Ask user to reauthenticate before changing 2FA method

Re-auth period set to 60s Bug: T218211 Change-Id: I17a84b8e60da2ada35c6b86cf6b66d75fb3f13fe
2024-11-24 00:05:24 +00:00 · 2019-09-11 10:29:43 +02:00 · 2019-09-11 10:29:43 +02:00 · a244d95224
parent 475d8145e9
commit a244d95224
2 changed files with 10 additions and 2 deletions
--- a/extension.json
+++ b/extension.json
@ -140,6 +140,9 @@
 			]
 		}
 	},
+	"ReauthenticateTime":  {
+		"oathauth-enable": 60
+	},
 	"load_composer_autoloader": true,
 	"LogTypes": [ "oath" ],
 	"LogNames": {
--- a/src/Special/OATHManage.php
+++ b/src/Special/OATHManage.php
@ -84,12 +84,12 @@ class OATHManage extends SpecialPage {
 	 * @return void
 	 */
 	public function execute( $subPage ) {
-		parent::execute( $subPage );
-
 		$this->getOutput()->enableOOUI();
 		$this->setAction();
 		$this->setModule();

+		parent::execute( $subPage );
+
 		if ( $this->requestedModule instanceof IModule ) {
 			// Performing an action on a requested module
 			$this->clearPage();
@ -127,6 +127,11 @@ class OATHManage extends SpecialPage {
 			// No enabled module and cannot enable - nothing to do
 			$this->displayRestrictionError();
 		}
+
+		if ( $this->action === static::ACTION_ENABLE ) {
+			// Trying to change the 2FA method (one is already enabled)
+			$this->checkLoginSecurityLevel( 'oathauth-enable' );
+		}
 	}

 	private function setAction() {