ApiLogin.php

Go to the documentation of this file.

<?php
class ApiLogin extends ApiBase {

    public function __construct( ApiMain $main, $action ) {
        parent::__construct( $main, $action, 'lg' );
    }

    public function execute() {
        // If we're in JSON callback mode, no tokens can be obtained
        if ( !is_null( $this->getMain()->getRequest()->getVal( 'callback' ) ) ) {
            $this->getResult()->addValue( null, 'login', array(
                'result' => 'Aborted',
                'reason' => 'Cannot log in when using a callback',
            ) );

            return;
        }

        $params = $this->extractRequestParams();

        $result = array();

        // Init session if necessary
        if ( session_id() == '' ) {
            wfSetupSession();
        }

        $context = new DerivativeContext( $this->getContext() );
        $context->setRequest( new DerivativeRequest(
            $this->getContext()->getRequest(),
            array(
                'wpName' => $params['name'],
                'wpPassword' => $params['password'],
                'wpDomain' => $params['domain'],
                'wpLoginToken' => $params['token'],
                'wpRemember' => ''
            )
        ) );
        $loginForm = new LoginForm();
        $loginForm->setContext( $context );

        $authRes = $loginForm->authenticateUserData();
        switch ( $authRes ) {
            case LoginForm::SUCCESS:
                $user = $context->getUser();
                $this->getContext()->setUser( $user );
                $user->setCookies( $this->getRequest(), null, true );

                ApiQueryInfo::resetTokenCache();

                // Run hooks.
                // @todo FIXME: Split back and frontend from this hook.
                // @todo FIXME: This hook should be placed in the backend
                $injected_html = '';
                wfRunHooks( 'UserLoginComplete', array( &$user, &$injected_html ) );

                $result['result'] = 'Success';
                $result['lguserid'] = intval( $user->getId() );
                $result['lgusername'] = $user->getName();
                $result['lgtoken'] = $user->getToken();
                $result['cookieprefix'] = $this->getConfig()->get( 'CookiePrefix' );
                $result['sessionid'] = session_id();
                break;

            case LoginForm::NEED_TOKEN:
                $result['result'] = 'NeedToken';
                $result['token'] = $loginForm->getLoginToken();
                $result['cookieprefix'] = $this->getConfig()->get( 'CookiePrefix' );
                $result['sessionid'] = session_id();
                break;

            case LoginForm::WRONG_TOKEN:
                $result['result'] = 'WrongToken';
                break;

            case LoginForm::NO_NAME:
                $result['result'] = 'NoName';
                break;

            case LoginForm::ILLEGAL:
                $result['result'] = 'Illegal';
                break;

            case LoginForm::WRONG_PLUGIN_PASS:
                $result['result'] = 'WrongPluginPass';
                break;

            case LoginForm::NOT_EXISTS:
                $result['result'] = 'NotExists';
                break;

            // bug 20223 - Treat a temporary password as wrong. Per SpecialUserLogin:
            // The e-mailed temporary password should not be used for actual logins.
            case LoginForm::RESET_PASS:
            case LoginForm::WRONG_PASS:
                $result['result'] = 'WrongPass';
                break;

            case LoginForm::EMPTY_PASS:
                $result['result'] = 'EmptyPass';
                break;

            case LoginForm::CREATE_BLOCKED:
                $result['result'] = 'CreateBlocked';
                $result['details'] = 'Your IP address is blocked from account creation';
                break;

            case LoginForm::THROTTLED:
                $result['result'] = 'Throttled';
                $throttle = $this->getConfig()->get( 'PasswordAttemptThrottle' );
                $result['wait'] = intval( $throttle['seconds'] );
                break;

            case LoginForm::USER_BLOCKED:
                $result['result'] = 'Blocked';
                break;

            case LoginForm::ABORTED:
                $result['result'] = 'Aborted';
                $result['reason'] = $loginForm->mAbortLoginErrorMsg;
                break;

            default:
                ApiBase::dieDebug( __METHOD__, "Unhandled case value: {$authRes}" );
        }

        $this->getResult()->addValue( null, 'login', $result );
    }

    public function mustBePosted() {
        return true;
    }

    public function isReadMode() {
        return false;
    }

    public function getAllowedParams() {
        return array(
            'name' => null,
            'password' => null,
            'domain' => null,
            'token' => null,
        );
    }

    public function getParamDescription() {
        return array(
            'name' => 'User Name',
            'password' => 'Password',
            'domain' => 'Domain (optional)',
            'token' => 'Login token obtained in first request',
        );
    }

    public function getDescription() {
        return array(
            'Log in and get the authentication tokens.',
            'In the event of a successful log-in, a cookie will be attached to your session.',
            'In the event of a failed log-in, you will not be able to attempt another log-in',
            'through this method for 5 seconds. This is to prevent password guessing by',
            'automated password crackers.'
        );
    }

    public function getExamples() {
        return array(
            'api.php?action=login&lgname=user&lgpassword=password'
        );
    }

    public function getHelpUrls() {
        return 'https://www.mediawiki.org/wiki/API:Login';
    }
}