X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Fapi%2FApiAuthManagerHelper.php;h=8e57f93a08d17fa38b0bb8883513a91e1e91f69c;hb=a6d6f2ee38a0dc8d90b06e93fd07ca8119d790e1;hp=e30f22b64e7110725cdd9455070cacb51c6f3d01;hpb=e305dd6ced6360a33b612dfd5d7a1c5f8aeebcc7;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/api/ApiAuthManagerHelper.php b/includes/api/ApiAuthManagerHelper.php index e30f22b64e..8e57f93a08 100644 --- a/includes/api/ApiAuthManagerHelper.php +++ b/includes/api/ApiAuthManagerHelper.php @@ -25,6 +25,7 @@ use MediaWiki\Auth\AuthManager; use MediaWiki\Auth\AuthenticationRequest; use MediaWiki\Auth\AuthenticationResponse; use MediaWiki\Auth\CreateFromLoginAuthenticationRequest; +use MediaWiki\Logger\LoggerFactory; /** * Helper class for AuthManager-using API modules. Intended for use via @@ -84,6 +85,7 @@ class ApiAuthManagerHelper { 'key' => $message->getKey(), 'params' => $message->getParams(), ]; + ApiResult::setIndexedTagName( $res[$key]['params'], 'param' ); break; } } @@ -156,8 +158,13 @@ class ApiAuthManagerHelper { // Collect the fields for all the requests $fields = []; + $sensitive = []; foreach ( $reqs as $req ) { - $fields += (array)$req->getFieldInfo(); + $info = (array)$req->getFieldInfo(); + $fields += $info; + $sensitive += array_filter( $info, function ( $opts ) { + return !empty( $opts['sensitive'] ); + } ); } // Extract the request data for the fields and mark those request @@ -165,6 +172,16 @@ class ApiAuthManagerHelper { $data = array_intersect_key( $this->module->getRequest()->getValues(), $fields ); $this->module->getMain()->markParamsUsed( array_keys( $data ) ); + if ( $sensitive ) { + try { + $this->module->requirePostedParameters( array_keys( $sensitive ), 'noprefix' ); + } catch ( UsageException $ex ) { + // Make this a warning for now, upgrade to an error in 1.29. + $this->module->setWarning( $ex->getMessage() ); + $this->module->logFeatureUsage( $this->module->getModuleName() . '-params-in-query-string' ); + } + } + return AuthenticationRequest::loadRequestsFromSubmission( $reqs, $data ); } @@ -220,6 +237,30 @@ class ApiAuthManagerHelper { return $ret; } + /** + * Logs successful or failed authentication. + * @param string|AuthenticationResponse $result Response or error message + * @param string $event Event type (e.g. 'accountcreation') + */ + public function logAuthenticationResult( $event, $result ) { + if ( is_string( $result ) ) { + $status = Status::newFatal( $result ); + } elseif ( $result->status === AuthenticationResponse::PASS ) { + $status = Status::newGood(); + } elseif ( $result->status === AuthenticationResponse::FAIL ) { + $status = Status::newFatal( $result->message ); + } else { + return; + } + + $module = $this->module->getModuleName(); + LoggerFactory::getInstance( 'authevents' )->info( "$module API attempt", [ + 'event' => $event, + 'status' => $status, + 'module' => $module, + ] ); + } + /** * Fetch the preserved CreateFromLoginAuthenticationRequest, if any * @return CreateFromLoginAuthenticationRequest|null @@ -301,6 +342,7 @@ class ApiAuthManagerHelper { $this->formatMessage( $ret, 'label', $field['label'] ); $this->formatMessage( $ret, 'help', $field['help'] ); $ret['optional'] = !empty( $field['optional'] ); + $ret['sensitive'] = !empty( $field['sensitive'] ); $retFields[$name] = $ret; }