Commit graph

1502 commits

Author SHA1 Message Date
Translation updater bot 49a7f75244 Localisation updates from https://translatewiki.net.
Change-Id: I5097d595eda9f16b5ee69d9377af1e50fd3263f7
2016-11-15 22:57:09 +01:00
Kunal Mehta a6810b041d Hide empty square for QR code with CSS for no-JS users
Change-Id: Id557bce14a623d894e0b23123c8ef037ddd3cc53
2016-11-14 18:23:53 -08:00
Kunal Mehta bf4637200a Get rid of separate ext.oathauth module
It's only used as a dependency for one module, so it doesn't really make
sense to have it as a separate module.

Change-Id: I0936073358e98d236ce9440d92873a2ea3851e60
2016-11-14 18:23:53 -08:00
Translation updater bot 044d469af2 Localisation updates from https://translatewiki.net.
Change-Id: I23b091e822c4a3b27383b4591b33626009e3f1eb
2016-11-14 22:57:29 +01:00
Translation updater bot 0e0a6c95d8 Localisation updates from https://translatewiki.net.
Change-Id: I5c8e5e443d8f12e8822b2f4c6d8b5816c718cc0e
2016-11-13 22:50:13 +01:00
Hydriz 0b460de458 Declare issuer name in QR code when setting up 2FA
The issuer name is an optional but important feature that allows
the user to differentiate between different accounts used in the
same authenticator app. While we currently use a prefix in the
user account name, declaring an issuer makes it easier for the
user to differentiate.

Bug: T150596
Change-Id: I741dd671e79e0326dfe97bdaaf63b3997960d115
2016-11-13 07:11:03 +00:00
Kunal Mehta e317bf4610 Show preferences link if user has a key set, but no userright
If the user has a key set but not the oathauth-enable userright, still
show the link to Special:OATH so they can manage it.

This can occur when only restricted groups are allowed to use OATHAuth,
but the user database is shared across multiple wikis.

Bug: T150584
Change-Id: I2db8b47051b0857538e668d233f5cb8586c328a1
2016-11-12 16:25:03 -08:00
Translation updater bot dffa6b689f Localisation updates from https://translatewiki.net.
Change-Id: Id51db40cfe516ca52e84ce9cdc655dafd36c8d82
2016-11-12 22:55:22 +01:00
jenkins-bot cd72757e4d Merge "Allow override of Site prefix without changing sitename" 2016-11-07 19:40:05 +00:00
Translation updater bot e785a0f891 Localisation updates from https://translatewiki.net.
Change-Id: I2cd8706e96f2c2bfc5b49380300f6a072c8424b1
2016-11-03 23:32:06 +01:00
Translation updater bot e4d6061cbf Localisation updates from https://translatewiki.net.
Change-Id: I49df9415bac6212938f90acb1ed8621f14a505ac
2016-11-01 22:47:09 +01:00
Tyler Anthony Romeo d2097fbcaf Add non-MySQL database support
Created patch files for other database types.
Note that some types, such as Oracle, are
not guaranteed to work, since not even MW
core works with them yet anyway.

Bug: T67658
Change-Id: Ie9ce8a4d1140d16017c1aa83865f79d8b0986528
2016-10-31 19:06:52 +00:00
Reedy 872a4768ff Allow override of Site prefix without changing sitename
Bug: T147901
Change-Id: Id5b565f9c05b591e3638dbf51dd784224203669c
2016-10-31 14:17:27 +00:00
Translation updater bot 56523b60cc Localisation updates from https://translatewiki.net.
Change-Id: I9c3aefda7209f4b01d3bc1ffcfb1fdf5336bd1bf
2016-10-25 23:15:42 +02:00
Chad Horohoe 63ba48fa8d Whoops, track not trace
Change-Id: I37e74fb90e45150e9155af81b99189ec4bfca5b5
2016-10-24 17:03:06 -07:00
Chad Horohoe baca4a727d Swapping defaultbranch for trace
The former is a maintenance nightmare when branching.

Bug:T146293
Change-Id: I8076f5e2b513457f43d2bb2e07a1ecab07f7a355
2016-10-24 16:38:00 -07:00
Translation updater bot 647b68c0fc Localisation updates from https://translatewiki.net.
Change-Id: Ibcb0a0657db806c066c11f0557a88dd36fba1a47
2016-10-22 22:46:35 +02:00
Translation updater bot a82d4aedd9 Localisation updates from https://translatewiki.net.
Change-Id: I465baf8d66a8b705366fd36d26eb5d8aa1eaa03d
2016-10-18 22:38:34 +02:00
Translation updater bot 1164ea58fc Localisation updates from https://translatewiki.net.
Change-Id: I50d84ab53301a197afd149a87baf93b1c93e99b5
2016-10-17 22:34:18 +02:00
Reedy e38c68c13e Remove pre authmanager MW support
Change-Id: I46712392e48c263bd30b849777caea8e22650d40
2016-10-15 21:56:40 +01:00
Translation updater bot 6cfec6bb04 Localisation updates from https://translatewiki.net.
Change-Id: I2c90c532207ef106e2c893e67d8cefd5334ed5bf
2016-10-13 22:51:40 +02:00
jenkins-bot 7c11b39942 Merge "Apply rate limits to all token verifications" 2016-10-12 00:07:35 +00:00
jenkins-bot 10ca80f08b Merge "Add an api action to validate an OATH token" 2016-10-12 00:02:19 +00:00
Translation updater bot 745d8a0179 Localisation updates from https://translatewiki.net.
Change-Id: If7eeee8717eb0bdd16d36622922797295e518f41
2016-10-10 22:27:58 +02:00
Translation updater bot 905045abc3 Localisation updates from https://translatewiki.net.
Change-Id: I9f44cc8750d00109d7a8d6a5f2e0999fde550ffd
2016-10-09 22:53:34 +02:00
jenkins-bot e4003d99d6 Merge "Add a query meta api option to check for OATH" 2016-10-08 00:44:39 +00:00
Bryan Davis a6b60d2465 Apply rate limits to all token verifications
Extend the token validation failure checks introduced in I4884f6e to the
other interactions where OATHAuthKey::verifyToken is used.

Depends-On: Ia3add8bbbab0307f036e9b77e752c382da3a0d04
Change-Id: Icbe5cdf561c683dc971a099d61cedff311b26b43
2016-10-07 17:24:32 -07:00
Bryan Davis 36c523ab23 Add an api action to validate an OATH token
Add a new internal action=oathvalidate Action API module that can be
used to validate an OATH token collected from a user. Using the module
requires the 'oathauth-api-all' permission introduced in I4884f6e.

Attempts to call the action for a given user are rate limited to only
allow 10 failures per minute using the new 'badoath' key.

The check is primarily useful as an internal network service in an
environment where MediaWiki and other applications are sharing the same
backing authentication store (e.g. LDAP) and the non-MediaWiki
applications would like to respect the OATH protections enabled on the
MediaWiki install.

Complete usage in an LDAP shared auth environment would look something
like:
* Authenticate a user with the LDAP server via auth-bind
* Call action=query&meta=oath as a privileged user to check for OATH
  protection.
* If OATH is active for the account, prompt the user for their current
  OATH token.
* Call action=oathvalidate as a privileged user to validate the token.
* If validation succeeds, complete authentication.
* If validation fails, do not authenticate the user.

Bug: T144712
Change-Id: I1b18d9f3b99364fc47c760bdfc2047c1cbb5c04a
2016-10-07 16:55:50 -07:00
Bryan Davis 766e18bca1 Add a query meta api option to check for OATH
Add a new internal action=query&meta=oath Action API module that can be
used to check for OATH protection on a given user account. Using the
module requires a new 'oathauth-api-all' permission which is not granted
to any group by default. The permission is also added to the new
'oath' grant so that it can be used via OAuth and bot passwords.

Use of this API is security sensitive and should not be granted lightly.
Configuring a special 'oathauth' user group to grant the needed
'oathauth-api-all' permission is recommended.

This check is primarily useful as an internal network service in an
environment where MediaWiki and other applications are sharing the same
backing authentication store (e.g. LDAP) and the non-MediaWiki
applications would like to respect the OATH protections enabled on the
MediaWiki install.

Bug: T144712
Change-Id: I4884f6efdfa42db82c25eadb70c7aefa98c370e9
2016-10-07 12:10:18 -07:00
Translation updater bot 00c8e5338c Localisation updates from https://translatewiki.net.
Change-Id: I60dd1befac5dc36205db2f5bc3574fa7c496ab16
2016-10-05 22:43:08 +02:00
Reedy 52686c04b7 Minor documentation updates
Update DatabaseBase type hint

Update some deprecated code usages

Change-Id: I86aa4507447040754d0c9f20171f7e22aed4a0cc
2016-10-02 12:25:59 +00:00
Reedy 9cceee17cc Clean up code style and docblocks
* array() -> []
* spacing fixes
* dirname( __FILE__ ) -> __DIR__
* Add phpcs style checks using latest mediawiki-codesniffer to keep
  things clean.

Co-Authored-By: Bryan Davis <bd808@wikimedia.org>
Change-Id: I95735f928d3e5d6ac9d2a10d92b40ed01cf2737c
2016-09-30 14:40:06 -06:00
jenkins-bot 624c7aca6a Merge "Suppress unserialize errors" 2016-09-30 20:13:42 +00:00
jenkins-bot 3391429b3d Merge "We need a master to do write actions..." 2016-09-30 20:04:58 +00:00
Bryan Davis 03d890f3da Fix some comments
* Spelling in OATHAuthHooks::onRegistration comment
* Remove incorrect comment for OATHAuth::__construct
* Spelling in TOTPAuthenticationRequest class phpdoc

Change-Id: Iaf670a1b86e82b4684489371c8152b8055bff90e
2016-09-28 21:25:45 -06:00
Bryan Davis 0e37c6ca1f Add composer.lock to .gitignore
Change-Id: If5b8459cd967bf4b056573f4223f5bc886960251
2016-09-28 21:25:40 -06:00
jenkins-bot 3dc8dc3b1e Merge "Show the first input as a warning, not as an error box" 2016-09-17 18:05:17 +00:00
Reedy d38cb8e87c Suppress unserialize errors
Bug: T130740
Change-Id: I20b076b7f3ce15d31a21f8935b74f9121f70c5a3
2016-09-17 00:05:25 +01:00
Reedy bfe362d059 We need a master to do write actions...
Change-Id: I618d371cdf76d96370c65975db702ed2fef0579c
2016-09-17 00:04:05 +01:00
Translation updater bot 69506832f0 Localisation updates from https://translatewiki.net.
Change-Id: I554f993eb9618e78f218991fc055c774c7052346
2016-08-17 22:40:18 +02:00
Translation updater bot 57e3f9dc24 Localisation updates from https://translatewiki.net.
Change-Id: Ica4440bb1aaa56ad3f03fe8f79c9b165b5b6bf1e
2016-08-08 22:33:45 +02:00
Florian 106497dc27 Show the first input as a warning, not as an error box
The first time the extension asks for the code of the mobile phone
isn't an error and shouldn't be styles as such (see the depends-on
change). Change all other UIs to errors.

Bug: T139179
Change-Id: I7cc3333c3e166295e85e91c7b377e53842bdb307
Depends-On: I9a27911613e62b5c4cb86bea40696cb37c4f49c2
2016-07-28 22:29:03 +02:00
Translation updater bot fc051bc05c Localisation updates from https://translatewiki.net.
Change-Id: I623e2a0557fd9fc0ff57085c47bda4fcb7eda6e3
2016-07-21 22:58:30 +02:00
Translation updater bot ea689f5d2a Localisation updates from https://translatewiki.net.
Change-Id: I77817bd893810391acb502fca85d33e7eb55ce40
2016-07-01 23:24:55 +02:00
Translation updater bot d2d3697633 Localisation updates from https://translatewiki.net.
Change-Id: Ic1be648a908693328f0273fefa67c0c95e8be3e5
2016-06-26 14:19:07 +02:00
Translation updater bot a5c444d64e Localisation updates from https://translatewiki.net.
Change-Id: I90c756dca597df34afb9d920490ec3135c3ee33a
2016-06-25 14:54:47 +02:00
Translation updater bot ebf96d3484 Localisation updates from https://translatewiki.net.
Change-Id: I8642cb55ddef7ecbb4fee677a68865d8fff8643a
2016-06-24 11:13:41 +02:00
Kunal Mehta 525f54186e Set license-name in extension.json
Change-Id: Ie2457a3e5ffee0377facd4a2f62df5aa0ee4559f
2016-06-23 11:23:18 +02:00
Translation updater bot 23700f0d28 Localisation updates from https://translatewiki.net.
Change-Id: Ib5c91bf3c441ae9c35cf034e3b22c4c0d606fc0c
2016-06-21 23:31:04 +02:00
Brian Wolff 185bce5859 Fixup qrcode-generating js, to stop race condition.
Previously there was a race condition where the qrcode would
not show if the startup module finished loading prior to the
div that should contain the qrcode being loaded. This quite
commonly happened on wikipedia during a hit where js is cached
(But does not happen locally, my theory is that that is due to
how packets get split over the network but not from localhost).

Change it to use a normal RL module, as that seems best practise.
Also do not load the qrcode js on special pages that do not use it.
Finially, remove position:top as its not needed.

Bug: T136988
Change-Id: I5139f222207203d834bdc979b21c1fc94f242ac2
2016-06-20 03:42:28 -04:00