Commit graph

1300 commits

Author SHA1 Message Date
Kunal Mehta 6f37618f4f Explicitly specify SQL columns to SELECT
...instead of `SELECT *`, in anticipation of future schema changes.
Notably, we didn't need to select the `id` field, since we don't ever
use it (spotted by Thiemo!).

Change-Id: I1089199bdad70401684377d88877eccc689427f9
2022-02-27 23:15:50 -08:00
Kunal Mehta ba39a4dfa8 Add basic tests for TOTPKey
Mostly I wanted to add tests for verifying serialization and
deserialization, since that's what I modify in my next commit.

Change-Id: I8223f2e3e1b3ce79afc8c5cd9ca4afe6d418abf9
2022-02-27 23:01:58 -08:00
Translation updater bot a458752222 Localisation updates from https://translatewiki.net.
Change-Id: I7771da37eaed44691782976168fba716ba2f19b2
2022-02-25 09:44:51 +01:00
Reedy 211c1cb930 Replace usages of Wikimedia\(suppress|restore)Warnings()
Change-Id: Iac7480957819652d487e177bc9caf0c8c3db83e4
2022-02-24 21:18:30 +00:00
Translation updater bot e3ef5d1619 Localisation updates from https://translatewiki.net.
Change-Id: I3cde834312cd4208580b32f6b7b85f98f60c1e50
2022-02-24 08:49:40 +01:00
Reedy 16bc5d7168 Send a notification when 2FA is enabled
Bug: T301987
Change-Id: I0fe32b735e34753442ec9811ea41d15b76999d87
2022-02-24 00:39:37 +00:00
jenkins-bot be665c93cc Merge "SECURITY: Use constant time checks for token values" 2022-02-23 23:07:22 +00:00
Translation updater bot fa6acfbc17 Localisation updates from https://translatewiki.net.
Change-Id: Icc0870102ede8c370457e55646d208514df5d602
2022-02-23 08:19:18 +01:00
sbassett 274c82043e SECURITY: Use constant time checks for token values
Bug: T302059
Change-Id: If726c61233d44e76a22fe25c2c910ce59771b49c
2022-02-22 16:11:07 -06:00
Translation updater bot 7c64eaf0a4 Localisation updates from https://translatewiki.net.
Change-Id: I870f0a7a161d11e7f9edd994a62a45bc5304043b
2022-02-22 08:12:01 +01:00
Translation updater bot 900f9e171c Localisation updates from https://translatewiki.net.
Change-Id: Id7282b409d4df3f66ac7fae4558cfd7399304600
2022-02-21 08:16:21 +01:00
Reedy de936aef6a Convert OATHAuth to abstract schema
Bug: T268564
Change-Id: I251fac0e1939cc84e7eab3e7514e07c81b2b0f1e
2022-02-18 10:36:56 +00:00
jenkins-bot 88552e65bf Merge "Add module types to log entries" 2022-02-18 09:18:09 +00:00
Translation updater bot 44831d0ecf Localisation updates from https://translatewiki.net.
Change-Id: Icbe945f1481cdc10980b68f04fad9bceb0b287f6
2022-02-18 08:40:54 +01:00
Reedy 239ff36a06 Add module types to log entries
Change-Id: If765f666496492da44efa282011c2605923be3a2
2022-02-18 00:30:32 +00:00
jenkins-bot 361d2829ba Merge "Add some greppable usage of messages" 2022-02-17 21:20:21 +00:00
Reedy 68ca72d7b9 Add some greppable usage of messages
Change-Id: I5ca72a33ecacb15a8a01f6cda0cdb7cdb628eab8
Follows-Up: Idbac3940b36ce21a0b40044482514a28c5fbd45f
Follows-Up: Ic173ebb7e39d22e40fea23c2b906d246adef1e05
2022-02-17 20:44:51 +00:00
Reedy 4a3db51953 DisablePresentationModel: Remove duplicate getExtraParam call
Follows-Up: I99077ea082b8483cc4fd77573a0d00fa98201f15
Change-Id: I3e6d5aad83e005f7ea2b80551b5eb9249bf4b947
2022-02-17 18:16:17 +00:00
Kunal Mehta 329c3133d6 Send a notification when 2FA is disabled
Notify users when 2FA is disabled on their account in case something was
fishy about it. This notification is a "system" notification that will
be displayed in the web UI and sent over email. It can't be opted out of
as a preference.

