/**
  * Main execution point
  */
 function execute($par)
 {
     global $wgAuth;
     $this->checkReadOnly();
     $request = $this->getRequest();
     $this->mUserName = trim($request->getVal('wpName'));
     $this->mOldpass = $request->getVal('wpPassword');
     $this->mNewpass = $request->getVal('wpNewPassword');
     $this->mRetype = $request->getVal('wpRetype');
     $this->mDomain = $request->getVal('wpDomain');
     $this->setHeaders();
     $this->outputHeader();
     $this->getOutput()->disallowUserJs();
     $user = $this->getUser();
     if (!$request->wasPosted() && !$user->isLoggedIn()) {
         $this->error($this->msg('resetpass-no-info')->text());
         return;
     }
     if ($request->wasPosted() && $request->getBool('wpCancel')) {
         $this->doReturnTo();
         return;
     }
     if ($request->wasPosted() && $user->matchEditToken($request->getVal('token'))) {
         try {
             if (isset($_SESSION['wsDomain'])) {
                 $this->mDomain = $_SESSION['wsDomain'];
             }
             $wgAuth->setDomain($this->mDomain);
             if (!$wgAuth->allowPasswordChange()) {
                 $this->error($this->msg('resetpass_forbidden')->text());
                 return;
             }
             $this->attemptReset($this->mNewpass, $this->mRetype);
             $this->getOutput()->addWikiMsg('resetpass_success');
             if (!$user->isLoggedIn()) {
                 LoginForm::setLoginToken();
                 $token = LoginForm::getLoginToken();
                 $data = array('action' => 'submitlogin', 'wpName' => $this->mUserName, 'wpDomain' => $this->mDomain, 'wpLoginToken' => $token, 'wpPassword' => $this->mNewpass, 'returnto' => $request->getVal('returnto'));
                 if ($request->getCheck('wpRemember')) {
                     $data['wpRemember'] = 1;
                 }
                 $login = new LoginForm(new FauxRequest($data, true));
                 $login->setContext($this->getContext());
                 $login->execute(null);
             }
             $this->doReturnTo();
         } catch (PasswordError $e) {
             $this->error($e->getMessage());
         }
     }
     $this->showForm();
 }
示例#2
0
 /**
  * Executes the log-in attempt using the parameters passed. If
  * the log-in succeeeds, it attaches a cookie to the session
  * and outputs the user id, username, and session token. If a
  * log-in fails, as the result of a bad password, a nonexistent
  * user, or any other reason, the host is cached with an expiry
  * and no log-in attempts will be accepted until that expiry
  * is reached. The expiry is $this->mLoginThrottle.
  */
 public function execute()
 {
     $params = $this->extractRequestParams();
     $result = array();
     // Init session if necessary
     if (session_id() == '') {
         wfSetupSession();
     }
     $context = new DerivativeContext($this->getContext());
     $context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpDomain' => $params['domain'], 'wpLoginToken' => $params['token'], 'wpRemember' => '')));
     $loginForm = new LoginForm();
     $loginForm->setContext($context);
     global $wgCookiePrefix, $wgPasswordAttemptThrottle;
     $authRes = $loginForm->authenticateUserData();
     switch ($authRes) {
         case LoginForm::SUCCESS:
             $user = $context->getUser();
             $this->getContext()->setUser($user);
             $user->setOption('rememberpassword', 1);
             $user->setCookies($this->getRequest());
             ApiQueryInfo::resetTokenCache();
             // Run hooks.
             // @todo FIXME: Split back and frontend from this hook.
             // @todo FIXME: This hook should be placed in the backend
             $injected_html = '';
             wfRunHooks('UserLoginComplete', array(&$user, &$injected_html));
             $result['result'] = 'Success';
             $result['lguserid'] = intval($user->getId());
             $result['lgusername'] = $user->getName();
             $result['lgtoken'] = $user->getToken();
             $result['cookieprefix'] = $wgCookiePrefix;
             $result['sessionid'] = session_id();
             break;
         case LoginForm::NEED_TOKEN:
             $result['result'] = 'NeedToken';
             $result['token'] = $loginForm->getLoginToken();
             $result['cookieprefix'] = $wgCookiePrefix;
             $result['sessionid'] = session_id();
             break;
         case LoginForm::WRONG_TOKEN:
             $result['result'] = 'WrongToken';
             break;
         case LoginForm::NO_NAME:
             $result['result'] = 'NoName';
             break;
         case LoginForm::ILLEGAL:
             $result['result'] = 'Illegal';
             break;
         case LoginForm::WRONG_PLUGIN_PASS:
             $result['result'] = 'WrongPluginPass';
             break;
         case LoginForm::NOT_EXISTS:
             $result['result'] = 'NotExists';
             break;
         case LoginForm::RESET_PASS:
             // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin - "The e-mailed temporary password should not be used for actual logins;"
         // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin - "The e-mailed temporary password should not be used for actual logins;"
         case LoginForm::WRONG_PASS:
             $result['result'] = 'WrongPass';
             break;
         case LoginForm::EMPTY_PASS:
             $result['result'] = 'EmptyPass';
             break;
         case LoginForm::CREATE_BLOCKED:
             $result['result'] = 'CreateBlocked';
             $result['details'] = 'Your IP address is blocked from account creation';
             break;
         case LoginForm::THROTTLED:
             $result['result'] = 'Throttled';
