diff options
author | Roeland Jago Douma <roeland@famdouma.nl> | 2018-09-29 20:56:23 +0200 |
---|---|---|
committer | Roeland Jago Douma <roeland@famdouma.nl> | 2018-10-01 15:35:25 +0200 |
commit | 956fe1b86769c1a8a380a61ba72441f0e334e36a (patch) | |
tree | 5aa810228ca324dfe2d12a1f94f213d9ab657345 /apps/twofactor_backupcodes/lib | |
parent | a95154642dd6535ebddebef4e6562e777f2094a4 (diff) | |
download | nextcloud-server-956fe1b86769c1a8a380a61ba72441f0e334e36a.tar.gz nextcloud-server-956fe1b86769c1a8a380a61ba72441f0e334e36a.zip |
Generate backups code notification if not enable but 2fa is
Generate a notification to generate backup codes if you enable an other
2FA provider but backup codes are not yet generated.
* Add event listner
* Insert background job
* Background job tests and emits notification every 2 weeks
* If the backup codes are generated the next run will remove the job
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'apps/twofactor_backupcodes/lib')
4 files changed, 245 insertions, 0 deletions
diff --git a/apps/twofactor_backupcodes/lib/AppInfo/Application.php b/apps/twofactor_backupcodes/lib/AppInfo/Application.php index d2541d87627..1af114a2791 100644 --- a/apps/twofactor_backupcodes/lib/AppInfo/Application.php +++ b/apps/twofactor_backupcodes/lib/AppInfo/Application.php @@ -29,8 +29,14 @@ use OCA\TwoFactorBackupCodes\Db\BackupCodeMapper; use OCA\TwoFactorBackupCodes\Event\CodesGenerated; use OCA\TwoFactorBackupCodes\Listener\ActivityPublisher; use OCA\TwoFactorBackupCodes\Listener\IListener; +use OCA\TwoFactorBackupCodes\Listener\ProviderEnabled; use OCA\TwoFactorBackupCodes\Listener\RegistryUpdater; +use OCA\TwoFactorBackupCodes\Notifications\Notifier; use OCP\AppFramework\App; +use OCP\Authentication\TwoFactorAuth\IRegistry; +use OCP\Authentication\TwoFactorAuth\RegistryEvent; +use OCP\IL10N; +use OCP\Notification\IManager; use OCP\Util; use Symfony\Component\EventDispatcher\EventDispatcherInterface; @@ -44,6 +50,7 @@ class Application extends App { */ public function register() { $this->registerHooksAndEvents(); + $this->registerNotification(); } /** @@ -66,6 +73,27 @@ class Application extends App { $listener->handle($event); } }); + + $eventDispatcher->addListener(IRegistry::EVENT_PROVIDER_ENABLED, function(RegistryEvent $event) use ($container) { + /** @var IListener $listener */ + $listener = $container->query(ProviderEnabled::class); + $listener->handle($event); + }); + } + + public function registerNotification() { + $container = $this->getContainer(); + /** @var IManager $manager */ + $manager = $container->query(IManager::class); + $manager->registerNotifier( + function() use ($container) { + return $container->query(Notifier::class); + }, + function () use ($container) { + $l = $container->query(IL10N::class); + return ['id' => 'twofactor_backupcodes', 'name' => $l->t('Second-factor backup codes')]; + } + ); } public function deleteUser($params) { diff --git a/apps/twofactor_backupcodes/lib/BackgroundJob/RememberBackupCodesJob.php b/apps/twofactor_backupcodes/lib/BackgroundJob/RememberBackupCodesJob.php new file mode 100644 index 00000000000..1f227061feb --- /dev/null +++ b/apps/twofactor_backupcodes/lib/BackgroundJob/RememberBackupCodesJob.php @@ -0,0 +1,92 @@ +<?php +declare(strict_types=1); +/** + * @copyright Copyright (c) 2018, Roeland Jago Douma <roeland@famdouma.nl> + * + * @author Roeland Jago Douma <roeland@famdouma.nl> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\TwoFactorBackupCodes\BackgroundJob; + +use OC\BackgroundJob\TimedJob; +use OCP\AppFramework\Utility\ITimeFactory; +use OCP\Authentication\TwoFactorAuth\IRegistry; +use OCP\BackgroundJob\IJobList; +use OCP\IUserManager; +use OCP\Notification\IManager; + +class RememberBackupCodesJob extends TimedJob { + + /** @var IRegistry */ + private $registry; + + /** @var IUserManager */ + private $userManager; + + /** @var ITimeFactory */ + private $time; + + /** @var IManager */ + private $notificationManager; + + /** @var IJobList */ + private $jobList; + + public function __construct(IRegistry $registry, + IUserManager $userManager, + ITimeFactory $timeFactory, + IManager $notificationManager, + IJobList $jobList) { + $this->registry = $registry; + $this->userManager = $userManager; + $this->time = $timeFactory; + $this->notificationManager = $notificationManager; + $this->jobList = $jobList; + + $this->setInterval(60*60*24*14); + } + + protected function run($argument) { + $uid = $argument['uid']; + $user = $this->userManager->get($uid); + + if ($user === null) { + // We can't run with an invalid user + return; + } + + $providers = $this->registry->getProviderStates($user); + if (isset($providers['backup_codes']) && $providers['backup_codes'] === true) { + // Backup codes already generated lets remove this job + $this->jobList->remove(self::class, $argument); + return; + } + + $date = new \DateTime(); + $date->setTimestamp($this->time->getTime()); + + $notification = $this->notificationManager->createNotification(); + $notification->setApp('twofactor_backupcodes') + ->setUser($user->getUID()) + ->setDateTime($date) + ->setObject('create', 'codes') + ->setSubject('create_backupcodes'); + $this->notificationManager->notify($notification); + } +} diff --git a/apps/twofactor_backupcodes/lib/Listener/ProviderEnabled.php b/apps/twofactor_backupcodes/lib/Listener/ProviderEnabled.php new file mode 100644 index 00000000000..48cbef66f1b --- /dev/null +++ b/apps/twofactor_backupcodes/lib/Listener/ProviderEnabled.php @@ -0,0 +1,61 @@ +<?php +declare(strict_types=1); +/** + * @copyright Copyright (c) 2018, Roeland Jago Douma <roeland@famdouma.nl> + * + * @author Roeland Jago Douma <roeland@famdouma.nl> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\TwoFactorBackupCodes\Listener; + +use OCA\TwoFactorBackupCodes\BackgroundJob\RememberBackupCodesJob; +use OCP\Authentication\TwoFactorAuth\IRegistry; +use OCP\Authentication\TwoFactorAuth\RegistryEvent; +use OCP\BackgroundJob\IJobList; +use Symfony\Component\EventDispatcher\Event; + +class ProviderEnabled implements IListener { + + /** @var IRegistry */ + private $registry; + + /** @var IJobList */ + private $jobList; + + public function __construct(IRegistry $registry, + IJobList $jobList) { + $this->registry = $registry; + $this->jobList = $jobList; + } + + public function handle(Event $event) { + if (!($event instanceof RegistryEvent)) { + return; + } + + $providers = $this->registry->getProviderStates($event->getUser()); + if (isset($providers['backup_codes']) && $providers['backup_codes'] === true) { + // Backup codes already generated nothing to do here + return; + } + + $this->jobList->add(RememberBackupCodesJob::class, ['uid' => $event->getUser()->getUID()]); + } + +} diff --git a/apps/twofactor_backupcodes/lib/Notifications/Notifier.php b/apps/twofactor_backupcodes/lib/Notifications/Notifier.php new file mode 100644 index 00000000000..3d5fedd93ea --- /dev/null +++ b/apps/twofactor_backupcodes/lib/Notifications/Notifier.php @@ -0,0 +1,64 @@ +<?php +declare(strict_types=1); +/** + * @copyright Copyright (c) 2018, Roeland Jago Douma <roeland@famdouma.nl> + * + * @author Roeland Jago Douma <roeland@famdouma.nl> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\TwoFactorBackupCodes\Notifications; + +use OCP\L10N\IFactory; +use OCP\Notification\INotification; +use OCP\Notification\INotifier; + +class Notifier implements INotifier { + + /** @var IFactory */ + private $factory; + + public function __construct(IFactory $factory) { + $this->factory = $factory; + } + + public function prepare(INotification $notification, $languageCode) { + if ($notification->getApp() !== 'twofactor_backupcodes') { + // Not my app => throw + throw new \InvalidArgumentException(); + } + + // Read the language from the notification + $l = $this->factory->get('twofactor_backupcodes', $languageCode); + + switch ($notification->getSubject()) { + case 'create_backupcodes': + $notification->setParsedSubject( + $l->t('Generate backup codes') + )->setParsedMessage( + $l->t('You have enabled two-factor authentication but have not yet generated backup codes. Be sure to do this in case you lose access to your second factor.') + ); + return $notification; + + default: + // Unknown subject => Unknown notification => throw + throw new \InvalidArgumentException(); + } + } + +} |