The notification links to Special:Preferences, where users can see their
2FA status and re-enable it if they want. A secondary help link goes to
[[mw:Help:Two-factor authentication]], but can be overridden by
adjusting the "oathauth-notifications-disable-helplink" message. The
notification text is different based on whether the user disabled 2FA on
their own, or an admin used the special page or a maint script to do it.

On Wikimedia wikis, we'll use the WikimediaMessages extension to
customize the messages.

The Echo (Notifications) extension is not required, this will gracefully
do nothing if it's not enabled.

Bug: T210075
Bug: T210963
Change-Id: I99077ea082b8483cc4fd77573a0d00fa98201f15
2022-02-17 00:14:20 -08:00
jenkins-bot 4cc5cbe4ad Merge "Require OATHAuth for membership in specified user groups" 2022-02-17 07:41:53 +00:00
Translation updater bot 094051f490 Localisation updates from https://translatewiki.net.
Change-Id: If253afd0e21b27a2dfe9791ff9d5402d9976fb70
2022-02-17 08:12:05 +01:00
Lucas Werkmeister 203a0112c0 Pass context into HTMLForm
Creating a HTMLForm (or OOUIHTMLForm) without passing in a context is
deprecated now.

Bug: T301866
Change-Id: I35eb85f5089bcef04624e5f72fd1a4389be87de9
Depends-On: Ic65c8934ab33c6d1ca0356011923f8933c5072ca
2022-02-16 13:05:35 +01:00
Translation updater bot 7ead5b8888 Localisation updates from https://translatewiki.net.
Change-Id: I8fbf5c821276fec4fc92cc712e693c2044dd7000
2022-02-16 08:13:20 +01:00
Kunal Mehta 498dcfeb80 Require OATHAuth for membership in specified user groups
Users in groups listed in $wgOATHRequiredForGroups (default none) must
have two-factor authentication enabled otherwise their membership in
those groups will be disabled. This is done using the
UserEffectiveGroups hook, which allows dynamically adding or removing
user groups.

If a user doesn't have 2FA enabled, it will appear to them as if they
aren't a member of the group at all. Special:Preferences will show which
groups are disabled. In the future it would be good to have a hook into
PermissionsError to show this as well. The UserGetRights hook is used to
ensure the user still has the "oathauth-enable" user right in case it
was only granted to them as part of the user group they are disabled
from.

On the outside, Special:ListUsers will still show the user as a member
of the group. The API list=users&prop=groups|groupmemberships will show
inconsistent informaiton, groups will remove disabled groups while
groupmemberships will not.

This functionality was somewhat already available with
$wgOATHExclusiveRights, except that implementation has flaws outlined at
T150562#6078263 and haven't been resolved in I69af6a58e4 for over a year
now. If this works out, it's expected that will be deprecated/removed.

