Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
47.62% covered (danger)
47.62%
20 / 42
0.00% covered (danger)
0.00%
0 / 3
 CRAP
0.00% covered (danger)
0.00%
0 / 1
TOTPDisableForm
47.62% covered (danger)
47.62%
20 / 42
0.00% covered (danger)
0.00%
0 / 3
 14.04
0.00% covered (danger)
0.00%
0 / 1
 onSuccess
0.00% covered (danger)
0.00%
0 / 1
0.00% covered (danger)
0.00%
0 / 1
 2
 getDescriptors
0.00% covered (danger)
0.00%
0 / 13
0.00% covered (danger)
0.00%
0 / 1
 2
 onSubmit
71.43% covered (warning)
71.43%
20 / 28
0.00% covered (danger)
0.00%
0 / 1
 5.58
1<?php
2
3namespace MediaWiki\Extension\OATHAuth\HTMLForm;
4
5use MediaWiki\Extension\OATHAuth\Key\TOTPKey;
6use MediaWiki\Logger\LoggerFactory;
7use MediaWiki\Message\Message;
8use MWException;
9
10class TOTPDisableForm extends OATHAuthOOUIHTMLForm {
11    /**
12     * Add content to output when operation was successful
13     */
14    public function onSuccess() {
15        $this->getOutput()->addWikiMsg( 'oathauth-disabledoath' );
16    }
17
18    /**
19     * @return array
20     */
21    protected function getDescriptors() {
22        return [
23            'token' => [
24                'type' => 'text',
25                'label-message' => 'oathauth-entertoken',
26                'name' => 'token',
27                'required' => true,
28                'autofocus' => true,
29                'dir' => 'ltr',
30                'autocomplete' => 'one-time-code',
31                'spellcheck' => false,
32                'help' => $this->msg( 'oathauth-hint' )->parse(),
33            ],
34        ];
35    }
36
37    /**
38     * @param array $formData
39     * @return array|bool
40     * @throws MWException
41     */
42    public function onSubmit( array $formData ) {
43        // Don't increase pingLimiter, instead check for the limit being exceeded.
44        if ( $this->getUser()->pingLimiter( 'badoath', 0 ) ) {
45            // Arbitrary duration given here
46            LoggerFactory::getInstance( 'authentication' )->info(
47                'OATHAuth {user} rate limited while disabling 2FA from {clientip}', [
48                    'user' => $this->getUser()->getName(),
49                    'clientip' => $this->getRequest()->getIP(),
50                ]
51            );
52            return [ 'oathauth-throttled', Message::durationParam( 60 ) ];
53        }
54
55        foreach ( $this->oathUser->getKeys() as $key ) {
56            if ( !( $key instanceof TOTPKey ) ) {
57                continue;
58            }
59
60            if ( !$key->verify( [ 'token' => $formData['token'] ], $this->oathUser ) ) {
61                continue;
62            }
63
64            $this->oathRepo->removeKey(
65                $this->oathUser,
66                $key,
67                $this->getRequest()->getIP(),
68                true
69            );
70
71            return true;
72        }
73
74        LoggerFactory::getInstance( 'authentication' )->info(
75            'OATHAuth {user} failed to provide a correct token while disabling 2FA from {clientip}', [
76                'user' => $this->getUser()->getName(),
77                'clientip' => $this->getRequest()->getIP(),
78            ]
79        );
80
81        // Increase rate limit counter for failed request
82        $this->getUser()->pingLimiter( 'badoath' );
83
84        return [ 'oathauth-failedtovalidateoath' ];
85    }
86}