Make admin_audit listen to 2fa events

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

2 files changed, 91 insertions, 0 deletions

diff --git a/apps/admin_audit/lib/Actions/Security.php b/apps/admin_audit/lib/Actions/Security.php
new file mode 100644
index 00000000000..4e631aedddd
--- /dev/null
+++ b/apps/admin_audit/lib/Actions/Security.php
@@ -0,0 +1,75 @@
+<?php
+declare(strict_types=1);
+/**
+ * @copyright Copyright (c) 2018 Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @author Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\AdminAudit\Actions;
+use OCP\IUser;
+
+/**
+ * Class Sharing logs the sharing actions
+ *
+ * @package OCA\AdminAudit\Actions
+ */
+class Security extends Action {
+	/**
+	 * Log twofactor auth enabled
+	 *
+	 * @param IUser $user
+	 * @param array $params
+	 */
+	public function twofactorFailed(IUser $user, array $params) {
+		$params['uid'] = $user->getUID();
+		$params['displayName'] = $user->getDisplayName();
+
+		$this->log(
+			'Failed two factor attempt by user %s (%s) with provider %s',
+			$params,
+			[
+				'displayname',
+				'uid',
+				'provider',
+			]
+		);
+	}
+
+	/**
+	 * Logs unsharing of data
+	 *
+	 * @param IUser $user
+	 * @param array $params
+	 */
+	public function twofactorSuccess(IUser $user, array $params) {
+		$params['uid'] = $user->getUID();
+		$params['displayName'] = $user->getDisplayName();
+
+		$this->log(
+			'Successful two factor attempt by user %s (%s) with provider %s',
+			$params,
+			[
+				'displayname',
+				'uid',
+				'provider',
+			]
+		);
+	}
+}
diff --git a/apps/admin_audit/lib/AppInfo/Application.php b/apps/admin_audit/lib/AppInfo/Application.php
index d3ae4ad26c1..470352f895e 100644
--- a/apps/admin_audit/lib/AppInfo/Application.php
+++ b/apps/admin_audit/lib/AppInfo/Application.php
@@ -33,12 +33,14 @@ use OCA\AdminAudit\Actions\Auth;
 use OCA\AdminAudit\Actions\Console;
 use OCA\AdminAudit\Actions\Files;
 use OCA\AdminAudit\Actions\GroupManagement;
+use OCA\AdminAudit\Actions\Security;
 use OCA\AdminAudit\Actions\Sharing;
 use OCA\AdminAudit\Actions\Trashbin;
 use OCA\AdminAudit\Actions\UserManagement;
 use OCA\AdminAudit\Actions\Versions;
 use OCP\App\ManagerEvent;
 use OCP\AppFramework\App;
+use OCP\Authentication\TwoFactorAuth\IProvider;
 use OCP\Console\ConsoleEvent;
 use OCP\IGroupManager;
 use OCP\ILogger;
@@ -75,6 +77,8 @@ class Application extends App {
 		$this->fileHooks($logger);
 		$this->trashbinHooks($logger);
 		$this->versionsHooks($logger);
+
+		$this->securityHooks($logger);
 	}
 
 	protected function userManagementHooks(ILogger $logger) {
@@ -218,4 +222,16 @@ class Application extends App {
 		Util::connectHook('\OCP\Trashbin', 'preDelete', $trashActions, 'delete');
 		Util::connectHook('\OCA\Files_Trashbin\Trashbin', 'post_restore', $trashActions, 'restore');
 	}
+
+	protected function securityHooks(ILogger $logger) {
+		$eventDispatcher = $this->getContainer()->getServer()->getEventDispatcher();
+		$eventDispatcher->addListener(IProvider::EVENT_SUCCESS, function(GenericEvent $event) use ($logger) {
+			$security = new Security($logger);
+			$security->twofactorSuccess($event->getSubject(), $event->getArguments());
+		});
+		$eventDispatcher->addListener(IProvider::EVENT_FAILED, function(GenericEvent $event) use ($logger) {
+			$security = new Security($logger);
+			$security->twofactorFailed($event->getSubject(), $event->getArguments());
+		});
+	}
 }