mirror of
https://gerrit.wikimedia.org/r/mediawiki/extensions/OATHAuth
synced 2024-11-27 17:50:15 +00:00
Remove pre authmanager MW support
Change-Id: I46712392e48c263bd30b849777caea8e22650d40
This commit is contained in:
Reedy
parent
6cfec6bb04
commit
e38c68c13e
|
|
@ -1,83 +0,0 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Hooks for Extension:OATHAuth
|
||||
* @deprecated B/C class for compatibility with pre-AuthManager core
|
||||
*/
|
||||
class OATHAuthLegacyHooks {
|
||||
/**
|
||||
* @param $extraFields array
|
||||
* @return bool
|
||||
*/
|
||||
static function ChangePasswordForm( &$extraFields ) {
|
||||
$tokenField = [ 'wpOATHToken', 'oathauth-token', 'password', '' ];
|
||||
array_push( $extraFields, $tokenField );
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $user User
|
||||
* @param $password string
|
||||
* @param $newpassword string
|
||||
* @param &$errorMsg string
|
||||
* @return bool
|
||||
*/
|
||||
static function AbortChangePassword( $user, $password, $newpassword, &$errorMsg ) {
|
||||
global $wgRequest;
|
||||
|
||||
$token = $wgRequest->getText( 'wpOATHToken' );
|
||||
$oathrepo = OATHAuthHooks::getOATHUserRepository();
|
||||
$oathuser = $oathrepo->findByUser( $user );
|
||||
# Though it's weird to default to true, we only want to deny
|
||||
# users who have two-factor enabled and have validated their
|
||||
# token.
|
||||
$result = true;
|
||||
|
||||
if ( $oathuser->getKey() !== null ) {
|
||||
// Don't increase pingLimiter, just check for limit exceeded.
|
||||
if ( $user->pingLimiter( 'badoath', 0 ) ) {
|
||||
$result = 'oathauth-abortlogin-throttled';
|
||||
} elseif ( !$oathuser->getKey()->verifyToken( $token, $oathuser ) ) {
|
||||
$result = 'oathauth-abortlogin';
|
||||
}
|
||||
}
|
||||
|
||||
if ( $result === true ) {
|
||||
return true;
|
||||
} else {
|
||||
$errorMsg = $result;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $user User
|
||||
* @param $password string
|
||||
* @param &$abort int
|
||||
* @param &$errorMsg string
|
||||
* @return bool
|
||||
*/
|
||||
static function AbortLogin( $user, $password, &$abort, &$errorMsg ) {
|
||||
$context = RequestContext::getMain();
|
||||
$request = $context->getRequest();
|
||||
$output = $context->getOutput();
|
||||
|
||||
$oathrepo = OATHAuthHooks::getOATHUserRepository();
|
||||
$oathuser = $oathrepo->findByUser( $user );
|
||||
$uid = CentralIdLookup::factory()->centralIdFromLocalUser( $user );
|
||||
|
||||
if ( $oathuser->getKey() !== null && !$request->getCheck( 'token' ) ) {
|
||||
$encData = OATHAuthUtils::encryptSessionData(
|
||||
$request->getValues(),
|
||||
$uid
|
||||
);
|
||||
$request->setSessionData( 'oath_login', $encData );
|
||||
$request->setSessionData( 'oath_uid', $uid );
|
||||
$output->redirect( SpecialPage::getTitleFor( 'OATH' )->getFullURL( '', false, PROTO_CURRENT ) );
|
||||
return false;
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -28,29 +28,6 @@ class OATHAuthHooks {
|
|||
return $service;
|
||||
}
|
||||
|
||||
/**
|
||||
* Register hooks which depend on MediaWiki core version
|
||||
*/
|
||||
public static function onRegistration() {
|
||||
global $wgDisableAuthManager, $wgAuthManagerAutoConfig;
|
||||
|
||||
if ( !$wgDisableAuthManager && class_exists( AuthManager::class ) ) {
|
||||
$wgAuthManagerAutoConfig['secondaryauth'] += [
|
||||
TOTPSecondaryAuthenticationProvider::class => [
|
||||
'class' => TOTPSecondaryAuthenticationProvider::class,
|
||||
// after non-interactive providers but before the ones
|
||||
// that run after a successful authentication
|
||||
'sort' => 50,
|
||||
]
|
||||
];
|
||||
Hooks::register( 'AuthChangeFormFields', 'OATHAuthHooks::onAuthChangeFormFields' );
|
||||
} else {
|
||||
Hooks::register( 'AbortChangePassword', 'OATHAuthLegacyHooks::AbortChangePassword' );
|
||||
Hooks::register( 'AbortLogin', 'OATHAuthLegacyHooks::AbortLogin' );
|
||||
Hooks::register( 'ChangePasswordForm', 'OATHAuthLegacyHooks::ChangePasswordForm' );
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param AuthenticationRequest[] $requests
|
||||
* @param array $fieldInfo Field information array (union of the
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "OATHAuth",
|
||||
"version": "0.2.1",
|
||||
"version": "0.2.2",
|
||||
"author": "Ryan Lane",
|
||||
"url": "https://www.mediawiki.org/wiki/Extension:OATHAuth",
|
||||
"descriptionmsg": "oathauth-desc",
|
||||
|
|
@ -10,7 +10,6 @@
|
|||
"ApiOATHValidate": "api/ApiOATHValidate.php",
|
||||
"ApiQueryOATH": "api/ApiQueryOATH.php",
|
||||
"OATHAuthHooks": "OATHAuth.hooks.php",
|
||||
"OATHAuthLegacyHooks": "OATHAuth.hooks.legacy.php",
|
||||
"OATHAuthKey": "OATHAuthKey.php",
|
||||
"OATHAuthUtils": "OATHAuthUtils.php",
|
||||
"OATHUserRepository": "OATHUserRepository.php",
|
||||
|
|
@ -26,11 +25,21 @@
|
|||
"TOTPAuthenticationRequest": "auth/TOTPAuthenticationRequest.php",
|
||||
"TOTPSecondaryAuthenticationProvider": "auth/TOTPSecondaryAuthenticationProvider.php"
|
||||
},
|
||||
"AuthManagerAutoConfig": {
|
||||
"secondaryauth": {
|
||||
"TOTPSecondaryAuthenticationProvider":{
|
||||
"class": "TOTPSecondaryAuthenticationProvider",
|
||||
"sort": 50
|
||||
}
|
||||
}
|
||||
},
|
||||
"ExtensionMessagesFiles": {
|
||||
"OATHAuthAlias": "OATHAuth.alias.php"
|
||||
},
|
||||
"callback": "OATHAuthHooks::onRegistration",
|
||||
"Hooks": {
|
||||
"AuthChangeFormFields": [
|
||||
"OATHAuthHooks::onAuthChangeFormFields"
|
||||
],
|
||||
"TwoFactorIsEnabled": [
|
||||
"OATHAuthHooks::onTwoFactorIsEnabled"
|
||||
],
|
||||
|
|
|
|||
Loading…
Reference in a new issue