aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Authentication/TwoFactorAuth
diff options
context:
space:
mode:
authorGit'Fellow <12234510+solracsf@users.noreply.github.com>2025-01-21 22:52:12 +0100
committerGit'Fellow <12234510+solracsf@users.noreply.github.com>2025-01-22 16:59:12 +0100
commit3c208955241d2608d50eee355852bf21b7f33933 (patch)
tree6f9199322b0ee711828e657e58209d6b794e6159 /lib/private/Authentication/TwoFactorAuth
parent250549cd031c6b62fd5728c531fed2bdc219e565 (diff)
downloadnextcloud-server-authPropertyPromotion.tar.gz
nextcloud-server-authPropertyPromotion.zip
refactor(authentication): Use constructor property promotionauthPropertyPromotion
fix: error
Diffstat (limited to 'lib/private/Authentication/TwoFactorAuth')
-rw-r--r--lib/private/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDao.php14
-rw-r--r--lib/private/Authentication/TwoFactorAuth/EnforcementState.php26
-rw-r--r--lib/private/Authentication/TwoFactorAuth/Manager.php105
-rw-r--r--lib/private/Authentication/TwoFactorAuth/MandatoryTwoFactor.php17
-rw-r--r--lib/private/Authentication/TwoFactorAuth/ProviderManager.php25
-rw-r--r--lib/private/Authentication/TwoFactorAuth/ProviderSet.php21
-rw-r--r--lib/private/Authentication/TwoFactorAuth/Registry.php19
7 files changed, 75 insertions, 152 deletions
diff --git a/lib/private/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDao.php b/lib/private/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDao.php
index cc468dbeba0..60b60052067 100644
--- a/lib/private/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDao.php
+++ b/lib/private/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDao.php
@@ -18,11 +18,9 @@ use function array_map;
class ProviderUserAssignmentDao {
public const TABLE_NAME = 'twofactor_providers';
- /** @var IDBConnection */
- private $conn;
-
- public function __construct(IDBConnection $dbConn) {
- $this->conn = $dbConn;
+ public function __construct(
+ private IDBConnection $conn,
+ ) {
}
/**
@@ -51,10 +49,8 @@ class ProviderUserAssignmentDao {
* Persist a new/updated (provider_id, uid, enabled) tuple
*/
public function persist(string $providerId, string $uid, int $enabled): void {
- $conn = $this->conn;
-
// Insert a new entry
- if ($conn->insertIgnoreConflict(self::TABLE_NAME, [
+ if ($this->conn->insertIgnoreConflict(self::TABLE_NAME, [
'provider_id' => $providerId,
'uid' => $uid,
'enabled' => $enabled,
@@ -63,7 +59,7 @@ class ProviderUserAssignmentDao {
}
// There is already an entry -> update it
- $qb = $conn->getQueryBuilder();
+ $qb = $this->conn->getQueryBuilder();
$updateQuery = $qb->update(self::TABLE_NAME)
->set('enabled', $qb->createNamedParameter($enabled))
->where($qb->expr()->eq('provider_id', $qb->createNamedParameter($providerId)))
diff --git a/lib/private/Authentication/TwoFactorAuth/EnforcementState.php b/lib/private/Authentication/TwoFactorAuth/EnforcementState.php
index e02064bc8f7..66b5ce483f7 100644
--- a/lib/private/Authentication/TwoFactorAuth/EnforcementState.php
+++ b/lib/private/Authentication/TwoFactorAuth/EnforcementState.php
@@ -11,28 +11,12 @@ namespace OC\Authentication\TwoFactorAuth;
use JsonSerializable;
class EnforcementState implements JsonSerializable {
- /** @var bool */
- private $enforced;
- /** @var array */
- private $enforcedGroups;
-
- /** @var array */
- private $excludedGroups;
-
- /**
- * EnforcementState constructor.
