Dispatch event on twofactor failure and success

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
author: Roeland Jago Douma <roeland@famdouma.nl> 2018-01-17 14:50:27 +0100
committer: Roeland Jago Douma <roeland@famdouma.nl> 2018-01-25 13:25:09 +0100
commit: eddd135f14bc0d5d843b3c0ce7b011b603862ea0 (patch)
tree: 729bc8bcf9600308b7ed9b8b7267de257835ec83 /lib
parent: fe88e7f9264e3826e7efeb7144eb8ce0267cefe8 (diff)
download: nextcloud-server-eddd135f14bc0d5d843b3c0ce7b011b603862ea0.tar.gz
nextcloud-server-eddd135f14bc0d5d843b3c0ce7b011b603862ea0.zip
3 files changed, 38 insertions, 14 deletions
diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php
index d527359b2ff..933b86ffda5 100644
--- a/lib/private/Authentication/TwoFactorAuth/Manager.php
+++ b/lib/private/Authentication/TwoFactorAuth/Manager.php
@@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 /**
  * @copyright Copyright (c) 2016, ownCloud, Inc.
  *
@@ -40,6 +41,8 @@ use OCP\IConfig;
 use OCP\ILogger;
 use OCP\ISession;
 use OCP\IUser;
+use Symfony\Component\EventDispatcher\EventDispatcherInterface;
+use Symfony\Component\EventDispatcher\GenericEvent;
 
 class Manager {
 
@@ -70,6 +73,9 @@ class Manager {
 	/** @var ITimeFactory */
 	private $timeFactory;
 
+	/** @var EventDispatcherInterface */
+	private $dispatcher;
+
 	/**
 	 * @param AppManager $appManager
 	 * @param ISession $session
@@ -78,6 +84,7 @@ class Manager {
 	 * @param ILogger $logger
 	 * @param TokenProvider $tokenProvider
 	 * @param ITimeFactory $timeFactory
+	 * @param EventDispatcherInterface $eventDispatcher
 	 */
 	public function __construct(AppManager $appManager,
 								ISession $session,
@@ -85,7 +92,8 @@ class Manager {
 								IManager $activityManager,
 								ILogger $logger,
 								TokenProvider $tokenProvider,
-								ITimeFactory $timeFactory) {
+								ITimeFactory $timeFactory,
+								EventDispatcherInterface $eventDispatcher) {
 		$this->appManager = $appManager;
 		$this->session = $session;
 		$this->config = $config;
@@ -93,6 +101,7 @@ class Manager {
 		$this->logger = $logger;
 		$this->tokenProvider = $tokenProvider;
 		$this->timeFactory = $timeFactory;
+		$this->dispatcher = $eventDispatcher;
 	}
 
 	/**
@@ -101,9 +110,9 @@ class Manager {
 	 * @param IUser $user
 	 * @return boolean
 	 */
-	public function isTwoFactorAuthenticated(IUser $user) {
+	public function isTwoFactorAuthenticated(IUser $user): bool {
 		$twoFactorEnabled = ((int) $this->config->getUserValue($user->getUID(), 'core', 'two_factor_auth_disabled', 0)) === 0;
-		return $twoFactorEnabled && count($this->getProviders($user)) > 0;
+		return $twoFactorEnabled && \count($this->getProviders($user)) > 0;
 	}
 
 	/**
@@ -131,9 +140,9 @@ class Manager {
 	 * @param string $challengeProviderId
 	 * @return IProvider|null
 	 */
-	public function getProvider(IUser $user, $challengeProviderId) {
+	public function getProvider(IUser $user, string $challengeProviderId) {
 		$providers = $this->getProviders($user, true);
-		return isset($providers[$challengeProviderId]) ? $providers[$challengeProviderId] : null;
+		return $providers[$challengeProviderId] ?? null;
 	}
 
 	/**
@@ -156,7 +165,7 @@ class Manager {
 	 * @return IProvider[]
 	 * @throws Exception
 	 */
-	public function getProviders(IUser $user, $includeBackupApp = false) {
+	public function getProviders(IUser $user, bool $includeBackupApp = false): array {
 		$allApps = $this->appManager->getEnabledAppsForUser($user);
 		$providers = [];
 
@@ -167,6 +176,7 @@ class Manager {
 
 			$info = $this->appManager->getAppInfo($appId);
 			if (isset($info['two-factor-providers'])) {
+				/** @var string[] $providerClasses */
 				$providerClasses = $info['two-factor-providers'];
 				foreach ($providerClasses as $class) {
 					try {
@@ -192,7 +202,7 @@ class Manager {
 	 *
 	 * @param string $appId
 	 */
-	protected function loadTwoFactorApp($appId) {
+	protected function loadTwoFactorApp(string $appId) {
 		if (!OC_App::isAppLoaded($appId)) {
 			OC_App::loadApp($appId);
 		}
@@ -206,9 +216,9 @@ class Manager {
 	 * @param string $challenge
 	 * @return boolean
 	 */
-	public function verifyChallenge($providerId, IUser $user, $challenge) {
+	public function verifyChallenge(string $providerId, IUser $user, string $challenge): bool {
 		$provider = $this->getProvider($user, $providerId);
-		if (is_null($provider)) {
+		if ($provider === null) {
 			return false;
 		}
 
@@ -228,10 +238,16 @@ class Manager {
 			$tokenId = $token->getId();
 			$this->config->deleteUserValue($user->getUID(), 'login_token_2fa', $tokenId);
 
+			$dispatchEvent = new GenericEvent($user, ['provider' => $provider->getDisplayName()]);
+			$this->dispatcher->dispatch(IProvider::EVENT_SUCCESS, $dispatchEvent);
+
 			$this->publishEvent($user, 'twofactor_success', [
 				'provider' => $provider->getDisplayName(),
 			]);
 		} else {
+			$dispatchEvent = new GenericEvent($user, ['provider' => $provider->getDisplayName()]);
+			$this->dispatcher->dispatch(IProvider::EVENT_FAILED, $dispatchEvent);
+
 			$this->publishEvent($user, 'twofactor_failed', [
 				'provider' => $provider->getDisplayName(),
 			]);
@@ -244,8 +260,9 @@ class Manager {
 	 *
 	 * @param IUser $user
 	 * @param string $event
+	 * @param array $params
 	 */
-	private function publishEvent(IUser $user, $event, array $params) {
+	private function publishEvent(IUser $user, string $event, array $params) {
 		$activity = $this->activityManager->generateEvent();
 		$activity->setApp('core')
 			->setType('security')
@@ -266,7 +283,7 @@ class Manager {
 	 * @param IUser $user the currently logged in user
 	 * @return boolean
 	 */
-	public function needsSecondFactor(IUser $user = null) {
+	public function needsSecondFactor(IUser $user = null): bool {
 		if ($user === null) {
 			return false;
 		}
@@ -295,7 +312,7 @@ class Manager {
 				$tokenId = $token->getId();
 				$tokensNeeding2FA = $this->config->getUserKeys($user->getUID(), 'login_token_2fa');
 
-				if (!in_array($tokenId, $tokensNeeding2FA, true)) {
+				if (!\in_array($tokenId, $tokensNeeding2FA, true)) {
 					$this->session->set(self::SESSION_UID_DONE, $user->getUID());
 					return false;
 				}
@@ -326,7 +343,7 @@ class Manager {
 	 * @param IUser $user
 	 * @param boolean $rememberMe
 	 */
-	public function prepareTwoFactorLogin(IUser $user, $rememberMe) {
+	public function prepareTwoFactorLogin(IUser $user, bool $rememberMe) {
 		$this->session->set(self::SESSION_UID_KEY, $user->getUID());
 		$this->session->set(self::REMEMBER_LOGIN, $rememberMe);
 
diff --git a/lib/private/Server.php b/lib/private/Server.php
index f8257cd9801..c0fb96dce86 100644
--- a/lib/private/Server.php
+++ b/lib/private/Server.php
@@ -420,7 +420,8 @@ class Server extends ServerContainer implements IServerContainer {
 				$c->getActivityManager(),
 				$c->getLogger(),
 				$c->query(\OC\Authentication\Token\IProvider::class),
-				$c->query(ITimeFactory::class)
+				$c->query(ITimeFactory::class),
+				$c->query(EventDispatcherInterface::class)
 			);
 		});
 
diff --git a/lib/public/Authentication/TwoFactorAuth/IProvider.php b/lib/public/Authentication/TwoFactorAuth/IProvider.php
index 51b126426c3..c4c481a2f32 100644
--- a/lib/public/Authentication/TwoFactorAuth/IProvider.php
+++ b/lib/public/Authentication/TwoFactorAuth/IProvider.php
@@ -31,6 +31,12 @@ use OCP\Template;
 interface IProvider {
 
 	/**
+	 * @since 14.0.0
+	 */
+	const EVENT_SUCCESS = self::class . '::success';
+	const EVENT_FAILED  = self::class . '::failed';
+
+	/**
 	 * Get unique identifier of this 2FA provider
 	 *
 	 * @since 9.1.0
author	Roeland Jago Douma <roeland@famdouma.nl>	2018-01-17 14:50:27 +0100
committer	Roeland Jago Douma <roeland@famdouma.nl>	2018-01-25 13:25:09 +0100
commit	eddd135f14bc0d5d843b3c0ce7b011b603862ea0 (patch)
tree	729bc8bcf9600308b7ed9b8b7267de257835ec83 /lib
parent	fe88e7f9264e3826e7efeb7144eb8ce0267cefe8 (diff)
download	nextcloud-server-eddd135f14bc0d5d843b3c0ce7b011b603862ea0.tar.gz nextcloud-server-eddd135f14bc0d5d843b3c0ce7b011b603862ea0.zip