If the user has a key set but not the oathauth-enable userright, still
show the link to Special:OATH so they can manage it.
This can occur when only restricted groups are allowed to use OATHAuth,
but the user database is shared across multiple wikis.
Bug: T150584
Change-Id: I2db8b47051b0857538e668d233f5cb8586c328a1
Created patch files for other database types.
Note that some types, such as Oracle, are
not guaranteed to work, since not even MW
core works with them yet anyway.
Bug: T67658
Change-Id: Ie9ce8a4d1140d16017c1aa83865f79d8b0986528
* Spelling in OATHAuthHooks::onRegistration comment
* Remove incorrect comment for OATHAuth::__construct
* Spelling in TOTPAuthenticationRequest class phpdoc
Change-Id: Iaf670a1b86e82b4684489371c8152b8055bff90e
We need to pass the db name to getConnection, in addition to wfGetLB.
Also, use core's CentralIdLookup for mapping local user to CentralId
when using a central DB for OATH secret storage.
Change-Id: I12a457633956a9a34dc5302ddcff468e31dd9cef
Users who started the "Enable two-factor" process, but never confirmed
their setup were stored in the database under the previous format.
After Ife5f1bae4ad65b66c5e20017cc43c0576b4aba19, we no longer look at
the is_validated column to see if the user confirmed their 2fa setup,
and instead only store users in the table who have confirmed.
Delete these users from the table when updating the table format.
Bug: T130892
Change-Id: I54a706043b44db50344d138207b472c35d00724e
During the two-step login, users with OATH enabled need to have their
login details saved into their session while we prompt them for their
OATH code. This encrypts that data, so we don't write their user's
password into our session storage.
Change-Id: I9969871205ac5c438706df41ef1519cb4cd7a964
Rather than have an extraneous form on the login page,
move the token input to a separate page. The actual
logic for logging in is identical, the only difference
is that the token is added to the form data on a second
page request.
Bug: 53195
Change-Id: I39859cc59f1811de42b72f6167d332ea48812f97
Make new right oathauth-enable that the user must have to enable two
factor authentication (disabling and logging in, of course, are still
allowed).
Bug: T100376
Change-Id: I18d43f8b2cf2c2ce9c2309a43961686498b5c999
Add configuration variable for specifying what database the OATH
credentials are stored in, that way wikis that use CentralAuth can
centralize their two-factor authentication data as well.
Bug: T100374
Change-Id: I285e2fe29fee43ddc6c5a6e51823911d43c596f6
Made new class ProxySpecialPage, which acts as a
proxy object to another SpecialPage object that is
determined based on context information other than
the title.
Then Special:OATH has been split into two separate
special page classes (both FormSpecialPages using
HTMLForm) that are routed to by a ProxySpecialPage
object.
In addition, the form for enabling two-factor auth
has been refactored into vform style, with some
better instructions on how to enable two-factor
authentication.
Change-Id: Ib9117cbc9d7f044de9607db81a157e1b472b5ec0
This takes out the actual key information from
OATHUser and puts it into an OATHKey class, which OATHUser
depends on. This allows easily swapping keys in/out from
a user.
Change-Id: Ife5f1bae4ad65b66c5e20017cc43c0576b4aba19
The updater did not run with a sqlite database backend. It was simply
not registered and the MySQL schema is translated just fine by
MediaWiki.
Bug: 67297
Change-Id: Ic869c2c1f0d3b77f62bb950b8585cd731a414698
When setting QuickTemplate fields, query to see what is already
there, and append to it. That way if another extension adds more
fields, it won't be overridden.
Bug: 53198
Change-Id: Ib0d67e450e8de372f875536abf82653ede2cdfda
* Removed use of deprecated core features
* Made code style fixes
* Made pass phpcs-strict
* Fixed special page aliases
Change-Id: Iae2a0a7d6f0fb2ea5080795a06ae257af96dfaf6
