findByUser( $user ); if ( $oathuser->getKey() === null ) { return AuthenticationResponse::newAbstain(); } else { return AuthenticationResponse::newUI( array( new TOTPAuthenticationRequest() ), wfMessage( 'oathauth-auth-ui' ) ); } } /** * Verify the second factor. * @inheritdoc */ public function continueSecondaryAuthentication( $user, array $reqs ) { /** @var TOTPAuthenticationRequest $request */ $request = AuthenticationRequest::getRequestByClass( $reqs, TOTPAuthenticationRequest::class ); if ( !$request ) { return AuthenticationResponse::newUI( array( new TOTPAuthenticationRequest() ), wfMessage( 'oathauth-login-failed' ) ); } $throttler = new Throttler( null, [ 'type' => 'TOTP' ] ); $result = $throttler->increase( $user->getName(), null, __METHOD__ ); if ( $result ) { return AuthenticationResponse::newUI( array( new TOTPAuthenticationRequest() ), new Message( 'oathauth-throttled', [ Message::durationParam( $result['wait'] ) ] ) ); } $oathuser = OATHAuthHooks::getOATHUserRepository()->findByUser( $user ); $token = $request->OATHToken; if ( $oathuser->getKey() === null ) { $this->logger->warning( 'Two-factor authentication was disabled mid-authentication for ' . $user->getName() ); return AuthenticationResponse::newAbstain(); } if ( $oathuser->getKey()->verifyToken( $token, $oathuser ) ) { $throttler->clear( $user->getName(), null ); return AuthenticationResponse::newPass(); } else { return AuthenticationResponse::newUI( array( new TOTPAuthenticationRequest() ), wfMessage( 'oathauth-login-failed' ) ); } } public function beginSecondaryAccountCreation( $user, $creator, array $reqs ) { return AuthenticationResponse::newAbstain(); } }