Use clientlogin API module

This is the first step to allowing 2 factor authentication #328.
This uses the new API module clientlogin instead of the login module.

We still report the same set of errors in a 'nice' way with real
error messages, how ever there are lots more that can probably be
handled, for example #507.

Author: addshore

app/src/main/java/fr/free/nrw/commons/CommonsApplication.java

@@ -52,6 +52,7 @@
 public class CommonsApplication extends Application {
 
     private MWApi api;
+    private LoginApi loginApi;
     private Account currentAccount = null; // Unlike a savings account...
     public static final String API_URL = "https://commons.wikimedia.org/w/api.php";
     public static final String IMAGE_URL_BASE = "https://upload.wikimedia.org/wikipedia/commons";
@@ -89,6 +90,10 @@ public static MWApi createMWApi() {
         return new MWApi(API_URL, createHttpClient());
     }
 
+    public static LoginApi createLoginApi(MWApi api) {
+        return new LoginApi(api);
+    }
+
     @Override
     public void onCreate() {
         super.onCreate();
@@ -101,6 +106,7 @@ public void onCreate() {
         // Fire progress callbacks for every 3% of uploaded content
         System.setProperty("in.yuvi.http.fluent.PROGRESS_TRIGGER_THRESHOLD", "3.0");
         api = createMWApi();
+        loginApi = createLoginApi( api );
 
         ImageLoaderConfiguration imageLoaderConfiguration = new ImageLoaderConfiguration.Builder(getApplicationContext())
                 .discCache(new TotalSizeLimitedDiscCache(StorageUtils.getCacheDirectory(this), 128 * 1024 * 1024))
@@ -164,6 +170,10 @@ public void putBitmap(String key, Bitmap bitmap) {
     public MWApi getApi() {
         return api;
     }
+
+    public LoginApi getLoginApi() {
+        return loginApi;
+    }
 
     public Account getCurrentAccount() {
         if(currentAccount == null) {

app/src/main/java/fr/free/nrw/commons/LoginApi.java

@@ -0,0 +1,62 @@
+package fr.free.nrw.commons;
+
+import org.mediawiki.api.ApiResult;
+import org.mediawiki.api.MWApi;
+
+import java.io.IOException;
+
+/**
+ * Class for interacting explicetly with the clientlogin mediawiki API module.
+ *
+ * @author Addshore
+ */
+public class LoginApi {
+
+    private MWApi api;
+
+    public LoginApi(MWApi api) {
+        this.api = api;
+    }
+
+    /**
+     *
+     * @param username String
+     * @param password String
+     * @return String On success: "PASS"
+     *                   failure: A failure message code (deifned by mediawiki)
+     *                   misc: genericerror-UI, genericerror-REDIRECT, genericerror-RESTART
+     * @throws IOException
+     */
+    public String login(String username, String password) throws IOException {
+
+        /** Request a login token to be used later to log in. */
+        ApiResult tokenData = api.action("query").
+                param("action", "query").
+                param("meta", "tokens").
+                param("type", "login").
+                post();
+        String token = tokenData.getString("/api/query/tokens/@logintoken");
+
+        /** Actually log in. */
+        ApiResult loginData = api.action("clientlogin").
+                param("rememberMe", "1").
+                param("username", username).
+                param("password", password).
+                param("logintoken", token).
+                param("loginreturnurl", "http://example.com/").//TODO return to url?
+                post();
+        String status = loginData.getString("/api/clientlogin/@status");
+
+        if(status.equals("PASS")) {
+            api.isLoggedIn = true;
+            return status;
+
+        }else if(status.equals("FAIL")) {
+            return loginData.getString("/api/clientlogin/@messagecode");
+        }
+
+        // UI, REDIRECT, RESTART
+        return "genericerror-" + status;
+    }
+
+}

app/src/main/java/fr/free/nrw/commons/auth/LoginActivity.java

@@ -66,7 +66,7 @@ protected void onPostExecute(String result) {
                     .param("result", result)
                     .log();
 
-            if (result.equals("Success")) {
+            if (result.equals("PASS")) {
                 if (dialog != null && dialog.isShowing()) {
                     dialog.dismiss();
                 }
@@ -100,17 +100,22 @@ protected void onPostExecute(String result) {
 
             } else {
                 int response;
-                if(result.equals("NetworkFailure")) {
-                    response = R.string.login_failed_network;
-                } else if(result.equals("NotExists") || result.equals("Illegal") || result.equals("NotExists")) {
+                // TODO remove R.string.login_failed_network string (no longer used)
+                // Match known failure message codes and provide messages
+                if(result.toLowerCase().contains("nosuchuser".toLowerCase()) || result.toLowerCase().contains("noname".toLowerCase())) {
+                    // Matches nosuchuser, nosuchusershort, noname
                     response = R.string.login_failed_username;
                     passwordEdit.setText("");
-                } else if(result.equals("EmptyPass") || result.equals("WrongPass") || result.equals("WrongPluginPass")) {
+
+                } else if(result.toLowerCase().contains("wrongpassword".toLowerCase())) {
+                    // Matches wrongpassword, wrongpasswordempty
                     response = R.string.login_failed_password;
                     passwordEdit.setText("");
-                } else if(result.equals("Throttled")) {
+                } else if(result.toLowerCase().contains("throttle".toLowerCase())) {
+                    // Matches unknown throttle error codes
                     response = R.string.login_failed_throttled;
-                } else if(result.equals("Blocked")) {
+                } else if(result.toLowerCase().contains("userblocked".toLowerCase())) {
+                    // Matches login-userblocked
                     response = R.string.login_failed_blocked;
                 } else {
                     // Should never really happen
@@ -142,7 +147,7 @@ protected String doInBackground(String... params) {
             username = params[0];
             password = params[1];
             try {
-                return app.getApi().login(username, password);
+                return app.getLoginApi().login(username, password);
             } catch (IOException e) {
                 // Do something better!
                 return "NetworkFailure";