             $result['wait'] = intval($wgPasswordAttemptThrottle['seconds']);
             break;
         case LoginForm::USER_BLOCKED:
             $result['result'] = 'Blocked';
             break;
         case LoginForm::ABORTED:
             $result['result'] = 'Aborted';
             $result['reason'] = $loginForm->mAbortLoginErrorMsg;
             break;
         default:
             ApiBase::dieDebug(__METHOD__, "Unhandled case value: {$authRes}");
     }
     $this->getResult()->addValue(null, 'login', $result);
 }
示例#3
0
 public function onSuccess()
 {
     if ($this->getUser()->isLoggedIn()) {
         $this->getOutput()->wrapWikiMsg("<div class=\"successbox\">\n\$1\n</div>", 'changepassword-success');
         $this->getOutput()->returnToMain();
     } else {
         $request = $this->getRequest();
         LoginForm::setLoginToken();
         $token = LoginForm::getLoginToken();
         $data = array('action' => 'submitlogin', 'wpName' => $this->mUserName, 'wpDomain' => $this->mDomain, 'wpLoginToken' => $token, 'wpPassword' => $request->getVal('wpNewPassword')) + $request->getValues('wpRemember', 'returnto', 'returntoquery');
         $login = new LoginForm(new DerivativeRequest($request, $data, true));
         $login->setContext($this->getContext());
         $login->execute(null);
     }
 }
示例#4
0
 /**
  * Executes the log-in attempt using the parameters passed. If
  * the log-in succeeds, it attaches a cookie to the session
  * and outputs the user id, username, and session token. If a
  * log-in fails, as the result of a bad password, a nonexistent
  * user, or any other reason, the host is cached with an expiry
  * and no log-in attempts will be accepted until that expiry
  * is reached. The expiry is $this->mLoginThrottle.
  */
 public function execute()
 {
     // If we're in a mode that breaks the same-origin policy, no tokens can
     // be obtained
     if ($this->lacksSameOriginSecurity()) {
         $this->getResult()->addValue(null, 'login', array('result' => 'Aborted', 'reason' => 'Cannot log in when the same-origin policy is not applied'));
         return;
     }
     $params = $this->extractRequestParams();
     $result = array();
     // Init session if necessary
     if (session_id() == '') {
         wfSetupSession();
     }
     $context = new DerivativeContext($this->getContext());
     $context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpDomain' => $params['domain'], 'wpLoginToken' => $params['token'], 'wpRemember' => '')));
     $loginForm = new LoginForm();
     $loginForm->setContext($context);
     $authRes = $loginForm->authenticateUserData();
     switch ($authRes) {
         case LoginForm::SUCCESS:
             $user = $context->getUser();
             $this->getContext()->setUser($user);
             $user->setCookies($this->getRequest(), null, true);
             ApiQueryInfo::resetTokenCache();
             // Run hooks.
             // @todo FIXME: Split back and frontend from this hook.
             // @todo FIXME: This hook should be placed in the backend
             $injected_html = '';
             Hooks::run('UserLoginComplete', array(&$user, &$injected_html));
             $result['result'] = 'Success';
             $result['lguserid'] = intval($user->getId());
             $result['lgusername'] = $user->getName();
             $result['lgtoken'] = $user->getToken();
             $result['cookieprefix'] = $this->getConfig()->get('CookiePrefix');
             $result['sessionid'] = session_id();
             break;
         case LoginForm::NEED_TOKEN:
             $result['result'] = 'NeedToken';
             $result['token'] = $loginForm->getLoginToken();
             $result['cookieprefix'] = $this->getConfig()->get('CookiePrefix');
             $result['sessionid'] = session_id();
             break;
         case LoginForm::WRONG_TOKEN:
             $result['result'] = 'WrongToken';
             break;
         case LoginForm::NO_NAME:
             $result['result'] = 'NoName';
             break;
         case LoginForm::ILLEGAL:
             $result['result'] = 'Illegal';
             break;
         case LoginForm::WRONG_PLUGIN_PASS:
             $result['result'] = 'WrongPluginPass';
             break;
         case LoginForm::NOT_EXISTS:
             $result['result'] = 'NotExists';
             break;
             // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
             // The e-mailed temporary password should not be used for actual logins.
         // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
         // The e-mailed temporary password should not be used for actual logins.
         case LoginForm::RESET_PASS:
         case LoginForm::WRONG_PASS:
             $result['result'] = 'WrongPass';
             break;
         case LoginForm::EMPTY_PASS:
             $result['result'] = 'EmptyPass';
             break;
         case LoginForm::CREATE_BLOCKED:
             $result['result'] = 'CreateBlocked';
             $result['details'] = 'Your IP address is blocked from account creation';
             $block = $context->getUser()->getBlock();
             if ($block) {
                 $result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block));
             }
             break;
         case LoginForm::THROTTLED:
             $result['result'] = 'Throttled';
             $throttle = $this->getConfig()->get('PasswordAttemptThrottle');
             $result['wait'] = intval($throttle['seconds']);
             break;
         case LoginForm::USER_BLOCKED:
             $result['result'] = 'Blocked';
             $block = User::newFromName($params['name'])->getBlock();
             if ($block) {
                 $result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block));
             }
             break;
