$helper = new ApiAuthManagerHelper( $this );
$manager = AuthManager::singleton();
- // Make sure it's possible to log in
+ // Make sure it's possible to create accounts
if ( !$manager->canCreateAccounts() ) {
$this->getResult()->addValue( null, 'createaccount', $helper->formatAuthenticationResponse(
AuthenticationResponse::newFail(
$this->msg( 'userlogin-cannot-' . AuthManager::ACTION_CREATE )
)
) );
+ $helper->logAuthenticationResult( 'accountcreation',
+ 'userlogin-cannot-' . AuthManager::ACTION_CREATE );
return;
}
$this->getResult()->addValue( null, 'createaccount',
$helper->formatAuthenticationResponse( $res ) );
+ $helper->logAuthenticationResult( 'accountcreation', $res );
}
public function isReadMode() {
use MediaWiki\Auth\AuthenticationRequest;
use MediaWiki\Auth\AuthenticationResponse;
use MediaWiki\Auth\CreateFromLoginAuthenticationRequest;
+use MediaWiki\Logger\LoggerFactory;
/**
* Helper class for AuthManager-using API modules. Intended for use via
return $ret;
}
+ /**
+ * Logs successful or failed authentication.
+ * @param string|AuthenticationResponse $result Response or error message
+ * @param string $event Event type (e.g. 'accountcreation')
+ */
+ public function logAuthenticationResult( $event, $result ) {
+ if ( is_string( $result ) ) {
+ $status = Status::newFatal( $result );
+ } elseif ( $result->status === AuthenticationResponse::PASS ) {
+ $status = Status::newGood();
+ } elseif ( $result->status === AuthenticationResponse::FAIL ) {
+ $status = Status::newFatal( $result->message );
+ } else {
+ return;
+ }
+
+ $module = $this->module->getModuleName();
+ LoggerFactory::getInstance( 'authmanager' )->info( "$module API attempt", [
+ 'event' => $event,
+ 'status' => $status,
+ 'module' => $module,
+ ] );
+ }
+
/**
* Fetch the preserved CreateFromLoginAuthenticationRequest, if any
* @return CreateFromLoginAuthenticationRequest|null
$this->getResult()->addValue( null, 'clientlogin', $helper->formatAuthenticationResponse(
AuthenticationResponse::newFail( $this->msg( 'userlogin-cannot-' . AuthManager::ACTION_LOGIN ) )
) );
+ $helper->logAuthenticationResult( 'login', 'userlogin-cannot-' . AuthManager::ACTION_LOGIN );
return;
}
$this->getResult()->addValue( null, 'clientlogin',
$helper->formatAuthenticationResponse( $res ) );
+ $helper->logAuthenticationResult( 'login', $res );
}
public function isReadMode() {