER']; } // Check for valid session $user = User::newFromSession(); if (!$user->isAnon()) { if ($user->getName() == $wgAuth->getCanonicalName($username)) { return; // Correct user is already logged in. } else { $user->doLogout(); // Logout mismatched user. } } // Copied from includes/SpecialUserlogin.php if (!isset($wgCommandLineMode) && !isset($_COOKIE[session_name()])) { wfSetupSession(); } // If the login form returns NEED_TOKEN try once more with the right token $trycount = 0; $token = ''; $errormessage = ''; do { $tryagain = false; // Submit a fake login form to authenticate the user. $params = new FauxRequest(array('wpName' => $username, 'wpPassword' => '', 'wpDomain' => '', 'wpLoginToken' => $token, 'wpRemember' => '')); // Authenticate user data will automatically create new users. $loginForm = new LoginForm($params); $result = $loginForm->authenticateUserData(); switch ($result) { case LoginForm::SUCCESS: $wgUser->setOption('rememberpassword', 1); $wgUser->setCookies(); break; case LoginForm::NEED_TOKEN: $token = $loginForm->getLoginToken(); $tryagain = $trycount == 0; break; case LoginForm::WRONG_TOKEN: $errormessage = 'WrongToken'; break; case LoginForm::NO_NAME: $errormessage = 'NoName'; break; case LoginForm::ILLEGAL: $errormessage = 'Illegal'; break; case LoginForm::WRONG_PLUGIN_PASS: $errormessage = 'WrongPluginPass'; break; case LoginForm::NOT_EXISTS: $errormessage = 'NotExists'; break; case LoginForm::WRONG_PASS: $errormessage = 'WrongPass'; break; case LoginForm::EMPTY_PASS: $errormessage = 'EmptyPass'; break; default: $errormessage = 'Unknown'; break; } if ($result != LoginForm::SUCCESS && $result != LoginForm::NEED_TOKEN) { error_log('Unexpected REMOTE_USER authentication failure. Login Error was:' . $errormessage); } $trycount++; } while ($tryagain); return; }
/** * Executes the log-in attempt using the parameters passed. If * the log-in succeeds, it attaches a cookie to the session * and outputs the user id, username, and session token. If a * log-in fails, as the result of a bad password, a nonexistent * user, or any other reason, the host is cached with an expiry * and no log-in attempts will be accepted until that expiry * is reached. The expiry is $this->mLoginThrottle. */ public function execute() { // If we're in a mode that breaks the same-origin policy, no tokens can // be obtained if ($this->lacksSameOriginSecurity()) { $this->getResult()->addValue(null, 'login', ['result' => 'Aborted', 'reason' => 'Cannot log in when the same-origin policy is not applied']); return; } $params = $this->extractRequestParams(); $result = []; // Make sure session is persisted $session = MediaWiki\Session\SessionManager::getGlobalSession(); $session->persist(); // Make sure it's possible to log in if (!$session->canSetUser()) { $this->getResult()->addValue(null, 'login', ['result' => 'Aborted', 'reason' => 'Cannot log in when using ' . $session->getProvider()->describe(Language::factory('en'))]); return; } $authRes = false; $context = new DerivativeContext($this->getContext()); $loginType = 'N/A'; // Check login token $token = $session->getToken('', 'login'); if ($token->wasNew() || !$params['token']) { $authRes = 'NeedToken'; } elseif (!$token->match($params['token'])) { $authRes = 'WrongToken'; } // Try bot passwords if ($authRes === false && $this->getConfig()->get('EnableBotPasswords') && strpos($params['name'], BotPassword::getSeparator()) !== false) { $status = BotPassword::login($params['name'], $params['password'], $this->getRequest()); if ($status->isOK()) { $session = $status->getValue(); $authRes = 'Success'; $loginType = 'BotPassword'; } else { $authRes = 'Failed'; $message = $status->getMessage(); LoggerFactory::getInstance('authmanager')->info('BotPassword login failed: ' . $status->getWikiText(false, false, 'en')); } } if ($authRes === false) { if ($this->getConfig()->get('DisableAuthManager')) { // Non-AuthManager login $context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), ['wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpDomain' => $params['domain'], 'wpLoginToken' => $params['token'], 'wpRemember' => ''])); $loginForm = new LoginForm(); $loginForm->setContext($context); $authRes = $loginForm->authenticateUserData(); $loginType = 'LoginForm'; switch ($authRes) { case LoginForm::SUCCESS: $authRes = 'Success'; break; case LoginForm::NEED_TOKEN: $authRes = 'NeedToken'; break; } } else { // Simplified AuthManager login, for backwards compatibility $manager = AuthManager::singleton(); $reqs = AuthenticationRequest::loadRequestsFromSubmission($manager->getAuthenticationRequests(AuthManager::ACTION_LOGIN, $this->getUser()), ['username' => $params['name'], 'password' => $params['password'], 'domain' => $params['domain'], 'rememberMe' => true]); $res = AuthManager::singleton()->beginAuthentication($reqs, 'null:'); switch ($res->status) { case AuthenticationResponse::PASS: if ($this->getConfig()->get('EnableBotPasswords')) { $warn = 'Main-account login via action=login is deprecated and may stop working ' . 