         case LoginForm::ABORTED:
             $result['result'] = 'Aborted';
             $result['reason'] = $loginForm->mAbortLoginErrorMsg;
             break;
         default:
             ApiBase::dieDebug(__METHOD__, "Unhandled case value: {$authRes}");
     }
     $this->getResult()->addValue(null, 'login', $result);
     LoggerFactory::getInstance('authmanager')->info('Login attempt', array('event' => 'login', 'successful' => $authRes === LoginForm::SUCCESS, 'status' => LoginForm::$statusCodes[$authRes]));
 }
示例#5
0
 public function execute()
 {
     // If we're in a mode that breaks the same-origin policy, no tokens can
     // be obtained
     if ($this->lacksSameOriginSecurity()) {
         $this->dieUsage('Cannot create account when the same-origin policy is not applied', 'aborted');
     }
     // $loginForm->addNewaccountInternal will throw exceptions
     // if wiki is read only (already handled by api), user is blocked or does not have rights.
     // Use userCan in order to hit GlobalBlock checks (according to Special:userlogin)
     $loginTitle = SpecialPage::getTitleFor('Userlogin');
     if (!$loginTitle->userCan('createaccount', $this->getUser())) {
         $this->dieUsage('You do not have the right to create a new account', 'permdenied-createaccount');
     }
     if ($this->getUser()->isBlockedFromCreateAccount()) {
         $this->dieUsage('You cannot create a new account because you are blocked', 'blocked', 0, array('blockinfo' => ApiQueryUserInfo::getBlockInfo($this->getUser()->getBlock())));
     }
     $params = $this->extractRequestParams();
     // Init session if necessary
     if (session_id() == '') {
         wfSetupSession();
     }
     if ($params['mailpassword'] && !$params['email']) {
         $this->dieUsageMsg('noemail');
     }
     if ($params['language'] && !Language::isSupportedLanguage($params['language'])) {
         $this->dieUsage('Invalid language parameter', 'langinvalid');
     }
     $context = new DerivativeContext($this->getContext());
     $context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('type' => 'signup', 'uselang' => $params['language'], 'wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpRetype' => $params['password'], 'wpDomain' => $params['domain'], 'wpEmail' => $params['email'], 'wpRealName' => $params['realname'], 'wpCreateaccountToken' => $params['token'], 'wpCreateaccount' => $params['mailpassword'] ? null : '1', 'wpCreateaccountMail' => $params['mailpassword'] ? '1' : null)));
     $loginForm = new LoginForm();
     $loginForm->setContext($context);
     Hooks::run('AddNewAccountApiForm', array($this, $loginForm));
     $loginForm->load();
     $status = $loginForm->addNewaccountInternal();
     $result = array();
     if ($status->isGood()) {
         // Success!
         $user = $status->getValue();
         if ($params['language']) {
             $user->setOption('language', $params['language']);
         }
         if ($params['mailpassword']) {
             // If mailpassword was set, disable the password and send an email.
             $user->setPassword(null);
             $status->merge($loginForm->mailPasswordInternal($user, false, 'createaccount-title', 'createaccount-text'));
         } elseif ($this->getConfig()->get('EmailAuthentication') && Sanitizer::validateEmail($user->getEmail())) {
             // Send out an email authentication message if needed
             $status->merge($user->sendConfirmationMail());
         }
         // Save settings (including confirmation token)
         $user->saveSettings();
         Hooks::run('AddNewAccount', array($user, $params['mailpassword']));
         if ($params['mailpassword']) {
             $logAction = 'byemail';
         } elseif ($this->getUser()->isLoggedIn()) {
             $logAction = 'create2';
         } else {
             $logAction = 'create';
         }
         $user->addNewUserLogEntry($logAction, (string) $params['reason']);
         // Add username, id, and token to result.
         $result['username'] = $user->getName();
         $result['userid'] = $user->getId();
         $result['token'] = $user->getToken();
     }
     $apiResult = $this->getResult();
     if ($status->hasMessage('sessionfailure') || $status->hasMessage('nocookiesfornew')) {
         // Token was incorrect, so add it to result, but don't throw an exception
         // since not having the correct token is part of the normal
         // flow of events.
         $result['token'] = LoginForm::getCreateaccountToken();
         $result['result'] = 'NeedToken';
     } elseif (!$status->isOK()) {
         // There was an error. Die now.
         $this->dieStatus($status);
     } elseif (!$status->isGood()) {
         // Status is not good, but OK. This means warnings.
         $result['result'] = 'Warning';
         // Add any warnings to the result
         $warnings = $status->getErrorsByType('warning');
         if ($warnings) {
             foreach ($warnings as &$warning) {
                 ApiResult::setIndexedTagName($warning['params'], 'param');
             }
             ApiResult::setIndexedTagName($warnings, 'warning');
             $result['warnings'] = $warnings;
         }
     } else {
         // Everything was fine.
         $result['result'] = 'Success';
     }
     // Give extensions a chance to modify the API result data
     Hooks::run('AddNewAccountApiResult', array($this, $loginForm, &$result));
     $apiResult->addValue(null, 'createaccount', $result);
 }
 public function execute()
 {
     // $loginForm->addNewaccountInternal will throw exceptions
     // if wiki is read only (already handled by api), user is blocked or does not have rights.
     // Use userCan in order to hit GlobalBlock checks (according to Special:userlogin)
     $loginTitle = SpecialPage::getTitleFor('Userlogin');
