Commit graph

832 commits

Author SHA1 Message Date
jenkins-bot e4003d99d6 Merge "Add a query meta api option to check for OATH" 2016-10-08 00:44:39 +00:00
Bryan Davis a6b60d2465 Apply rate limits to all token verifications
Extend the token validation failure checks introduced in I4884f6e to the
other interactions where OATHAuthKey::verifyToken is used.

Depends-On: Ia3add8bbbab0307f036e9b77e752c382da3a0d04
Change-Id: Icbe5cdf561c683dc971a099d61cedff311b26b43
2016-10-07 17:24:32 -07:00
Bryan Davis 36c523ab23 Add an api action to validate an OATH token
Add a new internal action=oathvalidate Action API module that can be
used to validate an OATH token collected from a user. Using the module
requires the 'oathauth-api-all' permission introduced in I4884f6e.

Attempts to call the action for a given user are rate limited to only
allow 10 failures per minute using the new 'badoath' key.

The check is primarily useful as an internal network service in an
environment where MediaWiki and other applications are sharing the same
backing authentication store (e.g. LDAP) and the non-MediaWiki
applications would like to respect the OATH protections enabled on the
MediaWiki install.

Complete usage in an LDAP shared auth environment would look something
like:
* Authenticate a user with the LDAP server via auth-bind
* Call action=query&meta=oath as a privileged user to check for OATH
  protection.
* If OATH is active for the account, prompt the user for their current
  OATH token.
* Call action=oathvalidate as a privileged user to validate the token.
* If validation succeeds, complete authentication.
* If validation fails, do not authenticate the user.

Bug: T144712
Change-Id: I1b18d9f3b99364fc47c760bdfc2047c1cbb5c04a
2016-10-07 16:55:50 -07:00
Bryan Davis 766e18bca1 Add a query meta api option to check for OATH
Add a new internal action=query&meta=oath Action API module that can be
used to check for OATH protection on a given user account. Using the
module requires a new 'oathauth-api-all' permission which is not granted
to any group by default. The permission is also added to the new
'oath' grant so that it can be used via OAuth and bot passwords.

Use of this API is security sensitive and should not be granted lightly.
Configuring a special 'oathauth' user group to grant the needed
'oathauth-api-all' permission is recommended.

This check is primarily useful as an internal network service in an
environment where MediaWiki and other applications are sharing the same
backing authentication store (e.g. LDAP) and the non-MediaWiki
applications would like to respect the OATH protections enabled on the
MediaWiki install.

Bug: T144712
Change-Id: I4884f6efdfa42db82c25eadb70c7aefa98c370e9
2016-10-07 12:10:18 -07:00
Translation updater bot 00c8e5338c Localisation updates from https://translatewiki.net.
Change-Id: I60dd1befac5dc36205db2f5bc3574fa7c496ab16
2016-10-05 22:43:08 +02:00
Translation updater bot 69506832f0 Localisation updates from https://translatewiki.net.
Change-Id: I554f993eb9618e78f218991fc055c774c7052346
2016-08-17 22:40:18 +02:00
Translation updater bot 57e3f9dc24 Localisation updates from https://translatewiki.net.
Change-Id: Ica4440bb1aaa56ad3f03fe8f79c9b165b5b6bf1e
2016-08-08 22:33:45 +02:00
Translation updater bot fc051bc05c Localisation updates from https://translatewiki.net.
Change-Id: I623e2a0557fd9fc0ff57085c47bda4fcb7eda6e3
2016-07-21 22:58:30 +02:00
Translation updater bot ea689f5d2a Localisation updates from https://translatewiki.net.
Change-Id: I77817bd893810391acb502fca85d33e7eb55ce40
2016-07-01 23:24:55 +02:00
Translation updater bot d2d3697633 Localisation updates from https://translatewiki.net.
Change-Id: Ic1be648a908693328f0273fefa67c0c95e8be3e5
2016-06-26 14:19:07 +02:00
Translation updater bot a5c444d64e Localisation updates from https://translatewiki.net.
Change-Id: I90c756dca597df34afb9d920490ec3135c3ee33a
2016-06-25 14:54:47 +02:00
Translation updater bot ebf96d3484 Localisation updates from https://translatewiki.net.
Change-Id: I8642cb55ddef7ecbb4fee677a68865d8fff8643a
2016-06-24 11:13:41 +02:00
Translation updater bot 23700f0d28 Localisation updates from https://translatewiki.net.
Change-Id: Ib5c91bf3c441ae9c35cf034e3b22c4c0d606fc0c
2016-06-21 23:31:04 +02:00
Translation updater bot 04ba11bf3a Localisation updates from https://translatewiki.net.
Change-Id: I4215be1d92514c1c2c418e23dc00f15569c07cc8
2016-06-18 22:47:39 +02:00
Translation updater bot cdce14b143 Localisation updates from https://translatewiki.net.
Change-Id: I8d3c874594758bd784c386fc34ebc696862e46b8
2016-06-17 22:30:34 +02:00
Translation updater bot be61d58740 Localisation updates from https://translatewiki.net.
Change-Id: Ie7c37eafa53b7ad3d2f63df0c4a86e8e2c2e0dcf
2016-06-15 22:37:02 +02:00
Translation updater bot e90196325a Localisation updates from https://translatewiki.net.
Change-Id: I74da4777405f214fc38d086a1098b9016e8dba78
2016-06-10 22:18:39 +02:00
Translation updater bot 71a049cc64 Localisation updates from https://translatewiki.net.
Change-Id: I6dde00bcf1c7fd3777adc7796e108c871c8d0bc6
2016-06-09 22:39:34 +02:00
Translation updater bot cfcfe47081 Localisation updates from https://translatewiki.net.
Change-Id: I43bc4e6eaf0e913ceb6e2c5e454cc5a1b99b09cb
2016-06-07 22:45:10 +02:00
Translation updater bot 47b7dd8019 Localisation updates from https://translatewiki.net.
Change-Id: Ie8a83530c9435d7f3a829882065c69ab92ff9787
2016-06-06 22:59:19 +02:00
Translation updater bot 853bc6ca00 Localisation updates from https://translatewiki.net.
Change-Id: Id8b4cdc210412ae8001c6f1d03ef912cc5e93591
2016-06-05 22:21:54 +02:00
Translation updater bot 847a4b9209 Localisation updates from https://translatewiki.net.
Change-Id: I91f32000206bc70b62744f28343a9cc56fa87568
2016-06-04 22:24:01 +02:00
Translation updater bot 5c24b3b3df Localisation updates from https://translatewiki.net.
Change-Id: I4621c364ff464bb333f11dea846f8ed26c21bee3
2016-06-03 23:21:42 +02:00
Translation updater bot f3533feac3 Localisation updates from https://translatewiki.net.
Change-Id: I4414aa077fd438e77680911151ebf292a76d25de
2016-06-02 22:24:52 +02:00
Translation updater bot a4be5669a2 Localisation updates from https://translatewiki.net.
Change-Id: Ic9c994bf5ab7c0b4c4469dba2563cf4242aeb381
2016-06-01 23:12:11 +02:00
Gergő Tisza 563796a98c Update for AuthManager
Handling enabling/disabling via AuthManager is left to a separate
patch.

