Go to the documentation of this file.
33 return $oathUser && $oathUser->getKey();
60 return json_decode( self::unseal( $ciphertext,
$keys[
'encrypt'],
$keys[
'hmac'] ),
true );
82 $keymats = hash_pbkdf2(
'sha256', $secret,
"oath-$userid", 10001, 64,
true );
84 'encrypt' => substr( $keymats, 0, 32 ),
85 'hmac' => substr( $keymats, 32, 32 ),
97 private static function seal( $data, $encKey, $hmacKey ) {
98 $iv = random_bytes( 16 );
99 $ciphertext = openssl_encrypt(
106 $sealed = base64_encode( $iv ) .
'.' . base64_encode( $ciphertext );
107 $hmac = hash_hmac(
'sha256', $sealed, $hmacKey,
true );
108 return base64_encode( $hmac ) .
'.' . $sealed;
120 private static function unseal( $encrypted, $encKey, $hmacKey ) {
121 $pieces = explode(
'.', $encrypted );
122 if (
count( $pieces ) !== 3 ) {
123 throw new InvalidArgumentException(
'Invalid sealed-secret format' );
126 list( $hmac, $iv, $ciphertext ) = $pieces;
127 $integCalc = hash_hmac(
'sha256', $iv .
'.' . $ciphertext, $hmacKey,
true );
128 if ( !hash_equals( $integCalc, base64_decode( $hmac ) ) ) {
129 throw new Exception(
'Sealed secret has been tampered with, aborting.' );
132 return openssl_decrypt(
133 base64_decode( $ciphertext ),
please add to it if you re going to add events to the MediaWiki code where normally authentication against an external auth plugin would be creating a account $user
static getKeyMaterials()
Get the base secret for this wiki, used to derive all of the encryption keys.
static unseal( $encrypted, $encKey, $hmacKey)
Decrypt data sealed using seal().
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
static encryptSessionData(array $plaintextVars, $userId)
Encrypt an aray of variables to put into the user's session.
The wiki should then use memcached to cache various data To use multiple just add more items to the array To increase the weight of a make its entry a array("192.168.0.1:11211", 2))
deferred txt A few of the database updates required by various functions here can be deferred until after the result page is displayed to the user For updating the view updating the linked to tables after a etc PHP does not yet have any way to tell the server to actually return and disconnect while still running these but it might have such a feature in the future We handle these by creating a deferred update object and putting those objects on a global list
This program is free software; you can redistribute it and/or modify it under the terms of the GNU Ge...
static decryptSessionData( $ciphertext, $userId)
Decrypt an encrypted packet, generated with encryptSessionData.
static isEnabledFor(User $user)
Check whether OATH two-factor authentication is enabled for a given user.
static getOATHUserRepository()
Get the singleton OATH user repository.
$wgSecretKey
This should always be customised in LocalSettings.php.
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
static seal( $data, $encKey, $hmacKey)
Actually encrypt the data, using a new random IV, and prepend the hmac of the encrypted data + IV,...
static getUserKeys( $secret, $userid)
Generate encryption and hmac keys, unique to this user, based on a single wiki secret.