[MediaWiki-commits] [Gerrit] Allow for using separate database for OATH creds - change (mediawiki...OATHAuth)

Parent5446 (Code Review) Mon, 25 May 2015 16:48:50 -0700

Parent5446 has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/213764


Change subject: Allow for using separate database for OATH creds
......................................................................

Allow for using separate database for OATH creds

Add configuration variable for specifying what database the OATH
credentials are stored in, that way wikis that use CentralAuth can
centralize their two-factor authentication data as well.

Bug: T100374
Change-Id: I285e2fe29fee43ddc6c5a6e51823911d43c596f6
---
M OATHAuth.hooks.php
M OATHAuth.php
M special/SpecialOATH.php
3 files changed, 34 insertions(+), 10 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OATHAuth 
refs/changes/64/213764/1

diff --git a/OATHAuth.hooks.php b/OATHAuth.hooks.php
index 2f67911..cd29716 100644
--- a/OATHAuth.hooks.php
+++ b/OATHAuth.hooks.php
@@ -7,6 +7,23 @@
  */
 class OATHAuthHooks {
        /**
+        * Get the singleton OATH user repository
+        *
+        * @return OATHUserRepository
+        */
+       public static function getOATHUserRepository() {
+               global $wgOATHAuthDatabase;
+
+               static $service = null;
+
+               if ( $service !== null ) {
+                       $service = new OATHUserRepository( wfGetLB( 
$wgOATHAuthDatabase ) );
+               }
+
+               return $service;
+       }
+
+       /**
         * @param $extraFields array
         * @return bool
         */
@@ -28,8 +45,7 @@
                global $wgRequest;
 
                $token = $wgRequest->getText( 'wpOATHToken' );
-               $oathrepo = new OATHUserRepository( wfGetLB() );
-               $oathuser = $oathrepo->findByUser( $user );
+               $oathuser = self::getOATHUserRepository()->findByUser( $user );
                # Though it's weird to default to true, we only want to deny
                # users who have two-factor enabled and have validated their
                # token.
@@ -60,8 +76,7 @@
                $request = $context->getRequest();
                $output = $context->getOutput();
 
-               $oathrepo = new OATHUserRepository( wfGetLB() );
-               $oathuser = $oathrepo->findByUser( $user );
+               $oathuser = self::getOATHUserRepository()->findByUser( $user );
 
                if ( $oathuser->getKey() !== null && !$request->getCheck( 
'token' ) ) {
                        $request->setSessionData( 'oath_login', 
$request->getValues() );
@@ -82,8 +97,7 @@
         * @return bool
         */
        public static function manageOATH( User $user, array &$preferences ) {
-               $oathrepo = new OATHUserRepository( wfGetLB() );
-               $oathUser = $oathrepo->findByUser( $user );
+               $oathUser = self::getOATHUserRepository()->findByUser( $user );
 
                $title = SpecialPage::getTitleFor( 'OATH' );
                $msg = $oathUser->getKey() !== null ? 'oathauth-disable' : 
'oathauth-enable';
diff --git a/OATHAuth.php b/OATHAuth.php
index 9a0b805..156bc69 100644
--- a/OATHAuth.php
+++ b/OATHAuth.php
@@ -41,6 +41,17 @@
  */
 $wgOATHAuthWindowRadius = 4;
 
+/**
+ * Database that OATH authentication data is kept in
+ *
+ * It is recommended that if you use CentralAuth or some other similar 
authentication
+ * mechanism that you either make the `oathauth_users` table a shared table, 
or use this
+ * variable to change the database, and make all the wikis share the same date.
+ *
+ * @var string|false
+ */
+$wgOATHAuthDatabase = false;
+
 $dir = __DIR__ . '/';
 
 $wgMessagesDirs['OATHAuth'] = __DIR__ . '/i18n';
diff --git a/special/SpecialOATH.php b/special/SpecialOATH.php
index 6988a5c..b3194b1 100644
--- a/special/SpecialOATH.php
+++ b/special/SpecialOATH.php
@@ -11,13 +11,12 @@
         * @return 
SpecialOATHDisable|SpecialOATHEnable|SpecialOATHLogin|SpecialPage
         */
        protected function getTargetPage() {
-               $repo = new OATHUserRepository( wfGetLB() );
+               $repo = OATHAuthHooks::getOATHUserRepository();
+               /** @var 
SpecialOATHDisable|SpecialOATHEnable|SpecialOATHLogin|SpecialPage $page */
+               $page = null;
 
                /** @var array $sessionUser */
                $loginInfo = $this->getRequest()->getSessionData( 'oath_login' 
);
-
-               /** @var 
SpecialOATHDisable|SpecialOATHEnable|SpecialOATHLogin|SpecialPage $page */
-               $page = null;
                if ( $this->getUser()->isAnon() && $loginInfo !== null ) {
                        // User is anonymous, so they are logging in
                        $page = new SpecialOATHLogin(

-- 
To view, visit https://gerrit.wikimedia.org/r/213764
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I285e2fe29fee43ddc6c5a6e51823911d43c596f6
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OATHAuth
Gerrit-Branch: master
Gerrit-Owner: Parent5446 <tylerro...@gmail.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Allow for using separate database for OATH creds - change (mediawiki...OATHAuth)

Reply via email to