A Two Factor third party App may throw a TwoFactorException() with a more detailed error message in case the authentication fails. The 2FA Controller will then display the message of this Exception to the user. Working on #26593 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>tags/v12.0.0beta1
@@ -26,6 +26,7 @@ namespace OC\Core\Controller; | |||
use OC\Authentication\TwoFactorAuth\Manager; | |||
use OC_User; | |||
use OC_Util; | |||
use OCP\Authentication\TwoFactorAuth\TwoFactorException; | |||
use OCP\AppFramework\Controller; | |||
use OCP\AppFramework\Http\RedirectResponse; | |||
use OCP\AppFramework\Http\TemplateResponse; | |||
@@ -115,9 +116,12 @@ class TwoFactorChallengeController extends Controller { | |||
$backupProvider = null; | |||
} | |||
$error_message = ""; | |||
if ($this->session->exists('two_factor_auth_error')) { | |||
$this->session->remove('two_factor_auth_error'); | |||
$error = true; | |||
$error_message = $this->session->get("two_factor_auth_error_message"); | |||
$this->session->remove('two_factor_auth_error_message'); | |||
} else { | |||
$error = false; | |||
} | |||
@@ -125,6 +129,7 @@ class TwoFactorChallengeController extends Controller { | |||
$tmpl->assign('redirect_url', $redirect_url); | |||
$data = [ | |||
'error' => $error, | |||
'error_message' => $error_message, | |||
'provider' => $provider, | |||
'backupProvider' => $backupProvider, | |||
'logout_attribute' => $this->getLogoutAttribute(), | |||
@@ -151,11 +156,21 @@ class TwoFactorChallengeController extends Controller { | |||
return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge')); | |||
} | |||
if ($this->twoFactorManager->verifyChallenge($challengeProviderId, $user, $challenge)) { | |||
if (!is_null($redirect_url)) { | |||
return new RedirectResponse($this->urlGenerator->getAbsoluteURL(urldecode($redirect_url))); | |||
try { | |||
if ($this->twoFactorManager->verifyChallenge($challengeProviderId, $user, $challenge)) { | |||
if (!is_null($redirect_url)) { | |||
return new RedirectResponse($this->urlGenerator->getAbsoluteURL(urldecode($redirect_url))); | |||
} | |||
return new RedirectResponse($this->urlGenerator->linkToRoute('files.view.index')); | |||
} | |||
return new RedirectResponse(OC_Util::getDefaultPageUrl()); | |||
} catch (TwoFactorException $e) { | |||
/* | |||
* The 2FA App threw an TwoFactorException. Now we display more | |||
* information to the user. The exception text is stored in the | |||
* session to be used in showChallenge() | |||
*/ | |||
$this->session->set('two_factor_auth_error_message', | |||
$e->getMessage()); | |||
} | |||
$this->session->set('two_factor_auth_error', true); |
@@ -3,6 +3,8 @@ | |||
/** @var $_ array */ | |||
/* @var $error boolean */ | |||
$error = $_['error']; | |||
/* @var $error_message string */ | |||
$error_message = $_['error_message']; | |||
/* @var $provider OCP\Authentication\TwoFactorAuth\IProvider */ | |||
$provider = $_['provider']; | |||
/* @var $template string */ | |||
@@ -12,7 +14,11 @@ $template = $_['template']; | |||
<div class="warning"> | |||
<h2 class="two-factor-header"><?php p($provider->getDisplayName()); ?></h2> | |||
<?php if ($error): ?> | |||
<p><strong><?php p($l->t('Error while validating your second factor')); ?></strong></p> | |||
<?php if($error_message): ?> | |||
<p><strong><?php p($error_message); ?></strong></p> | |||
<?php else: ?> | |||
<p><strong><?php p($l->t('Error while validating your second factor')); ?></strong></p> | |||
<?php endif; ?> | |||
<?php endif; ?> | |||
<?php print_unescaped($template); ?> | |||
</div> |
@@ -0,0 +1,37 @@ | |||
<?php | |||
/** | |||
* @author Cornelius Kölbel <cornelius.koelbel@netknights.it> | |||
* | |||
* @license AGPL-3.0 | |||
* | |||
* This code is free software: you can redistribute it and/or modify | |||
* it under the terms of the GNU Affero General Public License, version 3, | |||
* as published by the Free Software Foundation. | |||
* | |||
* This program is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU Affero General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Affero General Public License, version 3, | |||
* along with this program. If not, see <http://www.gnu.org/licenses/> | |||
* | |||
* User: cornelius | |||
* Date: 14.11.16 | |||
*/ | |||
/* | |||
* This is the public API of ownCloud. It defines an Exception a 2FA app can | |||
* throw in case of an error. The 2FA Controller will catch this exception and | |||
* display this error. | |||
*/ | |||
// use OCP namespace for all classes that are considered public. | |||
// This means that they should be used by apps instead of the internal ownCloud classes | |||
namespace OCP\Authentication\TwoFactorAuth; | |||
/** | |||
* Two Factor Authentication failed | |||
* @since 9.2.0 | |||
*/ | |||
class TwoFactorException extends \Exception {} |