From 0f5772e7bda1b182c0612bee70a4d8430b1f6c50 Mon Sep 17 00:00:00 2001
From: Reedy <reedy@wikimedia.org>
Date: Sat, 12 Nov 2016 02:48:49 +0000
Subject: [PATCH] Remove SpecialOATHLogin.php as more AuthManager related
 cleanup

Change-Id: I9d7fd0a2da0e3e54bb5031d7e70769a2a27703c8
---
 extension.json               |   4 +-
 i18n/en.json                 |   2 -
 i18n/qqq.json                |   2 -
 special/SpecialOATH.php      |  33 ++-------
 special/SpecialOATHLogin.php | 131 -----------------------------------
 5 files changed, 8 insertions(+), 164 deletions(-)
 delete mode 100644 special/SpecialOATHLogin.php

diff --git a/extension.json b/extension.json
index c93ead5c..ee70a12c 100644
--- a/extension.json
+++ b/extension.json
@@ -5,6 +5,9 @@
 	"url": "https://www.mediawiki.org/wiki/Extension:OATHAuth",
 	"descriptionmsg": "oathauth-desc",
 	"type": "other",
+	"requires": {
+		"MediaWiki": ">= 1.27.0"
+	},
 	"license-name": "GPL-2.0+",
 	"AutoloadClasses": {
 		"ApiOATHValidate": "api/ApiOATHValidate.php",
@@ -20,7 +23,6 @@
 		"SpecialOATH": "special/SpecialOATH.php",
 		"SpecialOATHEnable": "special/SpecialOATHEnable.php",
 		"SpecialOATHDisable": "special/SpecialOATHDisable.php",
-		"SpecialOATHLogin": "special/SpecialOATHLogin.php",
 		"ProxySpecialPage": "special/ProxySpecialPage.php",
 		"TOTPAuthenticationRequest": "auth/TOTPAuthenticationRequest.php",
 		"TOTPSecondaryAuthenticationProvider": "auth/TOTPSecondaryAuthenticationProvider.php"
diff --git a/i18n/en.json b/i18n/en.json
index 4d9e827d..cf78462f 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -22,7 +22,6 @@
 	"oathauth-currenttoken": "Current token",
 	"oathauth-newtoken": "New token",
 	"oathauth-disable": "Disable two-factor authentication",
-	"oathauth-login": "Login with two-factor authentication",
 	"oathauth-displayoathinfo": "two-factor authentication options",
 	"oathauth-validatedoath": "Validated two-factor credentials. Two-factor authentication will now be enforced.",
 	"oathauth-backtopreferences": "Back to preferences.",
@@ -37,7 +36,6 @@
 	"oathauth-mustbeloggedin": "You must be logged in to perform this action.",
 	"oathauth-prefs-label": "Two-factor authentication:",
 	"oathauth-abortlogin": "The two-factor authentication token provided was invalid.",
-	"oathauth-abortlogin-throttled": "Too many verification attempts! Please try again later.",
 	"oathauth-step1": "Step 1: Download a two-factor authentication program",
 	"oathauth-step1-test": "Download a program for two-factor authentication. That can be a mobile application (such as Google Authenticator) or a desktop application",
 	"oathauth-step2": "Step 2: Scan the QR code",
diff --git a/i18n/qqq.json b/i18n/qqq.json
index 682f457b..3b5f76b2 100644
--- a/i18n/qqq.json
+++ b/i18n/qqq.json
@@ -29,7 +29,6 @@
 	"oathauth-currenttoken": "HTMLForm label, found on Special:OATH, when verifying OATH.",
 	"oathauth-newtoken": "HTMLForm label, found on Special:OATH, when verifying OATH.",
 	"oathauth-disable": "Page title on Special:OATH while disabling OATH.\n\nSee [https://en.wikipedia.org/wiki/Two_factor_authentication two factor authentication]",
-	"oathauth-login": "Page title on Special:OATH while loggin in with OATH.",
 	"oathauth-displayoathinfo": "Page title on Special:OATH when no parameters are passed.\n\nSee [https://en.wikipedia.org/wiki/Multi-factor_authentication Two-factor authentication]",
 	"oathauth-validatedoath": "Plain text found on Special:OATH after a token has been validated.\n\nSee [https://en.wikipedia.org/wiki/Two_factor_authentication two factor authentication]",
 	"oathauth-backtopreferences": "Used as link text. Link found on Special:OATH after any action has completed.",
@@ -44,7 +43,6 @@
 	"oathauth-mustbeloggedin": "Plain text seen on Special:OATH when a user is not logged in.",
 	"oathauth-prefs-label": "Plain text label seen on Special:Preferences\n\nSee [https://en.wikipedia.org/wiki/Two_factor_authentication two factor authentication]\n{{Identical|Two factor authentication}}",
 	"oathauth-abortlogin": "Error message shown on login and password change pages when authentication is aborted.\n\nSee [https://en.wikipedia.org/wiki/Two_factor_authentication two factor authentication]",
-	"oathauth-abortlogin-throttled": "Error message shown on login and password change pages when authentication is aborted due to rate limit violations.\n\nSee [https://en.wikipedia.org/wiki/Two_factor_authentication two factor authentication]",
 	"oathauth-step1": "Label for step 1 on Special:OATH form",
 	"oathauth-step1-test": "Text for step 1 on Special:OATH for. Check the name of \"Google Authenticator\" in your language in the Play Market—it's quite likely that it's translated.",
 	"oathauth-step2": "Label for step 2, the QR code, on Special:OATH",
diff --git a/special/SpecialOATH.php b/special/SpecialOATH.php
index ae99c39f..f35fe7b9 100644
--- a/special/SpecialOATH.php
+++ b/special/SpecialOATH.php
@@ -8,41 +8,18 @@ class SpecialOATH extends ProxySpecialPage {
 	 * If the user already has OATH enabled, show them a page to disable
 	 * If the user has OATH disabled, show them a page to enable
 	 *
-	 * @return SpecialOATHDisable|SpecialOATHEnable|SpecialOATHLogin|SpecialPage
+	 * @return SpecialOATHDisable|SpecialOATHEnable
 	 */
 	protected function getTargetPage() {
 		$repo = OATHAuthHooks::getOATHUserRepository();
 
