REL1_34/php/TOTPSecondaryAuthenticationProvider_8php_source.html

<?php

namespace MediaWiki\Extension\OATHAuth\Auth;


use MediaWiki\Auth\AbstractSecondaryAuthenticationProvider;

use MediaWiki\Auth\AuthenticationRequest;

use MediaWiki\Auth\AuthenticationResponse;

use MediaWiki\Auth\AuthManager;

use MediaWiki\MediaWikiServices;

use MediaWiki\Extension\OATHAuth\Module\TOTP;

use Message;

use User;


class TOTPSecondaryAuthenticationProvider extends AbstractSecondaryAuthenticationProvider {


    public function getAuthenticationRequests( $action, array $options ) {

        switch ( $action ) {

            case AuthManager::ACTION_LOGIN:

                // don't ask for anything initially so the second factor is on a separate screen

                return [];

            default:

                return [];

        }

    }


    public function beginSecondaryAuthentication( $user, array $reqs ) {

        $userRepo = MediaWikiServices::getInstance()->getService( 'OATHUserRepository' );

        $authUser = $userRepo->findByUser( $user );


        if ( !( $authUser->getModule() instanceof TOTP ) ) {

            return AuthenticationResponse::newAbstain();

        } else {

            return AuthenticationResponse::newUI( [ new TOTPAuthenticationRequest() ],

                wfMessage( 'oathauth-auth-ui' ), 'warning' );

        }

    }


    public function continueSecondaryAuthentication( $user, array $reqs ) {

        $request = AuthenticationRequest::getRequestByClass( $reqs, TOTPAuthenticationRequest::class );

        if ( !$request ) {

            return AuthenticationResponse::newUI( [ new TOTPAuthenticationRequest() ],

                wfMessage( 'oathauth-login-failed' ), 'error' );

        }


        $userRepo = MediaWikiServices::getInstance()->getService( 'OATHUserRepository' );

        $authUser = $userRepo->findByUser( $user );

        $token = $request->OATHToken;


        if ( !( $authUser->getModule() instanceof TOTP ) ) {

            $this->logger->warning( 'Two-factor authentication was disabled mid-authentication for '

                . $user->getName() );

            return AuthenticationResponse::newAbstain();

        }


        // Don't increase pingLimiter, just check for limit exceeded.

        if ( $user->pingLimiter( 'badoath', 0 ) ) {

            return AuthenticationResponse::newUI(

                [ new TOTPAuthenticationRequest() ],

                new Message(

                    'oathauth-throttled',

                    // Arbitrary duration given here

                    [ Message::durationParam( 60 ) ]

                ), 'error' );

        }


        if ( $authUser->getModule()->verify( $authUser, [ 'token' => $token ] ) ) {

            return AuthenticationResponse::newPass();

        } else {

            return AuthenticationResponse::newUI( [ new TOTPAuthenticationRequest() ],

                wfMessage( 'oathauth-login-failed' ), 'error' );

        }

    }


    public function beginSecondaryAccountCreation( $user, $creator, array $reqs ) {

        return AuthenticationResponse::newAbstain();

    }


}


wfMessage
wfMessage( $key,... $params)
This is the function for getting translated interface messages.
Definition GlobalFunctions.php:1263

MediaWiki\Auth\AbstractSecondaryAuthenticationProvider
A base class that implements some of the boilerplate for a SecondaryAuthenticationProvider.
Definition AbstractSecondaryAuthenticationProvider.php:32

MediaWiki\Auth\AuthManager
This serves as the entry point to the authentication system.
Definition AuthManager.php:85

MediaWiki\Auth\AuthenticationRequest
This is a value object for authentication requests.
Definition AuthenticationRequest.php:37

MediaWiki\Auth\AuthenticationResponse
This is a value object to hold authentication response data.
Definition AuthenticationResponse.php:37

MediaWiki\Extension\OATHAuth\Auth\TOTPAuthenticationRequest
AuthManager value object for the TOTP second factor of an authentication: a pseudorandom token that i...
Definition TOTPAuthenticationRequest.php:29

MediaWiki\Extension\OATHAuth\Auth\TOTPSecondaryAuthenticationProvider
AuthManager secondary authentication provider for TOTP second-factor authentication.
Definition TOTPSecondaryAuthenticationProvider.php:39

MediaWiki\Extension\OATHAuth\Auth\TOTPSecondaryAuthenticationProvider\continueSecondaryAuthentication
continueSecondaryAuthentication( $user, array $reqs)
Verify the second factor.
Definition TOTPSecondaryAuthenticationProvider.php:81

MediaWiki\Extension\OATHAuth\Auth\TOTPSecondaryAuthenticationProvider\beginSecondaryAuthentication
beginSecondaryAuthentication( $user, array $reqs)
If the user has enabled two-factor authentication, request a second factor.
Definition TOTPSecondaryAuthenticationProvider.php:65

MediaWiki\Extension\OATHAuth\Auth\TOTPSecondaryAuthenticationProvider\getAuthenticationRequests
getAuthenticationRequests( $action, array $options)
Definition TOTPSecondaryAuthenticationProvider.php:47

MediaWiki\Extension\OATHAuth\Auth\TOTPSecondaryAuthenticationProvider\beginSecondaryAccountCreation
beginSecondaryAccountCreation( $user, $creator, array $reqs)
Definition TOTPSecondaryAuthenticationProvider.php:125

MediaWiki\Extension\OATHAuth\Module\TOTP
Definition TOTP.php:18

MediaWiki\MediaWikiServices
MediaWikiServices is the service locator for the application scope of MediaWiki.
Definition MediaWikiServices.php:117

MediaWiki\MediaWikiServices\getInstance
static getInstance()
Returns the global default instance of the top level service locator.
Definition MediaWikiServices.php:138

Message
The Message class provides methods which fulfil two basic services:
Definition Message.php:162

Message\durationParam
static durationParam( $duration)
Definition Message.php:1049

User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition User.php:51

MediaWiki\Extension\OATHAuth\Auth
This program is free software; you can redistribute it and/or modify it under the terms of the GNU Ge...
Definition SecondaryAuthenticationProvider.php:3