refactor(authentication): Use constructor property promotionauthPropertyPromotion

fix: error
author: Git'Fellow <12234510+solracsf@users.noreply.github.com> 2025-01-21 22:52:12 +0100
committer: Git'Fellow <12234510+solracsf@users.noreply.github.com> 2025-01-22 16:59:12 +0100
commit: 3c208955241d2608d50eee355852bf21b7f33933 (patch)
tree: 6f9199322b0ee711828e657e58209d6b794e6159 /lib/private/Authentication/TwoFactorAuth
parent: 250549cd031c6b62fd5728c531fed2bdc219e565 (diff)
download: nextcloud-server-authPropertyPromotion.tar.gz
nextcloud-server-authPropertyPromotion.zip
7 files changed, 75 insertions, 152 deletions
diff --git a/lib/private/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDao.php b/lib/private/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDao.php
index cc468dbeba0..60b60052067 100644
--- a/lib/private/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDao.php
+++ b/lib/private/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDao.php
@@ -18,11 +18,9 @@ use function array_map;
 class ProviderUserAssignmentDao {
 	public const TABLE_NAME = 'twofactor_providers';
 
-	/** @var IDBConnection */
-	private $conn;
-
-	public function __construct(IDBConnection $dbConn) {
-		$this->conn = $dbConn;
+	public function __construct(
+		private IDBConnection $conn,
+	) {
 	}
 
 	/**
@@ -51,10 +49,8 @@ class ProviderUserAssignmentDao {
 	 * Persist a new/updated (provider_id, uid, enabled) tuple
 	 */
 	public function persist(string $providerId, string $uid, int $enabled): void {
-		$conn = $this->conn;
-
 		// Insert a new entry
-		if ($conn->insertIgnoreConflict(self::TABLE_NAME, [
+		if ($this->conn->insertIgnoreConflict(self::TABLE_NAME, [
 			'provider_id' => $providerId,
 			'uid' => $uid,
 			'enabled' => $enabled,
@@ -63,7 +59,7 @@ class ProviderUserAssignmentDao {
 		}
 
 		// There is already an entry -> update it
-		$qb = $conn->getQueryBuilder();
+		$qb = $this->conn->getQueryBuilder();
 		$updateQuery = $qb->update(self::TABLE_NAME)
 			->set('enabled', $qb->createNamedParameter($enabled))
 			->where($qb->expr()->eq('provider_id', $qb->createNamedParameter($providerId)))
diff --git a/lib/private/Authentication/TwoFactorAuth/EnforcementState.php b/lib/private/Authentication/TwoFactorAuth/EnforcementState.php
index e02064bc8f7..66b5ce483f7 100644
--- a/lib/private/Authentication/TwoFactorAuth/EnforcementState.php
+++ b/lib/private/Authentication/TwoFactorAuth/EnforcementState.php
@@ -11,28 +11,12 @@ namespace OC\Authentication\TwoFactorAuth;
 use JsonSerializable;
 
 class EnforcementState implements JsonSerializable {
-	/** @var bool */
-	private $enforced;
 
-	/** @var array */
-	private $enforcedGroups;
-
-	/** @var array */
-	private $excludedGroups;
-
-	/**
-	 * EnforcementState constructor.
-	 *
-	 * @param bool $enforced
-	 * @param string[] $enforcedGroups
-	 * @param string[] $excludedGroups
-	 */
-	public function __construct(bool $enforced,
-		array $enforcedGroups = [],
-		array $excludedGroups = []) {
-		$this->enforced = $enforced;
-		$this->enforcedGroups = $enforcedGroups;
-		$this->excludedGroups = $excludedGroups;
+	public function __construct(
+		private bool $enforced,
+		private array $enforcedGroups = [],
+		private array $excludedGroups = [],
+	) {
 	}
 
 	/**
diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php
index 1b22300e317..1fd5bfefd63 100644
--- a/lib/private/Authentication/TwoFactorAuth/Manager.php
+++ b/lib/private/Authentication/TwoFactorAuth/Manager.php
@@ -36,68 +36,32 @@ class Manager {
 	public const SESSION_UID_DONE = 'two_factor_auth_passed';
 	public const REMEMBER_LOGIN = 'two_factor_remember_login';
 	public const BACKUP_CODES_PROVIDER_ID = 'backup_codes';
-
-	/** @var ProviderLoader */
-	private $providerLoader;
-
-	/** @var IRegistry */
-	private $providerRegistry;
-
-	/** @var MandatoryTwoFactor */
-	private $mandatoryTwoFactor;
-
-	/** @var ISession */
-	private $session;
-
-	/** @var IConfig */
-	private $config;
-
-	/** @var IManager */
-	private $activityManager;
-
-	/** @var LoggerInterface */
-	private $logger;
-
-	/** @var TokenProvider */
-	private $tokenProvider;
-
-	/** @var ITimeFactory */
-	private $timeFactory;
-
-	/** @var IEventDispatcher */
-	private $dispatcher;
-
+	
 	/** @psalm-var array<string, bool> */
-	private $userIsTwoFactorAuthenticated = [];
-
-	public function __construct(ProviderLoader $providerLoader,
-		IRegistry $providerRegistry,
-		MandatoryTwoFactor $mandatoryTwoFactor,
-		ISession $session,
-		IConfig $config,
-		IManager $activityManager,
-		LoggerInterface $logger,
-		TokenProvider $tokenProvider,
-		ITimeFactory $timeFactory,
-		IEventDispatcher $eventDispatcher) {
-		$this->providerLoader = $providerLoader;
-		$this->providerRegistry = $providerRegistry;
-		$this->mandatoryTwoFactor = $mandatoryTwoFactor;
-		$this->session = $session;
-		$this->config = $config;
-		$this->activityManager = $activityManager;
-		$this->logger = $logger;
-		$this->tokenProvider = $tokenProvider;
-		$this->timeFactory = $timeFactory;
-		$this->dispatcher = $eventDispatcher;
+	private array $userIsTwoFactorAuthenticated = [];
+
+	public function __construct(
+		private ProviderLoader $providerLoader,
+		private IRegistry $providerRegistry,
+		private MandatoryTwoFactor $mandatoryTwoFactor,
+		private ISession $session,
+		private IConfig $config,
+		private IManager $activityManager,
+		private LoggerInterface $logger,
+		private TokenProvider $tokenProvider,
+		private ITimeFactory $timeFactory,
+		private IEventDispatcher $dispatcher,
+	) {
 	}
 
 	/**
 	 * Determine whether the user must provide a second factor challenge
 	 */
 	public function isTwoFactorAuthenticated(IUser $user): bool {
-		if (isset($this->userIsTwoFactorAuthenticated[$user->getUID()])) {
-			return $this->userIsTwoFactorAuthenticated[$user->getUID()];
+		$uid = $user->getUID();
+
+		if (isset($this->userIsTwoFactorAuthenticated[$uid])) {
+			return $this->userIsTwoFactorAuthenticated[$uid];
 		}
 
 		if ($this->mandatoryTwoFactor->isEnforcedFor($user)) {
@@ -111,8 +75,8 @@ class Manager {
 		$providerIds = array_keys($enabled);
 		$providerIdsWithoutBackupCodes = array_diff($providerIds, [self::BACKUP_CODES_PROVIDER_ID]);
 
-		$this->userIsTwoFactorAuthenticated[$user->getUID()] = !empty($providerIdsWithoutBackupCodes);
-		return $this->userIsTwoFactorAuthenticated[$user->getUID()];
+		$this->userIsTwoFactorAuthenticated[$uid] = !empty($providerIdsWithoutBackupCodes);
+		return $this->userIsTwoFactorAuthenticated[$uid];
 	}
 
 	/**
@@ -148,7 +112,8 @@ class Manager {
 	private function fixMissingProviderStates(array $providerStates,
 		array $providers, IUser $user): array {
 		foreach ($providers as $provider) {
-			if (isset($providerStates[$provider->getId()])) {
+			$pid = $provider->getId();
+			if (isset($providerStates[$pid])) {
 				// All good
 				continue;
 			}
@@ -159,7 +124,7 @@ class Manager {
 			} else {
 				$this->providerRegistry->disableProviderFor($provider, $user);
 			}
-			$providerStates[$provider->getId()] = $enabled;
+			$providerStates[$pid] = $enabled;
 		}
 
 		return $providerStates;
@@ -276,11 +241,12 @@ class Manager {
 	 * @param array $params
 	 */
 	private function publishEvent(IUser $user, string $event, array $params) {
+		$uid = $user->getUID();
 		$activity = $this->activityManager->generateEvent();
 		$activity->setApp('core')
 			->setType('security')
-			->setAuthor($user->getUID())
-			->setAffectedUser($user->getUID())
+			->setAuthor($uid)
+			->setAffectedUser($uid)
 			->setSubject($event, $params);
 		try {
 			$this->activityManager->publish($activity);
@@ -307,9 +273,10 @@ class Manager {
 
 		// First check if the session tells us we should do 2FA (99% case)
 		if (!$this->session->exists(self::SESSION_UID_KEY)) {
+			$uid = $user->getUID();
 			// Check if the session tells us it is 2FA authenticated already
 			if ($this->session->exists(self::SESSION_UID_DONE) &&
-				$this->session->get(self::SESSION_UID_DONE) === $user->getUID()) {
+				$this->session->get(self::SESSION_UID_DONE) === $uid) {
 				return false;
 			}
 
@@ -321,10 +288,10 @@ class Manager {
 				$sessionId = $this->session->getId();
 				$token = $this->tokenProvider->getToken($sessionId);
 				$tokenId = $token->getId();
-				$tokensNeeding2FA = $this->config->getUserKeys($user->getUID(), 'login_token_2fa');
+				$tokensNeeding2FA = $this->config->getUserKeys($uid, 'login_token_2fa');
 
 				if (!\in_array((string)$tokenId, $tokensNeeding2FA, true)) {
-					$this->session->set(self::SESSION_UID_DONE, $user->getUID());
+					$this->session->set(self::SESSION_UID_DONE, $uid);
 					return false;
 				}
 			} catch (InvalidTokenException|SessionNotAvailableException $e) {
@@ -338,9 +305,10 @@ class Manager {
 			//   disabled the same time
 			$this->session->remove(self::SESSION_UID_KEY);
 
-			$keys = $this->config->getUserKeys($user->getUID(), 'login_token_2fa');
+			$uid = $user->getUID();
+			$keys = $this->config->getUserKeys($uid, 'login_token_2fa');
 			foreach ($keys as $key) {
-				$this->config->deleteUserValue($user->getUID(), 'login_token_2fa', $key);
+				$this->config->deleteUserValue($uid, 'login_token_2fa', $key);
 			}
 			return false;
 		}
@@ -355,12 +323,13 @@ class Manager {
 	 * @param boolean $rememberMe
 	 */
 	public function prepareTwoFactorLogin(IUser $user, bool $rememberMe) {
-		$this->session->set(self::SESSION_UID_KEY, $user->getUID());
+		$uid = $user->getUID();
+		$this->session->set(self::SESSION_UID_KEY, $uid);
 		$this->session->set(self::REMEMBER_LOGIN, $rememberMe);
 
 		$id = $this->session->getId();
 		$token = $this->tokenProvider->getToken($id);
-		$this->config->setUserValue($user->getUID(), 'login_token_2fa', (string)$token->getId(), (string)$this->timeFactory->getTime());
+		$this->config->setUserValue($uid, 'login_token_2fa', (string)$token->getId(), (string)$this->timeFactory->getTime());
 	}
 
 	public function clearTwoFactorPending(string $userId) {
diff --git a/lib/private/Authentication/TwoFactorAuth/MandatoryTwoFactor.php b/lib/private/Authentication/TwoFactorAuth/MandatoryTwoFactor.php
index 37c9d3fc550..f1731353908 100644
--- a/lib/private/Authentication/TwoFactorAuth/MandatoryTwoFactor.php
+++ b/lib/private/Authentication/TwoFactorAuth/MandatoryTwoFactor.php
@@ -13,15 +13,11 @@ use OCP\IGroupManager;
 use OCP\IUser;
 
 class MandatoryTwoFactor {
-	/** @var IConfig */
-	private $config;
 
