This normalises the uses of "tokens" and "scratch"
Not changing all interal usages of "scratch"; comments
and some variables updated. Functions not updated.
Bug: T354031
Change-Id: Icf8626799615f8b95f380db9745e1447519b150a
Notify users when 2FA is disabled on their account in case something was
fishy about it. This notification is a "system" notification that will
be displayed in the web UI and sent over email. It can't be opted out of
as a preference.
The notification links to Special:Preferences, where users can see their
2FA status and re-enable it if they want. A secondary help link goes to
[[mw:Help:Two-factor authentication]], but can be overridden by
adjusting the "oathauth-notifications-disable-helplink" message. The
notification text is different based on whether the user disabled 2FA on
their own, or an admin used the special page or a maint script to do it.
On Wikimedia wikis, we'll use the WikimediaMessages extension to
customize the messages.
The Echo (Notifications) extension is not required, this will gracefully
do nothing if it's not enabled.
Bug: T210075
Bug: T210963
Change-Id: I99077ea082b8483cc4fd77573a0d00fa98201f15
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate
* MediaWiki.Commenting.FunctionComment.MissingParamName
* MediaWiki.Commenting.FunctionComment.MissingParamTag
* MediaWiki.Commenting.FunctionComment.MissingReturn
Additional changes:
* Also sorted "composer fix" command to run phpcbf last.
Change-Id: Idb1b91244e653b2ba2e27bceb3eba769577124a9
Logs:
* User enrolling in OATHAuth
* User un-enrolling in OATHAuth
* Scratch token used
* 2FA disabled via a maintenance script
* 2FA disabled via Special:DisableOATHForUser
* Logged in using OTP
* User attempted to enable 2FA using a scratch token
* User attempted to enable 2FA using an invalid OTP
Bug: T151010
Change-Id: Ie6ee610a11814616d34c3d9f5467a563f0db2df3
Move maintenance script to own folder
Without alias under old name, because it should not be run from cron.
Change-Id: I64854b7ef65cd255aff279000ecc81d54155f548
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionComment.MissingParamComment
* MediaWiki.Commenting.FunctionComment.MissingParamTag
* MediaWiki.Commenting.FunctionComment.MissingReturn
* MediaWiki.Commenting.FunctionComment.ParamNameNoMatch
* MediaWiki.FunctionComment.Missing.Protected
* MediaWiki.FunctionComment.Missing.Public
Change-Id: I79250c955f70faf177ada5c7328576abed88011c
This takes out the actual key information from
OATHUser and puts it into an OATHKey class, which OATHUser
depends on. This allows easily swapping keys in/out from
a user.
Change-Id: Ife5f1bae4ad65b66c5e20017cc43c0576b4aba19