mirror of
https://gerrit.wikimedia.org/r/mediawiki/extensions/OATHAuth
synced 2024-11-24 08:14:15 +00:00
5f70fed5dc
* Removed use of deprecated core features * Made code style fixes * Made pass phpcs-strict * Fixed special page aliases Change-Id: Iae2a0a7d6f0fb2ea5080795a06ae257af96dfaf6
448 lines
11 KiB
PHP
448 lines
11 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Special page to display key information to the user
|
|
*
|
|
* @file
|
|
* @ingroup Extensions
|
|
*/
|
|
|
|
class SpecialOATH extends UnlistedSpecialPage {
|
|
|
|
/** @var OATHUser|null */
|
|
private $OATHUser;
|
|
|
|
/**
|
|
* Initialize the OATH user based on the current local User object in the context
|
|
*/
|
|
public function __construct() {
|
|
parent::__construct( 'OATH' );
|
|
|
|
$this->OATHUser = OATHUser::newFromUser( $this->getUser() );
|
|
}
|
|
|
|
/**
|
|
* Perform the correct form based on the action
|
|
*
|
|
* @param null|string $par Sub-page
|
|
*/
|
|
public function execute( $par ) {
|
|
if ( !$this->getUser()->isLoggedIn() ) {
|
|
$this->setHeaders();
|
|
$this->getOutput()->setPagetitle( $this->msg( 'oathauth-notloggedin' ) );
|
|
$this->getOutput()->addWikiMsg( 'oathauth-mustbeloggedin' );
|
|
return;
|
|
}
|
|
$action = $this->getRequest()->getVal( 'action' );
|
|
if ( $action == "enable" ) {
|
|
$this->enable();
|
|
} elseif ( $action == "validate" ) {
|
|
$this->validate();
|
|
} elseif ( $action == "reset" ) {
|
|
$this->reset();
|
|
} elseif ( $action == "disable" ) {
|
|
$this->disable();
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @return bool
|
|
*/
|
|
private function enable() {
|
|
$this->setHeaders();
|
|
$this->getOutput()->setPagetitle( $this->msg( 'oathauth-enable' ) );
|
|
$returnto = $this->getRequest()->getVal( 'returnto' );
|
|
|
|
if ( !$this->OATHUser->isEnabled() ) {
|
|
$result = $this->OATHUser->enable();
|
|
if ( !$result ) {
|
|
$this->getOutput()->addWikiMsg( 'oathauth-failedtoenableoauth' );
|
|
return true;
|
|
}
|
|
} elseif ( $this->OATHUser->isEnabled() && $this->OATHUser->isValidated() ) {
|
|
$this->getOutput()->addWikiMsg( 'oathauth-alreadyenabled' );
|
|
return true;
|
|
}
|
|
$info['token'] = array(
|
|
'type' => 'text',
|
|
'default' => '',
|
|
'label-message' => 'oathauth-token',
|
|
'name' => 'token',
|
|
);
|
|
$info['mode'] = array(
|
|
'type' => 'hidden',
|
|
'default' => 'enable',
|
|
'name' => 'mode',
|
|
);
|
|
$info['returnto'] = array(
|
|
'type' => 'hidden',
|
|
'default' => $returnto,
|
|
'name' => 'returnto',
|
|
);
|
|
$info['action'] = array(
|
|
'type' => 'hidden',
|
|
'default' => 'validate',
|
|
'name' => 'action',
|
|
);
|
|
$form = new HTMLForm(
|
|
$info,
|
|
$this->getContext(),
|
|
'oathauth-verify'
|
|
);
|
|
$form->setSubmitID( 'oathauth-validate-submit' );
|
|
$form->setSubmitCallback( array( $this, 'tryValidateSubmit' ) );
|
|
$form->show();
|
|
|
|
$this->displaySecret();
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* @param $reset bool
|
|
*/
|
|
private function displaySecret( $reset = false ) {
