Commit graph

23 commits

Author SHA1 Message Date
Hydriz 0b460de458 Declare issuer name in QR code when setting up 2FA
The issuer name is an optional but important feature that allows
the user to differentiate between different accounts used in the
same authenticator app. While we currently use a prefix in the
user account name, declaring an issuer makes it easier for the
user to differentiate.

Bug: T150596
Change-Id: I741dd671e79e0326dfe97bdaaf63b3997960d115
2016-11-13 07:11:03 +00:00
Reedy 872a4768ff Allow override of Site prefix without changing sitename
Bug: T147901
Change-Id: Id5b565f9c05b591e3638dbf51dd784224203669c
2016-10-31 14:17:27 +00:00
Reedy 9cceee17cc Clean up code style and docblocks
* array() -> []
* spacing fixes
* dirname( __FILE__ ) -> __DIR__
* Add phpcs style checks using latest mediawiki-codesniffer to keep
  things clean.

Co-Authored-By: Bryan Davis <bd808@wikimedia.org>
Change-Id: I95735f928d3e5d6ac9d2a10d92b40ed01cf2737c
2016-09-30 14:40:06 -06:00
Bryan Davis 03d890f3da Fix some comments
* Spelling in OATHAuthHooks::onRegistration comment
* Remove incorrect comment for OATHAuth::__construct
* Spelling in TOTPAuthenticationRequest class phpdoc

Change-Id: Iaf670a1b86e82b4684489371c8152b8055bff90e
2016-09-28 21:25:45 -06:00
Tyler Anthony Romeo 0c389f5025 Refactored special pages into HTMLForm and proxy
Made new class ProxySpecialPage, which acts as a
proxy object to another SpecialPage object that is
determined based on context information other than
the title.

Then Special:OATH has been split into two separate
special page classes (both FormSpecialPages using
HTMLForm) that are routed to by a ProxySpecialPage
object.

In addition, the form for enabling two-factor auth
has been refactored into vform style, with some
better instructions on how to enable two-factor
authentication.

Change-Id: Ib9117cbc9d7f044de9607db81a157e1b472b5ec0
2016-03-23 11:26:04 -07:00
Tyler Anthony Romeo 89455cdfb2 Refactor extension key storage
This takes out the actual key information from
OATHUser and puts it into an OATHKey class, which OATHUser
depends on. This allows easily swapping keys in/out from
a user.

Change-Id: Ife5f1bae4ad65b66c5e20017cc43c0576b4aba19
2016-03-22 18:08:45 -07:00
Tyler Anthony Romeo 255443ab0a Make authentication window leniency configurable
Make window radius configurable by the system administrator, rather than
hardcoded.

Bug: 53194
Change-Id: I7fe1bfdfa1e7bfc07646a9704084977e17c65313
2015-05-25 09:53:54 +02:00
Tyler Anthony Romeo 1f7dae86fb Cache OATH tokens to avoid replay
Once a token is used, cache it in memcached
for a brief amount of time (specifically, until
the window in which it is valid ends). That way
once a token is used it cannot be re-used in
a replay attack.

Bug: 53196
Change-Id: I7b8e92875a573f3ac95e13c881ef85464bcecf85
2015-05-23 11:40:44 +00:00
Tyler Anthony Romeo 5f70fed5dc Code-base cleanup
* Removed use of deprecated core features
* Made code style fixes
* Made pass phpcs-strict
* Fixed special page aliases

Change-Id: Iae2a0a7d6f0fb2ea5080795a06ae257af96dfaf6
2014-05-11 10:34:58 +02:00
Ryan Lane b112cc407c Don't mask token on input
Tokens are one time passwords. There's no strong reason to mask
them and listing it as a password field screws up many password
managers.

Change-Id: Iaf5446d80ec61ddec2403554b527781ab26493b3
2013-08-22 11:00:00 -07:00
Ryan Lane a3c5afc77f Make token field compatible with new login form
Other fields on the new login form wrap the input in a div. Do
that for token, too.

Change-Id: I22bc532a18f36a3a21fdee1b1b8076b3570e0515
2013-07-25 16:53:05 -07:00
Ryan Lane bdb1d8b4a1 Switch to using AbortLogin hook for tokens
Change-Id: I2e1ff4f35018854ff0cfa4e649984f1d56ecb828
2013-05-14 14:05:02 -07:00
Reedy 99cf0d85e1 Bug 40091 - OATHAuth should have relevant links in preferences
Change-Id: I17ac042f5a5093b2c0b2ce8d088f95213d1c0509
2013-03-11 19:02:20 -07:00
Ryan Lane 967a12654b Add link from Special:Preferences to manage OATH
Change-Id: I281f08a363bbfb7eab6003513b8326d468a8c85a
2013-03-08 16:47:12 -08:00
Reedy 875ca70c2d Fixup warning and notice form missing parameter to OATHUser::regenerateScratchTokens()
Warning: Missing argument 1 for OATHUser::regenerateScratchTokens(), called in
/var/www/wiki/mediawiki/extensions/OATHAuth/OATHUser.php on line 42 and defined
in /var/www/wiki/mediawiki/extensions/OATHAuth/OATHUser.php on line 56

Change-Id: I52a683f9680661df5d506e48d83509f35b145e26
Notice: Undefined variable: reset in /var/www/wiki/mediawiki/extensions/OATHAuth/OATHUser.php on line 61
2013-02-05 00:18:04 +00:00
Ryan Lane 072134edcb Merge "Expose OATH enablement via a hook" 2012-09-10 21:46:52 +00:00
Ryan Lane 795cef09ca Stop authentication chain if authentication fails
Change-Id: I6e37d7abd2c3542a85b0e75a4ef6d3285d632fa2
2012-09-05 18:09:10 -07:00
Ryan Lane a457215e72 Expose OATH enablement via a hook
Change-Id: I99236154d55b24c99bb9c26eae2f310457503508
2012-09-05 14:35:07 -07:00
Reedy 8992e6f541 Fix tabindex of token so it's not the same as password (which has 2)
Setting it to 3, has the effect of doing the LDAP first and then the token,
which fits the user model

Order of boxes is Username, password, domain, token

These then have a tab index of 1, 2, 3, 2

Tabbing down takes you in the order username, password, token, labs, which is... irritating, to say the least!

Change-Id: Idabb70c963d16f2cd223c5d94e0211ccaf6fdedd
2012-08-02 03:06:06 +01:00
Ryan Lane ae0a47c7df Don't call functions on a non-existent object
Change-Id: Id94f5fef1f0c1c40e75e3078d4b712837918fcad
2012-06-15 17:04:22 +02:00
Ryan Lane f78da3fe6c Extending the fields on Special:ChangePassword
Change-Id: I58f8765cec8bd55d8a98aff9ac9f736f5699c41e
2012-06-13 18:23:33 +02:00
Reedy 1eea41eb1c Couple of fixme comments
Tidy up parameter documentation

Change-Id: I1a615d44e9092cf080ef1aed9dba50c3b5416392
2012-05-11 19:05:43 +01:00
Ryan Lane ac7f7b5a78 Initial check-in of OATHAuth
OATHAuth is an HMAC HOTP two factor authentication plugin.

Change-Id: Icc75edda755f0a86402524a1a2aa8899351adcc4
2012-05-09 10:16:41 -07:00