Commit graph

28 commits

Author SHA1 Message Date
Umherirrender 5f8c22e9cd Rename file OATHAuth.hooks.php to match class
Change-Id: Iac3d687f20d6d1805ece0d1c83f3f5e722353a16
2017-12-10 00:24:36 +01:00
libraryupgrader f519a004fa build: Updating mediawiki/mediawiki-codesniffer to 13.0.0
Change-Id: I4f4ab422a6fefa0f61d7c2c2e21942cd83cf161b
2017-09-24 05:30:19 +00:00
Umherirrender 5117cbd09e Improve some parameter docs
Change-Id: Ia4709af4e8fa1563192001772c1a514e051d2fa9
2017-09-09 16:06:17 +02:00
Gergő Tisza d5ec363ce6 Add in-process cache for OATHUser lookups
Change-Id: I9392b7b1a23944dfd91d690fa30b5a7fdf0f2e51
2017-06-21 18:00:38 +02:00
Gergő Tisza 48d83e3d9c Disable autocompletion of one-time tokens
Bug: T141735
Change-Id: Ib75b078cf9b844fcde21758fcbf7ab6a1cd36187
Depends-On: Ic0539d5a61d9862e670d10686adc1e41f65d908e
2016-11-17 16:12:17 -05:00
Kunal Mehta e317bf4610 Show preferences link if user has a key set, but no userright
If the user has a key set but not the oathauth-enable userright, still
show the link to Special:OATH so they can manage it.

This can occur when only restricted groups are allowed to use OATHAuth,
but the user database is shared across multiple wikis.

Bug: T150584
Change-Id: I2db8b47051b0857538e668d233f5cb8586c328a1
2016-11-12 16:25:03 -08:00
Tyler Anthony Romeo d2097fbcaf Add non-MySQL database support
Created patch files for other database types.
Note that some types, such as Oracle, are
not guaranteed to work, since not even MW
core works with them yet anyway.

Bug: T67658
Change-Id: Ie9ce8a4d1140d16017c1aa83865f79d8b0986528
2016-10-31 19:06:52 +00:00
Reedy e38c68c13e Remove pre authmanager MW support
Change-Id: I46712392e48c263bd30b849777caea8e22650d40
2016-10-15 21:56:40 +01:00
Reedy 52686c04b7 Minor documentation updates
Update DatabaseBase type hint

Update some deprecated code usages

Change-Id: I86aa4507447040754d0c9f20171f7e22aed4a0cc
2016-10-02 12:25:59 +00:00
Reedy 9cceee17cc Clean up code style and docblocks
* array() -> []
* spacing fixes
* dirname( __FILE__ ) -> __DIR__
* Add phpcs style checks using latest mediawiki-codesniffer to keep
  things clean.

Co-Authored-By: Bryan Davis <bd808@wikimedia.org>
Change-Id: I95735f928d3e5d6ac9d2a10d92b40ed01cf2737c
2016-09-30 14:40:06 -06:00
jenkins-bot 624c7aca6a Merge "Suppress unserialize errors" 2016-09-30 20:13:42 +00:00
Bryan Davis 03d890f3da Fix some comments
* Spelling in OATHAuthHooks::onRegistration comment
* Remove incorrect comment for OATHAuth::__construct
* Spelling in TOTPAuthenticationRequest class phpdoc

Change-Id: Iaf670a1b86e82b4684489371c8152b8055bff90e
2016-09-28 21:25:45 -06:00
Reedy d38cb8e87c Suppress unserialize errors
Bug: T130740
Change-Id: I20b076b7f3ce15d31a21f8935b74f9121f70c5a3
2016-09-17 00:05:25 +01:00
Gergő Tisza 563796a98c Update for AuthManager
Handling enabling/disabling via AuthManager is left to a separate
patch.

Bug: T110457
Change-Id: Ic492b8f2477c475f8414b61505139e9a1df2ba5b
2016-05-31 19:38:41 +00:00
Dpatrick 0aab34ffdb Merge "Delete users who didn't complete setup on upgrade" 2016-04-11 17:50:02 +00:00
jenkins-bot ec9e8fafbb Merge "Fixup DB/uid handling for SUL wikis" 2016-04-07 01:40:52 +00:00
csteipp 65543e1f6c Fixup DB/uid handling for SUL wikis
We need to pass the db name to getConnection, in addition to wfGetLB.
Also, use core's CentralIdLookup for mapping local user to CentralId
when using a central DB for OATH secret storage.