Bug: T110457
Change-Id: Ic492b8f2477c475f8414b61505139e9a1df2ba5b
2016-05-31 19:38:41 +00:00
Translation updater bot 1b6780b8e7 Localisation updates from https://translatewiki.net.
Change-Id: Id04818d138b280580c7d643e8fb4d97df0a481ca
2016-05-10 22:28:41 +02:00
Translation updater bot 1432439b17 Localisation updates from https://translatewiki.net.
Change-Id: Ib94b65a67b164520eb8e97459ea5b6e3024abb0a
2016-04-18 22:21:26 +02:00
Translation updater bot 71a09d79fc Localisation updates from https://translatewiki.net.
Change-Id: I23da81e04fe56170ed748279acfc0fe3a5c9a2af
2016-04-10 20:05:02 +02:00
Translation updater bot 093f81551e Localisation updates from https://translatewiki.net.
Change-Id: Ifbb40f4200c8c27089820b68379f003b34032ba5
2016-04-07 23:03:30 +02:00
Translation updater bot fb6f9ebf17 Localisation updates from https://translatewiki.net.
Change-Id: I1f0ac20dafa8ae40eae0667e4bb6f376d821ccbb
2016-04-03 23:22:23 +02:00
Translation updater bot cfc7e3849f Localisation updates from https://translatewiki.net.
Change-Id: I8115023f19aab2126c7c0a54ec98cfb6facad983
2016-04-01 22:28:06 +02:00
Translation updater bot cb3d55f37c Localisation updates from https://translatewiki.net.
Change-Id: I5b11fc314d4ae3df385259bfc478e524319de3be
2016-03-31 22:45:35 +02:00
csteipp 07f99656dc Fix i18n merge errors
Address comments by Raimond Spekking on
I39859cc59f1811de42b72f6167d332ea48812f97

Change-Id: Ib17f1a2f0e70e5fd286d7ea441b13f79da3743c5
2016-03-31 07:51:26 -07:00
jenkins-bot 1dd09985d0 Merge "Move token login to separate page" 2016-03-31 04:31:39 +00:00
Translation updater bot 1c95cc53cd Localisation updates from https://translatewiki.net.
Change-Id: I9e6ab33a2722ed40cfd5e6ee95ac95731c3625fd
2016-03-30 22:41:05 +02:00
Tyler Anthony Romeo 1a8006317d Move token login to separate page
Rather than have an extraneous form on the login page,
move the token input to a separate page. The actual
logic for logging in is identical, the only difference
is that the token is added to the form data on a second
page request.

Bug: 53195
Change-Id: I39859cc59f1811de42b72f6167d332ea48812f97
2016-03-29 16:02:54 -07:00
Translation updater bot 25828bfd82 Localisation updates from https://translatewiki.net.
Change-Id: Ie0229f920eea9591bfca9b4b53d7fc70e61e2b9b
2016-03-29 22:38:09 +02:00
Translation updater bot 9fbf9d037a Localisation updates from https://translatewiki.net.
Change-Id: I1d1d8089142ce378f95eb0b326821da57864aa0b
2016-03-28 22:44:27 +02:00
Translation updater bot 5a98aff998 Localisation updates from https://translatewiki.net.
Change-Id: I8bff7a23ae61c5640079757c04b4c481add03a1f
2016-03-27 21:20:30 +02:00
Translation updater bot fe38684597 Localisation updates from https://translatewiki.net.
Change-Id: I7d94dbe7e7acef698e31c97eb8c31718009890d2
2016-03-24 22:37:49 +01:00
Tyler Romeo 4e9ad22469 Add user right for enabling two-factor auth
Make new right oathauth-enable that the user must have to enable two
factor authentication (disabling and logging in, of course, are still
allowed).

Bug: T100376
Change-Id: I18d43f8b2cf2c2ce9c2309a43961686498b5c999
2016-03-24 12:45:41 -07:00
Translation updater bot a161c3122c Localisation updates from https://translatewiki.net.
Change-Id: I37c58596e845f958a1337193fbabca36b843209a
2016-03-23 22:23:27 +01:00
Tyler Anthony Romeo 0c389f5025 Refactored special pages into HTMLForm and proxy
Made new class ProxySpecialPage, which acts as a
proxy object to another SpecialPage object that is
determined based on context information other than
the title.

Then Special:OATH has been split into two separate
special page classes (both FormSpecialPages using
HTMLForm) that are routed to by a ProxySpecialPage
object.

In addition, the form for enabling two-factor auth
has been refactored into vform style, with some
better instructions on how to enable two-factor
authentication.

Change-Id: Ib9117cbc9d7f044de9607db81a157e1b472b5ec0
2016-03-23 11:26:04 -07:00
Translation updater bot c51c60bfe4 Localisation updates from https://translatewiki.net.
Change-Id: I1d6912809c20f854ef5c417f2c96889c3c18fa13
2016-03-22 22:32:28 +01:00
Translation updater bot 7f82fbc7da Localisation updates from https://translatewiki.net.
Change-Id: I0497b07e506df76bb039b3222597274e5fdb83cc
2016-03-17 23:20:10 +01:00
Translation updater bot b682faa013 Localisation updates from https://translatewiki.net.
Change-Id: Ie29359fb73a217ca8ab196075d0562e88fdad780
2016-03-09 22:44:37 +01:00
Translation updater bot 84a401f76a Localisation updates from https://translatewiki.net.
Change-Id: Ib455947e7478c3bec8d48c721f1f48b4cb81975f
2016-03-08 22:43:37 +01:00
Siebrand Mazeland 44a170a4f4 Remove use of "successful" in strings
Change-Id: If9e32d42a56b85318ce4b7446db95db579f63e14
2016-03-07 12:47:59 +01:00
Translation updater bot 923d19797c Localisation updates from https://translatewiki.net.
Change-Id: Id87e8c8ec4301de9d447c044964e827100398bea
2015-12-11 23:52:34 +01:00
Translation updater bot 0cffacd291 Localisation updates from https://translatewiki.net.
Change-Id: I7017c58242147db295e75caeddbbb26e3b4dfc88
2015-10-22 22:02:03 +02:00
Siebrand Mazeland 88b2fea14f Update indentation to use tabs
Change-Id: I761d90d8758d3c7b3dd82ea9693a56b46655555a
2015-10-13 08:31:04 +02:00
Translation updater bot 61cbc9d0a1 Localisation updates from https://translatewiki.net.
Change-Id: I7c92e83e2e3b4266eb10691b686709c35a350df6
2015-05-25 22:33:20 +02:00
Translation updater bot 8ef4e1f3f7 Localisation updates from https://translatewiki.net.
Change-Id: I54f07aead0b62a86e8453e7474d0cf806b8fc47b
2015-05-24 23:04:25 +02:00
Translation updater bot 29d733f81a Localisation updates from https://translatewiki.net.
Change-Id: I113ca2995ac2a6ba0eea4d4437b76a51e36e5901
2015-05-24 00:11:12 +02:00
Translation updater bot c21ca85ed7 Localisation updates from https://translatewiki.net.
Change-Id: I7891e0fd51469afe96d44f28f76511b1e7feba37
2015-03-23 22:02:25 +01:00
Translation updater bot fe63ccea77 Localisation updates from https://translatewiki.net.
Change-Id: Ib01f35c1bda7577f3329decade6902042badeb41
2015-03-16 21:58:55 +01:00
Translation updater bot 14688a5027 Localisation updates from https://translatewiki.net.
Change-Id: Iff9c09a0d9ba8ffdbcfa813a4236b13d8254454d
2015-03-05 22:25:31 +01:00
Translation updater bot f01422aa7f Localisation updates from https://translatewiki.net.
Change-Id: I5e3d5efe8c3b782d1600da56bf4e953d76197206
2014-12-20 22:25:47 +01:00
Translation updater bot 2890dbde51 Localisation updates from https://translatewiki.net.
Change-Id: I84e7e103d3e00666c0de1c11efe8b30f9404d610
2014-10-27 20:15:24 +01:00
Translation updater bot a4d0c34bfe Localisation updates from https://translatewiki.net.
Change-Id: I4812da260503af7cf961d1326c21d50a39f220ab
2014-10-25 22:48:08 +02:00
Translation updater bot caf9a8481f Localisation updates from https://translatewiki.net.
Change-Id: I9edcf91b7018c559c9cfb1f864e140041ec0f2d1
2014-10-23 23:25:51 +02:00
Siebrand Mazeland 71fee2e552 Update spelling and remove uses of title case
Change-Id: I8445ad4b1e5f0daf052331edd2a5c7a3b0113473
2014-10-21 19:40:24 +02:00
