summaryrefslogtreecommitdiffstats
path: root/core
diff options
context:
space:
mode:
authorChristoph Wurst <christoph@winzerhof-wurst.at>2018-10-11 12:20:18 +0200
committerChristoph Wurst <christoph@winzerhof-wurst.at>2018-10-15 08:22:52 +0200
commit83e994c11fcc25a525e604bf7cc100f574794e02 (patch)
tree7ee44e5ad7bee886e98d7d6f14a4805bc16da611 /core
parent82a5833217d8fb1a74e7838b3e2ccf2cb9e1b90c (diff)
downloadnextcloud-server-83e994c11fcc25a525e604bf7cc100f574794e02.tar.gz
nextcloud-server-83e994c11fcc25a525e604bf7cc100f574794e02.zip
Make it possible to enforce mandatory 2FA for groups
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat (limited to 'core')
-rw-r--r--core/Command/TwoFactorAuth/Enforce.php37
1 files changed, 31 insertions, 6 deletions
diff --git a/core/Command/TwoFactorAuth/Enforce.php b/core/Command/TwoFactorAuth/Enforce.php
index 44103e718e4..dc631aac067 100644
--- a/core/Command/TwoFactorAuth/Enforce.php
+++ b/core/Command/TwoFactorAuth/Enforce.php
@@ -26,6 +26,8 @@ declare(strict_types=1);
namespace OC\Core\Command\TwoFactorAuth;
+use function implode;
+use OC\Authentication\TwoFactorAuth\EnforcementState;
use OC\Authentication\TwoFactorAuth\MandatoryTwoFactor;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputInterface;
@@ -58,17 +60,32 @@ class Enforce extends Command {
InputOption::VALUE_NONE,
'don\'t enforce two-factor authenticaton'
);
+ $this->addOption(
+ 'group',
+ null,
+ InputOption::VALUE_OPTIONAL | InputOption::VALUE_IS_ARRAY,
+ 'enforce only for the given group(s)'
+ );
+ $this->addOption(
+ 'exclude',
+ null,
+ InputOption::VALUE_OPTIONAL | InputOption::VALUE_IS_ARRAY,
+ 'exclude mandatory two-factor auth for the given group(s)'
+ );
}
protected function execute(InputInterface $input, OutputInterface $output) {
if ($input->getOption('on')) {
- $this->mandatoryTwoFactor->setEnforced(true);
+ $enforcedGroups = $input->getOption('group');
+ $excludedGroups = $input->getOption('exclude');
+ $this->mandatoryTwoFactor->setState(new EnforcementState(true, $enforcedGroups, $excludedGroups));
} elseif ($input->getOption('off')) {
- $this->mandatoryTwoFactor->setEnforced(false);
+ $this->mandatoryTwoFactor->setState(new EnforcementState(false));
}
- if ($this->mandatoryTwoFactor->isEnforced()) {
- $this->writeEnforced($output);
+ $state = $this->mandatoryTwoFactor->getState();
+ if ($state->isEnforced()) {
+ $this->writeEnforced($output, $state);
} else {
$this->writeNotEnforced($output);
}
@@ -77,8 +94,16 @@ class Enforce extends Command {
/**
* @param OutputInterface $output
*/
- protected function writeEnforced(OutputInterface $output) {
- $output->writeln('Two-factor authentication is enforced for all users');
+ protected function writeEnforced(OutputInterface $output, EnforcementState $state) {
+ if (empty($state->getEnforcedGroups())) {
+ $message = 'Two-factor authentication is enforced for all users';
+ } else {
+ $message = 'Two-factor authentication is enforced for members of the group(s) ' . implode(', ', $state->getEnforcedGroups());
+ }
+ if (!empty($state->getExcludedGroups())) {
+ $message .= ', except members of ' . implode(', ', $state->getExcludedGroups());
+ }
+ $output->writeln($message);
}
/**