- *
- * @param bool $enforced
- * @param string[] $enforcedGroups
- * @param string[] $excludedGroups
- */
- public function __construct(bool $enforced,
- array $enforcedGroups = [],
- array $excludedGroups = []) {
- $this->enforced = $enforced;
- $this->enforcedGroups = $enforcedGroups;
- $this->excludedGroups = $excludedGroups;
+ public function __construct(
+ private bool $enforced,
+ private array $enforcedGroups = [],
+ private array $excludedGroups = [],
+ ) {
}
/**
diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php
index 1b22300e317..1fd5bfefd63 100644
--- a/lib/private/Authentication/TwoFactorAuth/Manager.php
+++ b/lib/private/Authentication/TwoFactorAuth/Manager.php
@@ -36,68 +36,32 @@ class Manager {
public const SESSION_UID_DONE = 'two_factor_auth_passed';
public const REMEMBER_LOGIN = 'two_factor_remember_login';
public const BACKUP_CODES_PROVIDER_ID = 'backup_codes';
-
- /** @var ProviderLoader */
- private $providerLoader;
-
- /** @var IRegistry */
- private $providerRegistry;
-
- /** @var MandatoryTwoFactor */
- private $mandatoryTwoFactor;
-
- /** @var ISession */
- private $session;
-
- /** @var IConfig */
- private $config;
-
- /** @var IManager */
- private $activityManager;
-
- /** @var LoggerInterface */
- private $logger;
-
- /** @var TokenProvider */
- private $tokenProvider;
-
- /** @var ITimeFactory */
- private $timeFactory;
-
- /** @var IEventDispatcher */
- private $dispatcher;
-
+
/** @psalm-var array<string, bool> */
- private $userIsTwoFactorAuthenticated = [];
-
- public function __construct(ProviderLoader $providerLoader,
- IRegistry $providerRegistry,
- MandatoryTwoFactor $mandatoryTwoFactor,
- ISession $session,
- IConfig $config,
- IManager $activityManager,
- LoggerInterface $logger,
- TokenProvider $tokenProvider,
- ITimeFactory $timeFactory,
- IEventDispatcher $eventDispatcher) {
- $this->providerLoader = $providerLoader;
- $this->providerRegistry = $providerRegistry;
- $this->mandatoryTwoFactor = $mandatoryTwoFactor;
- $this->session = $session;
- $this->config = $config;
- $this->activityManager = $activityManager;
- $this->logger = $logger;
- $this->tokenProvider = $tokenProvider;
- $this->timeFactory = $timeFactory;
- $this->dispatcher = $eventDispatcher;
+ private array $userIsTwoFactorAuthenticated = [];
+
+ public function __construct(
+ private ProviderLoader $providerLoader,
+ private IRegistry $providerRegistry,
+ private MandatoryTwoFactor $mandatoryTwoFactor,
+ private ISession $session,
+ private IConfig $config,
+ private IManager $activityManager,
+ private LoggerInterface $logger,
+ private TokenProvider $tokenProvider,
+ private ITimeFactory $timeFactory,
+ private IEventDispatcher $dispatcher,
+ ) {
}
/**
* Determine whether the user must provide a second factor challenge
*/
public function isTwoFactorAuthenticated(IUser $user): bool {
- if (isset($this->userIsTwoFactorAuthenticated[$user->getUID()])) {
- return $this->userIsTwoFactorAuthenticated[$user->getUID()];
+ $uid = $user->getUID();
+
+ if (isset($this->userIsTwoFactorAuthenticated[$uid])) {
+ return $this->userIsTwoFactorAuthenticated[$uid];
}
if ($this->mandatoryTwoFactor->isEnforcedFor($user)) {
@@ -111,8 +75,8 @@ class Manager {
$providerIds = array_keys($enabled);
$providerIdsWithoutBackupCodes = array_diff($providerIds, [self::BACKUP_CODES_PROVIDER_ID]);
- $this->userIsTwoFactorAuthenticated[$user->getUID()] = !empty($providerIdsWithoutBackupCodes);
- return $this->userIsTwoFactorAuthenticated[$user->getUID()];
+ $this->userIsTwoFactorAuthenticated[$uid] = !empty($providerIdsWithoutBackupCodes);
+ return $this->userIsTwoFactorAuthenticated[$uid];
}
/**
@@ -148,7 +112,8 @@ class Manager {
private function fixMissingProviderStates(array $providerStates,
array $providers, IUser $user): array {
foreach ($providers as $provider) {
- if (isset($providerStates[$provider->getId()])) {
+ $pid = $provider->getId();
+ if (isset($providerStates[$pid])) {
// All good
continue;
}
@@ -159,7 +124,7 @@ class Manager {
} else {
$this->providerRegistry->disableProviderFor($provider, $user);
}
- $providerStates[$provider->getId()] = $enabled;
+ $providerStates[$pid] = $enabled;
}
return $providerStates;
@@ -276,11 +241,12 @@ class Manager {
* @param array $params
*/
private function publishEvent(IUser $user, string $event, array $params) {
+ $uid = $user->getUID();
$activity = $this->activityManager->generateEvent();
$activity->setApp('core')
->setType('security')
- ->setAuthor($user->getUID())
- ->setAffectedUser($user->getUID())
+ ->setAuthor($uid)
+ ->setAffectedUser($uid)
->setSubject($event, $params);
try {
$this->activityManager->publish($activity);
@@ -307,9 +273,10 @@ class Manager {
// First check if the session tells us we should do 2FA (99% case)
if (!$this->session->exists(self::SESSION_UID_KEY)) {
+ $uid = $user->getUID();
// Check if the session tells us it is 2FA authenticated already
if ($this->session->exists(self::SESSION_UID_DONE) &&
- $this->session->get(self::SESSION_UID_DONE) === $user->getUID()) {
+ $this->session->get(self::SESSION_UID_DONE) === $uid) {
return false;
}
@@ -321,10 +288,10 @@ class Manager {
$sessionId = $this->session->getId();
$token = $this->tokenProvider->getToken($sessionId);
$tokenId = $token->getId();
- $tokensNeeding2FA = $this->config->getUserKeys($user->getUID(), 'login_token_2fa');
+ $tokensNeeding2FA = $this->config->getUserKeys($uid, 'login_token_2fa');
if (!\in_array((string)$tokenId, $tokensNeeding2FA, true)) {
- $this->session->set(self::SESSION_UID_DONE, $user->getUID());
+ $this->session->set(self::SESSION_UID_DONE, $uid);
return false;
}
} catch (InvalidTokenException|SessionNotAvailableException $e) {
@@ -338,9 +305,10 @@ class Manager {
// disabled the same time
$this->session->remove(self::SESSION_UID_KEY);
- $keys = $this->config->getUserKeys($user->getUID(), 'login_token_2fa');
+ $uid = $user->getUID();
+ $keys = $this->config->getUserKeys($uid, 'login_token_2fa');
foreach ($keys as $key) {
- $this->config->deleteUserValue($user->getUID(), 'login_token_2fa', $key);
+ $this->config->deleteUserValue($uid, 'login_token_2fa', $key);
}
return false;
}
@@ -355,12 +323,13 @@ class Manager {
* @param boolean $rememberMe
*/
public function prepareTwoFactorLogin(IUser $user, bool $rememberMe) {
- $this->session->set(self::SESSION_UID_KEY, $user->getUID());
+ $uid = $user->getUID();
+ $this->session->set(self::SESSION_UID_KEY, $uid);
$this->session->set(self::REMEMBER_LOGIN, $rememberMe);
$id = $this->session->getId();
$token = $this->tokenProvider->getToken($id);
- $this->config->setUserValue($user->getUID(), 'login_token_2fa', (string)$token->getId(), (string)$this->timeFactory->getTime());
+ $this->config->setUserValue($uid, 'login_token_2fa', (string)$token->getId(), (string)$this->timeFactory->getTime());
}
public function clearTwoFactorPending(string $userId) {
diff --git a/lib/private/Authentication/TwoFactorAuth/MandatoryTwoFactor.php b/lib/private/Authentication/TwoFactorAuth/MandatoryTwoFactor.php
index 37c9d3fc550..f1731353908 100644
--- a/lib/private/Authentication/TwoFactorAuth/MandatoryTwoFactor.php
+++ b/lib/private/Authentication/TwoFactorAuth/MandatoryTwoFactor.php
@@ -13,15 +13,11 @@ use OCP\IGroupManager;
use OCP\IUser;
class MandatoryTwoFactor {
- /** @var IConfig */
- private $config;
- /** @var IGroupManager */
- private $groupManager;
-
- public function __construct(IConfig $config, IGroupManager $groupManager) {
- $this->config = $config;
- $this->groupManager = $groupManager;
+ public function __construct(
+ private IConfig $config,
+ private IGroupManager $groupManager,
+ ) {
}
/**
@@ -38,7 +34,7 @@ class MandatoryTwoFactor {
/**
* Set the state of enforced two-factor auth
*/
- public function setState(EnforcementState $state) {
+ public function setState(EnforcementState $state): void {
$this->config->setSystemValue('twofactor_enforced', $state->isEnforced() ? 'true' : 'false');
$this->config->setSystemValue('twofactor_enforced_groups', $state->getEnforcedGroups());
$this->config->setSystemValue('twofactor_enforced_excluded_groups', $state->getExcludedGroups());
@@ -51,9 +47,6 @@ class MandatoryTwoFactor {
* and also have the option to exclude users of certain groups. This method will
* check their membership of those groups.