|
|
$this->getOutput()->addModules( 'ext.oathauth' );
|
|
if ( $reset ) {
|
|
$secret = $this->OATHUser->getSecretReset();
|
|
} else {
|
|
$secret = $this->OATHUser->getSecret();
|
|
}
|
|
$out = '<strong>' . $this->msg( 'oathauth-account' )->escaped() . '</strong> '
|
|
. $this->OATHUser->getAccount() . '<br/>'
|
|
. '<strong>' . $this->msg( 'oathauth-secret' )->escaped() . '</strong> '
|
|
. $secret . '<br/>'
|
|
. '<br/>'
|
|
. '<div id="qrcode"></div>';
|
|
|
|
$this->getOutput()->addInlineScript(
|
|
'jQuery("#qrcode").qrcode("otpauth://totp/'
|
|
. $this->OATHUser->getAccount()
|
|
. '?secret=' . $secret . '")'
|
|
);
|
|
|
|
$this->getOutput()->addHTML( $out );
|
|
$this->getOutput()->addWikiMsg( 'openstackmanager-scratchtokens' );
|
|
if ( $reset ) {
|
|
$this->getOutput()->addHTML(
|
|
$this->createResourceList( $this->OATHUser->getScratchTokensReset() ) );
|
|
} else {
|
|
$this->getOutput()->addHTML(
|
|
$this->createResourceList( $this->OATHUser->getScratchTokens() ) );
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @return bool
|
|
*/
|
|
private function validate() {
|
|
$this->setHeaders();
|
|
$this->getOutput()->setPagetitle( $this->msg( 'oathauth-enable' ) );
|
|
$mode = $this->getRequest()->getVal( 'mode' );
|
|
$returnto = $this->getRequest()->getVal( 'returnto' );
|
|
|
|
$info['token'] = array(
|
|
'type' => 'text',
|
|
'default' => '',
|
|
'label-message' => 'oathauth-token',
|
|
'name' => 'token',
|
|
);
|
|
$info['mode'] = array(
|
|
'type' => 'hidden',
|
|
'default' => $mode,
|
|
'name' => 'mode',
|
|
);
|
|
$info['returnto'] = array(
|
|
'type' => 'hidden',
|
|
'default' => $returnto,
|
|
'name' => 'returnto',
|
|
);
|
|
$info['action'] = array(
|
|
'type' => 'hidden',
|
|
'default' => 'validate',
|
|
'name' => 'action',
|
|
);
|
|
$form = new HTMLForm(
|
|
$info,
|
|
$this->getContext(),
|
|
'oathauth-verify'
|
|
);
|
|
$form->setSubmitID( 'oathauth-validate-submit' );
|
|
$form->setSubmitCallback( array( $this, 'tryValidateSubmit' ) );
|
|
$form->show();
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* @return bool
|
|
*/
|
|
private function reset() {
|
|
$this->setHeaders();
|
|
$this->getOutput()->setPagetitle( $this->msg( 'oathauth-reset' ) );
|
|
$returnto = $this->getRequest()->getVal( 'returnto' );
|
|
|
|
$info['token'] = array(
|
|
'type' => 'text',
|
|
'label-message' => 'oathauth-currenttoken',
|
|
'name' => 'token',
|
|
);
|
|
$info['returnto'] = array(
|
|
'type' => 'hidden',
|
|
'default' => $returnto,
|
|
'name' => 'returnto',
|
|
);
|
|
$info['action'] = array(
|
|
'type' => 'hidden',
|
|
'default' => 'reset',
|
|
'name' => 'action',
|
|
);
|
|
$form = new HTMLForm(
|
|
$info,
|
|
$this->getContext(),
|
|
'oathauth-reset'
|
|
);
|
|
$form->setSubmitID( 'oauth-form-disablesubmit' );
|
|
$form->setSubmitCallback( array( $this, 'tryResetSubmit' ) );
|
|
$form->show();
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* @return bool
|
|
*/
|
|
private function disable() {
|
|
$this->setHeaders();
|
|
$this->getOutput()->setPagetitle( $this->msg( 'oathauth-disable' ) );
|
|
$returnto = $this->getRequest()->getVal( 'returnto' );
|
|
|
|
$info['token'] = array(
|
|
'type' => 'text',
|
|
'label-message' => 'oathauth-token',
|
|
'name' => 'token',
|
|
);
|
|
$info['returnto'] = array(
|
|
'type' => 'hidden',
|
|
'default' => $returnto,
|
|
'name' => 'returnto',
|
|
);
|
|
$info['action'] = array(
|
|
'type' => 'hidden',
|
|
'default' => 'disable',
|
|
'name' => 'action',
|
|
);
|
|
$form = new HTMLForm(
|
|
$info,
|
|
$this->getContext(),
|
|
'oathauth-disable'
|
|
);
|
|
$form->setSubmitID( 'oauth-form-disablesubmit' );
|
|
$form->setSubmitCallback( array( $this, 'tryDisableSubmit' ) );
|
|
$form->show();
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* @param $resources array
|
|
* @return string
|
|
*/
|
|
private function createResourceList( $resources ) {
|
|
$resourceList = '';
|
|
foreach ( $resources as $resource ) {
|
|
$resourceList .= Html::rawElement( 'li', array(), $resource );
|
|
}
|
|
return Html::rawElement( 'ul', array(), $resourceList );
|
|
}
|
|
|
|
/**
|
|
* @param $formData array
|
|
* @return bool
|
|
*/
|
|
public function tryValidateSubmit( $formData ) {
|
|
$mode = $formData['mode'];
|
|
if ( $mode == "reset" ) {
|
|
$reset = true;
|
|
} else {
|
|
$reset = false;
|
|
}
|
|
|
|
$verify = $this->OATHUser->verifyToken( $formData['token'], $reset );
|
|
if ( $verify ) {
|
|
if ( $reset ) {
|
|
$result = $this->OATHUser->reset();
|
|
} else {
|
|
$result = $this->OATHUser->validate();
|
|
}
|
|
} else {
|
|
$result = false;
|
|
}
|
|
|
|
$out = '';
|
|
if ( $result ) {
|
|
$this->getOutput()->addWikiMsg( 'oathauth-validatedoath' );
|
|
if ( $formData['returnto'] ) {
|
|
$out = '<br />';
|
|
$title = Title::newFromText( $formData['returnto'] );
|
|
$out .= Linker::link( $title, $this->msg( 'oathauth-backtopreferences' )->escaped() );
|
|
}
|
|
} else {
|
|
$this->getOutput()->addWikiMsg( 'oathauth-failedtovalidateoauth' );
|
|
$out = '<br />';
|
|
|
|
if ( $reset ) {
|
|
$out .= Linker::link(
|
|
$this->getPageTitle(),
|
|
$this->msg( 'oathauth-reattemptreset' )->escaped(),
|
|
array(),
|
|
array(
|
|
'action' => 'enable',
|
|
'mode' => 'reset',
|
|
'returnto' => $formData['returnto']
|
|
)
|
|
);
|
|
} else {
|
|
$out .= Linker::link(
|
|
$this->getPageTitle(),
|
|
$this->msg( 'oathauth-reattemptenable' )->escaped(),
|
|
array(),
|
|
array(
|
|
'action' => 'enable',
|
|
'returnto' => $formData['returnto']
|
|
)
|
|
);
|
|
}
|
|
}
|
|
|
|
$this->getOutput()->addHTML( $out );
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* @param $formData array
|
|
* @return bool
|
|
*/
|
|
public function tryDisableSubmit( $formData ) {
|
|
$verify = $this->OATHUser->verifyToken( $formData['token'] );
|
|
if ( !$verify ) {
|
|
$this->getOutput()->addWikiMsg( 'oathauth-failedtovalidateoauth' );
|
|
$out = '<br />';
|
|
$out .= Linker::link(
|
|
$this->getPageTitle(),
|
|
$this->msg( 'oathauth-reattemptdisable' )->escaped(),
|
|
array(),
|
|
array( 'action' => 'disable' )
|
|
);
|
|
$this->getOutput()->addHTML( $out );
|
|
return true;
|
|
}
|
|
|
|
$result = $this->OATHUser->disable();
|
|
if ( $result ) {
|
|
$this->getOutput()->addWikiMsg( 'oathauth-disabledoath' );
|
|
if ( $formData['returnto'] ) {
|
|
$out = '<br />';
|
|
$title = Title::newFromText( $formData['returnto'] );
|
|
$out .= Linker::link( $title, $this->msg( 'oathauth-backtopreferences' )->escaped() );
|
|
$this->getOutput()->addHTML( $out );
|
|
}
|
|
} else {
|
|
$this->getOutput()->addWikiMsg( 'oathauth-failedtodisableoauth' );
|
|
$out = '<br />';
|
|
|
|
$out .= Linker::link(
|
|
$this->getPageTitle(),
|
|
$this->msg( 'oathauth-reattemptdisable' )->escaped(),
|
|
array(
|
|
'action' => 'disable',
|
|
'returnto' => $formData['returnto'],
|
|
)
|
|
);
|
|
$this->getOutput()->addHTML( $out );
|
|
}
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* @param $formData array
|
|
* @return bool
|
|
*/
|
|
public function tryResetSubmit( $formData ) {
|
|
$verify = $this->OATHUser->verifyToken( $formData['token'] );
|
|
if ( !$verify ) {
|
|
$this->getOutput()->addWikiMsg( 'oathauth-failedtovalidateoauth' );
|
|
$out = '<br />';
|
|
$out .= Linker::link(
|
|
$this->getPageTitle(),
|
|
$this->msg( 'oathauth-reattemptreset' )->escaped(),
|
|
array(),
|
|
array(
|
|
'action' => 'reset',
|
|
'returnto' => $formData['returnto']
|
|
)
|
|
);
|
|
|
|
$this->getOutput()->addHTML( $out );
|
|
|
|
return true;
|
|
}
|
|
|
|
$this->getOutput()->addWikiMsg( 'oathauth-donotdeleteoldsecret' );
|
|
$info['token'] = array(
|
|
'type' => 'text',
|
|
'default' => '',
|
|
'label-message' => 'oathauth-newtoken',
|
|
'name' => 'token',
|
|
);
|
|
$info['mode'] = array(
|
|
'type' => 'hidden',
|
|
'default' => 'reset',
|
|
'name' => 'mode',
|
|
);
|
|
$info['returnto'] = array(
|
|
'type' => 'hidden',
|
|
'default' => $formData['returnto'],
|
|
'name' => 'returnto',
|
|
);
|
|
$info['action'] = array(
|
|
'type' => 'hidden',
|
|
'default' => 'validate',
|
|
'name' => 'action',
|
|
);
|
|
$myContext = new DerivativeContext( $this->getContext() );
|
|
$myRequest = new DerivativeRequest( $this->getRequest(),
|
|
array(
|
|
'action' => 'validate',
|
|
'mode' => 'reset',
|
|
'token' => '',
|
|
'returnto' => $formData['returnto']
|
|
), false );
|
|
$myContext->setRequest( $myRequest );
|
|
$form = new HTMLForm( $info, $myContext );
|
|
$form->setSubmitID( 'oathauth-validate-submit' );
|
|
$form->setSubmitCallback( array( $this, 'tryValidateSubmit' ) );
|
|
$form->show();
|
|
|
|
$result = $this->OATHUser->setReset();
|
|
if ( $result ) {
|
|
$this->displaySecret( true );
|
|
} else {
|
|
$this->getOutput()->addWikiMsg( 'oathauth-failedtoresetoath' );
|
|
$out = '<br />';
|
|
$out .= Linker::link(
|
|
$this->getPageTitle(),
|
|
$this->msg( 'oathauth-reattemptreset' )->escaped(),
|
|
array(),
|
|
array(
|
|
'action' => 'reset',
|
|
'returnto' => $formData['returnto']
|
|
)
|
|
);
|
|
$this->getOutput()->addHTML( $out );
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
}
|