X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Fapi%2FApiLogin.php;h=398c8c722b7d49d8558854f1d0b223cce3ab6d77;hb=faf7cc4a09848c538320bd2b9067b1a77c0a0183;hp=6cf1fad30cd8827f6d23b2da8e4ce43f75d1a859;hpb=5b1dcdc344f5d251120a161637bcb89e01b0f6a4;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/api/ApiLogin.php b/includes/api/ApiLogin.php
index 6cf1fad30c..e4c4429eb3 100644
--- a/includes/api/ApiLogin.php
+++ b/includes/api/ApiLogin.php
@@ -1,9 +1,5 @@
 <?php
 /**
- *
- *
- * Created on Sep 19, 2006
- *
  * Copyright Â© 2006-2007 Yuri Astrakhan "<Firstname><Lastname>@gmail.com",
  * Daniel Cannon (cannon dot danielc at gmail dot com)
  *
@@ -41,11 +37,28 @@ class ApiLogin extends ApiBase {
 		parent::__construct( $main, $action, 'lg' );
 	}
 
-	protected function getDescriptionMessage() {
+	protected function getExtendedDescription() {
 		if ( $this->getConfig()->get( 'EnableBotPasswords' ) ) {
-			return 'apihelp-login-description';
+			return 'apihelp-login-extended-description';
 		} else {
-			return 'apihelp-login-description-nobotpasswords';
+			return 'apihelp-login-extended-description-nobotpasswords';
+		}
+	}
+
+	/**
+	 * Format a message for the response
+	 * @param Message|string|array $message
+	 * @return string|array
+	 */
+	private function formatMessage( $message ) {
+		$message = Message::newFromSpecifier( $message );
+		$errorFormatter = $this->getErrorFormatter();
+		if ( $errorFormatter instanceof ApiErrorFormatter_BackCompat ) {
+			return ApiErrorFormatter::stripMarkup(
+				$message->useDatabase( false )->inLanguage( 'en' )->text()
+			);
+		} else {
+			return $errorFormatter->formatMessage( $message );
 		}
 	}
 
@@ -64,20 +77,13 @@ class ApiLogin extends ApiBase {
 		if ( $this->lacksSameOriginSecurity() ) {
 			$this->getResult()->addValue( null, 'login', [
 				'result' => 'Aborted',
-				'reason' => 'Cannot log in when the same-origin policy is not applied',
+				'reason' => $this->formatMessage( 'api-login-fail-sameorigin' ),
 			] );
 
 			return;
 		}
 
-		try {
-			$this->requirePostedParameters( [ 'password', 'token' ] );
-		} catch ( ApiUsageException $ex ) {
-			// Make this a warning for now, upgrade to an error in 1.29.
-			foreach ( $ex->getStatusValue()->getErrors() as $error ) {
-				$this->addDeprecation( $error, 'login-params-in-query-string' );
-			}
-		}
+		$this->requirePostedParameters( [ 'password', 'token' ] );
 
 		$params = $this->extractRequestParams();
 
@@ -91,8 +97,10 @@ class ApiLogin extends ApiBase {
 		if ( !$session->canSetUser() ) {
 			$this->getResult()->addValue( null, 'login', [
 				'result' => 'Aborted',
-				'reason' => 'Cannot log in when using ' .
-					$session->getProvider()->describe( Language::factory( 'en' ) ),
+				'reason' => $this->formatMessage( [
+					'api-login-fail-badsessionprovider',
+					$session->getProvider()->describe( $this->getErrorFormatter()->getLanguage() ),
+				] )
 			] );
 
 			return;
@@ -122,7 +130,7 @@ class ApiLogin extends ApiBase {
 				$session = $status->getValue();
 				$authRes = 'Success';
 				$loginType = 'BotPassword';
-			} elseif ( !$botLoginData[2] ) {
+			} elseif ( !$botLoginData[2] || $status->hasMessage( 'login-throttled' ) ) {
 				$authRes = 'Failed';
 				$message = $status->getMessage();
 				LoggerFactory::getInstance( 'authentication' )->info(
@@ -197,25 +205,15 @@ class ApiLogin extends ApiBase {
 				break;
 
 			case 'Failed':
-				$errorFormatter = $this->getErrorFormatter();
-				if ( $errorFormatter instanceof ApiErrorFormatter_BackCompat ) {
-					$result['reason'] = ApiErrorFormatter::stripMarkup(
-						$message->useDatabase( false )->inLanguage( 'en' )->text()
-					);
-				} else {
-					$result['reason'] = $errorFormatter->formatMessage( $message );
-				}
+				$result['reason'] = $this->formatMessage( $message );
 				break;
 
 			case 'Aborted':
-				$result['reason'] = 'Authentication requires user interaction, ' .
-				   'which is not supported by action=login.';
-				if ( $this->getConfig()->get( 'EnableBotPasswords' ) ) {
-					$result['reason'] .= ' To be able to login with action=login, see [[Special:BotPasswords]].';
-					$result['reason'] .= ' To continue using main-account login, see action=clientlogin.';
-				} else {
-					$result['reason'] .= ' To log in, see action=clientlogin.';
-				}
+				$result['reason'] = $this->formatMessage(
+					$this->getConfig()->get( 'EnableBotPasswords' )
+						? 'api-login-fail-aborted'
+						: 'api-login-fail-aborted-nobotpw'
+				);
 				break;
 
 			default:
@@ -257,6 +255,7 @@ class ApiLogin extends ApiBase {
 			'token' => [
 				ApiBase::PARAM_TYPE => 'string',
 				ApiBase::PARAM_REQUIRED => false, // for BC
+				ApiBase::PARAM_SENSITIVE => true,
 				ApiBase::PARAM_HELP_MSG => [ 'api-help-param-token', 'login' ],
 			],
 		];
@@ -272,7 +271,7 @@ class ApiLogin extends ApiBase {
 	}
 
 	public function getHelpUrls() {
-		return 'https://www.mediawiki.org/wiki/API:Login';
+		return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Login';
 	}
 
 	/**
