From 16bc5d71686ba5dcbc71dfe6f2e6c05f718e92bf Mon Sep 17 00:00:00 2001 From: Reedy Date: Thu, 17 Feb 2022 15:15:34 +0000 Subject: [PATCH] Send a notification when 2FA is enabled Bug: T301987 Change-Id: I0fe32b735e34753442ec9811ea41d15b76999d87 --- i18n/en.json | 4 ++ i18n/qqq.json | 4 ++ src/Notifications/EnablePresentationModel.php | 68 +++++++++++++++++++ src/Notifications/Manager.php | 25 +++++++ src/OATHUserRepository.php | 1 + 5 files changed, 102 insertions(+) create mode 100644 src/Notifications/EnablePresentationModel.php diff --git a/i18n/en.json b/i18n/en.json index 5a148dd0..374f9220 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -87,6 +87,10 @@ "notification-body-oathauth-disable-other": "If {{GENDER:$2|you}} did not request this, {{GENDER:$2|you}} should contact an administrator.", "oathauth-notifications-disable-help": "Help", "oathauth-notifications-disable-helplink": "mw:Special:MyLanguage/Help:Two-factor authentication", + "notification-header-oathauth-enabled": "Two-factor authentication has been enabled on {{GENDER:$2|your account}}.", + "notification-body-oathauth-enabled": "If {{GENDER:$2|you}} did not do this, {{GENDER:$2|your account}} may have been compromised.", + "oathauth-notifications-enabled-help": "Help", + "oathauth-notifications-enabled-helplink": "mw:Special:MyLanguage/Help:Two-factor authentication", "oathauth-verify-enabled": "{{GENDER:$1|$1}} has two-factor authentication enabled.", "oathauth-verify-disabled": "{{GENDER:$1|$1}} does not have two-factor authentication enabled.", "oathauth-prefs-disabledgroups": "Disabled {{PLURAL:$1|group|groups}}:", diff --git a/i18n/qqq.json b/i18n/qqq.json index d7a487b1..9bc848d9 100644 --- a/i18n/qqq.json +++ b/i18n/qqq.json @@ -99,6 +99,10 @@ "notification-body-oathauth-disable-other": "Notification body text for when two-factor authentication has been disabled by an administrator or sysadmin.\n$2 - Name of user for GENDER.", "oathauth-notifications-disable-help": "Link text for the help link in the notification\n{{identical|Help}}", "oathauth-notifications-disable-helplink": "{{notranslate}}", + "notification-header-oathauth-enabled": "Notification header for when two-factor authentication has been enabled.\n$2 - Name of user for GENDER", + "notification-body-oathauth-enabled": "Notification body text for when two-factor authentication has been enabled.\n$2 - Name of user for GENDER", + "oathauth-notifications-enabled-help": "Link text for the help link in the notification", + "oathauth-notifications-enabled-helplink": "{{notranslate}}", "oathauth-verify-enabled": "Notice that a user has 2FA enabled, shown on success at [[Special:VerifyOATHForUser]].\n$1 - Name of user", "oathauth-verify-disabled": "Notice that a user does not have 2FA enabled, shown on success at [[Special:VerifyOATHForUser]].\n$1 - Name of user", "oathauth-prefs-disabledgroups": "Label on Special:Preferences for groups in which the user's membership has been disabled for a lack of two-factor authentication.\n$1 - Number of groups", diff --git a/src/Notifications/EnablePresentationModel.php b/src/Notifications/EnablePresentationModel.php new file mode 100644 index 00000000..0fdb2af5 --- /dev/null +++ b/src/Notifications/EnablePresentationModel.php @@ -0,0 +1,68 @@ + + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * http://www.gnu.org/copyleft/gpl.html + */ + +namespace MediaWiki\Extension\OATHAuth\Notifications; + +use EchoEventPresentationModel; +use SpecialPage; +use Title; + +class EnablePresentationModel extends EchoEventPresentationModel { + /** + * @inheritDoc + */ + public function getIconType() { + return 'site'; + } + + /** + * @inheritDoc + */ + public function getPrimaryLink() { + return [ + 'url' => SpecialPage::getTitleFor( 'Preferences' )->getLocalURL(), + 'label' => $this->msg( 'oathauth-notifications-enabled-primary' )->text() + ]; + } + + /** + * @inheritDoc + */ + public function getSecondaryLinks() { + $link = $this->msg( 'oathauth-notifications-enabled-helplink' )->inContentLanguage(); + $title = Title::newFromText( $link->plain() ); + if ( !$title ) { + // Invalid title, skip + return []; + } + return [ [ + 'url' => $title->getLocalURL(), + 'label' => $this->msg( 'oathauth-notifications-enabled-help' )->text(), + 'icon' => 'help', + ] ]; + } + + /** + * @inheritDoc + */ + public function getBodyMessage() { + return $this->getMessageWithAgent( 'notification-body-oathauth-enabled' ); + } +} diff --git a/src/Notifications/Manager.php b/src/Notifications/Manager.php index c357c822..601da0d7 100644 --- a/src/Notifications/Manager.php +++ b/src/Notifications/Manager.php @@ -58,6 +58,22 @@ class Manager { ] ); } + /** + * Send a notification that 2FA has been enabled + * + * @param OATHUser $oUser + */ + public static function notifyEnabled( OATHUser $oUser ) { + if ( !self::isEnabled() ) { + return; + } + EchoEvent::create( [ + 'type' => 'oathauth-enable', + 'title' => SpecialPage::getTitleFor( 'Preferences' ), + 'agent' => $oUser->getUser() + ] ); + } + /** * Hook: BeforeCreateEchoEvent * @@ -75,5 +91,14 @@ class Manager { 'canNotifyAgent' => true, 'user-locators' => [ 'EchoUserLocator::locateEventAgent' ], ]; + + $notifications['oathauth-enable'] = [ + 'category' => 'system', + 'group' => 'positive', + 'section' => 'alert', + 'presentation-model' => EnablePresentationModel::class, + 'canNotifyAgent' => true, + 'user-locators' => [ 'EchoUserLocator::locateEventAgent' ], + ]; } } diff --git a/src/OATHUserRepository.php b/src/OATHUserRepository.php index ebfdab2d..13abd6ad 100644 --- a/src/OATHUserRepository.php +++ b/src/OATHUserRepository.php @@ -165,6 +165,7 @@ class OATHUserRepository { 'clientip' => $clientInfo, 'oathtype' => $user->getModule()->getName(), ] ); + Notifications\Manager::notifyEnabled( $user ); } }