diff options
| -rw-r--r-- | core/Controller/TwoFactorApiController.php | 99 | ||||
| -rw-r--r-- | core/openapi-full.json | 348 | ||||
| -rw-r--r-- | lib/composer/composer/autoload_classmap.php | 1 | ||||
| -rw-r--r-- | lib/composer/composer/autoload_static.php | 1 |
4 files changed, 449 insertions, 0 deletions
diff --git a/core/Controller/TwoFactorApiController.php b/core/Controller/TwoFactorApiController.php new file mode 100644 index 00000000000..8d89963e6ad --- /dev/null +++ b/core/Controller/TwoFactorApiController.php @@ -0,0 +1,99 @@ +<?php + +declare(strict_types=1); +/** + * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +namespace OC\Core\Controller; + +use OC\Authentication\TwoFactorAuth\ProviderManager; +use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\ApiRoute; +use OCP\AppFramework\Http\DataResponse; +use OCP\AppFramework\OCSController; +use OCP\Authentication\TwoFactorAuth\IRegistry; +use OCP\IRequest; +use OCP\IUserManager; + +class TwoFactorApiController extends OCSController { + public function __construct( + string $appName, + IRequest $request, + private ProviderManager $tfManager, + private IRegistry $tfRegistry, + private IUserManager $userManager, + ) { + parent::__construct($appName, $request); + } + + /** + * Get two factor authentication provider states + * + * @param string $user system user id + * + * @return DataResponse<Http::STATUS_OK, array<string, bool>, array{}>|DataResponse<Http::STATUS_NOT_FOUND, null, array{}> + * + * 200: provider states + * 404: user not found + */ + #[ApiRoute(verb: 'GET', url: '/state', root: '/twofactor')] + public function state(string $user): DataResponse { + $userObject = $this->userManager->get($user); + if ($userObject !== null) { + $state = $this->tfRegistry->getProviderStates($userObject); + return new DataResponse($state); + } + return new DataResponse(null, Http::STATUS_NOT_FOUND); + } + + /** + * Enable two factor authentication providers for specific user + * + * @param string $user system user identifier + * @param list<string> $providers collection of TFA provider ids + * + * @return DataResponse<Http::STATUS_OK, array<string, bool>, array{}>|DataResponse<Http::STATUS_NOT_FOUND, null, array{}> + * + * 200: provider states + * 404: user not found + */ + #[ApiRoute(verb: 'POST', url: '/enable', root: '/twofactor')] + public function enable(string $user, array $providers = []): DataResponse { + $userObject = $this->userManager->get($user); + if ($userObject !== null) { + foreach ($providers as $providerId) { + $this->tfManager->tryEnableProviderFor($providerId, $userObject); + } + $state = $this->tfRegistry->getProviderStates($userObject); + return new DataResponse($state); + } + return new DataResponse(null, Http::STATUS_NOT_FOUND); + } + + /** + * Disable two factor authentication providers for specific user + * + * @param string $user system user identifier + * @param list<string> $providers collection of TFA provider ids + * + * @return DataResponse<Http::STATUS_OK, array<string, bool>, array{}>|DataResponse<Http::STATUS_NOT_FOUND, null, array{}> + * + * 200: provider states + * 404: user not found + */ + #[ApiRoute(verb: 'POST', url: '/disable', root: '/twofactor')] + public function disable(string $user, array $providers = []): DataResponse { + $userObject = $this->userManager->get($user); + if ($userObject !== null) { + foreach ($providers as $providerId) { + $this->tfManager->tryDisableProviderFor($providerId, $userObject); + } + $state = $this->tfRegistry->getProviderStates($userObject); + return new DataResponse($state); + } + return new DataResponse(null, Http::STATUS_NOT_FOUND); + } + +} diff --git a/core/openapi-full.json b/core/openapi-full.json index 4762cf0c141..4fa69b0a031 100644 --- a/core/openapi-full.json +++ b/core/openapi-full.json @@ -9514,6 +9514,354 @@ } } } + }, + "/ocs/v2.php/twofactor/state": { + "get": { + "operationId": "two_factor_api-state", + "summary": "Get two factor authentication provider states", + "description": "This endpoint requires admin access", + "tags": [ + "two_factor_api" + ], + "security": [ + { + "bearer_auth": [] + }, + { + "basic_auth": [] + } + ], + "parameters": [ + { + "name": "user", + "in": "query", + "description": "system user id", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "OCS-APIRequest", + "in": "header", + "description": "Required to be true for the API request to pass", + "required": true, + "schema": { + "type": "boolean", + "default": true + } + } + ], + "responses": { + "200": { + "description": "provider states", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "ocs" + ], + "properties": { + "ocs": { + "type": "object", + "required": [ + "meta", + "data" + ], + "properties": { + "meta": { + "$ref": "#/components/schemas/OCSMeta" + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "boolean" + } + } + } + } + } + } + } + } + }, + "404": { + "description": "user not found", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "ocs" + ], + "properties": { + "ocs": { + "type": "object", + "required": [ + "meta", + "data" + ], + "properties": { + "meta": { + "$ref": "#/components/schemas/OCSMeta" + }, + "data": { + "nullable": true + } + } + } + } + } + } + } + } + } + } + }, + "/ocs/v2.php/twofactor/enable": { + "post": { + "operationId": "two_factor_api-enable", + "summary": "Enable two factor authentication providers