summaryrefslogtreecommitdiffstats
path: root/core
diff options
context:
space:
mode:
authorMorris Jobke <hey@morrisjobke.de>2018-10-15 10:58:05 +0200
committerGitHub <noreply@github.com>2018-10-15 10:58:05 +0200
commit8177fdb0f67a7fdfc86c27b3995afd9e5adfdce8 (patch)
tree106b75afe1b9f1880c0cdbd4d469d82b4a4e78c5 /core
parente36d4a990d19113cd763e5893faaa4d1877d4022 (diff)
parent83e994c11fcc25a525e604bf7cc100f574794e02 (diff)
downloadnextcloud-server-8177fdb0f67a7fdfc86c27b3995afd9e5adfdce8.tar.gz
nextcloud-server-8177fdb0f67a7fdfc86c27b3995afd9e5adfdce8.zip
Merge pull request #11765 from nextcloud/feature/mandatory-2fa-for-groups
Mandatory 2FA for groups
Diffstat (limited to 'core')
-rw-r--r--core/Command/TwoFactorAuth/Enforce.php37
1 files changed, 31 insertions, 6 deletions
diff --git a/core/Command/TwoFactorAuth/Enforce.php b/core/Command/TwoFactorAuth/Enforce.php
index 44103e718e4..dc631aac067 100644
--- a/core/Command/TwoFactorAuth/Enforce.php
+++ b/core/Command/TwoFactorAuth/Enforce.php
@@ -26,6 +26,8 @@ declare(strict_types=1);
namespace OC\Core\Command\TwoFactorAuth;
+use function implode;
+use OC\Authentication\TwoFactorAuth\EnforcementState;
use OC\Authentication\TwoFactorAuth\MandatoryTwoFactor;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputInterface;
@@ -58,17 +60,32 @@ class Enforce extends Command {
InputOption::VALUE_NONE,
'don\'t enforce two-factor authenticaton'
);
+ $this->addOption(
+ 'group',
+ null,
+ InputOption::VALUE_OPTIONAL | InputOption::VALUE_IS_ARRAY,
+ 'enforce only for the given group(s)'
+ );
+ $this->addOption(
+ 'exclude',
+ null,
+ InputOption::VALUE_OPTIONAL | InputOption::VALUE_IS_ARRAY,
+ 'exclude mandatory two-factor auth for the given group(s)'
+ );
}
protected function execute(InputInterface $input, OutputInterface $output) {
if ($input->getOption('on')) {
- $this->mandatoryTwoFactor->setEnforced(true);
+ $enforcedGroups = $input->getOption('group');
+ $excludedGroups = $input->getOption('exclude');
+ $this->mandatoryTwoFactor->setState(new EnforcementState(true, $enforcedGroups, $excludedGroups));
} elseif ($input->getOption('off')) {
- $this->mandatoryTwoFactor->setEnforced(false);
+ $this->mandatoryTwoFactor->setState(new EnforcementState(false));
}
- if ($this->mandatoryTwoFactor->isEnforced()) {
- $this->writeEnforced($output);
+ $state = $this->mandatoryTwoFactor->getState();
+ if ($state->isEnforced()) {
+ $this->writeEnforced($output, $state);
} else {
$this->writeNotEnforced($output);
}
@@ -77,8 +94,16 @@ class Enforce extends Command {
/**
* @param OutputInterface $output
*/
- protected function writeEnforced(OutputInterface $output) {
- $output->writeln('Two-factor authentication is enforced for all users');
+ protected function writeEnforced(OutputInterface $output, EnforcementState $state) {
+ if (empty($state->getEnforcedGroups())) {
+ $message = 'Two-factor authentication is enforced for all users';
+ } else {
+ $message = 'Two-factor authentication is enforced for members of the group(s) ' . implode(', ', $state->getEnforcedGroups());
+ }
+ if (!empty($state->getExcludedGroups())) {
+ $message .= ', except members of ' . implode(', ', $state->getExcludedGroups());
+ }
+ $output->writeln($message);
}
/**