Track key authentication metrics

Logs a 'login' event for logins via Special:UserLogin and API action=login. Does not log for implicit login after account creation and for autologin (e.g. based on an active CentralAuth global login). Logs an 'accountcreation' event for account creation via Special:UserLogin/signup and API action=createaccount. Does not log for autocreation. Both successful and unsuccessful attempts are logged, except for failures that throw exceptions (internal errors + some permission errors). Bug: T91701 Change-Id: I101b11d05400b073065da10f1e537412309d9102
2015-04-21 08:33:40 +00:00 · 2015-04-21 08:33:40 +00:00 · e7020fdb22
commit e7020fdb22
parent 699e817ca4
3 changed files with 30 additions and 1 deletions
--- a/includes/api/ApiCreateAccount.php
+++ b/includes/api/ApiCreateAccount.php
@ -21,6 +21,7 @@
 *
 * @file
 */
+use MediaWiki\Logger\LoggerFactory;

 /**
 * Unit to authenticate account registration attempts to the current wiki.
@ -95,6 +96,10 @@ class ApiCreateAccount extends ApiBase {
 		$loginForm->load();

 		$status = $loginForm->addNewaccountInternal();
+		LoggerFactory::getInstance( 'authmanager' )->info( 'Account creation attempt via API', array(
+			'event' => 'accountcreation',
+			'status' => $status,
+		) );
 		$result = array();
 		if ( $status->isGood() ) {
 			// Success!
--- a/includes/api/ApiLogin.php
+++ b/includes/api/ApiLogin.php
@ -24,6 +24,7 @@
 *
 * @file
 */
+use MediaWiki\Logger\LoggerFactory;

 /**
 * Unit to authenticate log-in attempts to the current wiki.
@ -174,6 +175,12 @@ class ApiLogin extends ApiBase {
 		}

 		$this->getResult()->addValue( null, 'login', $result );
+
+		LoggerFactory::getInstance( 'authmanager' )->info( 'Login attempt', array(
+			'event' => 'login',
+			'successful' => $authRes === LoginForm::SUCCESS,
+			'status' => $authRes,
+		) );
 	}

 	public function mustBePosted() {
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@ -20,6 +20,7 @@
 * @file
 * @ingroup SpecialPage
 */
+use MediaWiki\Logger\LoggerFactory;

 /**
 * Implements Special:UserLogin
@ -338,6 +339,10 @@ class LoginForm extends SpecialPage {
 		}

 		$status = $this->addNewAccountInternal();
+		LoggerFactory::getInstance( 'authmanager' )->info( 'Account creation attempt with mailed password', array(
+			'event' => 'accountcreation',
+			'status' => $status,
+		) );
 		if ( !$status->isGood() ) {
 			$error = $status->getMessage();
 			$this->mainLoginForm( $error->toString() );
@ -375,6 +380,11 @@ class LoginForm extends SpecialPage {

 		# Create the account and abort if there's a problem doing so
 		$status = $this->addNewAccountInternal();
+		LoggerFactory::getInstance( 'authmanager' )->info( 'Account creation attempt', array(
+			'event' => 'accountcreation',
+			'status' => $status,
+		) );
+
 		if ( !$status->isGood() ) {
 			$error = $status->getMessage();
 			$this->mainLoginForm( $error->toString() );
@ -911,7 +921,8 @@ class LoginForm extends SpecialPage {
 		global $wgMemc, $wgLang, $wgSecureLogin, $wgPasswordAttemptThrottle,
 			$wgInvalidPasswordReset;

-		switch ( $this->authenticateUserData() ) {
+		$status = $this->authenticateUserData();
+		switch ( $status ) {
 			case self::SUCCESS:
 				# We've verified now, update the real record
 				$user = $this->getUser();
@ -1034,6 +1045,12 @@ class LoginForm extends SpecialPage {
 			default:
 				throw new MWException( 'Unhandled case value' );
 		}
+
+		LoggerFactory::getInstance( 'authmanager' )->info( 'Login attempt', array(
+			'event' => 'login',
+			'successful' => $status === self::SUCCESS,
+			'status' => $status,
+		) );
 	}

 	/**