MediaWiki REL1_31
TOTPSecondaryAuthenticationProvider.php
Go to the documentation of this file.
1<?php
23
34
41 public function getAuthenticationRequests( $action, array $options ) {
42 switch ( $action ) {
43 case AuthManager::ACTION_LOGIN:
44 // don't ask for anything initially so the second factor is on a separate screen
45 return [];
46 default:
47 return [];
48 }
49 }
50
59 public function beginSecondaryAuthentication( $user, array $reqs ) {
60 $oathuser = OATHAuthHooks::getOATHUserRepository()->findByUser( $user );
61
62 if ( $oathuser->getKey() === null ) {
63 return AuthenticationResponse::newAbstain();
64 } else {
65 return AuthenticationResponse::newUI( [ new TOTPAuthenticationRequest() ],
66 wfMessage( 'oathauth-auth-ui' ), 'warning' );
67 }
68 }
69
74 public function continueSecondaryAuthentication( $user, array $reqs ) {
76 $request = AuthenticationRequest::getRequestByClass( $reqs, TOTPAuthenticationRequest::class );
77 if ( !$request ) {
78 return AuthenticationResponse::newUI( [ new TOTPAuthenticationRequest() ],
79 wfMessage( 'oathauth-login-failed' ), 'error' );
80 }
81
82 $oathuser = OATHAuthHooks::getOATHUserRepository()->findByUser( $user );
84 $token = $request->OATHToken;
85
86 if ( $oathuser->getKey() === null ) {
87 $this->logger->warning( 'Two-factor authentication was disabled mid-authentication for '
88 . $user->getName() );
89 return AuthenticationResponse::newAbstain();
90 }
91
92 // Don't increase pingLimiter, just check for limit exceeded.
93 if ( $user->pingLimiter( 'badoath', 0 ) ) {
94 return AuthenticationResponse::newUI(
96 new Message(
97 'oathauth-throttled',
98 // Arbitrary duration given here
99 [ Message::durationParam( 60 ) ]
100 ), 'error' );
101 }
102
103 if ( $oathuser->getKey()->verifyToken( $token, $oathuser ) ) {
104 return AuthenticationResponse::newPass();
105 } else {
106 return AuthenticationResponse::newUI( [ new TOTPAuthenticationRequest() ],
107 wfMessage( 'oathauth-login-failed' ), 'error' );
108 }
109 }
110
118 public function beginSecondaryAccountCreation( $user, $creator, array $reqs ) {
119 return AuthenticationResponse::newAbstain();
120 }
121}
A base class that implements some of the boilerplate for a SecondaryAuthenticationProvider.
This serves as the entry point to the authentication system.
This is a value object for authentication requests.
This is a value object to hold authentication response data.
The Message class provides methods which fulfil two basic services:
Definition Message.php:159
static getOATHUserRepository()
Get the singleton OATH user repository.
AuthManager value object for the TOTP second factor of an authentication: a pseudorandom token that i...
AuthManager secondary authentication provider for TOTP second-factor authentication.
beginSecondaryAuthentication( $user, array $reqs)
If the user has enabled two-factor authentication, request a second factor.
continueSecondaryAuthentication( $user, array $reqs)
Verify the second factor.
do that in ParserLimitReportFormat instead use this to modify the parameters of the image all existing parser cache entries will be invalid To avoid you ll need to handle that somehow(e.g. with the RejectParserCacheValue hook) because MediaWiki won 't do it for you. & $defaults also a ContextSource after deleting those rows but within the same transaction you ll probably need to make sure the header is varied on $request
Definition hooks.txt:2806
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped & $options
Definition hooks.txt:2001
either a unescaped string or a HtmlArmor object after in associative array form externallinks including delete and has completed for all link tables whether this was an auto creation default is conds Array Extra conditions for the No matching items in log is displayed if loglist is empty msgKey Array If you want a nice box with a set this to the key of the message First element is the message additional optional elements are parameters for the key that are processed with wfMessage() -> params() ->parseAsBlock() - offset Set to overwrite offset parameter in $wgRequest set to '' to unset offset - wrap String Wrap the message in html(usually something like "&lt;div ...>$1&lt;/div>"). - flags Integer display flags(NO_ACTION_LINK, NO_EXTRA_USER_LINKS) 'LogException':Called before an exception(or PHP error) is logged. This is meant for integration with external error aggregation services