-		/** @var array $sessionUser */
-		$loginInfo = $this->getRequest()->getSessionData( 'oath_login' );
+		$user = $repo->findByUser( $this->getUser() );
 
-		/** @var SpecialOATHDisable|SpecialOATHEnable|SpecialOATHLogin|SpecialPage $page */
-		$page = null;
-		if ( $this->getUser()->isAnon() && $loginInfo !== null ) {
-			// User is anonymous, so they are logging in
-			$loginInfo = OATHAuthUtils::decryptSessionData(
-				$loginInfo,
-				$this->getRequest()->getSessionData( 'oath_uid' )
-			);
-			$page = new SpecialOATHLogin(
-				$repo->findByUser( User::newFromName( $loginInfo['wpName'] ) ),
-				new DerivativeRequest(
-					$this->getRequest(),
-					$loginInfo,
-					$this->getRequest()->wasPosted()
-				)
-			);
+		if ( $user->getKey() === null ) {
+			return new SpecialOATHEnable( $repo, $user );
 		} else {
-			$user = $repo->findByUser( $this->getUser() );
-
-			if ( $user->getKey() === null ) {
-				$page = new SpecialOATHEnable( $repo, $user );
-			} else {
-				$page = new SpecialOATHDisable( $repo, $user );
-			}
+			return new SpecialOATHDisable( $repo, $user );
 		}
-
-		return $page;
 	}
 
