Merge pull request #7916 from nextcloud/2fa_log

Add 2FA to logfile
author: Morris Jobke <hey@morrisjobke.de> 2018-01-25 15:57:32 +0100
committer: GitHub <noreply@github.com> 2018-01-25 15:57:32 +0100
commit: b9bbb894f8b01e000bb5e3a8a82db7bebad3ea00 (patch)
tree: 4ac082ef197fdb2a7b6246c2582b63d2ecf70fdb /apps
parent: 8160d0bc2aa334806e6c6e45e4f49bd9cf1a8097 (diff)
parent: 9e76577ead00471d556c4fcf3534fd17c5b21fec (diff)
download: nextcloud-server-b9bbb894f8b01e000bb5e3a8a82db7bebad3ea00.tar.gz
nextcloud-server-b9bbb894f8b01e000bb5e3a8a82db7bebad3ea00.zip
5 files changed, 168 insertions, 0 deletions
diff --git a/apps/admin_audit/composer/composer/autoload_classmap.php b/apps/admin_audit/composer/composer/autoload_classmap.php
index 487e05172de..c08200c7c20 100644
--- a/apps/admin_audit/composer/composer/autoload_classmap.php
+++ b/apps/admin_audit/composer/composer/autoload_classmap.php
@@ -12,6 +12,7 @@ return array(
     'OCA\\AdminAudit\\Actions\\Console' => $baseDir . '/../lib/Actions/Console.php',
     'OCA\\AdminAudit\\Actions\\Files' => $baseDir . '/../lib/Actions/Files.php',
     'OCA\\AdminAudit\\Actions\\GroupManagement' => $baseDir . '/../lib/Actions/GroupManagement.php',
+    'OCA\\AdminAudit\\Actions\\Security' => $baseDir . '/../lib/Actions/Security.php',
     'OCA\\AdminAudit\\Actions\\Sharing' => $baseDir . '/../lib/Actions/Sharing.php',
     'OCA\\AdminAudit\\Actions\\Trashbin' => $baseDir . '/../lib/Actions/Trashbin.php',
     'OCA\\AdminAudit\\Actions\\UserManagement' => $baseDir . '/../lib/Actions/UserManagement.php',
diff --git a/apps/admin_audit/composer/composer/autoload_static.php b/apps/admin_audit/composer/composer/autoload_static.php
index b5f055de44e..ef088bd22d9 100644
--- a/apps/admin_audit/composer/composer/autoload_static.php
+++ b/apps/admin_audit/composer/composer/autoload_static.php
@@ -27,6 +27,7 @@ class ComposerStaticInitAdminAudit
         'OCA\\AdminAudit\\Actions\\Console' => __DIR__ . '/..' . '/../lib/Actions/Console.php',
         'OCA\\AdminAudit\\Actions\\Files' => __DIR__ . '/..' . '/../lib/Actions/Files.php',
         'OCA\\AdminAudit\\Actions\\GroupManagement' => __DIR__ . '/..' . '/../lib/Actions/GroupManagement.php',
+        'OCA\\AdminAudit\\Actions\\Security' => __DIR__ . '/..' . '/../lib/Actions/Security.php',
         'OCA\\AdminAudit\\Actions\\Sharing' => __DIR__ . '/..' . '/../lib/Actions/Sharing.php',
         'OCA\\AdminAudit\\Actions\\Trashbin' => __DIR__ . '/..' . '/../lib/Actions/Trashbin.php',
         'OCA\\AdminAudit\\Actions\\UserManagement' => __DIR__ . '/..' . '/../lib/Actions/UserManagement.php',
diff --git a/apps/admin_audit/lib/Actions/Security.php b/apps/admin_audit/lib/Actions/Security.php
new file mode 100644
index 00000000000..b7ef1332f36
--- /dev/null
+++ b/apps/admin_audit/lib/Actions/Security.php
@@ -0,0 +1,75 @@
+<?php
+declare(strict_types=1);
+/**
+ * @copyright Copyright (c) 2018 Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @author Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\AdminAudit\Actions;
+use OCP\IUser;
+
+/**
+ * Class Sharing logs the sharing actions
+ *
+ * @package OCA\AdminAudit\Actions
+ */
+class Security extends Action {
+	/**
+	 * Log twofactor auth enabled
+	 *
+	 * @param IUser $user
+	 * @param array $params
+	 */
+	public function twofactorFailed(IUser $user, array $params) {
+		$params['uid'] = $user->getUID();
+		$params['displayName'] = $user->getDisplayName();
+
+		$this->log(
+			'Failed two factor attempt by user %s (%s) with provider %s',
+			$params,
+			[
+				'displayName',
+				'uid',
+				'provider',
+			]
+		);
+	}
+
+	/**
+	 * Logs unsharing of data
+	 *
+	 * @param IUser $user
+	 * @param array $params
+	 */
+	public function twofactorSuccess(IUser $user, array $params) {
+		$params['uid'] = $user->getUID();
+		$params['displayName'] = $user->getDisplayName();
+
+		$this->log(
+			'Successful two factor attempt by user %s (%s) with provider %s',
+			$params,
+			[
+				'displayName',
+				'uid',
+				'provider',
+			]
+		);
+	}
+}
diff --git a/apps/admin_audit/lib/AppInfo/Application.php b/apps/admin_audit/lib/AppInfo/Application.php
index d3ae4ad26c1..470352f895e 100644
--- a/apps/admin_audit/lib/AppInfo/Application.php
+++ b/apps/admin_audit/lib/AppInfo/Application.php
@@ -33,12 +33,14 @@ use OCA\AdminAudit\Actions\Auth;
 use OCA\AdminAudit\Actions\Console;
 use OCA\AdminAudit\Actions\Files;
 use OCA\AdminAudit\Actions\GroupManagement;
+use OCA\AdminAudit\Actions\Security;
 use OCA\AdminAudit\Actions\Sharing;
 use OCA\AdminAudit\Actions\Trashbin;
 use OCA\AdminAudit\Actions\UserManagement;
 use OCA\AdminAudit\Actions\Versions;
 use OCP\App\ManagerEvent;
 use OCP\AppFramework\App;
+use OCP\Authentication\TwoFactorAuth\IProvider;
 use OCP\Console\ConsoleEvent;
 use OCP\IGroupManager;
 use OCP\ILogger;
@@ -75,6 +77,8 @@ class Application extends App {
 		$this->fileHooks($logger);
 		$this->trashbinHooks($logger);
 		$this->versionsHooks($logger);
+
+		$this->securityHooks($logger);
 	}
 
 	protected function userManagementHooks(ILogger $logger) {
@@ -218,4 +222,16 @@ class Application extends App {
 		Util::connectHook('\OCP\Trashbin', 'preDelete', $trashActions, 'delete');
 		Util::connectHook('\OCA\Files_Trashbin\Trashbin', 'post_restore', $trashActions, 'restore');
 	}
+
+	protected function securityHooks(ILogger $logger) {
+		$eventDispatcher = $this->getContainer()->getServer()->getEventDispatcher();
+		$eventDispatcher->addListener(IProvider::EVENT_SUCCESS, function(GenericEvent $event) use ($logger) {
+			$security = new Security($logger);
+			$security->twofactorSuccess($event->getSubject(), $event->getArguments());
+		});
+		$eventDispatcher->addListener(IProvider::EVENT_FAILED, function(GenericEvent $event) use ($logger) {
+			$security = new Security($logger);
+			$security->twofactorFailed($event->getSubject(), $event->getArguments());
+		});
+	}
 }
diff --git a/apps/admin_audit/tests/Actions/SecurityTest.php b/apps/admin_audit/tests/Actions/SecurityTest.php
new file mode 100644
index 00000000000..3a3f25933f4
--- /dev/null
+++ b/apps/admin_audit/tests/Actions/SecurityTest.php
@@ -0,0 +1,75 @@
+<?php
+declare(strict_types=1);
+/**
+ * @copyright Copyright (c) 2018 Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @author Roeland Jago Douma <roeland@famdouma.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\AdminAudit\Tests\Actions;
+
+use OCA\AdminAudit\Actions\Security;
+use OCP\ILogger;
+use OCP\IUser;
+use Test\TestCase;
+
+class SecurityTest extends TestCase {
+	/** @var ILogger|\PHPUnit_Framework_MockObject_MockObject */
+	private $logger;
+
+	/** @var Security */
+	private $security;
+
+	/** @var IUser|\PHPUnit_Framework_MockObject_MockObject */
+	private $user;
+
+	public function setUp() {
+		parent::setUp();
+
+		$this->logger = $this->createMock(ILogger::class);
+		$this->security = new Security($this->logger);
+
+		$this->user = $this->createMock(IUser::class);
+		$this->user->method('getUID')->willReturn('myuid');
+		$this->user->method('getDisplayName')->willReturn('mydisplayname');
+	}
+
+	public function testTwofactorFailed() {
+		$this->logger->expects($this->once())
+			->method('info')
+			->with(
+				$this->equalTo('Failed two factor attempt by user mydisplayname (myuid) with provider myprovider'),
+				['app' => 'admin_audit']
+			);
+
+		$this->security->twofactorFailed($this->user, ['provider' => 'myprovider']);
+	}
+
+	public function testTwofactorSuccess() {
+		$this->logger->expects($this->once())
+			->method('info')
+			->with(
+				$this->equalTo('Successful two factor attempt by user mydisplayname (myuid) with provider myprovider'),
+				['app' => 'admin_audit']
+			);
+
+		$this->security->twofactorSuccess($this->user, ['provider' => 'myprovider']);
+	}
+
+}
author	Morris Jobke <hey@morrisjobke.de>	2018-01-25 15:57:32 +0100
committer	GitHub <noreply@github.com>	2018-01-25 15:57:32 +0100
commit	b9bbb894f8b01e000bb5e3a8a82db7bebad3ea00 (patch)
tree	4ac082ef197fdb2a7b6246c2582b63d2ecf70fdb /apps
parent	8160d0bc2aa334806e6c6e45e4f49bd9cf1a8097 (diff)
parent	9e76577ead00471d556c4fcf3534fd17c5b21fec (diff)
download	nextcloud-server-b9bbb894f8b01e000bb5e3a8a82db7bebad3ea00.tar.gz nextcloud-server-b9bbb894f8b01e000bb5e3a8a82db7bebad3ea00.zip