TOTPKey: Add better fallback attempts to find a useable cache

Bug: T330086
Change-Id: Iee5e2d95ef365c9f1767491d3a7008b7bd0eabdb
(cherry picked from commit 547da1a0c1)
This commit is contained in:
Reedy 2023-02-21 22:21:31 +00:00
parent 670163e8f8
commit b74222dce8

View file

@ -21,6 +21,7 @@ namespace MediaWiki\Extension\OATHAuth\Key;
use Base32\Base32;
use DomainException;
use EmptyBagOStuff;
use Exception;
use jakobo\HOTP\HOTP;
use MediaWiki\Extension\OATHAuth\IAuthKey;
@ -29,6 +30,7 @@ use MediaWiki\Extension\OATHAuth\OATHUserRepository;
use MediaWiki\Logger\LoggerFactory;
use MediaWiki\MediaWikiServices;
use MWException;
use ObjectCache;
use Psr\Log\LoggerInterface;
/**
@ -143,10 +145,17 @@ class TOTPKey implements IAuthKey {
// Prevent replay attacks
$store = MediaWikiServices::getInstance()->getMainObjectStash();
if ( $store instanceof EmptyBagOStuff ) {
// Try and find some usable cache if the MainObjectStash isn't useful
$store = ObjectCache::getLocalServerInstance( CACHE_ANYTHING );
}
$uid = MediaWikiServices::getInstance()
->getCentralIdLookupFactory()
->getLookup()
->centralIdFromLocalUser( $user->getUser() );
$key = $store->makeKey( 'oathauth-totp', 'usedtokens', $uid );
$lastWindow = (int)$store->get( $key );