'without warning.'; $warn .= ' To continue login with action=login, see [[Special:BotPasswords]].'; $warn .= ' To safely continue using main-account login, see action=clientlogin.'; } else { $warn = 'Login via action=login is deprecated and may stop working without warning.'; $warn .= ' To safely log in, see action=clientlogin.'; } $this->setWarning($warn); $authRes = 'Success'; $loginType = 'AuthManager'; break; case AuthenticationResponse::FAIL: // Hope it's not a PreAuthenticationProvider that failed... $authRes = 'Failed'; $message = $res->message; \MediaWiki\Logger\LoggerFactory::getInstance('authentication')->info(__METHOD__ . ': Authentication failed: ' . $message->plain()); break; default: $authRes = 'Aborted'; break; } } } $result['result'] = $authRes; switch ($authRes) { case 'Success': if ($this->getConfig()->get('DisableAuthManager')) { $user = $context->getUser(); $this->getContext()->setUser($user); $user->setCookies($this->getRequest(), null, true); } else { $user = $session->getUser(); } ApiQueryInfo::resetTokenCache(); // Deprecated hook $injected_html = ''; Hooks::run('UserLoginComplete', [&$user, &$injected_html]); $result['lguserid'] = intval($user->getId()); $result['lgusername'] = $user->getName(); // @todo: These are deprecated, and should be removed at some // point (1.28 at the earliest, and see T121527). They were ok // when the core cookie-based login was the only thing, but // CentralAuth broke that a while back and // SessionManager/AuthManager *really* break it. $result['lgtoken'] = $user->getToken(); $result['cookieprefix'] = $this->getConfig()->get('CookiePrefix'); $result['sessionid'] = $session->getId(); break; case 'NeedToken': $result['token'] = $token->toString(); $this->setWarning('Fetching a token via action=login is deprecated. ' . 'Use action=query&meta=tokens&type=login instead.'); $this->logFeatureUsage('action=login&!lgtoken'); // @todo: See above about deprecation $result['cookieprefix'] = $this->getConfig()->get('CookiePrefix'); $result['sessionid'] = $session->getId(); break; case 'WrongToken': break; case 'Failed': $result['reason'] = $message->useDatabase('false')->inLanguage('en')->text(); break; case 'Aborted': $result['reason'] = 'Authentication requires user interaction, ' . 'which is not supported by action=login.'; if ($this->getConfig()->get('EnableBotPasswords')) { $result['reason'] .= ' To be able to login with action=login, see [[Special:BotPasswords]].'; $result['reason'] .= ' To continue using main-account login, see action=clientlogin.'; } else { $result['reason'] .= ' To log in, see action=clientlogin.'; } break; // Results from LoginForm for when $wgDisableAuthManager is true // Results from LoginForm for when $wgDisableAuthManager is true case LoginForm::WRONG_TOKEN: $result['result'] = 'WrongToken'; break; case LoginForm::NO_NAME: $result['result'] = 'NoName'; break; case LoginForm::ILLEGAL: $result['result'] = 'Illegal'; break; case LoginForm::WRONG_PLUGIN_PASS: $result['result'] = 'WrongPluginPass'; break; case LoginForm::NOT_EXISTS: $result['result'] = 'NotExists'; break; // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin: // The e-mailed temporary password should not be used for actual logins. // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin: // The e-mailed temporary password should not be used for actual logins. case LoginForm::RESET_PASS: case LoginForm::WRONG_PASS: $result['result'] = 'WrongPass'; break; case LoginForm::EMPTY_PASS: $result['result'] = 'EmptyPass'; break; case LoginForm::CREATE_BLOCKED: $result['result'] = 'CreateBlocked'; $result['details'] = 'Your IP address is blocked from account creation'; $block = $context->getUser()->getBlock(); if ($block) { $result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block)); } break; case LoginForm::THROTTLED: $result['result'] = 'Throttled'; $result['wait'] = intval($loginForm->mThrottleWait); break; case LoginForm::USER_BLOCKED: $result['result'] = 'Blocked'; $block = User::newFromName($params['name'])->getBlock(); if ($block) { $result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block)); } break; case LoginForm::ABORTED: $result['result'] = 'Aborted'; $result['reason'] = $loginForm->mAbortLoginErrorMsg; break; default: ApiBase::dieDebug(__METHOD__, "Unhandled case value: {$authRes}"); } $this->getResult()->addValue(null, 'login', $result); if ($loginType === 'LoginForm' && isset(LoginForm::$statusCodes[$authRes])) { $authRes = LoginForm::$statusCodes[$authRes]; } LoggerFactory::getInstance('authmanager')->info('Login attempt', ['event' => 'login', 'successful' => $authRes === 'Success', 'loginType' => $loginType, 'status' => $authRes]); }