-	/** @var IGroupManager */
-	private $groupManager;
-
-	public function __construct(IConfig $config, IGroupManager $groupManager) {
-		$this->config = $config;
-		$this->groupManager = $groupManager;
+	public function __construct(
+		private IConfig $config,
+		private IGroupManager $groupManager,
+	) {
 	}
 
 	/**
@@ -38,7 +34,7 @@ class MandatoryTwoFactor {
 	/**
 	 * Set the state of enforced two-factor auth
 	 */
-	public function setState(EnforcementState $state) {
+	public function setState(EnforcementState $state): void {
 		$this->config->setSystemValue('twofactor_enforced', $state->isEnforced() ? 'true' : 'false');
 		$this->config->setSystemValue('twofactor_enforced_groups', $state->getEnforcedGroups());
 		$this->config->setSystemValue('twofactor_enforced_excluded_groups', $state->getExcludedGroups());
@@ -51,9 +47,6 @@ class MandatoryTwoFactor {
 	 * and also have the option to exclude users of certain groups. This method will
 	 * check their membership of those groups.
 	 *
-	 * @param IUser $user
-	 *
-	 * @return bool
 	 */
 	public function isEnforcedFor(IUser $user): bool {
 		$state = $this->getState();
diff --git a/lib/private/Authentication/TwoFactorAuth/ProviderManager.php b/lib/private/Authentication/TwoFactorAuth/ProviderManager.php
index 5ce4c598154..a4d0b3dc88f 100644
--- a/lib/private/Authentication/TwoFactorAuth/ProviderManager.php
+++ b/lib/private/Authentication/TwoFactorAuth/ProviderManager.php
@@ -16,17 +16,16 @@ use OCP\Authentication\TwoFactorAuth\IRegistry;
 use OCP\IUser;
 
 class ProviderManager {
-	/** @var ProviderLoader */
-	private $providerLoader;
 
-	/** @var IRegistry */
-	private $providerRegistry;
-
-	public function __construct(ProviderLoader $providerLoader, IRegistry $providerRegistry) {
-		$this->providerLoader = $providerLoader;
-		$this->providerRegistry = $providerRegistry;
+	public function __construct(
+		private ProviderLoader $providerLoader,
+		private IRegistry $providerRegistry,
+	) {
 	}
 
+	/**
+	 * @throws InvalidProviderException
+	 */
 	private function getProvider(string $providerId, IUser $user): IProvider {
 		$providers = $this->providerLoader->getProviders($user);
 
@@ -40,8 +39,6 @@ class ProviderManager {
 	/**
 	 * Try to enable the provider with the given id for the given user
 	 *
-	 * @param IUser $user
-	 *
 	 * @return bool whether the provider supports this operation
 	 */
 	public function tryEnableProviderFor(string $providerId, IUser $user): bool {
@@ -51,9 +48,9 @@ class ProviderManager {
 			$provider->enableFor($user);
 			$this->providerRegistry->enableProviderFor($provider, $user);
 			return true;
-		} else {
-			return false;
 		}
+
+		return false;
 	}
 
 	/**
@@ -70,8 +67,8 @@ class ProviderManager {
 			$provider->disableFor($user);
 			$this->providerRegistry->disableProviderFor($provider, $user);
 			return true;
-		} else {
-			return false;
 		}
+
+		return false;
 	}
 }
diff --git a/lib/private/Authentication/TwoFactorAuth/ProviderSet.php b/lib/private/Authentication/TwoFactorAuth/ProviderSet.php
index 15b82be6dec..53ff0fe137e 100644
--- a/lib/private/Authentication/TwoFactorAuth/ProviderSet.php
+++ b/lib/private/Authentication/TwoFactorAuth/ProviderSet.php
@@ -16,29 +16,18 @@ use function array_filter;
  * Contains all two-factor provider information for the two-factor login challenge
  */
 class ProviderSet {
-	/** @var IProvider */
-	private $providers;
 