     if (!$loginTitle->userCan('createaccount', $this->getUser())) {
         $this->dieUsage('You do not have the right to create a new account', 'permdenied-createaccount');
     }
     if ($this->getUser()->isBlockedFromCreateAccount()) {
         $this->dieUsage('You cannot create a new account because you are blocked', 'blocked');
     }
     $params = $this->extractRequestParams();
     $result = array();
     // Init session if necessary
     if (session_id() == '') {
         wfSetupSession();
     }
     if ($params['mailpassword'] && !$params['email']) {
         $this->dieUsageMsg('noemail');
     }
     $context = new DerivativeContext($this->getContext());
     $context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('type' => 'signup', 'uselang' => $params['language'], 'wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpRetype' => $params['password'], 'wpDomain' => $params['domain'], 'wpEmail' => $params['email'], 'wpRealName' => $params['realname'], 'wpCreateaccountToken' => $params['token'], 'wpCreateaccount' => $params['mailpassword'] ? null : '1', 'wpCreateaccountMail' => $params['mailpassword'] ? '1' : null)));
     $loginForm = new LoginForm();
     $loginForm->setContext($context);
     $loginForm->load();
     $status = $loginForm->addNewaccountInternal();
     $result = array();
     if ($status->isGood()) {
         // Success!
         $user = $status->getValue();
         // If we showed up language selection links, and one was in use, be
         // smart (and sensible) and save that language as the user's preference
         global $wgLoginLanguageSelector, $wgEmailAuthentication;
         if ($wgLoginLanguageSelector && $params['language']) {
             $user->setOption('language', $params['language']);
         }
         if ($params['mailpassword']) {
             // If mailpassword was set, disable the password and send an email.
             $user->setPassword(null);
             $status->merge($loginForm->mailPasswordInternal($user, false, 'createaccount-title', 'createaccount-text'));
         } elseif ($wgEmailAuthentication && Sanitizer::validateEmail($user->getEmail())) {
             // Send out an email authentication message if needed
             $status->merge($user->sendConfirmationMail());
         }
         // Save settings (including confirmation token)
         $user->saveSettings();
         wfRunHooks('AddNewAccount', array($user, $params['mailpassword']));
         if ($params['mailpassword']) {
             $logAction = 'byemail';
         } elseif ($this->getUser()->isLoggedIn()) {
             $logAction = 'create2';
         } else {
             $logAction = 'create';
         }
         $user->addNewUserLogEntry($logAction, (string) $params['reason']);
         // Add username, id, and token to result.
         $result['username'] = $user->getName();
         $result['userid'] = $user->getId();
         $result['token'] = $user->getToken();
     }
     $apiResult = $this->getResult();
     if ($status->hasMessage('sessionfailure') || $status->hasMessage('nocookiesfornew')) {
         // Token was incorrect, so add it to result, but don't throw an exception
         // since not having the correct token is part of the normal
         // flow of events.
         $result['token'] = LoginForm::getCreateaccountToken();
         $result['result'] = 'needtoken';
     } elseif (!$status->isOK()) {
         // There was an error. Die now.
         // Cannot use dieUsageMsg() directly because extensions
         // might return custom error messages.
         $errors = $status->getErrorsArray();
         if ($errors[0] instanceof Message) {
             $code = 'aborted';
             $desc = $errors[0];
         } else {
             $code = array_shift($errors[0]);
             $desc = wfMessage($code, $errors[0]);
         }
         $this->dieUsage($desc, $code);
     } elseif (!$status->isGood()) {
         // Status is not good, but OK. This means warnings.
         $result['result'] = 'warning';
         // Add any warnings to the result
         $warnings = $status->getErrorsByType('warning');
         if ($warnings) {
             foreach ($warnings as &$warning) {
                 $apiResult->setIndexedTagName($warning['params'], 'param');
             }
             $apiResult->setIndexedTagName($warnings, 'warning');
             $result['warnings'] = $warnings;
         }
     } else {
         // Everything was fine.
         $result['result'] = 'success';
     }
     $apiResult->addValue(null, 'createaccount', $result);
 }
示例#7
0
 /**
  * Executes the log-in attempt using the parameters passed. If
  * the log-in succeeds, it attaches a cookie to the session
  * and outputs the user id, username, and session token. If a
  * log-in fails, as the result of a bad password, a nonexistent
  * user, or any other reason, the host is cached with an expiry
  * and no log-in attempts will be accepted until that expiry
  * is reached. The expiry is $this->mLoginThrottle.
  */
 public function execute()
 {
     // If we're in a mode that breaks the same-origin policy, no tokens can
     // be obtained
     if ($this->lacksSameOriginSecurity()) {
         $this->getResult()->addValue(null, 'login', array('result' => 'Aborted', 'reason' => 'Cannot log in when the same-origin policy is not applied'));
         return;
     }
     $params = $this->extractRequestParams();
     $result = array();
     // Make sure session is persisted
     $session = MediaWiki\Session\SessionManager::getGlobalSession();
     $session->persist();
     // Make sure it's possible to log in
     if (!$session->canSetUser()) {
         $this->getResult()->addValue(null, 'login', array('result' => 'Aborted', 'reason' => 'Cannot log in when using ' . $session->getProvider()->describe(Language::factory('en'))));