Translation updater bot 25ccd5359c Localisation updates from https://translatewiki.net.
Change-Id: If9b5fc475ca186832a19dc5b22d883849c595293
2014-10-07 21:01:20 +02:00
Translation updater bot 3210e98c58 Localisation updates from https://translatewiki.net.
Change-Id: I6ce967a6e8380ba344fbaa9f6c7d590f47d3ed6b
2014-09-05 22:47:43 +02:00
Translation updater bot df76c50aab Localisation updates from https://translatewiki.net.
Change-Id: I278bdad5eda0a65b343680a2cc2f6b801d9ca23c
2014-09-02 22:15:56 +02:00
Translation updater bot a4cd87c0b2 Localisation updates from https://translatewiki.net.
Change-Id: I67e6935b6911d5c5b133e9003dcd46bff224b2c6
2014-08-31 21:57:01 +02:00
Translation updater bot 71191e1ae8 Localisation updates from https://translatewiki.net.
Change-Id: I0ea953d2548fb0d921153f719e56dabbb09b71e6
2014-08-30 22:39:59 +02:00
Translation updater bot 7077f00059 Localisation updates from https://translatewiki.net.
Change-Id: Ib9e5b27caca2ee2504147330484904ee5052f4bf
2014-08-14 23:38:21 +02:00
Translation updater bot 287ac8e7a6 Localisation updates from https://translatewiki.net.
Change-Id: I688e3cf28ac0b6a298a559bd73bd94b42e869d74
2014-07-29 21:55:54 +02:00
Translation updater bot 0092d8a821 Localisation updates from https://translatewiki.net.
Change-Id: I7cee8fc299bf3efd796ffb2b3b8b9d109ff92a99
2014-07-05 19:56:44 +00:00
Translation updater bot fbe07e1e84 Localisation updates from https://translatewiki.net.
Change-Id: I5bb7a01d162c37e40e43de17a7aac197022c2460
2014-07-04 21:32:14 +00:00
Translation updater bot 2bf57bc2c8 Localisation updates from https://translatewiki.net.
Change-Id: Iccd4b60bbbc90b628991478171820df4c2ca4375
2014-06-29 18:41:27 +00:00
Translation updater bot 1566f732b4 Localisation updates from https://translatewiki.net.
Change-Id: Id2b7dcbfb266ebfddaf1f4cbc45fdea2bdbd18f2
2014-06-22 19:30:35 +00:00
Translation updater bot 4ed4257a2a Localisation updates from https://translatewiki.net.
Change-Id: Iafcdd633ac35a81252a16c1e93c3cb423c6ab6a3
2014-06-18 19:56:52 +00:00
Translation updater bot 06c8d5ff5d Localisation updates from https://translatewiki.net.
Change-Id: I02da9dec2c939715c847ced8126e6d8ab4d40dce
2014-06-11 20:38:45 +00:00
Translation updater bot 63ed7ced7f Localisation updates from https://translatewiki.net.
Change-Id: I4c59f1c15f257df443113602bf019f9c8d4573a0
2014-04-20 20:08:02 +00:00
Translation updater bot c1783acdfd Localisation updates from https://translatewiki.net.
Change-Id: I4d28b8ed7e862c437ae006ddfa5bd72d6a935d63
2014-04-17 18:59:57 +00:00
Translation updater bot a5b9fc5632 Localisation updates from https://translatewiki.net.
Change-Id: Ibf1357b2975533e24a28c7e078269280ffa0db51
2014-04-16 15:44:35 +00:00
Translation updater bot 6c0564db25 Localisation updates from https://translatewiki.net.
Change-Id: I402cf8a14fd08ba4ea926915471770fd266368eb
2014-04-11 19:48:38 +00:00
Translation updater bot 6bc57597fc Localisation updates from https://translatewiki.net.
Change-Id: I1286aa114b2ef9d4a07dd3e8d60d7d91f3ad3b5f
2014-04-06 19:41:45 +00:00
Siebrand Mazeland e08f4b18f5 Migrate to JSON i18n
Procedure per https://www.mediawiki.org/wiki/Manual:GenerateJsonI18n.php
with shim.

Change-Id: Iec7afc3b9697ec16145dd215ae27842cf54a5934
2014-03-28 12:07:32 +01:00