-	/** @var bool */
-	private $providerMissing;
-
-	/**
-	 * @param IProvider[] $providers
-	 * @param bool $providerMissing
-	 */
-	public function __construct(array $providers, bool $providerMissing) {
+	public function __construct(
+		private array $providers,
+		private bool $providerMissing,
+	) {
 		$this->providers = [];
 		foreach ($providers as $provider) {
 			$this->providers[$provider->getId()] = $provider;
 		}
-		$this->providerMissing = $providerMissing;
 	}
 
-	/**
-	 * @param string $providerId
-	 * @return IProvider|null
-	 */
-	public function getProvider(string $providerId) {
+	public function getProvider(string $providerId): ?IProvider {
 		return $this->providers[$providerId] ?? null;
 	}
 
diff --git a/lib/private/Authentication/TwoFactorAuth/Registry.php b/lib/private/Authentication/TwoFactorAuth/Registry.php
index 544f60c4f97..f9b23c991f7 100644
--- a/lib/private/Authentication/TwoFactorAuth/Registry.php
+++ b/lib/private/Authentication/TwoFactorAuth/Registry.php
@@ -20,23 +20,18 @@ use OCP\EventDispatcher\IEventDispatcher;
 use OCP\IUser;
 
 class Registry implements IRegistry {
-	/** @var ProviderUserAssignmentDao */
-	private $assignmentDao;
 
-	/** @var IEventDispatcher */
-	private $dispatcher;
-
-	public function __construct(ProviderUserAssignmentDao $assignmentDao,
-		IEventDispatcher $dispatcher) {
-		$this->assignmentDao = $assignmentDao;
-		$this->dispatcher = $dispatcher;
+	public function __construct(
+		private ProviderUserAssignmentDao $assignmentDao,
+		private IEventDispatcher $dispatcher,
+	) {
 	}
 
 	public function getProviderStates(IUser $user): array {
 		return $this->assignmentDao->getState($user->getUID());
 	}
 
-	public function enableProviderFor(IProvider $provider, IUser $user) {
+	public function enableProviderFor(IProvider $provider, IUser $user): void {
 		$this->assignmentDao->persist($provider->getId(), $user->getUID(), 1);
 
 		$event = new RegistryEvent($provider, $user);
@@ -44,7 +39,7 @@ class Registry implements IRegistry {
 		$this->dispatcher->dispatchTyped(new TwoFactorProviderForUserRegistered($user, $provider));
 	}
 
-	public function disableProviderFor(IProvider $provider, IUser $user) {
+	public function disableProviderFor(IProvider $provider, IUser $user): void {
 		$this->assignmentDao->persist($provider->getId(), $user->getUID(), 0);
 
 		$event = new RegistryEvent($provider, $user);
@@ -60,7 +55,7 @@ class Registry implements IRegistry {
 		}
 	}
 
-	public function cleanUp(string $providerId) {
+	public function cleanUp(string $providerId): void {
 		$this->assignmentDao->deleteAll($providerId);
 	}
 }
author	Git'Fellow <12234510+solracsf@users.noreply.github.com>	2025-01-21 22:52:12 +0100
committer	Git'Fellow <12234510+solracsf@users.noreply.github.com>	2025-01-22 16:59:12 +0100
commit	3c208955241d2608d50eee355852bf21b7f33933 (patch)
tree	6f9199322b0ee711828e657e58209d6b794e6159 /lib/private/Authentication/TwoFactorAuth
parent	250549cd031c6b62fd5728c531fed2bdc219e565 (diff)
download	nextcloud-server-authPropertyPromotion.tar.gz nextcloud-server-authPropertyPromotion.zip