56 $object->regenerateScratchTokens();
71 'algorithm' =>
'SHA1',
80 return $this->secret[
'secret'];
100 global $wgOATHAuthWindowRadius;
102 if ( $this->secret[
'mode'] !==
'hotp' ) {
103 throw new \DomainException(
'OATHAuth extension does not support non-HOTP tokens' );
107 $memc = ObjectCache::newAnything( [] );
108 $uid = CentralIdLookup::factory()->centralIdFromLocalUser( $user->getUser() );
109 $memcKey =
wfMemcKey(
'oathauth',
'usedtokens', $uid );
110 $lastWindow = (int)$memc->get( $memcKey );
115 $this->secret[
'period'], -$wgOATHAuthWindowRadius, $wgOATHAuthWindowRadius
120 $token = preg_replace(
'/\s+/',
'', $token );
124 foreach ( $results as $window => $result ) {
125 if ( $window > $lastWindow && $result->toHOTP( 6 ) === $token ) {
126 $lastWindow = $window;
134 $length = count( $this->scratchTokens );
136 if ( $length == 1 &&
"" === $this->scratchTokens[0] ) {
139 for ( $i = 0; $i < $length; $i++ ) {
140 if ( $token === $this->scratchTokens[$i] ) {
142 unset( $this->scratchTokens[$i] );
144 $user->setKey( $this );
145 $oathrepo->persist( $user );
158 $this->secret[
'period'] * ( 1 + 2 * $wgOATHAuthWindowRadius )
162 $user->getUser()->pingLimiter(
'badoath' );
170 for ( $i = 0; $i < 5; $i++ ) {
184 $token = preg_replace(
'/\s+/',
'', $token );
185 return in_array( $token, $this->scratchTokens,
true );
wfMemcKey()
Make a cache key for the local wiki.
static decode($b32)
Decodes a base32 string into a binary string according to RFC 4648.
static encode($string)
Encodes a binary string into a base32 string according to RFC 4648 (no padding).
static generateByTimeWindow( $key, $window, $min=-1, $max=1, $timestamp=false)
Generate a HOTP key collection based on a timestamp and window size all keys that could exist between...
static generate( $bytes, $forceStrong=false)
Generate a run of (ideally) cryptographically random data and return it in raw binary form.
static getOATHUserRepository()
Get the singleton OATH user repository.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU Ge...
static newFromRandom()
Make a new key from random values.
regenerateScratchTokens()
isScratchToken( $token)
Check if a token is one of the scratch tokens for this two factor key.
const SCRATCH_TOKEN
Represents that a token corresponds to a scratch token.
__construct( $secret, array $scratchTokens)
array $secret
Two factor binary secret.
const MAIN_TOKEN
Represents that a token corresponds to the main secret.
string[] $scratchTokens
List of scratch tokens.
verifyToken( $token, OATHUser $user)
Verify a token against the secret or scratch tokens.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU Ge...
please add to it if you re going to add events to the MediaWiki code where normally authentication against an external auth plugin would be creating a local account incomplete not yet checked for validity & $retval