for specific user", + "description": "This endpoint requires admin access", + "tags": [ + "two_factor_api" + ], + "security": [ + { + "bearer_auth": [] + }, + { + "basic_auth": [] + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "user" + ], + "properties": { + "user": { + "type": "string", + "description": "system user identifier" + }, + "providers": { + "type": "array", + "default": [], + "description": "collection of TFA provider ids", + "items": { + "type": "string" + } + } + } + } + } + } + }, + "parameters": [ + { + "name": "OCS-APIRequest", + "in": "header", + "description": "Required to be true for the API request to pass", + "required": true, + "schema": { + "type": "boolean", + "default": true + } + } + ], + "responses": { + "200": { + "description": "provider states", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "ocs" + ], + "properties": { + "ocs": { + "type": "object", + "required": [ + "meta", + "data" + ], + "properties": { + "meta": { + "$ref": "#/components/schemas/OCSMeta" + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "boolean" + } + } + } + } + } + } + } + } + }, + "404": { + "description": "user not found", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "ocs" + ], + "properties": { + "ocs": { + "type": "object", + "required": [ + "meta", + "data" + ], + "properties": { + "meta": { + "$ref": "#/components/schemas/OCSMeta" + }, + "data": { + "nullable": true + } + } + } + } + } + } + } + } + } + } + }, + "/ocs/v2.php/twofactor/disable": { + "post": { + "operationId": "two_factor_api-disable", + "summary": "Disable two factor authentication providers for specific user", + "description": "This endpoint requires admin access", + "tags": [ + "two_factor_api" + ], + "security": [ + { + "bearer_auth": [] + }, + { + "basic_auth": [] + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "user" + ], + "properties": { + "user": { + "type": "string", + "description": "system user identifier" + }, + "providers": { + "type": "array", + "default": [], + "description": "collection of TFA provider ids", + "items": { + "type": "string" + } + } + } + } + } + } + }, + "parameters": [ + { + "name": "OCS-APIRequest", + "in": "header", + "description": "Required to be true for the API request to pass", + "required": true, + "schema": { + "type": "boolean", + "default": true + } + } + ], + "responses": { + "200": { + "description": "provider states", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "ocs" + ], + "properties": { + "ocs": { + "type": "object", + "required": [ + "meta", + "data" + ], + "properties": { + "meta": { + "$ref": "#/components/schemas/OCSMeta" + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "boolean" + } + } + } + } + } + } + } + } + }, + "404": { + "description": "user not found", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "ocs" + ], + "properties": { + "ocs": { + "type": "object", + "required": [ + "meta", + "data" + ], + "properties": { + "meta": { + "$ref": "#/components/schemas/OCSMeta" + }, + "data": { + "nullable": true + } + } + } + } + } + } + } + } + } + } } }, "tags": [ diff --git a/lib/composer/composer/autoload_classmap.php b/lib/composer/composer/autoload_classmap.php index 9916a0eb262..a15ea08d3ae 100644 --- a/lib/composer/composer/autoload_classmap.php +++ b/lib/composer/composer/autoload_classmap.php @@ -1335,6 +1335,7 @@ return array( 'OC\\Core\\Controller\\TextProcessingApiController' => $baseDir . '/core/Controller/TextProcessingApiController.php', 'OC\\Core\\Controller\\TextToImageApiController' => $baseDir . '/core/Controller/TextToImageApiController.php', 'OC\\Core\\Controller\\TranslationApiController' => $baseDir . '/core/Controller/TranslationApiController.php', + 'OC\\Core\\Controller\\TwoFactorApiController' => $baseDir . '/core/Controller/TwoFactorApiController.php', 'OC\\Core\\Controller\\TwoFactorChallengeController' => $baseDir . '/core/Controller/TwoFactorChallengeController.php', 'OC\\Core\\Controller\\UnifiedSearchController' => $baseDir . '/core/Controller/UnifiedSearchController.php', 'OC\\Core\\Controller\\UnsupportedBrowserController' => $baseDir . '/core/Controller/UnsupportedBrowserController.php', diff --git a/lib/composer/composer/autoload_static.php b/lib/composer/composer/autoload_static.php index 3c617b14053..b6a66c2b3c9 100644 --- a/lib/composer/composer/autoload_static.php +++ b/lib/composer/composer/autoload_static.php @@ -1376,6 +1376,7 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2 'OC\\Core\\Controller\\TextProcessingApiController' => __DIR__ . '/../../..' . '/core/Controller/TextProcessingApiController.php', 'OC\\Core\\Controller\\TextToImageApiController' => __DIR__ . '/../../..' . '/core/Controller/TextToImageApiController.php', 'OC\\Core\\Controller\\TranslationApiController' => __DIR__ . '/../../..' . '/core/Controller/TranslationApiController.php', + 'OC\\Core\\Controller\\TwoFactorApiController' => __DIR__ . '/../../..' . '/core/Controller/TwoFactorApiController.php', 'OC\\Core\\Controller\\TwoFactorChallengeController' => __DIR__ . '/../../..' . '/core/Controller/TwoFactorChallengeController.php', 'OC\\Core\\Controller\\UnifiedSearchController' => __DIR__ . '/../../..' . '/core/Controller/UnifiedSearchController.php', 'OC\\Core\\Controller\\UnsupportedBrowserController' => __DIR__ . '/../../..' . '/core/Controller/UnsupportedBrowserController.php', |