 	protected function getGroupName() {
diff --git a/special/SpecialOATHLogin.php b/special/SpecialOATHLogin.php
deleted file mode 100644
index 9a0f18e0..00000000
--- a/special/SpecialOATHLogin.php
+++ /dev/null
@@ -1,131 +0,0 @@
-<?php
-
-/**
- * Special page to log users into two factor authentication
- */
-class SpecialOATHLogin extends FormSpecialPage {
-	/** @var OATHUser|null */
-	private $OATHUser;
-
-	/** @var LoginForm */
-	private $loginForm;
-
-	/**
-	 * @var string|null The token submitted by the user
-	 */
-	private $token = null;
-
-	/**
-	 * Initialize the OATH user based on the current local User object in the context
-	 *
-	 * @param OATHUser $oathuser
-	 * @param WebRequest $oldRequest
-	 */
-	public function __construct( OATHUser $oathuser, WebRequest $oldRequest ) {
-		Hooks::register( 'AbortLogin', $this );
-		parent::__construct( 'OATH', '', false );
-
-		$this->OATHUser = $oathuser;
-		$this->loginForm = new LoginForm( $oldRequest );
-		$this->loginForm->setContext( $this->getContext() );
-	}
-
-	/**
-	 * Set the page title and add JavaScript RL modules
-	 *
-	 * @param HTMLForm $form
-	 */
-	public function alterForm( HTMLForm $form ) {
-		$form->setMessagePrefix( 'oathauth' );
-		$form->setWrapperLegend( false );
-		$form->getOutput()->setPageTitle( $this->msg( 'oathauth-login' ) );
-	}
-
-	/**
-	 * @return string
-	 */
-	public function getDisplayFormat() {
-		return 'vform';
-	}
-
-	/**
-	 * @return bool
-	 */
-	public function requiresUnblock() {
-		return false;
-	}
-
-	/**
-	 * @return array[]
-	 */
-	protected function getFormFields() {
-		return [
-			'token' => [
-				'type' => 'text',
-				'default' => '',
-				'label-message' => 'oathauth-entertoken',
-				'name' => 'token',
-				'required' => true,
-				'autofocus' => true,
-			],
-			'returnto' => [
-				'type' => 'hidden',
-				'default' => $this->getRequest()->getVal( 'returnto' ),
-				'name' => 'returnto',
-			],
-			'returntoquery' => [
-				'type' => 'hidden',
-				'default' => $this->getRequest()->getVal( 'returntoquery' ),
-				'name' => 'returntoquery',
-			]
-		];
-	}
-
-	/**
-	 * Stub function: the only purpose of this form is to add more data into
-	 * the login form
-	 *
-	 * @param array $formData
-	 *
-	 * @return true
-	 */
-	public function onSubmit( array $formData ) {
-		$this->getRequest()->setSessionData( 'oath_login', null );
-		$this->getRequest()->setSessionData( 'oath_uid', null );
-		$this->token = $formData['token'];
-
-		return true;
-	}
-
-	public function onSuccess() {
-		$this->loginForm->execute( $this->par );
-	}
-
-	/**
-	 * @param User $user
-	 * @param $password
-	 * @param $abort
-	 * @param $errorMsg
-	 *
-	 * @return bool
-	 */
-	public function onAbortLogin( User $user, $password, &$abort, &$errorMsg ) {
-		// Don't increase pingLimiter, just check for limit exceeded.
-		if ( $this->OATHUser->getUser()->pingLimiter( 'badoath', 0 ) ) {
-			$abort = LoginForm::THROTTLED;
-			$errorMsg = 'oathauth-abortlogin-throttled';
-			return false;
-		}
-
-		$result = $this->OATHUser->getKey()
-			->verifyToken( $this->getRequest()->getVal( 'token' ), $this->OATHUser );
-
-		if ( $result ) {
-			return true;
-		} else {
-			$abort = LoginForm::WRONG_PASS;
-
-			return false;
-		}
-	}
-}