Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
0.00% |
0 / 40 |
|
0.00% |
0 / 6 |
CRAP | |
0.00% |
0 / 1 |
| ApiQueryOATH | |
0.00% |
0 / 40 |
|
0.00% |
0 / 6 |
90 | |
0.00% |
0 / 1 |
| __construct | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| execute | |
0.00% |
0 / 22 |
|
0.00% |
0 / 1 |
20 | |||
| getCacheMode | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| isInternal | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| getAllowedParams | |
0.00% |
0 / 9 |
|
0.00% |
0 / 1 |
2 | |||
| getExamplesMessages | |
0.00% |
0 / 6 |
|
0.00% |
0 / 1 |
2 | |||
| 1 | <?php |
| 2 | /** |
| 3 | * @license GPL-2.0-or-later |
| 4 | */ |
| 5 | |
| 6 | namespace MediaWiki\Extension\OATHAuth\Api\Module; |
| 7 | |
| 8 | use MediaWiki\Api\ApiQuery; |
| 9 | use MediaWiki\Api\ApiQueryBase; |
| 10 | use MediaWiki\Api\ApiResult; |
| 11 | use MediaWiki\Extension\OATHAuth\OATHUserRepository; |
| 12 | use MediaWiki\Logging\ManualLogEntry; |
| 13 | use MediaWiki\MediaWikiServices; |
| 14 | use Wikimedia\ParamValidator\ParamValidator; |
| 15 | |
| 16 | /** |
| 17 | * Query module to check if a user has OATH authentication enabled. |
| 18 | * |
| 19 | * Usage requires the 'oathauth-verify-user' grant. |
| 20 | * |
| 21 | * Use of this API is security-sensitive and should not be granted lightly. |
| 22 | * |
| 23 | * @ingroup API |
| 24 | * @ingroup Extensions |
| 25 | */ |
| 26 | class ApiQueryOATH extends ApiQueryBase { |
| 27 | public function __construct( |
| 28 | ApiQuery $query, |
| 29 | string $moduleName, |
| 30 | private readonly OATHUserRepository $oathUserRepository, |
| 31 | ) { |
| 32 | parent::__construct( $query, $moduleName, 'oath' ); |
| 33 | } |
| 34 | |
| 35 | public function execute() { |
| 36 | // messages used: right-oathauth-verify-user, action-oathauth-verify-user |
| 37 | $this->checkUserRightsAny( [ 'oathauth-verify-user' ] ); |
| 38 | |
| 39 | $params = $this->extractRequestParams(); |
| 40 | |
| 41 | if ( $params['user'] === null ) { |
| 42 | $user = $this->getUser(); |
| 43 | } else { |
| 44 | $user = MediaWikiServices::getInstance()->getUserFactory() |
| 45 | ->newFromName( $params['user'] ); |
| 46 | if ( $user === null ) { |
| 47 | $this->dieWithError( 'noname' ); |
| 48 | } |
| 49 | } |
| 50 | |
| 51 | $result = $this->getResult(); |
| 52 | $data = [ |
| 53 | ApiResult::META_BC_BOOLS => [ 'enabled' ], |
| 54 | 'enabled' => false, |
| 55 | ]; |
| 56 | |
| 57 | if ( $user->isNamed() ) { |
| 58 | $authUser = $this->oathUserRepository->findByUser( $user ); |
| 59 | $data['enabled'] = $authUser->isTwoFactorAuthEnabled(); |
| 60 | |
| 61 | // messages used: logentry-oath-verify, log-action-oath-verify |
| 62 | $logEntry = new ManualLogEntry( 'oath', 'verify' ); |
| 63 | $logEntry->setPerformer( $this->getUser() ); |
| 64 | $logEntry->setTarget( $user->getUserPage() ); |
| 65 | $logEntry->setComment( $params['reason'] ); |
| 66 | $logEntry->insert(); |
| 67 | } |
| 68 | $result->addValue( 'query', $this->getModuleName(), $data ); |
| 69 | } |
| 70 | |
| 71 | /** @inheritDoc */ |
| 72 | public function getCacheMode( $params ) { |
| 73 | return 'private'; |
| 74 | } |
| 75 | |
| 76 | /** @inheritDoc */ |
| 77 | public function isInternal() { |
| 78 | return true; |
| 79 | } |
| 80 | |
| 81 | /** @inheritDoc */ |
| 82 | public function getAllowedParams() { |
| 83 | return [ |
| 84 | 'user' => [ |
| 85 | ParamValidator::PARAM_TYPE => 'user', |
| 86 | ], |
| 87 | 'reason' => [ |
| 88 | ParamValidator::PARAM_TYPE => 'string', |
| 89 | ParamValidator::PARAM_REQUIRED => true, |
| 90 | ], |
| 91 | ]; |
| 92 | } |
| 93 | |
| 94 | /** @inheritDoc */ |
| 95 | protected function getExamplesMessages() { |
| 96 | return [ |
| 97 | 'action=query&meta=oath&reason=Test' |
| 98 | => 'apihelp-query+oath-example-1', |
| 99 | 'action=query&meta=oath&oathuser=Example&oathreason=Test' |
| 100 | => 'apihelp-query+oath-example-2', |
| 101 | ]; |
| 102 | } |
| 103 | } |