Page MenuHomePhabricator
Create Task
Maniphest T180279

Enable 2FA normal login
Open, HighPublic
Actions

Description

Per this blog post about Commons' mobile app, it should be possible to allow users that use 2FA to login normally (without BotPassword) by adding a field to the login form to enter the code.
https://addshore.com/2017/05/wikimedia-commons-android-app-pre-hackathon/
https://github.com/commons-app/apps-android-commons/blob/e3ef7002d5d77c1e8cd98c2a72bbc38c8959c276/app/src/main/java/fr/free/nrw/commons/auth/LoginTask.java#L117
https://github.com/commons-app/apps-android-commons/blob/b0e8175003a686789474238dd293aa89d1e925c7/app/src/main/java/fr/free/nrw/commons/mwapi/ApacheHttpClientMediaWikiApi.java#L93

api.action("clientlogin")
                .param("rememberMe", "1")
                .param("username", username)
                .param("password", password)
                .param("logintoken", getLoginToken())
                .param("logincontinue", "1")
                .param("OATHToken", twoFactorCode)
.post()

Diagram of how it should work

          +----------------------+                    +---------------------------+
          |Bot login is requested|                    |Classic login is requested |
          +-----------+----------+                    +--------------+------------+
                      |                                              |
                      |                                              |
                      |                                              |
        +-------------v-------------+                    +-----------v---------+
  Nope  |* Check if username conform|                    |ClientLogin API query+----------+
+-------+  (it has @suffix)         |                    |is requested         |          |
|       +-------------+-------------+                    +------+--------+-----+          |
|                     |                                         |        |           +----v-----------------------+
|                     | Yes                                     |        |           |Query fails with other error|
|                     |                                         |        |           +--------------------------+-+
|                     |                                         |        |                                      |
|       +-------------v------------------+                      |  +-----v----------+   +---------------------+ |
|       |* Login using standard API query|                      |  |Query fails with+--->2FA form is displayed| |
|       |  action=login                  |                      |  |"UI" error      |   |to user and ask for  | |
|       +-----+--------------------+-----+                      |  +----------------+   |their login token    | |
|             |                    |                            |                       +-----+---------------+ |
|             |                    |                            |                             |                 |
|      +------v-----+        +-----v-----------------------+    |                      +------v--------------+  |
|      |Query failed|        |Query is successfuly finished|    |              +-------+ClientLogin API query|  |
|      +------+-----+        +---------------------------+-+    |              |       |with token           |  |
|             |                                          |      |              |       +-----------+---------+  |
|             |                                          |      |              |                   |            |
|             |                                          |   +--v--------------v-+                 |            |
|             |                                          |   |Query is successful|          +------v----+       |
|             |                                          |   +--------------+----+          |Query fails|       |
|             |                                          |                  |               +------+----+       |
|             |                                          |                  |                      |            |
|      +------v----------------------------+             |   +--------------v--------+             |            |
+------>Show error to user with explanation|             +--->Login successful.      |             |            |
       |on what's wrong                    |                 |                       |             |            |
       +--------------------------^---^----+                 +--------------+--------+             |            |
                                  |   |                                     |                      |            |
                                  |   +-------------------------------------------------------------------------+
                                  |                                         |                      |
                                  +----------------------------------------------------------------+
                                                                            |
                                                                 +----------v-----------+
                                                                 |Continue login process|
                                                                 +----------------------+

Related Objects

Event Timeline

Framawiki created this task.Nov 11 2017, 8:11 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 11 2017, 8:11 AM
Petrb triaged this task as Low priority.Nov 11 2017, 10:28 AM
Framawiki added a project: Patch-For-Review.Nov 11 2017, 7:37 PM

As I understand here T150900#2803838 action=login is depreciated, and we should instead use action=clientlogin, that support 2FA. See this implementation too.

PR: https://github.com/huggle/huggle3-qt-lx/pull/260

Framawiki added a comment.EditedNov 12 2017, 12:59 PM
                 "Login" button
                        +
                        |
                        |
           +------------v------------+
           |                         |
           |meta=tokens&type=login   |
           |                         |
           +------------+------------+
                        |
                        |
                        |
           +------------v------------+
           |action=clientlogin       |
           |with token, user, pass   |
           |                         |
           +------------+------------+
                        |
                        |
                        |
Works ("PASS")    <-----+----->    Fail ("UI")
                                   -> 2fa is enabled
       +                                  +
       |                                  |
       |
       |                               ask 2fa
       |
       |                                  +
       |                                  |
       |                      +-----------v-------------+
       |                      |action=clientlogin       |
       |                      |with user, pass, token,  |
       |                      |totp(2fa)                |
       |                      +-----------+-------------+
       |                                  |
       |                                  |
       |                                  |
       |                                  |
       +------> user is logged in <-------+
Liuxinyu970226 subscribed.Nov 16 2017, 10:45 AM
Petrb updated the task description. (Show Details)Nov 16 2017, 12:31 PM
Petrb updated the task description. (Show Details)Nov 16 2017, 12:41 PM
Petrb updated the task description. (Show Details)Nov 17 2017, 9:20 AM
Framawiki mentioned this in T186274: Enable 2FA normal login.Feb 1 2018, 10:26 PM
Masti subscribed.Feb 2 2018, 12:02 AM
Petrb raised the priority of this task from Low to High.Jun 1 2018, 9:47 PM
Restricted Application added a subscriber: RichSmith. · View Herald TranscriptJun 1 2018, 9:47 PM
Petrb moved this task from Backlog to Code / Features on the Huggle board.Oct 10 2018, 6:16 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits