Commit graph

64 commits

Author SHA1 Message Date
Reedy 68ca72d7b9 Add some greppable usage of messages
Change-Id: I5ca72a33ecacb15a8a01f6cda0cdb7cdb628eab8
Follows-Up: Idbac3940b36ce21a0b40044482514a28c5fbd45f
Follows-Up: Ic173ebb7e39d22e40fea23c2b906d246adef1e05
2022-02-17 20:44:51 +00:00
Kunal Mehta 329c3133d6 Send a notification when 2FA is disabled
Notify users when 2FA is disabled on their account in case something was
fishy about it. This notification is a "system" notification that will
be displayed in the web UI and sent over email. It can't be opted out of
as a preference.

The notification links to Special:Preferences, where users can see their
2FA status and re-enable it if they want. A secondary help link goes to
[[mw:Help:Two-factor authentication]], but can be overridden by
adjusting the "oathauth-notifications-disable-helplink" message. The
notification text is different based on whether the user disabled 2FA on
their own, or an admin used the special page or a maint script to do it.

On Wikimedia wikis, we'll use the WikimediaMessages extension to
customize the messages.

The Echo (Notifications) extension is not required, this will gracefully
do nothing if it's not enabled.

Bug: T210075
Bug: T210963
Change-Id: I99077ea082b8483cc4fd77573a0d00fa98201f15
2022-02-17 00:14:20 -08:00
jenkins-bot 4cc5cbe4ad Merge "Require OATHAuth for membership in specified user groups" 2022-02-17 07:41:53 +00:00
Lucas Werkmeister 203a0112c0 Pass context into HTMLForm
Creating a HTMLForm (or OOUIHTMLForm) without passing in a context is
deprecated now.

Bug: T301866
Change-Id: I35eb85f5089bcef04624e5f72fd1a4389be87de9
Depends-On: Ic65c8934ab33c6d1ca0356011923f8933c5072ca
2022-02-16 13:05:35 +01:00
Kunal Mehta 498dcfeb80 Require OATHAuth for membership in specified user groups
Users in groups listed in $wgOATHRequiredForGroups (default none) must
have two-factor authentication enabled otherwise their membership in
those groups will be disabled. This is done using the
UserEffectiveGroups hook, which allows dynamically adding or removing
user groups.

If a user doesn't have 2FA enabled, it will appear to them as if they
aren't a member of the group at all. Special:Preferences will show which
groups are disabled. In the future it would be good to have a hook into
PermissionsError to show this as well. The UserGetRights hook is used to
ensure the user still has the "oathauth-enable" user right in case it
was only granted to them as part of the user group they are disabled
from.

On the outside, Special:ListUsers will still show the user as a member
of the group. The API list=users&prop=groups|groupmemberships will show
inconsistent informaiton, groups will remove disabled groups while
groupmemberships will not.

This functionality was somewhat already available with
$wgOATHExclusiveRights, except that implementation has flaws outlined at
T150562#6078263 and haven't been resolved in I69af6a58e4 for over a year
now. If this works out, it's expected that will be deprecated/removed.

Bug: T150562
Change-Id: I07ebddafc6f2233ccec216fa8ac6e996553499fb
2022-02-14 00:47:20 -08:00
libraryupgrader 76a50e2d77 build: Updating mediawiki/mediawiki-codesniffer to 38.0.0
Change-Id: Ia3f9db90ccc4529513e6ef129add054d4657d806
2021-10-24 08:53:27 +00:00
Reedy 72fb91180f switchTOTPScratchTokensToArray: Don't run a db update unless the row is changed
Change-Id: Ie08db6253ddc3b05a49a7e99fa9637fcacc5f3a7
2021-09-23 18:33:41 +01:00
libraryupgrader 37bab0ccb9 build: Updating composer dependencies
* mediawiki/mediawiki-phan-config: 0.10.6 → 0.11.0
* php-parallel-lint/php-parallel-lint: 1.3.0 → 1.3.1

Change-Id: Ibc5ba5833ca9a72ac72e257e32d3519be42c23a2
2021-09-09 11:12:00 +00:00
MacFan4000 249d1f3daf set autocomplete=‘one-time-code’ on forms
This allows iOS/iPadOS/macOS to suggest filling codes from sms/the built in totp authenticator (in upcoming versions).

Bug: T289086
Change-Id: I555b05fad4806a37a95afcbc63e143efc424f9d3
2021-09-03 22:45:32 +00:00
Reedy 5143076231 Stop trying to return the result of a void return value
Change-Id: I27d9f2bc55d12764b526d226293ff8743a6cb668
2021-09-03 01:27:29 +01:00
TChin e95a74035d Replace deprecated CentralIdLookup::factory
Bug: T288836
Change-Id: Iac0492405951d9c6bb21151f2b70f1989bdec027
2021-08-13 12:57:52 -04:00
vladshapik bae40b8b5e Replace uses of the deprecated setters of AbstractAuthenticationProvider
Since AbstractAuthenticationProvider ::setLogger, ::setManager,
::setConfig methods had been soft deprecated,
so its uses were removed.
* Also bump required MW version to 1.37.0

Bug: T281991
Change-Id: Ifd6ed1bc60d8a7fe6d10af1f08b6670a96ca2851
2021-05-13 17:50:15 +03:00
ZabeMath 7820be3326 Replace uses of DB_MASTER with DB_PRIMARY
Change-Id: Ifd3c5b97b0f519b7f61c8fd76149b1bcd53796d1
2021-05-13 01:25:56 +02:00
Timo Tijhof 6b106fe10c TOTPKey: Use foreach instead of for-i-length and remove dead code
Follows-up c943f75.

* Use foreach to iterate the list of tokens, instead of i-to-length.

* Remove the redundant 'retval = false' assignment, as this was
  within an `if (!$retval)` block where the only previous assignment
  to it was either retval = 1 or retval = false. Hence redundant.

* Remove the conditional that made the list only checked if the
  list was not identical to `[ 0 => "" ]`.
  It is unclear to me why this check existed.
  I can imagine one of two scenarios, neither of which appears
  to be the case:
  1. Maybe the scratch list contains 10 tokens plus an empty string,
     and if we see it only contains that, we know it's logically empty
     and don't "need" to iterate the list.
     Except... iterating the list is cheap, so why bother?

  2. Maybe the scratch list contains 10 tokens plus an empty string,
     and we don't want to allow the empty string to be considered
     a valid scratch token to we skip the loop if that's the only
     one left.

     Except... if that were the case we'd be in trouble as it
     isn't being disallowed when the list contains other items
     still. And again, afaik it never contains an empty string,
     and hopefully empty input is already rejected by now.

   Neither of these are good reasons to remove the code without
   knowing what it was for though, so I'd rather we figure this
   out before merging. I can restore the check if it's non-trivial
   to find out.

Bug: T256918
Change-Id: Ide4160bdc18bc47da9632791fb4321e44d6d115a
2021-03-29 21:42:56 +00:00
Reedy 615965c730 Inject services to Special Pages
Change-Id: Ice0c63368e9c0aa77688b63a74eb706dd00691ce
2020-12-31 23:54:43 +00:00
Reedy 85d6681fef Convert to HookHandler
Bug: T270971
Change-Id: Idf8dad4872a220624b4355a8a9b5e9a02d0e442c
2020-12-31 19:52:49 +00:00
Reedy 1d97d5ef1b OATHManage: Code cleanup
* Stop returning return values of function that don't return anything
* Remove & from IManageForm reference

Change-Id: I7afa12a4f154cabee03be8947a0bfaadf9598a03
2020-12-31 04:25:10 +00:00
jenkins-bot dccf665960 Merge "Minor code style changes" 2020-12-31 03:29:55 +00:00
Reedy 37d2b0ff19 Remove TwoFactorIsEnabled hook handler
Hook was part of Extension:OpenStackManager, but removed by REL1_35, so unnecessary
I4741fcb073f8463f017bc1b477206dee801b662b / 46d9149c2db7c2b2d4573bede74b54779d66bee8

Change-Id: I2c5f99bfa9028c57a1eadbd81a51f84b47668848
2020-12-31 02:37:42 +00:00
Reedy ec1c1dcb22 Update TOTP Scratch Tokens to array
Bug: T237303
Change-Id: Ie8de059888363bf1cea4f0b268a46faaa5671904
2020-12-31 01:18:05 +00:00
Reedy 6bb34e9265 Minor code style changes
Change-Id: I4bdc173fb6dd1cfeefc537c904a92724ea50112f
2020-12-28 02:47:09 +00:00
Umherirrender 69ef3c1bcb Avoid wfMessage in special page
Use self::msg instead to avoid global state

Change-Id: I78f914facee4174e76bbc77716b99d4aebd26c67
2020-12-19 12:16:51 +01:00
Ed Sanders 60714e7a81 Convert null global to false
Bug: T270147
Change-Id: I7b6d3bae126d7a1dc57eaf9ab0aef070595910e0
2020-12-16 17:52:16 +00:00
Reedy 53bb01d46a Minimise duplication of getting correct database instance in UpdateTables
Change-Id: Ide7dfe87f5e23997321c39623d3c574ae52fdb3e
2020-12-16 17:51:00 +00:00
Martin Urbanec 96bea3eed8 Use existing message instead of oathauth-disable-header
Bug: T265693
Change-Id: Ie9c3f787dd435709aa3aa17eb6e0cb6dd109dc33
2020-10-16 21:05:47 +02:00
jenkins-bot 7d13959016 Merge "Allow privileged accounts to use action=query&meta=oath" 2020-10-06 18:21:11 +00:00
Martin Urbanec 446f013c65 Allow privileged accounts to use action=query&meta=oath
Since T209749, privileged users have an UI to query 2FA status.
We should allow them to do the same thing via the API as well.

Bug: T250901
Change-Id: I28720c762ca595c0ab83aa400f0a593ed6a9285e
2020-10-05 00:32:42 +02:00
Reedy 9952cf8ee6 Make SQLite compatible patches
Bug: T264492
Change-Id: I622b177015740ca5f6f625250efa3d4ad71be448
2020-10-04 20:40:27 +00:00
Daimona Eaytoy 8774167f97 Parse oathauth-scratchtokens message
It's using wikitext, so it must be given to the parser.
Follow-up to I2abc96bea0543d600c3a48361da1a626d27d5067

Change-Id: Id6d938c2d2d5775d55d3c4c1aeeaa1c002294a9f
2020-08-22 15:17:41 +00:00
Umherirrender 779ef411af Pass function name to IDatabase::fieldExists
Useful for logging

Change-Id: I7abf96902f74e1f7fabd7fa77c4b018b922fb5cb
2020-06-07 01:43:37 +02:00
Umherirrender 778460805a Parse messages in string context
Change-Id: I2abc96bea0543d600c3a48361da1a626d27d5067
2020-06-02 21:09:48 +00:00
DannyS712 130e649191 Add Special:VerifyOATHForUser to check if users have OATH enabled
Bug: T209749
Change-Id: Idbac3940b36ce21a0b40044482514a28c5fbd45f
2020-04-22 00:47:22 +00:00
Aaron Schulz 33d6671ac3 Cleanup unique keys parameter to IDatabase::replace() calls
Bug: T248147
Change-Id: I030a40ae32bbcda6801bb7a0b8311bbcf3295734
2020-04-17 15:12:19 -07:00
DannyS712 bce8776341 Use lowercase for primitive type 'string'
Change-Id: I00a825b873b3647fba68a9683a0c0804fec9d2cb
2020-03-20 16:01:07 +00:00
Umherirrender b3c7d912b2 Improve param docs
Change-Id: Ib5d2e6cfe3b0825c9ded342de6c905567d01dc06
2020-02-29 21:34:07 +01:00
Martin Urbanec 7eefeed2bc SECURITY: Disallow user JS at our special pages
Bug: T243608
Change-Id: Ib0deea7a986dd37f23ad5a68a1fb9784ac346db6
2020-02-13 14:12:28 -06:00
Dejan Savuljesku c943f75cee Fix removing scratch tokens
Due to using unset(), array keys would be preserved, and therefore, for loop would crash.
Now using array_splice, but had to "reset" the values on construct to fix currently broken
arrays.

Bug: T244308
Change-Id: I6f3dd3df95d5a071b92aa7693ed7ae3fddf35a9d
2020-02-05 10:54:25 +01:00
libraryupgrader 5b1a07906a build: Updating mediawiki/mediawiki-codesniffer to 29.0.0
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate
* MediaWiki.Commenting.FunctionComment.MissingParamName
* MediaWiki.Commenting.FunctionComment.MissingParamTag
* MediaWiki.Commenting.FunctionComment.MissingReturn

Additional changes:
* Also sorted "composer fix" command to run phpcbf last.

Change-Id: Idb1b91244e653b2ba2e27bceb3eba769577124a9
2020-01-14 08:27:31 +00:00
libraryupgrader 28c468b1ca build: Updating mediawiki/mediawiki-phan-config to 0.9.0
Change-Id: Iaac7b5f78f26a083e8ad2d12f9c9c4a9ed246283
2019-12-28 14:40:25 +00:00
Umherirrender 7f39d94d02 Use WebRequest::getBool to have bool cast
Change-Id: Ic6e4db33f3a919ebfa28ea69db4b22c8c7d173fe
2019-12-13 22:45:21 +01:00
Reedy 86986442f9 Remove Oracle and MSSQL schemas
MSSQL schema wasn't even plumbed in...

Change-Id: I07061b5e3ceb2464e6def363c6fe5b18ad4ce225
2019-12-10 14:27:55 +00:00
Dejan Savuljesku 54fc8a0cbf Define fallback for request IP when persisting user
Bug: T237554
Change-Id: I18f57a523a6515f593963a9c149374bd6f6c73b4
2019-12-03 14:34:58 +00:00
Reedy 18c257fa55 Remove ApiOATHValidate::getCacheMode()
It's not a query module, so this doesn't actually do anything.

Non query modules are private by default, so ApiMain->setCacheMode()
is not needed

Change-Id: I789edbf0693f8b1928fb32c3aedc0d8899aecc40
2019-11-12 16:49:51 +00:00
Reedy 1bc446c9ad Remove and fix remaining phpcs exclusions
Change-Id: Ib93f4c70383e838cf28bb07a05ea5d962263d14c
2019-11-09 07:42:58 +00:00
Reedy 659012e543 Remove and fix phpcs exclusion PSR12.Properties.ConstantVisibility.NotFound
Change-Id: I7840910881e18fe76228571c24256c4fa6549c89
2019-11-09 07:15:26 +00:00
Reedy 3132064fe2 Enable schemaUpdateTOTPToMultipleKeys
Change-Id: I6cb10a877652a10412664e124f94c5d0c58932fe
2019-11-04 18:45:22 +00:00
Dejan Savuljesku 98d151fb27 Ask for user re-auth only on initial requests
Make sure user is asked to re-authenticate (if needed) only on initital request,
not after submitting the form

Bug: T235645
Change-Id: Ic315f49ac5810da0a703ccf4b51f558d17f905fb
2019-10-23 09:49:37 +02:00
Dejan Savuljesku 920136e67b Do not store proper objects in session data
Bug: T233146
Change-Id: I2f75261b276993d27f6c96e066ea7769cf7fc082
2019-10-16 13:04:49 +02:00
Dejan Savuljesku a244d95224 Ask user to reauthenticate before changing 2FA method
Re-auth period set to 60s

Bug: T218211
Change-Id: I17a84b8e60da2ada35c6b86cf6b66d75fb3f13fe
2019-10-09 20:45:30 +00:00
Dejan Savuljesku 8ca4dabd70 Add warning page before method gets disabled
- When explictly disabling a method
- When method is implicity disabled if user switches to another method

Bug: T232008
Change-Id: I97a96ca7c1935ecb3a81aea35f607b8ff9f8817d
2019-09-28 16:22:41 +00:00