mirror of
https://gerrit.wikimedia.org/r/mediawiki/extensions/OATHAuth
synced 2024-11-24 00:05:24 +00:00
Switch to using AbortLogin hook for tokens
Change-Id: I2e1ff4f35018854ff0cfa4e649984f1d56ecb828
This commit is contained in:
Ryan Lane
parent
9b72e33080
commit
bdb1d8b4a1
|
|
@ -45,6 +45,7 @@ $messages['en'] = array(
|
|||
'oathauth-notloggedin' => 'Login required',
|
||||
'oathauth-mustbeloggedin' => 'You must be logged in to perform this action.',
|
||||
'oathauth-prefs-label' => 'Two-factor authentication:',
|
||||
'oathauth-abortlogin' => 'The two-factor authentication token provided was invalid.',
|
||||
);
|
||||
|
||||
/** Message documentation (Message documentation)
|
||||
|
|
@ -85,6 +86,7 @@ $messages['qqq'] = array(
|
|||
{{Identical|Login required}}',
|
||||
'oathauth-mustbeloggedin' => 'Plain text seen on Special:OATH when a user is not logged in.',
|
||||
'oathauth-prefs-label' => 'Plain text label seen on Special:Preferences',
|
||||
'oathauth-abortlogin' => 'Error message shown on login and password change pages when authentication is aborted.',
|
||||
);
|
||||
|
||||
/** Afrikaans (Afrikaans)
|
||||
|
|
|
|||
|
|
@ -48,7 +48,8 @@ $wgResourceModules['ext.oathauth'] = array(
|
|||
'remoteExtPath' => 'OATHAuth',
|
||||
);
|
||||
|
||||
$wgHooks['ChainAuth'][] = 'OATHUser::ChainAuth';
|
||||
$wgHooks['AbortChangePassword'][] = 'OATHUser::AbortChangePassword';
|
||||
$wgHooks['AbortLogin'][] = 'OATHUser::AbortLogin';
|
||||
$wgHooks['UserLoginForm'][] = 'OATHUser::ModifyUITemplate';
|
||||
$wgHooks['ChangePasswordForm'][] = 'OATHUser::ChangePasswordForm';
|
||||
$wgHooks['TwoFactorIsEnabled'][] = 'OATHUser::TwoFactorIsEnabled';
|
||||
|
|
|
|||
53
OATHUser.php
53
OATHUser.php
|
|
@ -308,27 +308,58 @@ class OATHUser {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param $username string
|
||||
* @param $user User
|
||||
* @param $password string
|
||||
* @param $result bool
|
||||
* @param $newpassword string
|
||||
* @param &$errorMsg string
|
||||
* @return bool
|
||||
*/
|
||||
static function ChainAuth( $username, $password, &$result ) {
|
||||
global $wgRequest;
|
||||
|
||||
$token = $wgRequest->getText( 'wpOATHToken' );
|
||||
$user = OATHUser::newFromUsername( $username );
|
||||
if ( $user && $user->isEnabled() && $user->isValidated() ) {
|
||||
$result = $user->verifyToken( $token );
|
||||
}
|
||||
|
||||
static function AbortChangePassword( $user, $password, $newpassword, &$errorMsg ) {
|
||||
$result = self::authenticate( $user );
|
||||
if ( $result ) {
|
||||
return true;
|
||||
} else {
|
||||
$errorMsg = 'oathauth-abortlogin';
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $user User
|
||||
* @param $password string
|
||||
* @param &$abort int
|
||||
* @param &$errorMsg string
|
||||
* @return bool
|
||||
*/
|
||||
static function AbortLogin( $user, $password, &$abort, &$errorMsg ) {
|
||||
$result = self::authenticate( $user );
|
||||
if ( $result ) {
|
||||
return true;
|
||||
} else {
|
||||
$abort = LoginForm::ABORTED;
|
||||
$errorMsg = 'oathauth-abortlogin';
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $user User
|
||||
* @return bool
|
||||
*/
|
||||
static function authenticate( $user ) {
|
||||
global $wgRequest;
|
||||
$token = $wgRequest->getText( 'wpOATHToken' );
|
||||
$oathuser = OATHUser::newFromUser( $user );
|
||||
# Though it's weird to default to true, we only want to deny
|
||||
# users who have two-factor enabled and have validated their
|
||||
# token.
|
||||
$result = true;
|
||||
if ( $oathuser && $oathuser->isEnabled() && $oathuser->isValidated() ) {
|
||||
$result = $oathuser->verifyToken( $token );
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
|
||||
static function TwoFactorIsEnabled( &$isEnabled ) {
|
||||
global $wgUser;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue