Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
0.00% |
0 / 42 |
|
0.00% |
0 / 3 |
CRAP | |
0.00% |
0 / 1 |
| TOTPDisableForm | |
0.00% |
0 / 42 |
|
0.00% |
0 / 3 |
56 | |
0.00% |
0 / 1 |
| onSuccess | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| getDescriptors | |
0.00% |
0 / 13 |
|
0.00% |
0 / 1 |
2 | |||
| onSubmit | |
0.00% |
0 / 28 |
|
0.00% |
0 / 1 |
30 | |||
| 1 | <?php |
| 2 | |
| 3 | namespace MediaWiki\Extension\OATHAuth\HTMLForm; |
| 4 | |
| 5 | use MediaWiki\Extension\OATHAuth\Key\TOTPKey; |
| 6 | use MediaWiki\Logger\LoggerFactory; |
| 7 | use Message; |
| 8 | use MWException; |
| 9 | |
| 10 | class TOTPDisableForm extends OATHAuthOOUIHTMLForm { |
| 11 | /** |
| 12 | * Add content to output when operation was successful |
| 13 | */ |
| 14 | public function onSuccess() { |
| 15 | $this->getOutput()->addWikiMsg( 'oathauth-disabledoath' ); |
| 16 | } |
| 17 | |
| 18 | /** |
| 19 | * @return array |
| 20 | */ |
| 21 | protected function getDescriptors() { |
| 22 | return [ |
| 23 | 'token' => [ |
| 24 | 'type' => 'text', |
| 25 | 'label-message' => 'oathauth-entertoken', |
| 26 | 'name' => 'token', |
| 27 | 'required' => true, |
| 28 | 'autofocus' => true, |
| 29 | 'dir' => 'ltr', |
| 30 | 'autocomplete' => 'one-time-code', |
| 31 | 'spellcheck' => false, |
| 32 | 'help' => $this->msg( 'oathauth-hint' )->parse(), |
| 33 | ], |
| 34 | ]; |
| 35 | } |
| 36 | |
| 37 | /** |
| 38 | * @param array $formData |
| 39 | * @return array|bool |
| 40 | * @throws MWException |
| 41 | */ |
| 42 | public function onSubmit( array $formData ) { |
| 43 | // Don't increase pingLimiter, instead check for the limit being exceeded. |
| 44 | if ( $this->oathUser->getUser()->pingLimiter( 'badoath', 0 ) ) { |
| 45 | // Arbitrary duration given here |
| 46 | LoggerFactory::getInstance( 'authentication' )->info( |
| 47 | 'OATHAuth {user} rate limited while disabling 2FA from {clientip}', [ |
| 48 | 'user' => $this->getUser()->getName(), |
| 49 | 'clientip' => $this->getRequest()->getIP(), |
| 50 | ] |
| 51 | ); |
| 52 | return [ 'oathauth-throttled', Message::durationParam( 60 ) ]; |
| 53 | } |
| 54 | |
| 55 | foreach ( $this->oathUser->getKeys() as $key ) { |
| 56 | if ( !( $key instanceof TOTPKey ) ) { |
| 57 | continue; |
| 58 | } |
| 59 | |
| 60 | if ( !$key->verify( [ 'token' => $formData['token'] ], $this->oathUser ) ) { |
| 61 | continue; |
| 62 | } |
| 63 | |
| 64 | $this->oathRepo->removeKey( |
| 65 | $this->oathUser, |
| 66 | $key, |
| 67 | $this->getRequest()->getIP(), |
| 68 | true |
| 69 | ); |
| 70 | |
| 71 | return true; |
| 72 | } |
| 73 | |
| 74 | LoggerFactory::getInstance( 'authentication' )->info( |
| 75 | 'OATHAuth {user} failed to provide a correct token while disabling 2FA from {clientip}', [ |
| 76 | 'user' => $this->getUser()->getName(), |
| 77 | 'clientip' => $this->getRequest()->getIP(), |
| 78 | ] |
| 79 | ); |
| 80 | |
| 81 | // Increase rate limit counter for failed request |
| 82 | $this->getUser()->pingLimiter( 'badoath' ); |
| 83 | |
| 84 | return [ 'oathauth-failedtovalidateoath' ]; |
| 85 | } |
| 86 | } |