Page MenuHomePhabricator
Create Task
Maniphest T218210

SO878 Step 1: Refactor OATHAuth extension
Closed, ResolvedPublic
Actions

Description

Objective: The OATHAuth extension currently only supports one time tokens. In order to be
able to use different methods, it needs to be refactored.
The following functions are the result of this project phase

  • This is a code refactoring. The basic functionality of the extension should not change (though, how the functionality occurs/appears can be changed)
  • TOTP as a method is factored out into separate code files.

Details

SubjectRepoBranchLines +/-
Fix formatting of OATHAuth.alias.php filemediawiki/extensions/OATHAuthmaster+8 -2
Refactor the extension to support multiple auth modulesmediawiki/extensions/OATHAuthmaster+1 K -240
Initmediawiki/extensions/WebAuthnmaster+405 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Osnard created this task.Mar 13 2019, 2:08 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 13 2019, 2:08 PM
gerritbot subscribed.Mar 14 2019, 2:43 PM

Change 496451 had a related patch set uploaded (by ItSpiderman; owner: ItSpiderman):
[mediawiki/extensions/OATHAuth@wmf/1.33.0-wmf.20] [WIP] Refactor the extension to support multiple auth modules

https://gerrit.wikimedia.org/r/496451

gerritbot added a project: Patch-For-Review.Mar 14 2019, 2:43 PM
ItSpiderman added a subscriber: Bawolff.Mar 14 2019, 2:45 PM
ItSpiderman added a comment.Mar 14 2019, 2:49 PM

@Bawolff Hello Brian, at this point of the refactoring i have a couple of questions:

  • Both API modules seem to be unused, as well as the OATHAuthUtils class. Can I remove this code?
  • With the possibility of having multiple modules (auth methods), should we offer the user possibility to choose which Auth method to use (rought version implemented), or should it be set on wiki level?

Thank you

ItSpiderman added a subscriber: Bawolff-alt.Mar 18 2019, 7:05 AM
ItSpiderman added a comment.EditedMar 18 2019, 3:07 PM

I have seen that one of the APIs is a meta API, I still dont know where the other one is used, but i did refactor both, so disregard that question.

Krenair subscribed.Mar 18 2019, 3:30 PM

What is SO878?

ItSpiderman added a comment.Mar 19 2019, 7:07 AM

SO878 is our internal project number, the name of this ticket is the same as the name of our internal ticket

gerritbot added a comment.Mar 19 2019, 2:24 PM

Change 496451 had a related patch set uploaded (by ItSpiderman; owner: ItSpiderman):
[mediawiki/extensions/OATHAuth@master] Refactor the extension to support multiple auth modules

https://gerrit.wikimedia.org/r/496451

Osnard added a comment.Mar 25 2019, 4:27 PM

Minutes from the hangout

CCicalese_WMF triaged this task as Medium priority.Mar 25 2019, 4:28 PM
CCicalese_WMF added a parent task: T100373: WebAuthn (U2F) integration for Extension:OATHAuth.
Krenair added a comment.EditedMar 25 2019, 4:31 PM

API would presumably need to be refactored to support multiple methods? And yes, obviously, the API is in use externally.

Bawolff added a comment.Mar 25 2019, 4:31 PM

The user should be able to choose between enabled modules and maybe use them in parallel. But this will be put to the end of the project, as it may require some more work.

Just to be clear on this. Using in parallel is a nice to have, but users being able to chose which method is a requirement as we expect only some users will have access to yubikeys.

Bawolff added a comment.Mar 25 2019, 4:45 PM

In regards to API modules, you may want to consider making it similar to the authmanager login module, as during the normal login process people will be prompted for the 2FA stuff, so it will have to work with that flow anyways.

CCicalese_WMF added projects: Platform Engineering (Needs Cleaning - Security, stability, performance, and scalability (TEC1)), Platform Team Workboards (Contractor - Doing).Mar 26 2019, 5:58 PM
gerritbot added a comment.May 8 2019, 7:31 AM

Change 508765 had a related patch set uploaded (by ItSpiderman; owner: ItSpiderman):
[mediawiki/extensions/WebAuthn@master] Init

https://gerrit.wikimedia.org/r/508765

ItSpiderman mentioned this in rEWATf68b4a184d80: Init.May 8 2019, 8:07 AM
gerritbot added a comment.May 8 2019, 4:33 PM

Change 508765 merged by Brian Wolff:
[mediawiki/extensions/WebAuthn@master] Init

https://gerrit.wikimedia.org/r/508765

gerritbot added a comment.Jun 18 2019, 7:57 PM

Change 496451 merged by jenkins-bot:
[mediawiki/extensions/OATHAuth@master] Refactor the extension to support multiple auth modules

https://gerrit.wikimedia.org/r/496451

Reedy removed a project: Patch-For-Review.Jun 18 2019, 9:57 PM
Reedy updated the task description. (Show Details)
Stashbot added a comment.Jun 18 2019, 10:14 PM

Mentioned in SAL (#wikimedia-releng) [2019-06-18T22:14:03Z] <Reedy> Apply https://gerrit.wikimedia.org/r/#/c/mediawiki/extensions/OATHAuth/+/496451/53/sql/mysql/patch-add_generic_fields.sql to centralauth on beta T218210

Reedy updated the task description. (Show Details)Jun 18 2019, 10:15 PM
gerritbot added a comment.Jul 1 2019, 1:58 PM

Change 508788 had a related patch set uploaded (by Cicalese; owner: ItSpiderman):
[mediawiki/extensions/WebAuthn@master] Implement WebAuthn module

https://gerrit.wikimedia.org/r/508788

gerritbot added a project: Patch-For-Review.Jul 1 2019, 1:58 PM
CCicalese_WMF mentioned this in rEWAT07c6f3f18de1: Implement WebAuthn module.Jul 1 2019, 2:34 PM
Reedy mentioned this in rEWAT31e7c57d2b5b: Implement WebAuthn module.Jul 1 2019, 6:57 PM
ReleaseTaggerBot added a project: MW-1.34-notes (1.34.0-wmf.13; 2019-07-09).Jul 4 2019, 2:00 PM
Reedy closed subtask T226053: Special:Manage_Two-factor_authentication looks odd as Resolved.Jul 4 2019, 6:53 PM
Reedy closed subtask T226057: s/OATH Manage/Manage OATH/ as Resolved.
Reedy removed a subtask: T226058: oathauth-ui-error-page-no-module need refining.Jul 4 2019, 6:56 PM
Reedy removed a subtask: T226056: Describe what different auth methods are.
WDoranWMF moved this task from Contractor - Doing to S&F Workboard on the Platform Team Workboards board.Jul 5 2019, 4:53 PM
WDoranWMF edited projects, added Platform Team Workboards (S&F Workboard); removed Platform Team Workboards (Contractor - Doing).
WDoranWMF moved this task from Backlog to In Progress/Doing on the Platform Team Workboards (S&F Workboard) board.
CCicalese_WMF closed this task as Resolved.Jul 10 2019, 2:12 PM
TheDJ awarded a token.Jul 10 2019, 2:13 PM
CCicalese_WMF edited projects, added Core Platform Team Initiatives (Two-Factor Authentication (TEC1)); removed Platform Engineering (Needs Cleaning - Security, stability, performance, and scalability (TEC1)).Jul 27 2019, 4:12 PM
Reedy mentioned this in T230042: Allow multiple totp devices.Aug 7 2019, 4:56 PM
CCicalese_WMF moved this task from In Progress/Doing to Done on the Platform Team Workboards (S&F Workboard) board.Aug 30 2019, 8:59 PM
Reedy mentioned this in T232639: Get UX review for OATHAuth/WebAuthn.Sep 11 2019, 5:22 PM
gerritbot added a comment.Nov 2 2019, 2:23 AM

Change 547849 had a related patch set uploaded (by Zoranzoki21; owner: Zoranzoki21):
[mediawiki/extensions/OATHAuth@master] Fix formatting of OATHAuth.alias.php file

https://gerrit.wikimedia.org/r/547849

gerritbot added a comment.Nov 9 2019, 6:17 PM

Change 547849 abandoned by Zoranzoki21:
Fix formatting of OATHAuth.alias.php file

https://gerrit.wikimedia.org/r/547849

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL