Page MenuHomePhabricator

SO878 Step 1: Refactor OATHAuth extension
Closed, ResolvedPublic

Description

Objective: The OATHAuth extension currently only supports one time tokens. In order to be
able to use different methods, it needs to be refactored.
The following functions are the result of this project phase

  • This is a code refactoring. The basic functionality of the extension should not change (though, how the functionality occurs/appears can be changed)
  • TOTP as a method is factored out into separate code files.

Event Timeline

Osnard created this task.Mar 13 2019, 2:08 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 13 2019, 2:08 PM

Change 496451 had a related patch set uploaded (by ItSpiderman; owner: ItSpiderman):
[mediawiki/extensions/OATHAuth@wmf/1.33.0-wmf.20] [WIP] Refactor the extension to support multiple auth modules

https://gerrit.wikimedia.org/r/496451

@Bawolff Hello Brian, at this point of the refactoring i have a couple of questions:

  • Both API modules seem to be unused, as well as the OATHAuthUtils class. Can I remove this code?
  • With the possibility of having multiple modules (auth methods), should we offer the user possibility to choose which Auth method to use (rought version implemented), or should it be set on wiki level?

Thank you

ItSpiderman added a comment.EditedMar 18 2019, 3:07 PM

I have seen that one of the APIs is a meta API, I still dont know where the other one is used, but i did refactor both, so disregard that question.

What is SO878?

SO878 is our internal project number, the name of this ticket is the same as the name of our internal ticket

Change 496451 had a related patch set uploaded (by ItSpiderman; owner: ItSpiderman):
[mediawiki/extensions/OATHAuth@master] Refactor the extension to support multiple auth modules

https://gerrit.wikimedia.org/r/496451

Minutes from the hangout

Krenair added a comment.EditedMar 25 2019, 4:31 PM

API would presumably need to be refactored to support multiple methods? And yes, obviously, the API is in use externally.

The user should be able to choose between enabled modules and maybe use them in parallel. But this will be put to the end of the project, as it may require some more work.

Just to be clear on this. Using in parallel is a nice to have, but users being able to chose which method is a requirement as we expect only some users will have access to yubikeys.

In regards to API modules, you may want to consider making it similar to the authmanager login module, as during the normal login process people will be prompted for the 2FA stuff, so it will have to work with that flow anyways.

Change 508765 had a related patch set uploaded (by ItSpiderman; owner: ItSpiderman):
[mediawiki/extensions/WebAuthn@master] Init

https://gerrit.wikimedia.org/r/508765

Change 508765 merged by Brian Wolff:
[mediawiki/extensions/WebAuthn@master] Init

https://gerrit.wikimedia.org/r/508765

Change 496451 merged by jenkins-bot:
[mediawiki/extensions/OATHAuth@master] Refactor the extension to support multiple auth modules

https://gerrit.wikimedia.org/r/496451

Reedy updated the task description. (Show Details)
Reedy updated the task description. (Show Details)Jun 18 2019, 10:15 PM

Change 508788 had a related patch set uploaded (by Cicalese; owner: ItSpiderman):
[mediawiki/extensions/WebAuthn@master] Implement WebAuthn module

https://gerrit.wikimedia.org/r/508788

CCicalese_WMF closed this task as Resolved.Jul 10 2019, 2:12 PM
TheDJ awarded a token.Jul 10 2019, 2:13 PM