mirror of
https://gerrit.wikimedia.org/r/mediawiki/extensions/OATHAuth
synced 2024-11-13 18:16:56 +00:00
766e18bca1
Add a new internal action=query&meta=oath Action API module that can be used to check for OATH protection on a given user account. Using the module requires a new 'oathauth-api-all' permission which is not granted to any group by default. The permission is also added to the new 'oath' grant so that it can be used via OAuth and bot passwords. Use of this API is security sensitive and should not be granted lightly. Configuring a special 'oathauth' user group to grant the needed 'oathauth-api-all' permission is recommended. This check is primarily useful as an internal network service in an environment where MediaWiki and other applications are sharing the same backing authentication store (e.g. LDAP) and the non-MediaWiki applications would like to respect the OATH protections enabled on the MediaWiki install. Bug: T144712 Change-Id: I4884f6efdfa42db82c25eadb70c7aefa98c370e9
98 lines
2.2 KiB
JSON
98 lines
2.2 KiB
JSON
{
|
|
"name": "OATHAuth",
|
|
"version": "0.2.1",
|
|
"author": "Ryan Lane",
|
|
"url": "https://www.mediawiki.org/wiki/Extension:OATHAuth",
|
|
"descriptionmsg": "oathauth-desc",
|
|
"type": "other",
|
|
"license-name": "GPL-2.0+",
|
|
"AutoloadClasses": {
|
|
"ApiQueryOATH": "api/ApiQueryOATH.php",
|
|
"OATHAuthHooks": "OATHAuth.hooks.php",
|
|
"OATHAuthLegacyHooks": "OATHAuth.hooks.legacy.php",
|
|
"OATHAuthKey": "OATHAuthKey.php",
|
|
"OATHAuthUtils": "OATHAuthUtils.php",
|
|
"OATHUserRepository": "OATHUserRepository.php",
|
|
"HOTP": "lib/hotp.php",
|
|
"HOTPResult": "lib/hotp.php",
|
|
"Base32": "lib/base32.php",
|
|
"OATHUser": "OATHUser.php",
|
|
"SpecialOATH": "special/SpecialOATH.php",
|
|
"SpecialOATHEnable": "special/SpecialOATHEnable.php",
|
|
"SpecialOATHDisable": "special/SpecialOATHDisable.php",
|
|
"SpecialOATHLogin": "special/SpecialOATHLogin.php",
|
|
"ProxySpecialPage": "special/ProxySpecialPage.php",
|
|
"TOTPAuthenticationRequest": "auth/TOTPAuthenticationRequest.php",
|
|
"TOTPSecondaryAuthenticationProvider": "auth/TOTPSecondaryAuthenticationProvider.php"
|
|
},
|
|
"ExtensionMessagesFiles": {
|
|
"OATHAuthAlias": "OATHAuth.alias.php"
|
|
},
|
|
"callback": "OATHAuthHooks::onRegistration",
|
|
"Hooks": {
|
|
"TwoFactorIsEnabled": [
|
|
"OATHAuthHooks::onTwoFactorIsEnabled"
|
|
],
|
|
"LoadExtensionSchemaUpdates": [
|
|
"OATHAuthHooks::onLoadExtensionSchemaUpdates"
|
|
],
|
|
"GetPreferences": [
|
|
"OATHAuthHooks::onGetPreferences"
|
|
]
|
|
},
|
|
"MessagesDirs": {
|
|
"OATHAuth": [
|
|
"i18n"
|
|
]
|
|
},
|
|
"config": {
|
|
"OATHAuthWindowRadius": 4,
|
|
"OATHAuthDatabase": false,
|
|
"OATHAuthSecret": false
|
|
},
|
|
"ResourceModules": {
|
|
"ext.oathauth": {
|
|
"scripts": [
|
|
"jquery.qrcode.js",
|
|
"qrcode.js"
|
|
]
|
|
},
|
|
"ext.oath.showqrcode": {
|
|
"scripts": [
|
|
"ext.oath.showqrcode.js"
|
|
],
|
|
"dependencies": [
|
|
"ext.oathauth"
|
|
]
|
|
}
|
|
},
|
|
"ResourceFileModulePaths": {
|
|
"localBasePath": "modules",
|
|
"remoteExtPath": "OATHAuth"
|
|
},
|
|
"SpecialPages": {
|
|
"OATH": "SpecialOATH"
|
|
},
|
|
"AvailableRights": [
|
|
"oathauth-enable",
|
|
"oathauth-api-all"
|
|
],
|
|
"GroupPermissions": {
|
|
"*": {
|
|
"oathauth-enable": true
|
|
}
|
|
},
|
|
"GrantPermissions": {
|
|
"oath": {
|
|
"oathauth-api-all": true
|
|
}
|
|
},
|
|
"GrantPermissionGroups": {
|
|
"oath": "authentication"
|
|
},
|
|
"APIMetaModules": {
|
|
"oath": "ApiQueryOATH"
|
|
},
|
|
"manifest_version": 1
|
|
}
|