Track key authentication metrics

Logs a 'login' event for logins via Special:UserLogin
and API action=login. Does not log for implicit login after
account creation and for autologin (e.g. based on an active
CentralAuth global login).

Logs an 'accountcreation' event for account creation via
Special:UserLogin/signup and API action=createaccount. Does not
log for autocreation.

Both successful and unsuccessful attempts are logged, except for
failures that throw exceptions (internal errors + some permission
errors).

Bug: T91701
Change-Id: I101b11d05400b073065da10f1e537412309d9102

diff --git a/includes/api/ApiCreateAccount.php b/includes/api/ApiCreateAccount.php
index b3a543a..5443fac 100644 (file)
--- a/includes/api/ApiCreateAccount.php
+++ b/includes/api/ApiCreateAccount.php
@@ -21,6 +21,7 @@
  *
  * @file
  */
+use MediaWiki\Logger\LoggerFactory;
 
 /**
  * Unit to authenticate account registration attempts to the current wiki.
@@ -95,6 +96,10 @@ class ApiCreateAccount extends ApiBase {
                $loginForm->load();
 
                $status = $loginForm->addNewaccountInternal();
+               LoggerFactory::getInstance( 'authmanager' )->info( 'Account creation attempt via API', array(
+                       'event' => 'accountcreation',
+                       'status' => $status,
+               ) );
                $result = array();
                if ( $status->isGood() ) {
                        // Success!

diff --git a/includes/api/ApiLogin.php b/includes/api/ApiLogin.php
index c4e7022..e3d9295 100644 (file)
--- a/includes/api/ApiLogin.php
+++ b/includes/api/ApiLogin.php
@@ -24,6 +24,7 @@
  *
  * @file
  */
+use MediaWiki\Logger\LoggerFactory;
 
 /**
  * Unit to authenticate log-in attempts to the current wiki.
@@ -174,6 +175,12 @@ class ApiLogin extends ApiBase {
                }
 
                $this->getResult()->addValue( null, 'login', $result );
+
+               LoggerFactory::getInstance( 'authmanager' )->info( 'Login attempt', array(
+                       'event' => 'login',
+                       'successful' => $authRes === LoginForm::SUCCESS,
+                       'status' => $authRes,
+               ) );
        }
 
        public function mustBePosted() {

diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index 8491f89..f446a98 100644 (file)
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -20,6 +20,7 @@
  * @file
  * @ingroup SpecialPage
  */
+use MediaWiki\Logger\LoggerFactory;
 
 /**
  * Implements Special:UserLogin
@@ -338,6 +339,10 @@ class LoginForm extends SpecialPage {
                }
 
                $status = $this->addNewAccountInternal();
+               LoggerFactory::getInstance( 'authmanager' )->info( 'Account creation attempt with mailed password', array(
+                       'event' => 'accountcreation',
+                       'status' => $status,
+               ) );
                if ( !$status->isGood() ) {
                        $error = $status->getMessage();
                        $this->mainLoginForm( $error->toString() );
@@ -375,6 +380,11 @@ class LoginForm extends SpecialPage {
 
                # Create the account and abort if there's a problem doing so
                $status = $this->addNewAccountInternal();
+               LoggerFactory::getInstance( 'authmanager' )->info( 'Account creation attempt', array(
+                       'event' => 'accountcreation',
+                       'status' => $status,
+               ) );
+
                if ( !$status->isGood() ) {
                        $error = $status->getMessage();
                        $this->mainLoginForm( $error->toString() );
@@ -911,7 +921,8 @@ class LoginForm extends SpecialPage {
                global $wgMemc, $wgLang, $wgSecureLogin, $wgPasswordAttemptThrottle,
                        $wgInvalidPasswordReset;
 
-               switch ( $this->authenticateUserData() ) {
+               $status = $this->authenticateUserData();
+               switch ( $status ) {
                        case self::SUCCESS:
                                # We've verified now, update the real record
                                $user = $this->getUser();
@@ -1034,6 +1045,12 @@ class LoginForm extends SpecialPage {
                        default:
                                throw new MWException( 'Unhandled case value' );
                }
+
+               LoggerFactory::getInstance( 'authmanager' )->info( 'Login attempt', array(
+                       'event' => 'login',
+                       'successful' => $status === self::SUCCESS,
+                       'status' => $status,
+               ) );
        }
 
        /**