diff options
author | Git'Fellow <12234510+solracsf@users.noreply.github.com> | 2025-01-21 22:52:12 +0100 |
---|---|---|
committer | Git'Fellow <12234510+solracsf@users.noreply.github.com> | 2025-01-22 16:59:12 +0100 |
commit | 3c208955241d2608d50eee355852bf21b7f33933 (patch) | |
tree | 6f9199322b0ee711828e657e58209d6b794e6159 /lib/private/Authentication/TwoFactorAuth | |
parent | 250549cd031c6b62fd5728c531fed2bdc219e565 (diff) | |
download | nextcloud-server-authPropertyPromotion.tar.gz nextcloud-server-authPropertyPromotion.zip |
refactor(authentication): Use constructor property promotionauthPropertyPromotion
fix: error
Diffstat (limited to 'lib/private/Authentication/TwoFactorAuth')
7 files changed, 75 insertions, 152 deletions
diff --git a/lib/private/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDao.php b/lib/private/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDao.php index cc468dbeba0..60b60052067 100644 --- a/lib/private/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDao.php +++ b/lib/private/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDao.php @@ -18,11 +18,9 @@ use function array_map; class ProviderUserAssignmentDao { public const TABLE_NAME = 'twofactor_providers'; - /** @var IDBConnection */ - private $conn; - - public function __construct(IDBConnection $dbConn) { - $this->conn = $dbConn; + public function __construct( + private IDBConnection $conn, + ) { } /** @@ -51,10 +49,8 @@ class ProviderUserAssignmentDao { * Persist a new/updated (provider_id, uid, enabled) tuple */ public function persist(string $providerId, string $uid, int $enabled): void { - $conn = $this->conn; - // Insert a new entry - if ($conn->insertIgnoreConflict(self::TABLE_NAME, [ + if ($this->conn->insertIgnoreConflict(self::TABLE_NAME, [ 'provider_id' => $providerId, 'uid' => $uid, 'enabled' => $enabled, @@ -63,7 +59,7 @@ class ProviderUserAssignmentDao { } // There is already an entry -> update it - $qb = $conn->getQueryBuilder(); + $qb = $this->conn->getQueryBuilder(); $updateQuery = $qb->update(self::TABLE_NAME) ->set('enabled', $qb->createNamedParameter($enabled)) ->where($qb->expr()->eq('provider_id', $qb->createNamedParameter($providerId))) diff --git a/lib/private/Authentication/TwoFactorAuth/EnforcementState.php b/lib/private/Authentication/TwoFactorAuth/EnforcementState.php index e02064bc8f7..66b5ce483f7 100644 --- a/lib/private/Authentication/TwoFactorAuth/EnforcementState.php +++ b/lib/private/Authentication/TwoFactorAuth/EnforcementState.php @@ -11,28 +11,12 @@ namespace OC\Authentication\TwoFactorAuth; use JsonSerializable; class EnforcementState implements JsonSerializable { - /** @var bool */ - private $enforced; - /** @var array */ - private $enforcedGroups; - - /** @var array */ - private $excludedGroups; - - /** - * EnforcementState constructor. - * - * @param bool $enforced - * @param string[] $enforcedGroups - * @param string[] $excludedGroups - */ - public function __construct(bool $enforced, - array $enforcedGroups = [], - array $excludedGroups = []) { - $this->enforced = $enforced; - $this->enforcedGroups = $enforcedGroups; - $this->excludedGroups = $excludedGroups; + public function __construct( + private bool $enforced, + private array $enforcedGroups = [], + private array $excludedGroups = [], + ) { } /** diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php index 1b22300e317..1fd5bfefd63 100644 --- a/lib/private/Authentication/TwoFactorAuth/Manager.php +++ b/lib/private/Authentication/TwoFactorAuth/Manager.php @@ -36,68 +36,32 @@ class Manager { public const SESSION_UID_DONE = 'two_factor_auth_passed'; public const REMEMBER_LOGIN = 'two_factor_remember_login'; public const BACKUP_CODES_PROVIDER_ID = 'backup_codes'; - - /** @var ProviderLoader */ - private $providerLoader; - - /** @var IRegistry */ - private $providerRegistry; - - /** @var MandatoryTwoFactor */ - private $mandatoryTwoFactor; - - /** @var ISession */ - private $session; - - /** @var IConfig */ - private $config; - - /** @var IManager */ - private $activityManager; - - /** @var LoggerInterface */ - private $logger; - - /** @var TokenProvider */ - private $tokenProvider; - - /** @var ITimeFactory */ - private $timeFactory; - - /** @var IEventDispatcher */ - private $dispatcher; - + /** @psalm-var array<string, bool> */ - private $userIsTwoFactorAuthenticated = []; - - public function __construct(ProviderLoader $providerLoader, - IRegistry $providerRegistry, - MandatoryTwoFactor $mandatoryTwoFactor, - ISession $session, - IConfig $config, - IManager $activityManager, - LoggerInterface $logger, - TokenProvider $tokenProvider, - ITimeFactory $timeFactory, - IEventDispatcher $eventDispatcher) { - $this->providerLoader = $providerLoader; - $this->providerRegistry = $providerRegistry; - $this->mandatoryTwoFactor = $mandatoryTwoFactor; - $this->session = $session; - $this->config = $config; - $this->activityManager = $activityManager; - $this->logger = $logger; - $this->tokenProvider = $tokenProvider; - $this->timeFactory = $timeFactory; - $this->dispatcher = $eventDispatcher; + private array $userIsTwoFactorAuthenticated = []; + + public function __construct( + private ProviderLoader $providerLoader, + private IRegistry $providerRegistry, + private MandatoryTwoFactor $mandatoryTwoFactor, + private ISession $session, + private IConfig $config, + private IManager $activityManager, + private LoggerInterface $logger, + private TokenProvider $tokenProvider, + private ITimeFactory $timeFactory, + private IEventDispatcher $dispatcher, + ) { } /** * Determine whether the user must provide a second factor challenge */ public function isTwoFactorAuthenticated(IUser $user): bool { - if (isset($this->userIsTwoFactorAuthenticated[$user->getUID()])) { - return $this->userIsTwoFactorAuthenticated[$user->getUID()]; + $uid = $user->getUID(); + + if (isset($this->userIsTwoFactorAuthenticated[$uid])) { + return $this->userIsTwoFactorAuthenticated[$uid]; } if ($this->mandatoryTwoFactor->isEnforcedFor($user)) { @@ -111,8 +75,8 @@ class Manager { $providerIds = array_keys($enabled); $providerIdsWithoutBackupCodes = array_diff($providerIds, [self::BACKUP_CODES_PROVIDER_ID]); - $this->userIsTwoFactorAuthenticated[$user->getUID()] = !empty($providerIdsWithoutBackupCodes); - return $this->userIsTwoFactorAuthenticated[$user->getUID()]; + $this->userIsTwoFactorAuthenticated[$uid] = !empty($providerIdsWithoutBackupCodes); + return $this->userIsTwoFactorAuthenticated[$uid]; } /** @@ -148,7 +112,8 @@ class Manager { private function fixMissingProviderStates(array $providerStates, array $providers, IUser $user): array { foreach ($providers as $provider) { - if (isset($providerStates[$provider->getId()])) { + $pid = $provider->getId(); + if (isset($providerStates[$pid])) { // All good continue; } @@ -159,7 +124,7 @@ class Manager { } else { $this->providerRegistry->disableProviderFor($provider, $user); } - $providerStates[$provider->getId()] = $enabled; + $providerStates[$pid] = $enabled; } return $providerStates; @@ -276,11 +241,12 @@ class Manager { * @param array $params */ private function publishEvent(IUser $user, string $event, array $params) { + $uid = $user->getUID(); $activity = $this->activityManager->generateEvent(); $activity->setApp('core') ->setType('security') - ->setAuthor($user->getUID()) - ->setAffectedUser($user->getUID()) + ->setAuthor($uid) + ->setAffectedUser($uid) ->setSubject($event, $params); try { $this->activityManager->publish($activity); @@ -307,9 +273,10 @@ class Manager { // First check if the session tells us we should do 2FA (99% case) if (!$this->session->exists(self::SESSION_UID_KEY)) { + $uid = $user->getUID(); // Check if the session tells us it is 2FA authenticated already if ($this->session->exists(self::SESSION_UID_DONE) && - $this->session->get(self::SESSION_UID_DONE) === $user->getUID()) { + $this->session->get(self::SESSION_UID_DONE) === $uid) { return false; } @@ -321,10 +288,10 @@ class Manager { $sessionId = $this->session->getId(); $token = $this->tokenProvider->getToken($sessionId); $tokenId = $token->getId(); - $tokensNeeding2FA = $this->config->getUserKeys($user->getUID(), 'login_token_2fa'); + $tokensNeeding2FA = $this->config->getUserKeys($uid, 'login_token_2fa'); if (!