mirror of
https://gerrit.wikimedia.org/r/mediawiki/extensions/OATHAuth
synced 2024-11-30 19:14:31 +00:00
Merge "Allow privileged accounts to use action=query&meta=oath"
This commit is contained in:
commit
7d13959016
|
@ -12,6 +12,7 @@
|
||||||
"apihelp-query+oath-description": "Check to see if two-factor authentication (OATH) is enabled for a user.",
|
"apihelp-query+oath-description": "Check to see if two-factor authentication (OATH) is enabled for a user.",
|
||||||
"apihelp-query+oath-summary": "Check to see if two-factor authentication (OATH) is enabled for a user.",
|
"apihelp-query+oath-summary": "Check to see if two-factor authentication (OATH) is enabled for a user.",
|
||||||
"apihelp-query+oath-param-user": "User to get information about. Defaults to the current user.",
|
"apihelp-query+oath-param-user": "User to get information about. Defaults to the current user.",
|
||||||
|
"apihelp-query+oath-param-reason": "Reason for querying the OATH status.",
|
||||||
"apihelp-query+oath-example-1": "Get information about the current user",
|
"apihelp-query+oath-example-1": "Get information about the current user",
|
||||||
"apihelp-query+oath-example-2": "Get information about user <kbd>Example</kbd>",
|
"apihelp-query+oath-example-2": "Get information about user <kbd>Example</kbd>",
|
||||||
"apihelp-oathvalidate-description": "Validate a two-factor authentication (OATH) token.",
|
"apihelp-oathvalidate-description": "Validate a two-factor authentication (OATH) token.",
|
||||||
|
|
|
@ -16,6 +16,7 @@
|
||||||
"apihelp-query+oath-description": "{{doc-apihelp-description|query+oath}}",
|
"apihelp-query+oath-description": "{{doc-apihelp-description|query+oath}}",
|
||||||
"apihelp-query+oath-summary": "{{doc-apihelp-summary|query+oath}}",
|
"apihelp-query+oath-summary": "{{doc-apihelp-summary|query+oath}}",
|
||||||
"apihelp-query+oath-param-user": "{{doc-apihelp-param|query+oath|user}}",
|
"apihelp-query+oath-param-user": "{{doc-apihelp-param|query+oath|user}}",
|
||||||
|
"apihelp-query+oath-param-reason": "{{doc-apihelp-param|query+oath|reason}}",
|
||||||
"apihelp-query+oath-example-1": "{{doc-apihelp-example|query+oath}}",
|
"apihelp-query+oath-example-1": "{{doc-apihelp-example|query+oath}}",
|
||||||
"apihelp-query+oath-example-2": "{{doc-apihelp-example|query+oath}}",
|
"apihelp-query+oath-example-2": "{{doc-apihelp-example|query+oath}}",
|
||||||
"apihelp-oathvalidate-description": "{{doc-apihelp-description|oathvalidate}}",
|
"apihelp-oathvalidate-description": "{{doc-apihelp-description|oathvalidate}}",
|
||||||
|
|
|
@ -18,12 +18,13 @@
|
||||||
|
|
||||||
namespace MediaWiki\Extension\OATHAuth\Api\Module;
|
namespace MediaWiki\Extension\OATHAuth\Api\Module;
|
||||||
|
|
||||||
use ApiBase;
|
|
||||||
use ApiQuery;
|
use ApiQuery;
|
||||||
use ApiQueryBase;
|
use ApiQueryBase;
|
||||||
use ApiResult;
|
use ApiResult;
|
||||||
|
use ManualLogEntry;
|
||||||
use MediaWiki\MediaWikiServices;
|
use MediaWiki\MediaWikiServices;
|
||||||
use User;
|
use User;
|
||||||
|
use Wikimedia\ParamValidator\ParamValidator;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Query module to check if a user has OATH authentication enabled.
|
* Query module to check if a user has OATH authentication enabled.
|
||||||
|
@ -50,7 +51,18 @@ class ApiQueryOATH extends ApiQueryBase {
|
||||||
$params['user'] = $this->getUser()->getName();
|
$params['user'] = $this->getUser()->getName();
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->checkUserRightsAny( 'oathauth-api-all' );
|
$this->checkUserRightsAny( [ 'oathauth-api-all', 'oathauth-verify-user' ] );
|
||||||
|
|
||||||
|
$hasOAthauthApiAll = $this->getPermissionManager()
|
||||||
|
->userHasRight(
|
||||||
|
$this->getUser(),
|
||||||
|
'oathauth-api-all'
|
||||||
|
);
|
||||||
|
|
||||||
|
$reasonProvided = $params['reason'] !== null && $params['reason'] !== '';
|
||||||
|
if ( !$hasOAthauthApiAll && !$reasonProvided ) {
|
||||||
|
$this->dieWithError( [ 'apierror-missingparam', 'reason' ] );
|
||||||
|
}
|
||||||
|
|
||||||
$user = User::newFromName( $params['user'] );
|
$user = User::newFromName( $params['user'] );
|
||||||
if ( $user === false ) {
|
if ( $user === false ) {
|
||||||
|
@ -69,6 +81,15 @@ class ApiQueryOATH extends ApiQueryBase {
|
||||||
$data['enabled'] = $authUser &&
|
$data['enabled'] = $authUser &&
|
||||||
$authUser->getModule() !== null &&
|
$authUser->getModule() !== null &&
|
||||||
$authUser->getModule()->isEnabled( $authUser );
|
$authUser->getModule()->isEnabled( $authUser );
|
||||||
|
|
||||||
|
// Log if the user doesn't have oathauth-api-all or if a reason is provided
|
||||||
|
if ( !$hasOAthauthApiAll || $reasonProvided ) {
|
||||||
|
$logEntry = new ManualLogEntry( 'oath', 'verify' );
|
||||||
|
$logEntry->setPerformer( $this->getUser() );
|
||||||
|
$logEntry->setTarget( $user->getUserPage() );
|
||||||
|
$logEntry->setComment( $params['reason'] );
|
||||||
|
$logEntry->insert();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
$result->addValue( 'query', $this->getModuleName(), $data );
|
$result->addValue( 'query', $this->getModuleName(), $data );
|
||||||
}
|
}
|
||||||
|
@ -92,7 +113,10 @@ class ApiQueryOATH extends ApiQueryBase {
|
||||||
public function getAllowedParams() {
|
public function getAllowedParams() {
|
||||||
return [
|
return [
|
||||||
'user' => [
|
'user' => [
|
||||||
ApiBase::PARAM_TYPE => 'user',
|
ParamValidator::PARAM_TYPE => 'user',
|
||||||
|
],
|
||||||
|
'reason' => [
|
||||||
|
ParamValidator::PARAM_TYPE => 'string',
|
||||||
],
|
],
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue