findByUser( $user ); if ( $oathuser->getKey() === null ) { return AuthenticationResponse::newAbstain(); } else { return AuthenticationResponse::newUI( [ new TOTPAuthenticationRequest() ], wfMessage( 'oathauth-auth-ui' ), 'warning' ); } } /** * Verify the second factor. * @inheritDoc */ public function continueSecondaryAuthentication( $user, array $reqs ) { /** @var TOTPAuthenticationRequest $request */ $request = AuthenticationRequest::getRequestByClass( $reqs, TOTPAuthenticationRequest::class ); if ( !$request ) { return AuthenticationResponse::newUI( [ new TOTPAuthenticationRequest() ], wfMessage( 'oathauth-login-failed' ), 'error' ); } $oathuser = OATHAuthHooks::getOATHUserRepository()->findByUser( $user ); /** @suppress PhanUndeclaredProperty */ $token = $request->OATHToken; if ( $oathuser->getKey() === null ) { $this->logger->warning( 'Two-factor authentication was disabled mid-authentication for ' . $user->getName() ); return AuthenticationResponse::newAbstain(); } // Don't increase pingLimiter, just check for limit exceeded. if ( $user->pingLimiter( 'badoath', 0 ) ) { return AuthenticationResponse::newUI( [ new TOTPAuthenticationRequest() ], new Message( 'oathauth-throttled', // Arbitrary duration given here [ Message::durationParam( 60 ) ] ), 'error' ); } if ( $oathuser->getKey()->verifyToken( $token, $oathuser ) ) { return AuthenticationResponse::newPass(); } else { return AuthenticationResponse::newUI( [ new TOTPAuthenticationRequest() ], wfMessage( 'oathauth-login-failed' ), 'error' ); } } /** * @param User $user * @param User $creator * @param array $reqs * * @return AuthenticationResponse */ public function beginSecondaryAccountCreation( $user, $creator, array $reqs ) { return AuthenticationResponse::newAbstain(); } }