wikimedia/mediawiki-extensions-OATHAuth
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/OATHAuth synced 2024-11-28 02:00:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge "Allow privileged accounts to use action=query&meta=oath"

Browse source
This commit is contained in:
jenkins-bot 2020-10-06 18:21:11 +00:00 committed by Gerrit Code Review
parent 9952cf8ee6 446f013c65
commit 7d13959016
3 changed files with 29 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
i18n/api/en.json
View file

@ -12,6 +12,7 @@
"apihelp-query+oath-description": "Check to see if two-factor authentication (OATH) is enabled for a user.", "apihelp-query+oath-description": "Check to see if two-factor authentication (OATH) is enabled for a user.",
"apihelp-query+oath-summary": "Check to see if two-factor authentication (OATH) is enabled for a user.", "apihelp-query+oath-summary": "Check to see if two-factor authentication (OATH) is enabled for a user.",
"apihelp-query+oath-param-user": "User to get information about. Defaults to the current user.", "apihelp-query+oath-param-user": "User to get information about. Defaults to the current user.",
"apihelp-query+oath-param-reason": "Reason for querying the OATH status.",
"apihelp-query+oath-example-1": "Get information about the current user", "apihelp-query+oath-example-1": "Get information about the current user",
"apihelp-query+oath-example-2": "Get information about user <kbd>Example</kbd>", "apihelp-query+oath-example-2": "Get information about user <kbd>Example</kbd>",
"apihelp-oathvalidate-description": "Validate a two-factor authentication (OATH) token.", "apihelp-oathvalidate-description": "Validate a two-factor authentication (OATH) token.",

1
i18n/api/qqq.json
View file

@ -16,6 +16,7 @@
"apihelp-query+oath-description": "{{doc-apihelp-description|query+oath}}", "apihelp-query+oath-description": "{{doc-apihelp-description|query+oath}}",
"apihelp-query+oath-summary": "{{doc-apihelp-summary|query+oath}}", "apihelp-query+oath-summary": "{{doc-apihelp-summary|query+oath}}",
"apihelp-query+oath-param-user": "{{doc-apihelp-param|query+oath|user}}", "apihelp-query+oath-param-user": "{{doc-apihelp-param|query+oath|user}}",
"apihelp-query+oath-param-reason": "{{doc-apihelp-param|query+oath|reason}}",
"apihelp-query+oath-example-1": "{{doc-apihelp-example|query+oath}}", "apihelp-query+oath-example-1": "{{doc-apihelp-example|query+oath}}",
"apihelp-query+oath-example-2": "{{doc-apihelp-example|query+oath}}", "apihelp-query+oath-example-2": "{{doc-apihelp-example|query+oath}}",
"apihelp-oathvalidate-description": "{{doc-apihelp-description|oathvalidate}}", "apihelp-oathvalidate-description": "{{doc-apihelp-description|oathvalidate}}",

30
src/Api/Module/ApiQueryOATH.php
View file

@ -18,12 +18,13 @@
namespace MediaWiki\Extension\OATHAuth\Api\Module; namespace MediaWiki\Extension\OATHAuth\Api\Module;
use ApiBase;
use ApiQuery; use ApiQuery;
use ApiQueryBase; use ApiQueryBase;
use ApiResult; use ApiResult;
use ManualLogEntry;
use MediaWiki\MediaWikiServices; use MediaWiki\MediaWikiServices;
use User; use User;
use Wikimedia\ParamValidator\ParamValidator;
/** /**
* Query module to check if a user has OATH authentication enabled. * Query module to check if a user has OATH authentication enabled.
@ -50,7 +51,18 @@ class ApiQueryOATH extends ApiQueryBase {
$params['user'] = $this->getUser()->getName(); $params['user'] = $this->getUser()->getName();
} }
$this->checkUserRightsAny( 'oathauth-api-all' ); $this->checkUserRightsAny( [ 'oathauth-api-all', 'oathauth-verify-user' ] );
$hasOAthauthApiAll = $this->getPermissionManager()
->userHasRight(
$this->getUser(),
'oathauth-api-all'
);
$reasonProvided = $params['reason'] !== null && $params['reason'] !== '';
if ( !$hasOAthauthApiAll && !$reasonProvided ) {
$this->dieWithError( [ 'apierror-missingparam', 'reason' ] );
}
$user = User::newFromName( $params['user'] ); $user = User::newFromName( $params['user'] );
if ( $user === false ) { if ( $user === false ) {
@ -69,6 +81,15 @@ class ApiQueryOATH extends ApiQueryBase {
$data['enabled'] = $authUser && $data['enabled'] = $authUser &&
$authUser->getModule() !== null && $authUser->getModule() !== null &&
$authUser->getModule()->isEnabled( $authUser ); $authUser->getModule()->isEnabled( $authUser );
// Log if the user doesn't have oathauth-api-all or if a reason is provided
if ( !$hasOAthauthApiAll || $reasonProvided ) {
$logEntry = new ManualLogEntry( 'oath', 'verify' );
$logEntry->setPerformer( $this->getUser() );
$logEntry->setTarget( $user->getUserPage() );
$logEntry->setComment( $params['reason'] );
$logEntry->insert();
}
} }
$result->addValue( 'query', $this->getModuleName(), $data ); $result->addValue( 'query', $this->getModuleName(), $data );
} }
@ -92,7 +113,10 @@ class ApiQueryOATH extends ApiQueryBase {
public function getAllowedParams() { public function getAllowedParams() {
return [ return [
'user' => [ 'user' => [
ApiBase::PARAM_TYPE => 'user', ParamValidator::PARAM_TYPE => 'user',
],
'reason' => [
ParamValidator::PARAM_TYPE => 'string',
], ],
]; ];
} }