diff options
author | Morris Jobke <hey@morrisjobke.de> | 2018-01-25 15:57:32 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-25 15:57:32 +0100 |
commit | b9bbb894f8b01e000bb5e3a8a82db7bebad3ea00 (patch) | |
tree | 4ac082ef197fdb2a7b6246c2582b63d2ecf70fdb /lib | |
parent | 8160d0bc2aa334806e6c6e45e4f49bd9cf1a8097 (diff) | |
parent | 9e76577ead00471d556c4fcf3534fd17c5b21fec (diff) | |
download | nextcloud-server-b9bbb894f8b01e000bb5e3a8a82db7bebad3ea00.tar.gz nextcloud-server-b9bbb894f8b01e000bb5e3a8a82db7bebad3ea00.zip |
Merge pull request #7916 from nextcloud/2fa_log
Add 2FA to logfile
Diffstat (limited to 'lib')
-rw-r--r-- | lib/private/Authentication/TwoFactorAuth/Manager.php | 43 | ||||
-rw-r--r-- | lib/private/Server.php | 3 | ||||
-rw-r--r-- | lib/public/Authentication/TwoFactorAuth/IProvider.php | 6 |
3 files changed, 38 insertions, 14 deletions
diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php index d527359b2ff..933b86ffda5 100644 --- a/lib/private/Authentication/TwoFactorAuth/Manager.php +++ b/lib/private/Authentication/TwoFactorAuth/Manager.php @@ -1,4 +1,5 @@ <?php +declare(strict_types=1); /** * @copyright Copyright (c) 2016, ownCloud, Inc. * @@ -40,6 +41,8 @@ use OCP\IConfig; use OCP\ILogger; use OCP\ISession; use OCP\IUser; +use Symfony\Component\EventDispatcher\EventDispatcherInterface; +use Symfony\Component\EventDispatcher\GenericEvent; class Manager { @@ -70,6 +73,9 @@ class Manager { /** @var ITimeFactory */ private $timeFactory; + /** @var EventDispatcherInterface */ + private $dispatcher; + /** * @param AppManager $appManager * @param ISession $session @@ -78,6 +84,7 @@ class Manager { * @param ILogger $logger * @param TokenProvider $tokenProvider * @param ITimeFactory $timeFactory + * @param EventDispatcherInterface $eventDispatcher */ public function __construct(AppManager $appManager, ISession $session, @@ -85,7 +92,8 @@ class Manager { IManager $activityManager, ILogger $logger, TokenProvider $tokenProvider, - ITimeFactory $timeFactory) { + ITimeFactory $timeFactory, + EventDispatcherInterface $eventDispatcher) { $this->appManager = $appManager; $this->session = $session; $this->config = $config; @@ -93,6 +101,7 @@ class Manager { $this->logger = $logger; $this->tokenProvider = $tokenProvider; $this->timeFactory = $timeFactory; + $this->dispatcher = $eventDispatcher; } /** @@ -101,9 +110,9 @@ class Manager { * @param IUser $user * @return boolean */ - public function isTwoFactorAuthenticated(IUser $user) { + public function isTwoFactorAuthenticated(IUser $user): bool { $twoFactorEnabled = ((int) $this->config->getUserValue($user->getUID(), 'core', 'two_factor_auth_disabled', 0)) === 0; - return $twoFactorEnabled && count($this->getProviders($user)) > 0; + return $twoFactorEnabled && \count($this->getProviders($user)) > 0; } /** @@ -131,9 +140,9 @@ class Manager { * @param string $challengeProviderId * @return IProvider|null */ - public function getProvider(IUser $user, $challengeProviderId) { + public function getProvider(IUser $user, string $challengeProviderId) { $providers = $this->getProviders($user, true); - return isset($providers[$challengeProviderId]) ? $providers[$challengeProviderId] : null; + return $providers[$challengeProviderId] ?? null; } /** @@ -156,7 +165,7 @@ class Manager { * @return IProvider[] * @throws Exception */ - public function getProviders(IUser $user, $includeBackupApp = false) { + public function getProviders(IUser $user, bool $includeBackupApp = false): array { $allApps = $this->appManager->getEnabledAppsForUser($user); $providers = []; @@ -167,6 +176,7 @@ class Manager { $info = $this->appManager->getAppInfo($appId); if (isset($info['two-factor-providers'])) { + /** @var string[] $providerClasses */ $providerClasses = $info['two-factor-providers']; foreach ($providerClasses as $class) { try { @@ -192,7 +202,7 @@ class Manager { * * @param string $appId */ - protected function loadTwoFactorApp($appId) { + protected function loadTwoFactorApp(string $appId) { if (!OC_App::isAppLoaded($appId)) { OC_App::loadApp($appId); } @@ -206,9 +216,9 @@ class Manager { * @param string $challenge * @return boolean */ - public function verifyChallenge($providerId, IUser $user, $challenge) { + public function verifyChallenge(string $providerId, IUser $user, string $challenge): bool { $provider = $this->getProvider($user, $providerId); - if (is_null($provider)) { + if ($provider === null) { return false; } @@ -228,10 +238,16 @@ class Manager { $tokenId = $token->getId(); $this->config->deleteUserValue($user->getUID(), 'login_token_2fa', $tokenId); + $dispatchEvent = new GenericEvent($user, ['provider' => $provider->getDisplayName()]); + $this->dispatcher->dispatch(IProvider::EVENT_SUCCESS, $dispatchEvent); + $this->publishEvent($user, 'twofactor_success', [ 'provider' => $provider->getDisplayName(), ]); } else { + $dispatchEvent = new GenericEvent($user, ['provider' => $provider->getDisplayName()]); + $this->dispatcher->dispatch(IProvider::EVENT_FAILED, $dispatchEvent); + $this->publishEvent($user, 'twofactor_failed', [ 'provider' => $provider->getDisplayName(), ]); @@ -244,8 +260,9 @@ class Manager { * * @param IUser $user * @param string $event + * @param array $params */ - private function publishEvent(IUser $user, $event, array $params) { + private function publishEvent(IUser $user, string $event, array $params) { $activity = $this->activityManager->generateEvent(); $activity->setApp('core') ->setType('security') @@ -266,7 +283,7 @@ class Manager { * @param IUser $user the currently logged in user * @return boolean */ - public function needsSecondFactor(IUser $user = null) { + public function needsSecondFactor(IUser $user = null): bool { if ($user === null) { return false; } @@ -295,7 +312,7 @@ class Manager { $tokenId = $token->getId(); $tokensNeeding2FA = $this->config->getUserKeys($user->getUID(), 'login_token_2fa'); - if (!in_array($tokenId, $tokensNeeding2FA, true)) { + if (!\in_array($tokenId, $tokensNeeding2FA, true)) { $this->session->set(self::SESSION_UID_DONE, $user->getUID()); return false; } @@ -326,7 +343,7 @@ class Manager { * @param IUser $user * @param boolean $rememberMe */ - public function prepareTwoFactorLogin(IUser $user, $rememberMe) { + public function prepareTwoFactorLogin(IUser $user, bool $rememberMe) { $this->session->set(self::SESSION_UID_KEY, $user->getUID()); $this->session->set(self::REMEMBER_LOGIN, $rememberMe); diff --git a/lib/private/Server.php b/lib/private/Server.php index f8257cd9801..c0fb96dce86 100644 --- a/lib/private/Server.php +++ b/lib/private/Server.php @@ -420,7 +420,8 @@ class Server extends ServerContainer implements IServerContainer { $c->getActivityManager(), $c->getLogger(), $c->query(\OC\Authentication\Token\IProvider::class), - $c->query(ITimeFactory::class) + $c->query(ITimeFactory::class), + $c->query(EventDispatcherInterface::class) ); }); diff --git a/lib/public/Authentication/TwoFactorAuth/IProvider.php b/lib/public/Authentication/TwoFactorAuth/IProvider.php index 51b126426c3..c4c481a2f32 100644 --- a/lib/public/Authentication/TwoFactorAuth/IProvider.php +++ b/lib/public/Authentication/TwoFactorAuth/IProvider.php @@ -31,6 +31,12 @@ use OCP\Template; interface IProvider { /** + * @since 14.0.0 + */ + const EVENT_SUCCESS = self::class . '::success'; + const EVENT_FAILED = self::class . '::failed'; + + /** * Get unique identifier of this 2FA provider * * @since 9.1.0 |