         return;
     }
     $authRes = false;
     $context = new DerivativeContext($this->getContext());
     $loginType = 'N/A';
     // Check login token
     $token = LoginForm::getLoginToken();
     if (!$token) {
         LoginForm::setLoginToken();
         $authRes = LoginForm::NEED_TOKEN;
     } elseif (!$params['token']) {
         $authRes = LoginForm::NEED_TOKEN;
     } elseif ($token !== $params['token']) {
         $authRes = LoginForm::WRONG_TOKEN;
     }
     // Try bot passwords
     if ($authRes === false && $this->getConfig()->get('EnableBotPasswords') && strpos($params['name'], BotPassword::getSeparator()) !== false) {
         $status = BotPassword::login($params['name'], $params['password'], $this->getRequest());
         if ($status->isOk()) {
             $session = $status->getValue();
             $authRes = LoginForm::SUCCESS;
             $loginType = 'BotPassword';
         } else {
             LoggerFactory::getInstance('authmanager')->info('BotPassword login failed: ' . $status->getWikiText());
         }
     }
     // Normal login
     if ($authRes === false) {
         $context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), array('wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpDomain' => $params['domain'], 'wpLoginToken' => $params['token'], 'wpRemember' => '')));
         $loginForm = new LoginForm();
         $loginForm->setContext($context);
         $authRes = $loginForm->authenticateUserData();
         $loginType = 'LoginForm';
     }
     switch ($authRes) {
         case LoginForm::SUCCESS:
             $user = $context->getUser();
             $this->getContext()->setUser($user);
             $user->setCookies($this->getRequest(), null, true);
             ApiQueryInfo::resetTokenCache();
             // Run hooks.
             // @todo FIXME: Split back and frontend from this hook.
             // @todo FIXME: This hook should be placed in the backend
             $injected_html = '';
             Hooks::run('UserLoginComplete', array(&$user, &$injected_html));
             $result['result'] = 'Success';
             $result['lguserid'] = intval($user->getId());
             $result['lgusername'] = $user->getName();
             // @todo: These are deprecated, and should be removed at some
             // point (1.28 at the earliest, and see T121527). They were ok
             // when the core cookie-based login was the only thing, but
             // CentralAuth broke that a while back and
             // SessionManager/AuthManager are *really* going to break it.
             $result['lgtoken'] = $user->getToken();
             $result['cookieprefix'] = $this->getConfig()->get('CookiePrefix');
             $result['sessionid'] = $session->getId();
             break;
         case LoginForm::NEED_TOKEN:
             $result['result'] = 'NeedToken';
             $result['token'] = LoginForm::getLoginToken();
             // @todo: See above about deprecation
             $result['cookieprefix'] = $this->getConfig()->get('CookiePrefix');
             $result['sessionid'] = $session->getId();
             break;
         case LoginForm::WRONG_TOKEN:
             $result['result'] = 'WrongToken';
             break;
         case LoginForm::NO_NAME:
             $result['result'] = 'NoName';
             break;
         case LoginForm::ILLEGAL:
             $result['result'] = 'Illegal';
             break;
         case LoginForm::WRONG_PLUGIN_PASS:
             $result['result'] = 'WrongPluginPass';
             break;
         case LoginForm::NOT_EXISTS:
             $result['result'] = 'NotExists';
             break;
             // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
             // The e-mailed temporary password should not be used for actual logins.
         // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
         // The e-mailed temporary password should not be used for actual logins.
         case LoginForm::RESET_PASS:
         case LoginForm::WRONG_PASS:
             $result['result'] = 'WrongPass';
             break;
         case LoginForm::EMPTY_PASS:
             $result['result'] = 'EmptyPass';
             break;
         case LoginForm::CREATE_BLOCKED:
             $result['result'] = 'CreateBlocked';
             $result['details'] = 'Your IP address is blocked from account creation';
             $block = $context->getUser()->getBlock();
             if ($block) {
                 $result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block));
             }
             break;
         case LoginForm::THROTTLED:
             $result['result'] = 'Throttled';
             $throttle = $this->getConfig()->get('PasswordAttemptThrottle');
             $result['wait'] = intval($throttle['seconds']);
             break;
         case LoginForm::USER_BLOCKED:
             $result['result'] = 'Blocked';
             $block = User::newFromName($params['name'])->getBlock();
             if ($block) {
                 $result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block));
             }
             break;
         case LoginForm::ABORTED:
             $result['result'] = 'Aborted';
             $result['reason'] = $loginForm->mAbortLoginErrorMsg;
             break;
         default:
             ApiBase::dieDebug(__METHOD__, "Unhandled case value: {$authRes}");
     }
     $this->getResult()->addValue(null, 'login', $result);
     LoggerFactory::getInstance('authmanager')->info('Login attempt', array('event' => 'login', 'successful' => $authRes === LoginForm::SUCCESS, 'loginType' => $loginType, 'status' => LoginForm::$statusCodes[$authRes]));
 }
	/**
	 * Main execution point
	 */
	function execute( $par ) {
		global $wgAuth;