Change-Id: I12a457633956a9a34dc5302ddcff468e31dd9cef
2016-04-06 17:52:34 -07:00
csteipp e79fd8ebc5 Delete users who didn't complete setup on upgrade
Users who started the "Enable two-factor" process, but never confirmed
their setup were stored in the database under the previous format.
After Ife5f1bae4ad65b66c5e20017cc43c0576b4aba19, we no longer look at
the is_validated column to see if the user confirmed their 2fa setup,
and instead only store users in the table who have confirmed.

Delete these users from the table when updating the table format.

Bug: T130892
Change-Id: I54a706043b44db50344d138207b472c35d00724e
2016-04-06 08:54:29 -07:00
Darian Anthony Patrick ff233b3e97 Reintroduce TwoFactorIsEnabled hook
Production code in another extension depends on the existence of this
hook.

Bug: T131445
Change-Id: I3844150801f724f3eb217dc16c26cb76a58aedd8
2016-04-02 10:33:18 +00:00
csteipp a24d6adfbf Encrypt password when stored in user session
During the two-step login, users with OATH enabled need to have their
login details saved into their session while we prompt them for their
OATH code. This encrypts that data, so we don't write their user's
password into our session storage.

Change-Id: I9969871205ac5c438706df41ef1519cb4cd7a964
2016-03-30 21:23:48 -07:00
Tyler Anthony Romeo 1a8006317d Move token login to separate page
Rather than have an extraneous form on the login page,
move the token input to a separate page. The actual
logic for logging in is identical, the only difference
is that the token is added to the form data on a second
page request.

Bug: 53195
Change-Id: I39859cc59f1811de42b72f6167d332ea48812f97
2016-03-29 16:02:54 -07:00
Tyler Romeo 4e9ad22469 Add user right for enabling two-factor auth
Make new right oathauth-enable that the user must have to enable two
factor authentication (disabling and logging in, of course, are still
allowed).

Bug: T100376
Change-Id: I18d43f8b2cf2c2ce9c2309a43961686498b5c999
2016-03-24 12:45:41 -07:00
Tyler Romeo 67c7dd10e7 Allow for using separate database for OATH creds
Add configuration variable for specifying what database the OATH
credentials are stored in, that way wikis that use CentralAuth can
centralize their two-factor authentication data as well.

Bug: T100374
Change-Id: I285e2fe29fee43ddc6c5a6e51823911d43c596f6
2016-03-24 12:03:23 -07:00
Tyler Anthony Romeo 0c389f5025 Refactored special pages into HTMLForm and proxy
Made new class ProxySpecialPage, which acts as a
proxy object to another SpecialPage object that is
determined based on context information other than
the title.

Then Special:OATH has been split into two separate
special page classes (both FormSpecialPages using
HTMLForm) that are routed to by a ProxySpecialPage
object.

In addition, the form for enabling two-factor auth
has been refactored into vform style, with some
better instructions on how to enable two-factor
authentication.

Change-Id: Ib9117cbc9d7f044de9607db81a157e1b472b5ec0
2016-03-23 11:26:04 -07:00
Tyler Anthony Romeo 89455cdfb2 Refactor extension key storage
This takes out the actual key information from
OATHUser and puts it into an OATHKey class, which OATHUser
depends on. This allows easily swapping keys in/out from
a user.

Change-Id: Ife5f1bae4ad65b66c5e20017cc43c0576b4aba19
2016-03-22 18:08:45 -07:00
Antoine Musso c825d7d5f1 Supports sqlite
The updater did not run with a sqlite database backend. It was simply
not registered and the MySQL schema is translated just fine by
MediaWiki.

Bug: 67297
Change-Id: Ic869c2c1f0d3b77f62bb950b8585cd731a414698
2014-07-01 13:56:26 +00:00
Tyler Anthony Romeo 8928baa29b Make OAUTHAuth more friendly with other authnz extensions
When setting QuickTemplate fields, query to see what is already
there, and append to it. That way if another extension adds more
fields, it won't be overridden.

Bug: 53198
Change-Id: Ib0d67e450e8de372f875536abf82653ede2cdfda
2014-05-11 15:56:56 +00:00
Tyler Anthony Romeo 5f70fed5dc Code-base cleanup
* Removed use of deprecated core features
* Made code style fixes
* Made pass phpcs-strict
* Fixed special page aliases

Change-Id: Iae2a0a7d6f0fb2ea5080795a06ae257af96dfaf6
2014-05-11 10:34:58 +02:00