wikimedia/mediawiki-extensions-OATHAuth

mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/OATHAuth synced 2024-11-27 17:50:15 +00:00

Author	SHA1	Message	Date
Taavi Väänänen	d52c9514bd	OATHUser: Use UserIdentity where applicable Depends-on: I562d6347f34691f1717d92b476618108af3de956 Change-Id: If0147e03ab7b7f43e6a261b673350317193389c1	2024-11-05 20:58:13 +02:00
Taavi Väänänen	e5bcf09868	Allow injecting services to Modules And as a bonus tweak OATHModuleRegistry error handling. Change-Id: I4e3ca0092115e22ab7e7703e1682d68fbcc06af4	2024-11-04 18:32:14 +02:00
jenkins-bot	dc63d00723	Merge "TOTPEnableForm: Display enrollment timestamp with recovery tokens"	2024-11-03 11:08:53 +00:00
jenkins-bot	d8a3d0ed10	Merge "Display help on OATHToken field"	2024-11-02 16:01:36 +00:00
jenkins-bot	098c55106f	Merge "OATHManage: Add messages to signify 2FA auth is needed to continue action"	2024-11-02 15:58:55 +00:00
Reedy	790660802b	Display help on OATHToken field Bug: T354539 Change-Id: I9f4598fc5044ce57898418fed53fb609013837f6	2024-11-02 15:45:31 +00:00
Reedy	a8c58f56f4	TOTPEnableForm: Display enrollment timestamp with recovery tokens Bug: T234004 Change-Id: Ic708552fffdd2260e2f270b484c28ca47a9f4c03	2024-11-02 15:37:20 +00:00
Reedy	5d5c9365c7	OATHManage: Add messages to signify 2FA auth is needed to continue action Bug: T354538 Change-Id: I242dad188c94ec59c4a181f72cf9e3cd0d6f3529	2024-11-02 10:37:47 +00:00
Reedy	8eb5725494	Add notification when user is running out of recovery codes Bug: T131788 Change-Id: Ic4294dc4ca8eb238998af3ec6b69a771f1b17c17	2024-10-30 02:04:36 +00:00
Andre Klapper	ee4d9dd5d5	Use explicit nullable type on parameter arguments (for PHP 8.4) Implicitly marking parameter $... as nullable is deprecated in PHP 8.4. The explicit nullable type must be used instead. Bug: T376276 Change-Id: I867b777f6799a383f1a19165fbaa7b4c0d47d76c	2024-10-26 15:08:32 +02:00
Umherirrender	f8bce0e016	Use type-declaration on api module constructor Parent class constructor gets type-declaration in 1145328459 Remove simple doc-blocks without further information Change-Id: I1b4dc8d9ca01bd9db2f7c461c12e9dff46d76214	2024-10-25 20:15:40 +02:00
Umherirrender	30fa5efcaf	Use namespaced classes Changes to the use statements done automatically via script Addition of missing use statement done manually Change-Id: I3b0d2a2a25d4c4c9d11906961634eac1d47afa80	2024-10-20 10:59:39 +02:00
Jamie Kuppens	e69f94c074	Add 'requireNamedUser' checks to all Special Pages Bug: T344720 Change-Id: I988337eae120532b7d7089905a5986299e79c536	2024-09-25 10:26:07 +02:00
Jamie Kuppens	cbab3c92a9	Filter temporary accounts from dropdown on Special:DisableOATHForUser Bug: T344720 Depends-On: I6563ae610017fd1cd35c36ba65906041f7f68c4b Change-Id: I289a46d0ff376caf22d62d9b5605763aa8fb7eb7	2024-08-21 11:35:16 -07:00
Kunal Mehta	152c80c2cf	Send log entries to CheckUser Because our log is restricted, we don't publish it to RecentChanges, so it never ends up in CU. Let's be consistent and log these to CheckUser as well. Bug: T301992 Change-Id: I37dac4ecdcf70368f416fc2983afbb4238c19bb2	2024-07-07 14:14:38 +01:00
Umherirrender	519387f7b6	Use namespaced FormatJson class Change-Id: I54cfdbcadbc8331ff51b8fa6d661a4a3759b0dad	2024-07-05 00:08:57 +02:00
jenkins-bot	33fd2ec210	Merge "LoadExtensionSchemaUpdates: Remove unused path from 'runMaintenance' action"	2024-06-26 09:26:16 +00:00
Umherirrender	2e491bfde1	Use ::class for class name resolution of EchoUserLocator Also use namespaced class and AttributeManager::ATTR_LOCATORS as seen in other extensions (like LoginNotify) Change-Id: I183043ed91c20479b9594209341bf227507bb083	2024-06-19 21:46:01 +02:00
Bartosz Dziewoński	e30916d5c7	LoadExtensionSchemaUpdates: Remove unused path from 'runMaintenance' action MediaWiki has never used this path for running the maintenance scripts, only the class name provided in the other parameter. Providing the parameter is no longer needed in MediaWiki 1.43. Bug: T367918 Change-Id: I13b85b2f14bea802229a624ad0b8b2166845d1d1	2024-06-19 19:58:47 +02:00
Umherirrender	56e062512d	Use namespaced classes Changes to the use statements done automatically via script Change-Id: Ib56dd5248012dfdc3490aa82bb00f66f20ae1c84	2024-06-09 18:58:24 +02:00
Umherirrender	20765f5b64	Add caller when running query builder Change-Id: I5df6eb6453938b599494e899964b3540efdba1f9	2024-05-30 23:50:50 +02:00
jenkins-bot	4f203a25bc	Merge "add a check if a module is available for enabling"	2024-05-29 19:09:00 +00:00
Ariel T. Glenn	76c63c112e	add a check if a module is available for enabling Bug: T354701 Change-Id: I73f7928f9f3c751ef58d8eb614ad1a408c629970	2024-05-23 13:23:24 +00:00
Wandji69	46a4453f8d	Fix: Use ObjectCacheFactory instead of deprecated ObjectCache Methods Bug: T363770 Change-Id: Ie7a237c100560933ce7b6b846ddee147bd858405	2024-05-20 23:09:01 +01:00
jenkins-bot	6f925ddc55	Merge "Add download link for recovery codes"	2024-05-08 12:29:05 +00:00
Gergő Tisza	b760e3f6e4	Add download link for recovery codes Bug: T245027 Change-Id: I558fa2aaed90afee8488f8b68c71959e3c75331d	2024-05-08 13:42:29 +02:00
Taavi Väänänen	e1beb74c13	Auth: Inject the module instead of relying on getModule() We want to remove getModule() to support multiple different modules for a single user. Bug: T242031 Change-Id: Ic4967494494293aad6520ff27b11577d79f06ce4	2024-05-05 14:28:14 +03:00
Piotr Miazga	75a91cddb2	Allow persisting user without keys/modules Previously the `UserRepository::persist()` always expected keys/modules to be present when called. This patch provides support to persist disabled user. This solves an issue introduced in Ibc3df9d6c8beceeff4e11d024acc42cf45e42b28 Change-Id: I92aedf6e09d636b12c61fa15cf4c64055e3a549f	2024-05-04 14:02:02 +03:00
jenkins-bot	ed34066e59	Merge "OATHUser: Remove clearAllKeys()"	2024-05-04 08:11:47 +00:00
jenkins-bot	3559c5d7cf	Merge "OATHUser: Drop getFirstKey()"	2024-05-04 08:11:44 +00:00
Reedy	44c952e01a	OATHUserRepository: Start storing enrollment timestamp Bug: T242847 Change-Id: I922cdced9d9c73140088f062a23daba6910c8272	2024-04-28 18:43:25 +01:00
Taavi Väänänen	156ee1bfcb	OATHUser: Remove clearAllKeys() Unused. This was essentially disable() but with more handguns attached, as it did not clear $module. Depends-On: Ibc3df9d6c8beceeff4e11d024acc42cf45e42b28 Change-Id: Ic5b50dcba429e3a88561f1c081fb53788c474a0d	2024-04-26 18:11:16 +03:00
Taavi Väänänen	06d3bdafc7	OATHUser: Drop getFirstKey() Bug: T242031 Depends-On: Id57dd0f37a9f90a492770f6a1de3d8a2f96df944 Depends-On: Iad31b9795eca700b15f6233749846f9f8ce5e89b Change-Id: I7bbf5f54e97a563940fedaf67904730fac918af4	2024-04-26 18:11:15 +03:00
Taavi Väänänen	0dad2c7031	Fix disabling TOTP keys with scratch tokens The current implementation of OATHUserRepository::persist() causes every key to get a new ID when it's saved. This, combined with ::removeKey() which compares keys by ID, means that using recovery codes to disable TOTP is broken since TOTPKey calls persist() to mark the code as saved just before the key is deleted. In this patch I've chosen to add a new ::updateKey() method instead of fixing ::persist(). This is more in line with the other new APIs in OATHUserRepository (namely ::createKey() and ::removeKey()), and is something I've been planning to do eventually - this bug just made that a bit more urgent. ::persist() should be dropped once WebAuthn has been updated too. Tests are also updated - OATHUserRepositoryTest now updates the key before deleting it and there's a new TOTPDisableFormTest to test the entire disabling process. Bug: T363548 Change-Id: I86ddc8e5bfc9cf74c587ffdff523f559c5a3c08c	2024-04-26 16:29:25 +03:00
jenkins-bot	07ec66f30f	Merge "Make the TOTP disable form only remove that single key"	2024-03-29 16:04:52 +00:00
Umherirrender	bc8a149b89	build: Upgrade mediawiki/mediawiki-codesniffer to v43.0.0 Change-Id: Ieff9fdac7b2235a38090d3ade14201961c845d8c	2024-03-11 20:43:28 +01:00
Taavi Väänänen	c6a621d31c	Make the TOTP disable form only remove that single key Bug: T242031 Change-Id: Iad07292cc96537e8ebd72da65e8f1e922cba3eca	2024-03-02 18:53:00 +02:00
Taavi Väänänen	c09ec34213	Make Key objects aware of their database IDs Bug: T242031 Depends-On: I1db9b04a42783b8b64ed69f1f950c794c8659209 Change-Id: I0d8d0a42ce627387949dbbbb32fc318088b3538e	2024-03-02 18:53:00 +02:00
Bartosz Dziewoński	9066046876	Use OutputPage::setPageTitleMsg() instead of ::setPageTitle() Bug: T343994 Change-Id: Iac7ed4ab0bc1700b473d34141565c08ddbd9d860	2024-02-17 02:59:08 +01:00
libraryupgrader	9978022cf6	build: Updating dependencies composer: * mediawiki/mediawiki-phan-config: 0.12.1 → 0.14.0 npm: * grunt-banana-checker: 0.11.0 → 0.11.1 Change-Id: If58b7ba9a8773b55ef43df7562aeb55debe8bdd8	2024-02-12 18:57:35 +00:00
Piotr Miazga	14a19b0379	OATH validation is available only to named users Bug: T326925 Change-Id: I963099aeb37c52fec54c0e19731f8cce11723093	2024-01-17 19:11:10 +01:00
Taavi Väänänen	c18f6962de	notifications: Show number of remaining devices Bug: T353962 Change-Id: I519d1cdefa322b5bb729b21c0c6325a4dfe991c4	2024-01-11 23:49:14 +00:00
Reedy	f682726ca8	More greppable messages Bug: T354549 Change-Id: Id74f3a82791b990b57314c439b78718952946267	2024-01-11 21:16:46 +00:00
Reedy	6f0fd7c1b1	Add grepable usages of i18n messages Bug: T354549 Change-Id: Ice32d6b32d4d57e49f38f6e173c52af97ed7884a	2024-01-11 20:52:24 +00:00
jenkins-bot	e2da8c6796	Merge "TOTPKey: Fix log message"	2024-01-11 17:03:17 +00:00
Reedy	620e3d251b	TOTPKey: Fix log message Follows-Up: Ief577fb3e6adbf72b374d86df67529c46e4fe83e Change-Id: Ie1b396987244685c4cdc15b8425f1f2d7b24c5fa	2024-01-11 16:21:25 +00:00
Taavi Väänänen	370452d05b	TOTPKey: Drop newFromString Only used in tests. Change-Id: I4eb020eb507d5342e4e5ab8f92bf1ee22db0056b	2024-01-11 16:19:14 +00:00
Taavi Väänänen	0f026d7999	TOTPKey: Remove unused code Change-Id: I2d171823dc4c7c88b32872a6c3521af05b10ef39	2024-01-11 15:58:58 +00:00
jenkins-bot	f0f728d342	Merge "Fix a few remaining occurances of recovery token"	2024-01-11 15:38:09 +00:00
Reedy	a5851432f7	TOTPDisableForm: Add a hint message that user can use recovery tokens Bug: T189924 Change-Id: I4a2d7ccbd43810adc285e6d9f76e331344e43de6	2024-01-11 14:58:56 +00:00

1 2 3 4 5

217 commits