		$this->setHeaders();
		$this->outputHeader();
		$this->getOutput()->disallowUserJs();

		$request = $this->getRequest();
		$this->mUserName = trim( $request->getVal( 'wpName' ) );
		$this->mOldpass = $request->getVal( 'wpPassword' );
		$this->mNewpass = $request->getVal( 'wpNewPassword' );
		$this->mRetype = $request->getVal( 'wpRetype' );
		$this->mDomain = $request->getVal( 'wpDomain' );

		$user = $this->getUser();

		if ( !$user->isLoggedIn() && !LoginForm::getLoginToken() ) {
			LoginForm::setLoginToken();
		}

		if ( !$request->wasPosted() && !$user->isLoggedIn() ) {
			$this->error( $this->msg( 'resetpass-no-info' )->text() );

			return;
		}

		if ( $request->wasPosted() && $request->getBool( 'wpCancel' ) ) {
			$titleObj = Title::newFromText( $request->getVal( 'returnto' ) );
			if ( !$titleObj instanceof Title ) {
				$titleObj = Title::newMainPage();
			}
			$query = $request->getVal( 'returntoquery' );
			$this->getOutput()->redirect( $titleObj->getFullURL( $query ) );

			return;
		}

		$this->checkReadOnly();
		$this->checkPermissions();

		if ( $request->wasPosted() && $user->matchEditToken( $request->getVal( 'token' ) ) ) {
			try {
				$this->mDomain = $wgAuth->getDomain();
				if ( !$wgAuth->allowPasswordChange() ) {
					$this->error( $this->msg( 'resetpass_forbidden' )->text() );

					return;
				}

				if ( !$user->isLoggedIn()
					&& $request->getVal( 'wpLoginOnChangeToken' ) !== LoginForm::getLoginToken()
				) {
					// Potential CSRF (bug 62497)
					$this->error( $this->msg( 'sessionfailure' )->text() );
					return false;
				}

