From 4e9ad22469d4e581fc1d467dd1183a329c8c65ed Mon Sep 17 00:00:00 2001 From: Tyler Romeo Date: Tue, 26 May 2015 02:08:47 +0200 Subject: [PATCH] Add user right for enabling two-factor auth Make new right oathauth-enable that the user must have to enable two factor authentication (disabling and logging in, of course, are still allowed). Bug: T100376 Change-Id: I18d43f8b2cf2c2ce9c2309a43961686498b5c999 --- OATHAuth.hooks.php | 4 ++++ extension.json | 8 ++++++++ i18n/en.json | 4 +++- i18n/qqq.json | 4 +++- special/SpecialOATHEnable.php | 2 +- 5 files changed, 19 insertions(+), 3 deletions(-) diff --git a/OATHAuth.hooks.php b/OATHAuth.hooks.php index 4c3f68de..c65fdf66 100644 --- a/OATHAuth.hooks.php +++ b/OATHAuth.hooks.php @@ -142,6 +142,10 @@ class OATHAuthHooks { * @return bool */ public static function manageOATH( User $user, array &$preferences ) { + if ( !$user->isAllowed( 'oathauth-enable' ) ) { + return true; + } + $oathUser = self::getOATHUserRepository()->findByUser( $user ); $title = SpecialPage::getTitleFor( 'OATH' ); diff --git a/extension.json b/extension.json index 09ef513c..e367775c 100644 --- a/extension.json +++ b/extension.json @@ -69,5 +69,13 @@ "SpecialPages": { "OATH": "SpecialOATH" }, + "AvailableRights": [ + "oathauth-enable" + ], + "GroupPermissions": { + "*": { + "oathauth-enable": true + } + }, "manifest_version": 1 } diff --git a/i18n/en.json b/i18n/en.json index 66568c18..5413063a 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -42,5 +42,7 @@ "oathauth-step2alt": "Or enter the secret manually:", "oathauth-step3": "Step 3: Write down the scratch codes", "oathauth-step4": "Step 4: Verification", - "oathauth-entertoken": "Enter a code from your mobile app to verify:" + "oathauth-entertoken": "Enter a code from your mobile app to verify:", + "right-oathauth-enable": "Enable two-factor authentication", + "action-oathauth-enable": "enable two-factor authentication" } diff --git a/i18n/qqq.json b/i18n/qqq.json index 80ef815a..b525c379 100644 --- a/i18n/qqq.json +++ b/i18n/qqq.json @@ -46,5 +46,7 @@ "oathauth-step2alt": "Label for information on how to manually do step 2 on Special:OATH", "oathauth-step3": "Label for step 3 information on Special:OATH", "oathauth-step4": "Label for step 4 information on Special:OATH", - "oathauth-entertoken": "Label on input field on Special:OATH asking user to enter token" + "oathauth-entertoken": "Label on input field on Special:OATH asking user to enter token", + "right-oathauth-enable": "{{doc-right|oathauth-enable}}", + "action-oathauth-enable": "{{doc-action|oathauth-enable}}" } diff --git a/special/SpecialOATHEnable.php b/special/SpecialOATHEnable.php index 1fb4bc4e..4e331fd9 100644 --- a/special/SpecialOATHEnable.php +++ b/special/SpecialOATHEnable.php @@ -20,7 +20,7 @@ class SpecialOATHEnable extends FormSpecialPage { * @param OATHUser $user */ public function __construct( OATHUserRepository $repository, OATHUser $user ) { - parent::__construct( 'OATH', '', false ); + parent::__construct( 'OATH', 'oathauth-enable', false ); $this->OATHRepository = $repository; $this->OATHUser = $user;