\in_array((string)$tokenId, $tokensNeeding2FA, true)) { - $this->session->set(self::SESSION_UID_DONE, $user->getUID()); + $this->session->set(self::SESSION_UID_DONE, $uid); return false; } } catch (InvalidTokenException|SessionNotAvailableException $e) { @@ -338,9 +305,10 @@ class Manager { // disabled the same time $this->session->remove(self::SESSION_UID_KEY); - $keys = $this->config->getUserKeys($user->getUID(), 'login_token_2fa'); + $uid = $user->getUID(); + $keys = $this->config->getUserKeys($uid, 'login_token_2fa'); foreach ($keys as $key) { - $this->config->deleteUserValue($user->getUID(), 'login_token_2fa', $key); + $this->config->deleteUserValue($uid, 'login_token_2fa', $key); } return false; } @@ -355,12 +323,13 @@ class Manager { * @param boolean $rememberMe */ public function prepareTwoFactorLogin(IUser $user, bool $rememberMe) { - $this->session->set(self::SESSION_UID_KEY, $user->getUID()); + $uid = $user->getUID(); + $this->session->set(self::SESSION_UID_KEY, $uid); $this->session->set(self::REMEMBER_LOGIN, $rememberMe); $id = $this->session->getId(); $token = $this->tokenProvider->getToken($id); - $this->config->setUserValue($user->getUID(), 'login_token_2fa', (string)$token->getId(), (string)$this->timeFactory->getTime()); + $this->config->setUserValue($uid, 'login_token_2fa', (string)$token->getId(), (string)$this->timeFactory->getTime()); } public function clearTwoFactorPending(string $userId) { diff --git a/lib/private/Authentication/TwoFactorAuth/MandatoryTwoFactor.php b/lib/private/Authentication/TwoFactorAuth/MandatoryTwoFactor.php index 37c9d3fc550..f1731353908 100644 --- a/lib/private/Authentication/TwoFactorAuth/MandatoryTwoFactor.php +++ b/lib/private/Authentication/TwoFactorAuth/MandatoryTwoFactor.php @@ -13,15 +13,11 @@ use OCP\IGroupManager; use OCP\IUser; class MandatoryTwoFactor { - /** @var IConfig */ - private $config; - /** @var IGroupManager */ - private $groupManager; - - public function __construct(IConfig $config, IGroupManager $groupManager) { - $this->config = $config; - $this->groupManager = $groupManager; + public function __construct( + private IConfig $config, + private IGroupManager $groupManager, + ) { } /** @@ -38,7 +34,7 @@ class MandatoryTwoFactor { /** * Set the state of enforced two-factor auth */ - public function setState(EnforcementState $state) { + public function setState(EnforcementState $state): void { $this->config->setSystemValue('twofactor_enforced', $state->isEnforced() ? 'true' : 'false'); $this->config->setSystemValue('twofactor_enforced_groups', $state->getEnforcedGroups()); $this->config->setSystemValue('twofactor_enforced_excluded_groups', $state->getExcludedGroups()); @@ -51,9 +47,6 @@ class MandatoryTwoFactor { * and also have the option to exclude users of certain groups. This method will * check their membership of those groups. * - * @param IUser $user - * - * @return bool */ public function isEnforcedFor(IUser $user): bool { $state = $this->getState(); diff --git a/lib/private/Authentication/TwoFactorAuth/ProviderManager.php b/lib/private/Authentication/TwoFactorAuth/ProviderManager.php index 5ce4c598154..a4d0b3dc88f 100644 --- a/lib/private/Authentication/TwoFactorAuth/ProviderManager.php +++ b/lib/private/Authentication/TwoFactorAuth/ProviderManager.php @@ -16,17 +16,16 @@ use OCP\Authentication\TwoFactorAuth\IRegistry; use OCP\IUser; class ProviderManager { - /** @var ProviderLoader */ - private $providerLoader; - /** @var IRegistry */ - private $providerRegistry; - - public function __construct(ProviderLoader $providerLoader, IRegistry $providerRegistry) { - $this->providerLoader = $providerLoader; - $this->providerRegistry = $providerRegistry; + public function __construct( + private ProviderLoader $providerLoader, + private IRegistry $providerRegistry, + ) { } + /** + * @throws InvalidProviderException + */ private function getProvider(string $providerId, IUser $user): IProvider { $providers = $this->providerLoader->getProviders($user); @@ -40,8 +39,6 @@ class ProviderManager { /** * Try to enable the provider with the given id for the given user * - * @param IUser $user - * * @return bool whether the provider supports this operation */ public function tryEnableProviderFor(string $providerId, IUser $user): bool { @@ -51,9 +48,9 @@ class ProviderManager { $provider->enableFor($user); $this->providerRegistry->enableProviderFor($provider, $user); return true; - } else { - return false; } + + return false; } /** @@ -70,8 +67,8 @@ class ProviderManager { $provider->disableFor($user); $this->providerRegistry->disableProviderFor($provider, $user); return true; - } else { - return false; } + + return false; } } diff --git a/lib/private/Authentication/TwoFactorAuth/ProviderSet.php b/lib/private/Authentication/TwoFactorAuth/ProviderSet.php index 15b82be6dec..53ff0fe137e 100644 --- a/lib/private/Authentication/TwoFactorAuth/ProviderSet.php +++ b/lib/private/Authentication/TwoFactorAuth/ProviderSet.php @@ -16,29 +16,18 @@ use function array_filter; * Contains all two-factor provider information for the two-factor login challenge */ class ProviderSet { - /** @var IProvider */ - private $providers; - /** @var bool */ - private $providerMissing; - - /** - * @param IProvider[] $providers - * @param bool $providerMissing - */ - public function __construct(array $providers, bool $providerMissing) { + public function __construct( + private array $providers, + private bool $providerMissing, + ) { $this->providers = []; foreach ($providers as $provider) { $this->providers[$provider->getId()] = $provider; } - $this->providerMissing = $providerMissing; } - /** - * @param string $providerId - * @return IProvider|null - */ - public function getProvider(string $providerId) { + public function getProvider(string $providerId): ?IProvider { return $this->providers[$providerId] ?? null; } diff --git a/lib/private/Authentication/TwoFactorAuth/Registry.php b/lib/private/Authentication/TwoFactorAuth/Registry.php index 544f60c4f97..f9b23c991f7 100644 --- a/lib/private/Authentication/TwoFactorAuth/Registry.php +++ b/lib/private/Authentication/TwoFactorAuth/Registry.php @@ -20,23 +20,18 @@ use OCP\EventDispatcher\IEventDispatcher; use OCP\IUser; class Registry implements IRegistry { - /** @var ProviderUserAssignmentDao */ - private $assignmentDao; - /** @var IEventDispatcher */ - private $dispatcher; - - public function __construct(ProviderUserAssignmentDao $assignmentDao, - IEventDispatcher $dispatcher) { - $this->assignmentDao = $assignmentDao; - $this->dispatcher = $dispatcher; + public function __construct( + private ProviderUserAssignmentDao $assignmentDao, + private IEventDispatcher $dispatcher, + ) { } public function getProviderStates(IUser $user): array { return $this->assignmentDao->getState($user->getUID()); } - public function enableProviderFor(IProvider $provider, IUser $user) { + public function enableProviderFor(IProvider $provider, IUser $user): void { $this->assignmentDao->persist($provider->getId(), $user->getUID(), 1); $event = new RegistryEvent($provider, $user); @@ -44,7 +39,7 @@ class Registry implements IRegistry { $this->dispatcher->dispatchTyped(new TwoFactorProviderForUserRegistered($user, $provider)); } - public function disableProviderFor(IProvider $provider, IUser $user) { + public function disableProviderFor(IProvider $provider, IUser $user): void { $this->assignmentDao->persist($provider->getId(), $user->getUID(), 0); $event = new RegistryEvent($provider, $user); @@ -60,7 +55,7 @@ class Registry implements IRegistry { } } - public function cleanUp(string $providerId) { + public function cleanUp(string $providerId): void { $this->assignmentDao->deleteAll($providerId); } } |