Commit graph

7 commits

Author SHA1 Message Date
Derk-Jan Hartman dbee859adc Put initial focus on token field
It's not like people are going to do anything else here, so
autofocussing is allowed in this case (no accessibility problem)
and speeds up interaction.

Bug: T150861
Change-Id: I6b41cc763156b48d8e35fb6829f70f0eb01e5511
2016-11-16 22:18:42 +00:00
Bryan Davis a6b60d2465 Apply rate limits to all token verifications
Extend the token validation failure checks introduced in I4884f6e to the
other interactions where OATHAuthKey::verifyToken is used.

Depends-On: Ia3add8bbbab0307f036e9b77e752c382da3a0d04
Change-Id: Icbe5cdf561c683dc971a099d61cedff311b26b43
2016-10-07 17:24:32 -07:00
Reedy 9cceee17cc Clean up code style and docblocks
* array() -> []
* spacing fixes
* dirname( __FILE__ ) -> __DIR__
* Add phpcs style checks using latest mediawiki-codesniffer to keep
  things clean.

Co-Authored-By: Bryan Davis <bd808@wikimedia.org>
Change-Id: I95735f928d3e5d6ac9d2a10d92b40ed01cf2737c
2016-09-30 14:40:06 -06:00
Brian Wolff 185bce5859 Fixup qrcode-generating js, to stop race condition.
Previously there was a race condition where the qrcode would
not show if the startup module finished loading prior to the
div that should contain the qrcode being loaded. This quite
commonly happened on wikipedia during a hit where js is cached
(But does not happen locally, my theory is that that is due to
how packets get split over the network but not from localhost).

Change it to use a normal RL module, as that seems best practise.
Also do not load the qrcode js on special pages that do not use it.
Finially, remove position:top as its not needed.

Bug: T136988
Change-Id: I5139f222207203d834bdc979b21c1fc94f242ac2
2016-06-20 03:42:28 -04:00
Aaron Schulz 9b8edbb7c7 Define doesWrites() for special pages
Change-Id: Ie76189ad1c91150e4cef315dacbb845911f7477a
2016-05-25 12:25:10 -07:00
Tyler Anthony Romeo 1a8006317d Move token login to separate page
Rather than have an extraneous form on the login page,
move the token input to a separate page. The actual
logic for logging in is identical, the only difference
is that the token is added to the form data on a second
page request.

Bug: 53195
Change-Id: I39859cc59f1811de42b72f6167d332ea48812f97
2016-03-29 16:02:54 -07:00
Tyler Anthony Romeo 0c389f5025 Refactored special pages into HTMLForm and proxy
Made new class ProxySpecialPage, which acts as a
proxy object to another SpecialPage object that is
determined based on context information other than
the title.

Then Special:OATH has been split into two separate
special page classes (both FormSpecialPages using
HTMLForm) that are routed to by a ProxySpecialPage
object.

In addition, the form for enabling two-factor auth
has been refactored into vform style, with some
better instructions on how to enable two-factor
authentication.

Change-Id: Ib9117cbc9d7f044de9607db81a157e1b472b5ec0
2016-03-23 11:26:04 -07:00