wikimedia/mediawiki-extensions-OATHAuth
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/OATHAuth synced 2024-11-24 00:05:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't allow scratch tokens when enrolling for 2 auth.

Browse source 
Validating with a scratch code is probably a "giant trap that newbies
could fall into".

Bug: T150824
Change-Id: I5710b151d7682e4cdb0b6a692f7b2c108f051caf
This commit is contained in:
Derk-Jan Hartman 2016-11-17 00:03:24 +01:00
parent 099224abee
commit ac30151bcf
4 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
OATHAuthKey.php
View file

@ -156,4 +156,16 @@ class OATHAuthKey {
}
$this->scratchTokens = $scratchTokens;
}
/**
* Check if a token is one of the scratch tokens for this two factor key.
*
* @param string $token Token to verify
*
* @return bool true if this is a scratch token.
*/
public function isScratchToken( $token ) {
$token = preg_replace( '/\s+/', '', $token );
return in_array( $token, $this->scratchTokens, true );
}
}

1
i18n/en.json
View file

@ -15,6 +15,7 @@
"oathauth-token": "Token",
"oathauth-disable": "Disable two-factor authentication",
"oathauth-validatedoath": "Validated two-factor credentials. Two-factor authentication will now be enforced.",
"oathauth-noscratchforvalidation": "You cannot use a scratch code to confirm two-factor authentication. Scratch codes are for backup and incidental use only. Please use a verification code from your code generator.",
"oathauth-failedtovalidateoath": "Failed to validate two-factor credentials",
"oathauth-disabledoath": "Disabled two-factor authentication.",
"oathauth-prefs-label": "Two-factor authentication:",

1
i18n/qqq.json
View file

@ -22,6 +22,7 @@
"oathauth-token": "HTMLForm label, found on [[Special:OATH]], when verifying OATH.\n{{Identical|Token}}",
"oathauth-disable": "Page title on Special:OATH while disabling OATH.\n\nSee [https://en.wikipedia.org/wiki/Two_factor_authentication two factor authentication]",
"oathauth-validatedoath": "Plain text found on Special:OATH after a token has been validated.\n\nSee [https://en.wikipedia.org/wiki/Two_factor_authentication two factor authentication]",
"oathauth-noscratchforvalidation": "Plain text found on Special:OATH if the user used the incorrect type of token while enabling OATH.\n\nSee [https://en.wikipedia.org/wiki/Two_factor_authentication two factor authentication]",
"oathauth-failedtovalidateoath": "Plain text found on Special:OATH when validation of a token has failed.\n\nSee [https://en.wikipedia.org/wiki/Two_factor_authentication two factor authentication]",
"oathauth-disabledoath": "Plain text found on Special:OATH when disabling OATH has been successful.\n\nSee [https://en.wikipedia.org/wiki/Two_factor_authentication two factor authentication]",
"oathauth-prefs-label": "Plain text label seen on Special:Preferences\n\nSee [https://en.wikipedia.org/wiki/Two_factor_authentication two factor authentication]\n{{Identical|Two factor authentication}}",

4
special/SpecialOATHEnable.php
View file

@ -157,6 +157,10 @@ class SpecialOATHEnable extends FormSpecialPage {
/** @var OATHAuthKey $key */
$key = $this->getRequest()->getSessionData( 'oathauth_key' );
if ( $key->isScratchToken( $formData['token'] ) ) {
// A scratch token is not allowed for enrollement
return [ 'oathauth-noscratchforvalidation' ];
}
if ( !$key->verifyToken( $formData['token'], $this->OATHUser ) ) {
return [ 'oathauth-failedtovalidateoath' ];
}