Bug: T150562
Change-Id: I07ebddafc6f2233ccec216fa8ac6e996553499fb
2022-02-14 00:47:20 -08:00
Translation updater bot 15a1792b2a Localisation updates from https://translatewiki.net.
Change-Id: Ic453ed1c38f95f5232c807f90f21bf623bb6f45a
2022-02-10 08:41:55 +01:00
Translation updater bot fbcd002117 Localisation updates from https://translatewiki.net.
Change-Id: I13cb0819beb71c260fa0703fee1b61fad418aa8e
2022-01-20 09:17:58 +01:00
Translation updater bot 84aa02e195 Localisation updates from https://translatewiki.net.
Change-Id: I4e1be32f996b081885187c69c58d79f33e3dafeb
2022-01-17 08:12:39 +01:00
jenkins-bot ff5aa95d92 Merge "composer.json: Loosen christian-riesen/base32 requirement" 2022-01-05 17:52:01 +00:00
Translation updater bot 30e033c395 Localisation updates from https://translatewiki.net.
Change-Id: I7bb4a11f6222b40069d07dc4a843528557f045e0
2021-12-20 08:21:32 +01:00
Translation updater bot 8e9d997e70 Localisation updates from https://translatewiki.net.
Change-Id: Ifb91bb3e575ad0c567cf42eeaf65cb5a2373501a
2021-12-10 08:24:34 +01:00
Translation updater bot d0dfa7b94c Localisation updates from https://translatewiki.net.
Change-Id: Icf5105d7b07fabca9cd1e5bab6121dccded41082
2021-11-17 08:30:47 +01:00
Translation updater bot 6c5bf86159 Localisation updates from https://translatewiki.net.
Change-Id: I6229db7b5102077a059a8145d94ff87d332f2622
2021-11-15 08:12:14 +01:00
Translation updater bot a3a3fd576d Localisation updates from https://translatewiki.net.
Change-Id: I0dc5dc74f81d3e12605be34ac61e22e76f1dd3bf
2021-11-11 10:02:45 +01:00
Translation updater bot ef1dd8bd85 Localisation updates from https://translatewiki.net.
Change-Id: Ic96eaad7cdc569d0c97cbdfe3b9435d495586911
2021-11-09 07:29:23 +01:00
Translation updater bot 71b39bdfde Localisation updates from https://translatewiki.net.
Change-Id: Icd0af2ba65542ccfe155c017ffac7115ee8f489a
2021-11-02 08:07:16 +01:00
libraryupgrader 76a50e2d77 build: Updating mediawiki/mediawiki-codesniffer to 38.0.0
Change-Id: Ia3f9db90ccc4529513e6ef129add054d4657d806
2021-10-24 08:53:27 +00:00
Translation updater bot 5abfbaecd3 Localisation updates from https://translatewiki.net.
Change-Id: I868242bb94998d454a95ed682e3845a29a03546f
2021-10-20 08:37:29 +02:00
Translation updater bot 42b60bfa28 Localisation updates from https://translatewiki.net.
Change-Id: I76532831b67d9308c9bd7a34bc625d0a8d811c03
2021-10-18 15:20:52 +02:00
Reedy cec607450f composer.json: Loosen christian-riesen/base32 requirement
Change-Id: I695ac1a8edabcd0a0d09bf6c359c00e540086898
2021-10-13 09:43:52 +00:00
Translation updater bot c2a8d7fe39 Localisation updates from https://translatewiki.net.
Change-Id: I7fe9ada8766c49aa8464ca5db20b4295cb71f15a
2021-10-08 09:21:23 +02:00
Translation updater bot 8dfde7e2c0 Localisation updates from https://translatewiki.net.
Change-Id: I81bed5678292a28c6f069fd171795cc51167673b
2021-10-06 09:28:43 +02:00
libraryupgrader 2f3aadcc6d build: Updating ansi-regex to 5.0.1
* https://npmjs.com/advisories/5197 (CVE-2021-3807)

Change-Id: I64fbfdfa2f5aacab7c3076ef1902d44be30b42ff
2021-10-05 04:23:54 +00:00
Reedy 72fb91180f switchTOTPScratchTokensToArray: Don't run a db update unless the row is changed
Change-Id: Ie08db6253ddc3b05a49a7e99fa9637fcacc5f3a7
2021-09-23 18:33:41 +01:00
Translation updater bot dabe381a83 Localisation updates from https://translatewiki.net.
Change-Id: I1de7ec41e623ad1379cffeea5cd43ba7fd8672bb
2021-09-20 08:19:22 +02:00
Translation updater bot 7854f045f5 Localisation updates from https://translatewiki.net.
Change-Id: I91d3d5efb789906c71b44699065f109ba2311d64
2021-09-16 08:11:47 +02:00
libraryupgrader 37bab0ccb9 build: Updating composer dependencies
* mediawiki/mediawiki-phan-config: 0.10.6 → 0.11.0
* php-parallel-lint/php-parallel-lint: 1.3.0 → 1.3.1

Change-Id: Ibc5ba5833ca9a72ac72e257e32d3519be42c23a2
2021-09-09 11:12:00 +00:00
Translation updater bot bc9ce1ad56 Localisation updates from https://translatewiki.net.
Change-Id: I7a4ad0deaf4908be6e661bff23673ce6124a2d8d
2021-09-06 08:21:04 +02:00
Martin Urbanec 73a3848557 showqrcode-related RL modules should also target mobile devices
Otherwise, the QR code will not be displayed when using
the mobile interface.

Bug: T214986
Change-Id: I08c3f66d836f5fc854d5c7ae2ca580aa896f3f38
2021-09-05 23:07:35 +02:00
libraryupgrader bf5fb1b48d build: Updating stylelint-config-wikimedia to 0.11.1
Change-Id: I299e1b7c4c0e8b698aedf14e8f90cd90d5d5a832
2021-09-04 21:19:12 +00:00
MacFan4000 249d1f3daf set autocomplete=‘one-time-code’ on forms
This allows iOS/iPadOS/macOS to suggest filling codes from sms/the built in totp authenticator (in upcoming versions).

Bug: T289086
Change-Id: I555b05fad4806a37a95afcbc63e143efc424f9d3
2021-09-03 22:45:32 +00:00