*
- * @param IUser $user
- *
- * @return bool
*/
public function isEnforcedFor(IUser $user): bool {
$state = $this->getState();
diff --git a/lib/private/Authentication/TwoFactorAuth/ProviderManager.php b/lib/private/Authentication/TwoFactorAuth/ProviderManager.php
index 5ce4c598154..a4d0b3dc88f 100644
--- a/lib/private/Authentication/TwoFactorAuth/ProviderManager.php
+++ b/lib/private/Authentication/TwoFactorAuth/ProviderManager.php
@@ -16,17 +16,16 @@ use OCP\Authentication\TwoFactorAuth\IRegistry;
use OCP\IUser;
class ProviderManager {
- /** @var ProviderLoader */
- private $providerLoader;
- /** @var IRegistry */
- private $providerRegistry;
-
- public function __construct(ProviderLoader $providerLoader, IRegistry $providerRegistry) {
- $this->providerLoader = $providerLoader;
- $this->providerRegistry = $providerRegistry;
+ public function __construct(
+ private ProviderLoader $providerLoader,
+ private IRegistry $providerRegistry,
+ ) {
}
+ /**
+ * @throws InvalidProviderException
+ */
private function getProvider(string $providerId, IUser $user): IProvider {
$providers = $this->providerLoader->getProviders($user);
@@ -40,8 +39,6 @@ class ProviderManager {
/**
* Try to enable the provider with the given id for the given user
*
- * @param IUser $user
- *
* @return bool whether the provider supports this operation
*/
public function tryEnableProviderFor(string $providerId, IUser $user): bool {
@@ -51,9 +48,9 @@ class ProviderManager {
$provider->enableFor($user);
$this->providerRegistry->enableProviderFor($provider, $user);
return true;
- } else {
- return false;
}
+
+ return false;
}
/**
@@ -70,8 +67,8 @@ class ProviderManager {
$provider->disableFor($user);
$this->providerRegistry->disableProviderFor($provider, $user);
return true;
- } else {
- return false;
}
+
+ return false;
}
}
diff --git a/lib/private/Authentication/TwoFactorAuth/ProviderSet.php b/lib/private/Authentication/TwoFactorAuth/ProviderSet.php
index 15b82be6dec..53ff0fe137e 100644
--- a/lib/private/Authentication/TwoFactorAuth/ProviderSet.php
+++ b/lib/private/Authentication/TwoFactorAuth/ProviderSet.php
@@ -16,29 +16,18 @@ use function array_filter;
* Contains all two-factor provider information for the two-factor login challenge
*/
class ProviderSet {
- /** @var IProvider */
- private $providers;
- /** @var bool */
- private $providerMissing;
-
- /**
- * @param IProvider[] $providers
- * @param bool $providerMissing
- */
- public function __construct(array $providers, bool $providerMissing) {
+ public function __construct(
+ private array $providers,
+ private bool $providerMissing,
+ ) {
$this->providers = [];
foreach ($providers as $provider) {
$this->providers[$provider->getId()] = $provider;
}
- $this->providerMissing = $providerMissing;
}
- /**
- * @param string $providerId
- * @return IProvider|null
- */
- public function getProvider(string $providerId) {
+ public function getProvider(string $providerId): ?IProvider {
return $this->providers[$providerId] ?? null;
}
diff --git a/lib/private/Authentication/TwoFactorAuth/Registry.php b/lib/private/Authentication/TwoFactorAuth/Registry.php
index 544f60c4f97..f9b23c991f7 100644
--- a/lib/private/Authentication/TwoFactorAuth/Registry.php
+++ b/lib/private/Authentication/TwoFactorAuth/Registry.php
@@ -20,23 +20,18 @@ use OCP\EventDispatcher\IEventDispatcher;
use OCP\IUser;
class Registry implements IRegistry {
- /** @var ProviderUserAssignmentDao */
- private $assignmentDao;
- /** @var IEventDispatcher */
- private $dispatcher;
-
- public function __construct(ProviderUserAssignmentDao $assignmentDao,
- IEventDispatcher $dispatcher) {
- $this->assignmentDao = $assignmentDao;
- $this->dispatcher = $dispatcher;
+ public function __construct(
+ private ProviderUserAssignmentDao $assignmentDao,
+ private IEventDispatcher $dispatcher,
+ ) {
}
public function getProviderStates(IUser $user): array {
return $this->assignmentDao->getState($user->getUID());
}
- public function enableProviderFor(IProvider $provider, IUser $user) {
+ public function enableProviderFor(IProvider $provider, IUser $user): void {
$this->assignmentDao->persist($provider->getId(), $user->getUID(), 1);
$event = new RegistryEvent($provider, $user);
@@ -44,7 +39,7 @@ class Registry implements IRegistry {
$this->dispatcher->dispatchTyped(new TwoFactorProviderForUserRegistered($user, $provider));
}
- public function disableProviderFor(IProvider $provider, IUser $user) {
+ public function disableProviderFor(IProvider $provider, IUser $user): void {
$this->assignmentDao->persist($provider->getId(), $user->getUID(), 0);
$event = new RegistryEvent($provider, $user);
@@ -60,7 +55,7 @@ class Registry implements IRegistry {
}
}
- public function cleanUp(string $providerId) {
+ public function cleanUp(string $providerId): void {
$this->assignmentDao->deleteAll($providerId);
}
}