wikimedia/mediawiki-extensions-OATHAuth
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/OATHAuth synced 2024-11-24 00:05:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge "Auth: Inject the module instead of relying on getModule()"

Browse source
This commit is contained in:
jenkins-bot 2024-05-07 15:10:37 +00:00 committed by Gerrit Code Review
parent 15cd2870c2 e1beb74c13
commit 13d9ef4cbb
2 changed files with 12 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
src/Auth/TOTPSecondaryAuthenticationProvider.php
View file

@ -37,6 +37,14 @@ use Message;
* @see https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm * @see https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm
*/ */
class TOTPSecondaryAuthenticationProvider extends AbstractSecondaryAuthenticationProvider { class TOTPSecondaryAuthenticationProvider extends AbstractSecondaryAuthenticationProvider {
private TOTP $module;
/**
* @param TOTP $module
*/
public function __construct( TOTP $module ) {
$this->module = $module;
}
/** /**
* @param string $action * @param string $action
@ -58,13 +66,6 @@ class TOTPSecondaryAuthenticationProvider extends AbstractSecondaryAuthenticatio
* @return AuthenticationResponse * @return AuthenticationResponse
*/ */
public function beginSecondaryAuthentication( $user, array $reqs ) { public function beginSecondaryAuthentication( $user, array $reqs ) {
$userRepo = MediaWikiServices::getInstance()->getService( 'OATHUserRepository' );
$authUser = $userRepo->findByUser( $user );
if ( !( $authUser->getModule() instanceof TOTP ) ) {
return AuthenticationResponse::newAbstain();
}
return AuthenticationResponse::newUI( return AuthenticationResponse::newUI(
[ new TOTPAuthenticationRequest() ], [ new TOTPAuthenticationRequest() ],
wfMessage( 'oathauth-auth-ui' ), wfMessage( 'oathauth-auth-ui' ),
@ -87,13 +88,6 @@ class TOTPSecondaryAuthenticationProvider extends AbstractSecondaryAuthenticatio
$authUser = $userRepo->findByUser( $user ); $authUser = $userRepo->findByUser( $user );
$token = $request->OATHToken; $token = $request->OATHToken;
if ( !( $authUser->getModule() instanceof TOTP ) ) {
$this->logger->warning( 'Two-factor authentication was disabled mid-authentication for {user}', [
'user' => $user->getName(),
] );
return AuthenticationResponse::newAbstain();
}
// Don't increase pingLimiter, just check for limit exceeded. // Don't increase pingLimiter, just check for limit exceeded.
if ( $user->pingLimiter( 'badoath', 0 ) ) { if ( $user->pingLimiter( 'badoath', 0 ) ) {
return AuthenticationResponse::newUI( return AuthenticationResponse::newUI(
@ -105,7 +99,7 @@ class TOTPSecondaryAuthenticationProvider extends AbstractSecondaryAuthenticatio
), 'error' ); ), 'error' );
} }
if ( $authUser->getModule()->verify( $authUser, [ 'token' => $token ] ) ) { if ( $this->module->verify( $authUser, [ 'token' => $token ] ) ) {
return AuthenticationResponse::newPass(); return AuthenticationResponse::newPass();
} }

4
src/Module/TOTP.php
View file

@ -48,7 +48,9 @@ class TOTP implements IModule {
* @return TOTPSecondaryAuthenticationProvider * @return TOTPSecondaryAuthenticationProvider
*/ */
public function getSecondaryAuthProvider() { public function getSecondaryAuthProvider() {
return new TOTPSecondaryAuthenticationProvider(); return new TOTPSecondaryAuthenticationProvider(
$this
);
} }
/** /**