summaryrefslogtreecommitdiffstats
path: root/core
diff options
context:
space:
mode:
authorChristoph Wurst <christoph@owncloud.com>2016-06-06 15:09:42 +0200
committerArthur Schiwon <blizzz@arthur-schiwon.de>2016-06-09 14:00:00 +0200
commit60e15e934c6556d34d27ff214f6a148247605bc2 (patch)
tree7d54becdb99c6b4a0495bbf3168710c91c993826 /core
parentd72d8c1fcb54aa59ab1f62a11ef139abea33f97b (diff)
downloadnextcloud-server-60e15e934c6556d34d27ff214f6a148247605bc2.tar.gz
nextcloud-server-60e15e934c6556d34d27ff214f6a148247605bc2.zip
do not generate device token if 2FA is enable for user
Diffstat (limited to 'core')
-rw-r--r--core/Application.php3
-rw-r--r--core/Controller/TokenController.php36
2 files changed, 27 insertions, 12 deletions
diff --git a/core/Application.php b/core/Application.php
index 25e2fa76273..a87917b626a 100644
--- a/core/Application.php
+++ b/core/Application.php
@@ -120,7 +120,8 @@ class Application extends App {
$c->query('AppName'),
$c->query('Request'),
$c->query('UserManager'),
- $c->query('OC\Authentication\Token\DefaultTokenProvider'),
+ $c->query('ServerContainer')->query('OC\Authentication\Token\IProvider'),
+ $c->query('TwoFactorAuthManager'),
$c->query('SecureRandom')
);
});
diff --git a/core/Controller/TokenController.php b/core/Controller/TokenController.php
index 42cc29bad10..13b1db9044a 100644
--- a/core/Controller/TokenController.php
+++ b/core/Controller/TokenController.php
@@ -1,4 +1,5 @@
<?php
+
/**
* @author Christoph Wurst <christoph@owncloud.com>
*
@@ -23,22 +24,27 @@ namespace OC\Core\Controller;
use OC\AppFramework\Http;
use OC\Authentication\Token\DefaultTokenProvider;
+use OC\Authentication\Token\IProvider;
use OC\Authentication\Token\IToken;
-use OC\User\Manager;
+use OC\Authentication\TwoFactorAuth\Manager as TwoFactorAuthManager;
+use OC\User\Manager as UserManager;
+use OCA\User_LDAP\User\Manager;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\JSONResponse;
-use OCP\AppFramework\Http\Response;
use OCP\IRequest;
use OCP\Security\ISecureRandom;
class TokenController extends Controller {
- /** @var Manager */
+ /** @var UserManager */
private $userManager;
- /** @var DefaultTokenProvider */
+ /** @var IProvider */
private $tokenProvider;
+ /** @var TwoFactorAuthManager */
+ private $twoFactorAuthManager;
+
/** @var ISecureRandom */
private $secureRandom;
@@ -49,12 +55,12 @@ class TokenController extends Controller {
* @param DefaultTokenProvider $tokenProvider
* @param ISecureRandom $secureRandom
*/
- public function __construct($appName, IRequest $request, Manager $userManager, DefaultTokenProvider $tokenProvider,
- ISecureRandom $secureRandom) {
+ public function __construct($appName, IRequest $request, UserManager $userManager, IProvider $tokenProvider, TwoFactorAuthManager $twoFactorAuthManager, ISecureRandom $secureRandom) {
parent::__construct($appName, $request);
$this->userManager = $userManager;
$this->tokenProvider = $tokenProvider;
$this->secureRandom = $secureRandom;
+ $this->twoFactorAuthManager = $twoFactorAuthManager;
}
/**
@@ -70,18 +76,26 @@ class TokenController extends Controller {
*/
public function generateToken($user, $password, $name = 'unknown client') {
if (is_null($user) || is_null($password)) {
- $response = new Response();
+ $response = new JSONResponse();
$response->setStatus(Http::STATUS_UNPROCESSABLE_ENTITY);
return $response;
}
- $loginResult = $this->userManager->checkPassword($user, $password);
- if ($loginResult === false) {
- $response = new Response();
+ $loginName = $user;
+ $user = $this->userManager->checkPassword($loginName, $password);
+ if ($user === false) {
+ $response = new JSONResponse();
$response->setStatus(Http::STATUS_UNAUTHORIZED);
return $response;
}
+
+ if ($this->twoFactorAuthManager->isTwoFactorAuthenticated($user)) {
+ $resp = new JSONResponse();
+ $resp->setStatus(Http::STATUS_UNAUTHORIZED);
+ return $resp;
+ }
+
$token = $this->secureRandom->generate(128);
- $this->tokenProvider->generateToken($token, $loginResult->getUID(), $user, $password, $name, IToken::PERMANENT_TOKEN);
+ $this->tokenProvider->generateToken($token, $user->getUID(), $loginName, $password, $name, IToken::PERMANENT_TOKEN);
return [
'token' => $token,
];