				$this->attemptReset( $this->mNewpass, $this->mRetype );

				if ( $user->isLoggedIn() ) {
					$this->getOutput()->wrapWikiMsg(
							"<div class=\"successbox\">\n$1\n</div>",
							'changepassword-success'
					);
					$this->getOutput()->returnToMain();
				} else {
					LoginForm::setLoginToken();
					$token = LoginForm::getLoginToken();
					$data = array(
						'action' => 'submitlogin',
						'wpName' => $this->mUserName,
						'wpDomain' => $this->mDomain,
						'wpLoginToken' => $token,
						'wpPassword' => $request->getVal( 'wpNewPassword' ),
					) + $request->getValues( 'wpRemember', 'returnto', 'returntoquery' );
					$login = new LoginForm( new DerivativeRequest( $request, $data, true ) );
					$login->setContext( $this->getContext() );
					$login->execute( null );
				}

				return;
			} catch ( PasswordError $e ) {
				$this->error( $e->getMessage() );
			}
		}
		$this->showForm();
	}
示例#9
0
 /**
  * Executes the log-in attempt using the parameters passed. If
  * the log-in succeeds, it attaches a cookie to the session
  * and outputs the user id, username, and session token. If a
  * log-in fails, as the result of a bad password, a nonexistent
  * user, or any other reason, the host is cached with an expiry
  * and no log-in attempts will be accepted until that expiry
  * is reached. The expiry is $this->mLoginThrottle.
  */
 public function execute()
 {
     // If we're in a mode that breaks the same-origin policy, no tokens can
     // be obtained
     if ($this->lacksSameOriginSecurity()) {
         $this->getResult()->addValue(null, 'login', ['result' => 'Aborted', 'reason' => 'Cannot log in when the same-origin policy is not applied']);
         return;
     }
     $params = $this->extractRequestParams();
     $result = [];
     // Make sure session is persisted
     $session = MediaWiki\Session\SessionManager::getGlobalSession();
     $session->persist();
     // Make sure it's possible to log in
     if (!$session->canSetUser()) {
         $this->getResult()->addValue(null, 'login', ['result' => 'Aborted', 'reason' => 'Cannot log in when using ' . $session->getProvider()->describe(Language::factory('en'))]);
         return;
     }
     $authRes = false;
     $context = new DerivativeContext($this->getContext());
     $loginType = 'N/A';
     // Check login token
     $token = $session->getToken('', 'login');
     if ($token->wasNew() || !$params['token']) {
         $authRes = 'NeedToken';
     } elseif (!$token->match($params['token'])) {
         $authRes = 'WrongToken';
     }
     // Try bot passwords
     if ($authRes === false && $this->getConfig()->get('EnableBotPasswords') && strpos($params['name'], BotPassword::getSeparator()) !== false) {
         $status = BotPassword::login($params['name'], $params['password'], $this->getRequest());
         if ($status->isOK()) {
             $session = $status->getValue();
             $authRes = 'Success';
             $loginType = 'BotPassword';
         } else {
             $authRes = 'Failed';
             $message = $status->getMessage();
             LoggerFactory::getInstance('authmanager')->info('BotPassword login failed: ' . $status->getWikiText(false, false, 'en'));
         }
     }
     if ($authRes === false) {
         if ($this->getConfig()->get('DisableAuthManager')) {
             // Non-AuthManager login
             $context->setRequest(new DerivativeRequest($this->getContext()->getRequest(), ['wpName' => $params['name'], 'wpPassword' => $params['password'], 'wpDomain' => $params['domain'], 'wpLoginToken' => $params['token'], 'wpRemember' => '']));
             $loginForm = new LoginForm();
             $loginForm->setContext($context);
             $authRes = $loginForm->authenticateUserData();
             $loginType = 'LoginForm';
             switch ($authRes) {
                 case LoginForm::SUCCESS:
                     $authRes = 'Success';
                     break;
                 case LoginForm::NEED_TOKEN:
                     $authRes = 'NeedToken';
                     break;
             }
         } else {
             // Simplified AuthManager login, for backwards compatibility
             $manager = AuthManager::singleton();
             $reqs = AuthenticationRequest::loadRequestsFromSubmission($manager->getAuthenticationRequests(AuthManager::ACTION_LOGIN, $this->getUser()), ['username' => $params['name'], 'password' => $params['password'], 'domain' => $params['domain'], 'rememberMe' => true]);
             $res = AuthManager::singleton()->beginAuthentication($reqs, 'null:');
             switch ($res->status) {
                 case AuthenticationResponse::PASS:
                     if ($this->getConfig()->get('EnableBotPasswords')) {
                         $warn = 'Main-account login via action=login is deprecated and may stop working ' . 'without warning.';
                         $warn .= ' To continue login with action=login, see [[Special:BotPasswords]].';
                         $warn .= ' To safely continue using main-account login, see action=clientlogin.';
                     } else {
                         $warn = 'Login via action=login is deprecated and may stop working without warning.';
                         $warn .= ' To safely log in, see action=clientlogin.';
                     }
                     $this->setWarning($warn);
                     $authRes = 'Success';
                     $loginType = 'AuthManager';
                     break;
                 case AuthenticationResponse::FAIL:
                     // Hope it's not a PreAuthenticationProvider that failed...
                     $authRes = 'Failed';
                     $message = $res->message;
                     \MediaWiki\Logger\LoggerFactory::getInstance('authentication')->info(__METHOD__ . ': Authentication failed: ' . $message->plain());
                     break;
                 default:
                     $authRes = 'Aborted';
                     break;
             }
         }
     }
     $result['result'] = $authRes;
     switch ($authRes) {
         case 'Success':
             if ($this->getConfig()->get('DisableAuthManager')) {
                 $user = $context->getUser();
                 $this->getContext()->setUser($user);
                 $user->setCookies($this->getRequest(), null, true);
             } else {
                 $user = $session->getUser();
             }
             ApiQueryInfo::resetTokenCache();
             // Deprecated hook
             $injected_html = '';
             Hooks::run('UserLoginComplete', [&$user, &$injected_html]);
             $result['lguserid'] = intval($user->getId());
             $result['lgusername'] = $user->getName();
             // @todo: These are deprecated, and should be removed at some
             // point (1.28 at the earliest, and see T121527). They were ok
             // when the core cookie-based login was the only thing, but
             // CentralAuth broke that a while back and
             // SessionManager/AuthManager *really* break it.
             $result['lgtoken'] = $user->getToken();
             $result['cookieprefix'] = $this->getConfig()->get('CookiePrefix');
             $result['sessionid'] = $session->getId();
             break;
         case 'NeedToken':
             $result['token'] = $token->toString();
             $this->setWarning('Fetching a token via action=login is deprecated. ' . 'Use action=query&meta=tokens&type=login instead.');
             $this->logFeatureUsage('action=login&!lgtoken');
             // @todo: See above about deprecation
             $result['cookieprefix'] = $this->getConfig()->get('CookiePrefix');
             $result['sessionid'] = $session->getId();
             break;
         case 'WrongToken':
             break;
         case 'Failed':
             $result['reason'] = $message->useDatabase('false')->inLanguage('en')->text();
             break;
         case 'Aborted':
             $result['reason'] = 'Authentication requires user interaction, ' . 'which is not supported by action=login.';
             if ($this->getConfig()->get('EnableBotPasswords')) {
                 $result['reason'] .= ' To be able to login with action=login, see [[Special:BotPasswords]].';
                 $result['reason'] .= ' To continue using main-account login, see action=clientlogin.';
             } else {
                 $result['reason'] .= ' To log in, see action=clientlogin.';
             }
             break;
             // Results from LoginForm for when $wgDisableAuthManager is true
         // Results from LoginForm for when $wgDisableAuthManager is true
         case LoginForm::WRONG_TOKEN:
             $result['result'] = 'WrongToken';
             break;
         case LoginForm::NO_NAME:
             $result['result'] = 'NoName';
             break;
         case LoginForm::ILLEGAL:
             $result['result'] = 'Illegal';
             break;
         case LoginForm::WRONG_PLUGIN_PASS:
             $result['result'] = 'WrongPluginPass';
             break;
         case LoginForm::NOT_EXISTS:
             $result['result'] = 'NotExists';
             break;
             // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
             // The e-mailed temporary password should not be used for actual logins.
         // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
         // The e-mailed temporary password should not be used for actual logins.
         case LoginForm::RESET_PASS:
         case LoginForm::WRONG_PASS:
             $result['result'] = 'WrongPass';
             break;
         case LoginForm::EMPTY_PASS:
             $result['result'] = 'EmptyPass';
             break;
         case LoginForm::CREATE_BLOCKED:
             $result['result'] = 'CreateBlocked';
             $result['details'] = 'Your IP address is blocked from account creation';
             $block = $context->getUser()->getBlock();
             if ($block) {
                 $result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block));
             }
             break;
         case LoginForm::THROTTLED:
             $result['result'] = 'Throttled';
             $result['wait'] = intval($loginForm->mThrottleWait);
             break;
         case LoginForm::USER_BLOCKED:
             $result['result'] = 'Blocked';
             $block = User::newFromName($params['name'])->getBlock();
             if ($block) {
                 $result = array_merge($result, ApiQueryUserInfo::getBlockInfo($block));
             }
             break;
         case LoginForm::ABORTED:
             $result['result'] = 'Aborted';
             $result['reason'] = $loginForm->mAbortLoginErrorMsg;
             break;
         default:
             ApiBase::dieDebug(__METHOD__, "Unhandled case value: {$authRes}");
     }
     $this->getResult()->addValue(null, 'login', $result);
     if ($loginType === 'LoginForm' && isset(LoginForm::$statusCodes[$authRes])) {
         $authRes = LoginForm::$statusCodes[$authRes];
     }
     LoggerFactory::getInstance('authmanager')->info('Login attempt', ['event' => 'login', 'successful' => $authRes === 'Success', 'loginType' => $loginType, 'status' => $authRes]);
 }