public function execute() { wfSetupSession(); $Name = $Password = $Remember = $Loginattempt = $Mailmypassword = $Token = null; extract($this->extractRequestParams()); if (!empty($Loginattempt)) { // Login attempt $params = new FauxRequest(array('wpName' => $Name, 'wpPassword' => $Password, 'wpRemember' => $Remember, 'wpLoginattempt' => $Loginattempt, 'wpLoginToken' => $Token)); $result = array(); $loginForm = new LoginForm($params); switch ($loginForm->authenticateUserData()) { case LoginForm::RESET_PASS: $result['result'] = 'Reset'; break; case LoginForm::SUCCESS: global $wgUser, $wgCookiePrefix; $wgUser->setOption('rememberpassword', $Remember ? 1 : 0); $wgUser->setCookies(); $result['result'] = 'Success'; $result['lguserid'] = intval($wgUser->getId()); $result['lgusername'] = $wgUser->getName(); $result['lgtoken'] = $wgUser->getToken(); $result['cookieprefix'] = $wgCookiePrefix; $result['sessionid'] = session_id(); break; case LoginForm::NEED_TOKEN: $result['result'] = 'NeedToken'; $result['token'] = $loginForm->getLoginToken(); $result['cookieprefix'] = $wgCookiePrefix; $result['sessionid'] = session_id(); break; case LoginForm::WRONG_TOKEN: $result['result'] = 'WrongToken'; break; case LoginForm::NO_NAME: $result['result'] = 'NoName'; $result['text'] = wfMsg('noname'); break; case LoginForm::ILLEGAL: $result['result'] = 'Illegal'; $result['text'] = wfMsg('noname'); break; case LoginForm::WRONG_PLUGIN_PASS: $result['result'] = 'WrongPluginPass'; $result['text'] = wfMsg('wrongpassword'); break; case LoginForm::NOT_EXISTS: $result['result'] = 'NotExists'; $result['text'] = wfMsg('al-nosuchuser', htmlspecialchars($Name)); break; case LoginForm::RESET_PASS: case LoginForm::WRONG_PASS: $result['result'] = 'WrongPass'; $result['text'] = wfMsg('wrongpassword'); break; case LoginForm::EMPTY_PASS: $result['result'] = 'EmptyPass'; $result['text'] = wfMsg('wrongpasswordempty'); break; case LoginForm::CREATE_BLOCKED: $result['result'] = 'CreateBlocked'; $result['text'] = wfMsg('al-createblocked'); break; case LoginForm::THROTTLED: global $wgPasswordAttemptThrottle, $wgLang; $result['result'] = 'Throttled'; $result['text'] = wfMsgExt('al-throttled', 'parsemag', $wgLang->formatNum(intval($wgPasswordAttemptThrottle['seconds']))); break; case LoginForm::USER_BLOCKED: $result['result'] = 'Blocked'; break; default: ApiBase::dieDebug(__METHOD__, 'Unhandled case value'); } $dbw = wfGetDB(DB_MASTER); $dbw->commit(); $this->getResult()->addValue(null, 'ajaxlogin', $result); } elseif (!empty($Mailmypassword)) { // Remind password attempt $params = new FauxRequest(array('wpName' => $Name)); $result = array(); $loginForm = new LoginForm($params); global $wgUser, $wgAuth; if (!$wgAuth->allowPasswordChange()) { $result['result'] = 'resetpass_forbidden'; $result['text'] = wfMsg('resetpass_forbidden'); } elseif ($wgUser->isBlocked()) { $result['result'] = 'blocked-mailpassword'; $result['text'] = wfMsg('blocked-mailpassword'); } elseif ('' == $loginForm->mName) { $result['result'] = 'noname'; $result['text'] = wfMsg('noname'); } else { $u = User::newFromName($loginForm->mName); if (is_null($u)) { $result['result'] = 'noname'; $result['text'] = wfMsg('noname'); } elseif (0 == $u->getID()) { $result['result'] = 'nosuchuser'; $result['text'] = wfMsg('al-nosuchuser', $u->getName()); } elseif ($u->isPasswordReminderThrottled()) { global $wgPasswordReminderResendTime; $result['result'] = 'throttled-mailpassword'; $result['text'] = wfMsg('throttled-mailpassword', round($wgPasswordReminderResendTime, 3)); } else { $res = $loginForm->mailPasswordInternal($u, true); if (WikiError::isError($res)) { $result['result'] = 'mailerror'; $result['text'] = wfMsg('mailerror', $res->getMessage()); } else { $result['result'] = 'OK'; $result['text'] = wfMsg('passwordsent', $u->getName()); } } } $dbw = wfGetDB(DB_MASTER); $dbw->commit(); $this->getResult()->addValue(null, 'ajaxlogin', $result); } }