OATHUserRepository: add method to create and persist a key

This means that when keys will be ID-aware, a key object can be immutable (instead of creating it without an ID and adding it in persist()). Change-Id: Ie1286ed71871dcedb2bd7d8d373f944be6691064
2024-11-24 00:05:24 +00:00 · 2023-12-16 16:49:59 +02:00 · 2023-12-16 16:49:59 +02:00 · 11d47134db
parent 064308c1b9
commit 11d47134db
3 changed files with 59 additions and 4 deletions
--- a/src/HTMLForm/TOTPEnableForm.php
+++ b/src/HTMLForm/TOTPEnableForm.php
@ -191,9 +191,12 @@ class TOTPEnableForm extends OATHAuthOOUIHTMLForm {
 		}

 		$this->getRequest()->setSessionData( 'oathauth_totp_key', null );
-		$this->oathUser->setKeys( [ $key ] );
-		$this->oathUser->setModule( $this->module );
-		$this->oathRepo->persist( $this->oathUser, $this->getRequest()->getIP() );
+		$this->oathRepo->createKey(
+			$this->oathUser,
+			$this->module,
+			$key->jsonSerialize(),
+			$this->getRequest()->getIP()
+		);

 		return true;
 	}
--- a/src/IModule.php
+++ b/src/IModule.php
@ -9,7 +9,7 @@ use Message;

 interface IModule {
 	/**
-	 * Name of the module
+	 * Name of the module, as declared in the OATHAuth.Modules extension.json attribute.
 	 *
 	 * @return string
 	 */
--- a/src/OATHUserRepository.php
+++ b/src/OATHUserRepository.php
@ -21,6 +21,7 @@ namespace MediaWiki\Extension\OATHAuth;
 use BagOStuff;
 use ConfigException;
 use FormatJson;
+use InvalidArgumentException;
 use MediaWiki\Extension\OATHAuth\Notifications\Manager;
 use MediaWiki\User\CentralId\CentralIdLookupFactory;
 use MWException;
@ -176,6 +177,57 @@ class OATHUserRepository implements LoggerAwareInterface {
 		}
 	}

+	/**
+	 * Persists the given OAuth key in the database.
+	 *
+	 * @param OATHUser $user
+	 * @param IModule $module
+	 * @param array $keyData
+	 * @param string $clientInfo
+	 * @return IAuthKey
+	 */
+	public function createKey( OATHUser $user, IModule $module, array $keyData, string $clientInfo ): IAuthKey {
+		if ( $user->getModule() && $user->getModule()->getName() !== $module->getName() ) {
+			throw new InvalidArgumentException(
+				"User already has a key from a different module enabled ({$user->getModule()->getName()})"
+			);
+		}
+
+		$userId = $this->centralIdLookupFactory->getLookup()->centralIdFromLocalUser( $user->getUser() );
+		$moduleId = $this->moduleRegistry->getModuleId( $module->getName() );
+
+		$dbw = $this->dbProvider->getPrimaryDatabase( 'virtual-oathauth' );
+		$dbw->newInsertQueryBuilder()
+			->insertInto( 'oathauth_devices' )
+			->row( [
+				'oad_user' => $userId,
+				'oad_type' => $moduleId,
+				'oad_data' => FormatJson::encode( $keyData ),
+			] )
+			->caller( __METHOD__ )
+			->execute();
+		$id = $dbw->insertId();
+
+		$hasExistingKey = $user->isTwoFactorAuthEnabled();
+
+		$key = $module->newKey( $keyData );
+		$user->addKey( $key );
+
+		$this->logger->info( 'OATHAuth {oathtype} key {key} added for {user} from {clientip}', [
+			'key' => $id,
+			'user' => $user->getUser()->getName(),
+			'clientip' => $clientInfo,
+			'oathtype' => $module->getName(),
+		] );
+
+		if ( !$hasExistingKey ) {
+			$user->setModule( $module );
+			Manager::notifyEnabled( $user );
+		}
+
+		return $key;
+	}
+
 	/**
 	 * @param OATHUser $user
 	 * @param string $clientInfo