Anomie has uploaded a new change for review. https://gerrit.wikimedia.org/r/288998
Change subject: Improve some documentation of AuthManager's additions ...................................................................... Improve some documentation of AuthManager's additions Change-Id: I3d0742b4d8e683f9b1cf65e6a883e9804aeea676 --- M includes/DefaultSettings.php M includes/auth/AbstractPasswordPrimaryAuthenticationProvider.php 2 files changed, 46 insertions(+), 5 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/98/288998/1 diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 5c7eef5..3f76027 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -4477,9 +4477,40 @@ ]; /** - * If it has been this long since the last authentication, recommend - * re-authentication before security-sensitive operations (e.g. password or - * email changes). Set negative to disable. + * Time frame for re-authentication. + * + * With only password-based authentication, you'd just ask the user to re-enter + * their password to verify certain operations like changing the password or + * changing the account's email address. But under AuthManager, the user might + * not have a password (you might even have to redirect the browser to a + * third-party service or something complex like that), you might want to have + * both factors of a two-factor authentication, and so on. So, the options are: + * - Incorporate the whole multi-step authentication flow within everything + * that needs to do this. + * - Consider it good if they used Special:UserLogin during this session within + * the last X seconds. + * - Come up with a third option. + * + * MediaWiki currently takes the second option. This setting configures the + * "X seconds". + * + * This allows for configuring different time frames for different + * "operations". The operations used in MediaWiki core include: + * - LinkAccounts + * - UnlinkAccount + * - ChangeCredentials + * - RemoveCredentials + * - ChangeEmail + * + * Additional operations may be used by extensions, either explicitly by + * calling AuthManager::securitySensitiveOperationStatus(), + * ApiAuthManagerHelper::securitySensitiveOperation() or + * SpecialPage::checkLoginSecurityLevel(), or implicitly by overriding + * SpecialPage::getLoginSecurityLevel() or by subclassing + * AuthManagerSpecialPage. + * + * The key 'default' is used if a requested operation isn't defined in the array. + * * @since 1.27 * @var int[] operation => time in seconds. A 'default' key must always be provided. */ @@ -4488,8 +4519,18 @@ ]; /** - * Whether to allow security-sensitive operations when authentication is not possible. + * Whether to allow security-sensitive operations when re-authentication is not possible. + * + * If AuthManager::canAuthenticateNow() is false (e.g. the current + * SessionProvider is not able to change users, such as when OAuth is in use), + * AuthManager::securitySensitiveOperationStatus() cannot sensibly return + * SEC_REAUTH. Setting an operation true here will have it return SEC_OK in + * that case, while setting it false will have it return SEC_FAIL. + * + * The key 'default' is used if a requested operation isn't defined in the array. + * * @since 1.27 + * @see $wgReauthenticateTime * @var bool[] operation => boolean. A 'default' key must always be provided. */ $wgAllowSecuritySensitiveOperationIfCannotReauthenticate = [ diff --git a/includes/auth/AbstractPasswordPrimaryAuthenticationProvider.php b/includes/auth/AbstractPasswordPrimaryAuthenticationProvider.php index 900d2e5..f5bfc2a 100644 --- a/includes/auth/AbstractPasswordPrimaryAuthenticationProvider.php +++ b/includes/auth/AbstractPasswordPrimaryAuthenticationProvider.php @@ -34,7 +34,7 @@ extends AbstractPrimaryAuthenticationProvider { /** @var bool Whether this provider should ABSTAIN (false) or FAIL (true) on password failure */ - protected $authoritative = true; + protected $authoritative; private $passwordFactory = null; -- To view, visit https://gerrit.wikimedia.org/r/288998 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I3d0742b4d8e683f9b1cf65e6a883e9804aeea676 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: Anomie <bjor...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits