Manual:Hooks/AuthManagerLoginAuthenticateAudit

From MediaWiki.org
Jump to navigation Jump to search
AuthManagerLoginAuthenticateAudit
Available from version 1.27.0
A login attempt either succeeded or failed for a reason other than misconfiguration or session loss. No return data is accepted; this hook is for auditing only.
Define function:
public static function onAuthManagerLoginAuthenticateAudit( $response, $user, $username ) { ... }
Attach hook:

In extension.json:

{
	"Hooks": {
		"AuthManagerLoginAuthenticateAudit": "MyExtensionHooks::onAuthManagerLoginAuthenticateAudit"
	}
}

For MediaWiki ≤1.25:

$wgHooks['AuthManagerLoginAuthenticateAudit'][] = 'MyExtensionHooks::onAuthManagerLoginAuthenticateAudit';
Called from:File(s): auth/AuthManager.php

For more information about attaching hooks, see Manual:Hooks.
For examples of extensions using this hook, see Category:AuthManagerLoginAuthenticateAudit extensions.

Details[edit]

  • $response - the MediaWiki\Auth\AuthenticationResponse in either a PASS or FAIL state. (Note that while FAIL usually means that the system found the login attempt invalid and prevented it, that's not always the case. It could also be caused by some sort of internal error preventing an otherwise valid attempt, e.g. user autocreation failing due to a database transaction timeout. The error message in the response will help tell those cases apart.)
  • $user - if the authentication process got to the point where the identity of the user could be determined, this will contain the corresponding User object; otherwise, null. More specifically, this parameter will be set if primary authentication was successful (e.g. successfully providing the username and password but then failing a TOTP check will result in a FAIL with a filled $user parameter).
  • $username - a guess at the user name being authenticated, or null if we can't even determine that. (The latter can happen e.g. when using something like GoogleLogin where the user just clicks a button without entering any username.)

Before AuthManager, the LoginAuthenticateAuditTemplate:Enlink/list1 hook was used.