Make 2FA providers stateful

This adds persistence to the Nextcloud server 2FA logic so that the server
knows which 2FA providers are enabled for a specific user at any time, even
when the provider is not available.

The `IStatefulProvider` interface was added as tagging interface for providers
that are compatible with this new API.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

2 files changed, 39 insertions, 36 deletions

diff --git a/tests/Core/Controller/LoginControllerTest.php b/tests/Core/Controller/LoginControllerTest.php
index ccd70111ae5..1e26d86a039 100644
--- a/tests/Core/Controller/LoginControllerTest.php
+++ b/tests/Core/Controller/LoginControllerTest.php
@@ -23,11 +23,13 @@ namespace Tests\Core\Controller;
 
 use OC\Authentication\Token\IToken;
 use OC\Authentication\TwoFactorAuth\Manager;
+use OC\Authentication\TwoFactorAuth\ProviderSet;
 use OC\Core\Controller\LoginController;
 use OC\Security\Bruteforce\Throttler;
 use OC\User\Session;
 use OCP\AppFramework\Http\RedirectResponse;
 use OCP\AppFramework\Http\TemplateResponse;
+use OCP\Authentication\TwoFactorAuth\IProvider;
 use OCP\Defaults;
 use OCP\IConfig;
 use OCP\ILogger;
@@ -414,7 +416,7 @@ class LoginControllerTest extends TestCase {
 		$user->expects($this->any())
 			->method('getUID')
 			->will($this->returnValue('uid'));
-		$loginName  = 'loginli';
+		$loginName = 'loginli';
 		$password = 'secret';
 		$indexPageUrl = \OC_Util::getDefaultPageUrl();
 
@@ -539,7 +541,7 @@ class LoginControllerTest extends TestCase {
 		$expected = new \OCP\AppFramework\Http\RedirectResponse(urldecode($redirectUrl));
 		$this->assertEquals($expected, $this->loginController->tryLogin('Jane', $password, $originalUrl));
 	}
-	
+
 	public function testLoginWithOneTwoFactorProvider() {
 		/** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */
 		$user = $this->createMock(IUser::class);
@@ -548,7 +550,7 @@ class LoginControllerTest extends TestCase {
 			->will($this->returnValue('john'));
 		$password = 'secret';
 		$challengeUrl = 'challenge/url';
-		$provider = $this->getMockBuilder('\OCP\Authentication\TwoFactorAuth\IProvider')->getMock();
+		$provider = $this->createMock(IProvider::class);
 
 		$this->request
 			->expects($this->once())
@@ -570,10 +572,11 @@ class LoginControllerTest extends TestCase {
 		$this->twoFactorManager->expects($this->once())
 			->method('prepareTwoFactorLogin')
 			->with($user);
+		$providerSet = new ProviderSet([$provider], false);
 		$this->twoFactorManager->expects($this->once())
-			->method('getProviders')
+			->method('getProviderSet')
 			->with($user)
-			->will($this->returnValue([$provider]));
+			->willReturn($providerSet);
 		$provider->expects($this->once())
 			->method('getId')
 			->will($this->returnValue('u2f'));
@@ -593,7 +596,7 @@ class LoginControllerTest extends TestCase {
 		$this->assertEquals($expected, $this->loginController->tryLogin('john@doe.com', $password, null));
 	}
 
-	public function testLoginWithMultpleTwoFactorProviders() {
+	public function testLoginWithMultipleTwoFactorProviders() {
 		/** @var IUser|\PHPUnit_Framework_MockObject_MockObject $user */
 		$user = $this->createMock(IUser::class);
 		$user->expects($this->any())
@@ -601,8 +604,10 @@ class LoginControllerTest extends TestCase {
 			->will($this->returnValue('john'));
 		$password = 'secret';
 		$challengeUrl = 'challenge/url';
-		$provider1 = $this->getMockBuilder('\OCP\Authentication\TwoFactorAuth\IProvider')->getMock();
-		$provider2 = $this->getMockBuilder('\OCP\Authentication\TwoFactorAuth\IProvider')->getMock();
+		$provider1 = $this->createMock(IProvider::class);
+		$provider2 = $this->createMock(IProvider::class);
+		$provider1->method('getId')->willReturn('prov1');
+		$provider2->method('getId')->willReturn('prov2');
 
 		$this->request
 			->expects($this->once())
@@ -624,14 +629,11 @@ class LoginControllerTest extends TestCase {
 		$this->twoFactorManager->expects($this->once())
 			->method('prepareTwoFactorLogin')
 			->with($user);
+		$providerSet = new ProviderSet([$provider1, $provider2], false);
 		$this->twoFactorManager->expects($this->once())
-			->method('getProviders')
+			->method('getProviderSet')
 			->with($user)
-			->will($this->returnValue([$provider1, $provider2]));
-		$provider1->expects($this->never())
-			->method('getId');
-		$provider2->expects($this->never())
-			->method('getId');
+			->willReturn($providerSet);
 		$this->urlGenerator->expects($this->once())
 			->method('linkToRoute')
 			->with('core.TwoFactorChallenge.selectChallenge')
@@ -661,7 +663,7 @@ class LoginControllerTest extends TestCase {
 			->method('checkPassword')
 			->with('john', 'just wrong')
 			->willReturn(false);
-		
+
 		$this->userManager->expects($this->once())
 			->method('getByEmail')
 			->with('john@doe.com')
diff --git a/tests/Core/Controller/TwoFactorChallengeControllerTest.php b/tests/Core/Controller/TwoFactorChallengeControllerTest.php
index ed6452316ff..6a01c510ed2 100644
--- a/tests/Core/Controller/TwoFactorChallengeControllerTest.php
+++ b/tests/Core/Controller/TwoFactorChallengeControllerTest.php
@@ -23,6 +23,7 @@
 namespace Test\Core\Controller;
 
 use OC\Authentication\TwoFactorAuth\Manager;
+use OC\Authentication\TwoFactorAuth\ProviderSet;
 use OC\Core\Controller\TwoFactorChallengeController;
 use OC_Util;
 use OCP\AppFramework\Http\RedirectResponse;
@@ -85,26 +86,26 @@ class TwoFactorChallengeControllerTest extends TestCase {
 
 	public function testSelectChallenge() {
 		$user = $this->getMockBuilder(IUser::class)->getMock();
-		$providers = [
-			'prov1',
-			'prov2',
-		];
+		$p1 = $this->createMock(IProvider::class);
+		$p1->method('getId')->willReturn('p1');
+		$backupProvider = $this->createMock(IProvider::class);
+		$backupProvider->method('getId')->willReturn('backup_codes');
+		$providerSet = new ProviderSet([$p1, $backupProvider], true);
 
 		$this->userSession->expects($this->once())
 			->method('getUser')
 			->will($this->returnValue($user));
 		$this->twoFactorManager->expects($this->once())
-			->method('getProviders')
-			->with($user)
-			->will($this->returnValue($providers));
-		$this->twoFactorManager->expects($this->once())
-			->method('getBackupProvider')
+			->method('getProviderSet')
 			->with($user)
-			->will($this->returnValue('backup'));
+			->will($this->returnValue($providerSet));
 
 		$expected = new TemplateResponse('core', 'twofactorselectchallenge', [
-			'providers' => $providers,
-			'backupProvider' => 'backup',
+			'providers' => [
+				$p1,
+			],
+			'providerMissing' => true,
+			'backupProvider' => $backupProvider,
 			'redirect_url' => '/some/url',
 			'logout_url' => 'logoutAttribute',
 			], 'guest');
@@ -115,20 +116,19 @@ class TwoFactorChallengeControllerTest extends TestCase {
 	public function testShowChallenge() {
 		$user = $this->createMock(IUser::class);
 		$provider = $this->createMock(IProvider::class);
+		$provider->method('getId')->willReturn('myprovider');
 		$backupProvider = $this->createMock(IProvider::class);
+		$backupProvider->method('getId')->willReturn('backup_codes');
 		$tmpl = $this->createMock(Template::class);
+		$providerSet = new ProviderSet([$provider, $backupProvider], true);
 
 		$this->userSession->expects($this->once())
 			->method('getUser')
 			->will($this->returnValue($user));
 		$this->twoFactorManager->expects($this->once())
-			->method('getProvider')
-			->with($user, 'myprovider')
-			->will($this->returnValue($provider));
-		$this->twoFactorManager->expects($this->once())
-			->method('getBackupProvider')
+			->method('getProviderSet')
 			->with($user)
-			->will($this->returnValue($backupProvider));
+			->will($this->returnValue($providerSet));
 		$provider->expects($this->once())
 			->method('getId')
 			->will($this->returnValue('u2f'));
@@ -166,14 +166,15 @@ class TwoFactorChallengeControllerTest extends TestCase {
 
 	public function testShowInvalidChallenge() {
 		$user = $this->createMock(IUser::class);
+		$providerSet = new ProviderSet([], false);
 
 		$this->userSession->expects($this->once())
 			->method('getUser')
 			->will($this->returnValue($user));
 		$this->twoFactorManager->expects($this->once())
-			->method('getProvider')
-			->with($user, 'myprovider')
-			->will($this->returnValue(null));
+			->method('getProviderSet')
+			->with($user)
+			->will($this->returnValue($providerSet));
 		$this->urlGenerator->expects($this->once())
 			->method('linkToRoute')
 			->with('core.TwoFactorChallenge.selectChallenge')