wikimedia/mediawiki-extensions-OATHAuth
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/OATHAuth synced 2024-11-13 18:16:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
Mirror of https://gerrit.wikimedia.org/g/mediawiki/extensions/OATHAuth
1447 commits 281 branches 5 tags 21 MiB
PHP 98.1%
JavaScript 1.5%
Less 0.4%
Go to file
Taavi Väänänen 79242b88d8 Fix disabling TOTP keys with scratch tokens 
The current implementation of OATHUserRepository::persist() causes every
key to get a new ID when it's saved. This, combined with ::removeKey()
which compares keys by ID, means that using recovery codes to disable
TOTP is broken since TOTPKey calls persist() to mark the code as saved
just before the key is deleted.

In this patch I've chosen to add a new ::updateKey() method instead of
fixing ::persist(). This is more in line with the other new APIs in
OATHUserRepository (namely ::createKey() and ::removeKey()), and is
something I've been planning to do eventually - this bug just made that
a bit more urgent. ::persist() should be dropped once WebAuthn has been
updated too.

Tests are also updated - OATHUserRepositoryTest now updates the key
before deleting it and there's a new TOTPDisableFormTest to test the
entire disabling process.

Bug: T363548
Change-Id: I86ddc8e5bfc9cf74c587ffdff523f559c5a3c08c
(cherry picked from commit 0dad2c7031)
2024-04-29 08:09:18 +00:00
.phan Send a notification when 2FA is disabled 2022-02-17 00:14:20 -08:00
i18n Localisation updates from https://translatewiki.net. 2024-04-22 09:29:03 +02:00
maintenance Make Key objects aware of their database IDs 2024-03-02 18:53:00 +02:00
modules/totp Switch from client- to server-side generated QR codes 2023-12-13 13:25:20 +08:00
sql Drop DB updates from pre MW 1.35 2023-12-22 00:42:50 +00:00
src Fix disabling TOTP keys with scratch tokens 2024-04-29 08:09:18 +00:00
tests/phpunit Fix disabling TOTP keys with scratch tokens 2024-04-29 08:09:18 +00:00
.eslintignore build: Remove duplicate eslintignore info from Gruntfile.js 2019-07-15 22:08:27 -04:00
.eslintrc.json build: Updating eslint-config-wikimedia to 0.19.0 2021-03-14 04:29:18 +00:00
.gitignore build: Upgrade eslint-config-wikimedia 0.12.0, drop grunt-jsonlint 2019-05-07 09:59:52 -07:00
.gitreview Whoops, track not trace 2016-10-24 17:03:06 -07:00
.phpcs.xml Fix remaining PHPCS exclusions 2023-10-10 23:59:00 +00:00
.stylelintrc.json Use json extension for .stylelintrc 2017-08-19 10:12:13 +02:00
CODE_OF_CONDUCT.md build: Updating mediawiki/phan-taint-check-plugin to 1.3.0 2018-08-19 14:49:59 +00:00
composer.json build: Upgrade mediawiki/mediawiki-codesniffer to v43.0.0 2024-03-11 20:43:28 +01:00
COPYING Add COPYING 2014-01-22 21:34:11 +00:00
extension.json Merge "Declare grant risk levels" 2024-01-17 03:44:51 +00:00
Gruntfile.js build: Updating dependencies 2021-01-30 06:33:24 +00:00
OATHAuth.alias.php Add aliases for Chinese variants 2024-01-07 17:43:49 +08:00
package-lock.json build: Updating eslint-config-wikimedia to 0.27.0 2024-04-20 00:07:56 +00:00
package.json build: Updating eslint-config-wikimedia to 0.27.0 2024-04-20 00:07:56 +00:00
ServiceWiring.php Add return type hint to functions in ServiceWiring.php 2024-01-31 20:08:46 +01:00