diff options
13 files changed, 745 insertions, 9 deletions
diff --git a/apps/twofactor_backupcodes/appinfo/info.xml b/apps/twofactor_backupcodes/appinfo/info.xml index 5f956c6a86d..42985d15481 100644 --- a/apps/twofactor_backupcodes/appinfo/info.xml +++ b/apps/twofactor_backupcodes/appinfo/info.xml @@ -16,4 +16,17 @@ <dependencies> <nextcloud min-version="12" max-version="12" /> </dependencies> + + <activity> + <filters> + <filter>OCA\TwoFactorBackupCodes\Activity\GenericFilter</filter> + </filters> + <settings> + <setting>OCA\TwoFactorBackupCodes\Activity\GenericSetting</setting> + </settings> + <providers> + <provider>OCA\TwoFactorBackupCodes\Activity\GenericProvider</provider> + <provider>OCA\TwoFactorBackupCodes\Activity\Provider</provider> + </providers> + </activity> </info> diff --git a/apps/twofactor_backupcodes/lib/Activity/GenericFilter.php b/apps/twofactor_backupcodes/lib/Activity/GenericFilter.php new file mode 100644 index 00000000000..27c0274b600 --- /dev/null +++ b/apps/twofactor_backupcodes/lib/Activity/GenericFilter.php @@ -0,0 +1,66 @@ +<?php + +/** + * @author Christoph Wurst <christoph@winzerhof-wurst.at> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\TwoFactorBackupCodes\Activity; + +use OCP\Activity\IFilter; +use OCP\IL10N; +use OCP\IURLGenerator; + +class GenericFilter implements IFilter { + + /** @var IURLGenerator */ + private $urlGenerator; + + /** @var IL10N */ + private $l10n; + + public function __construct(IURLGenerator $urlGenerator, IL10N $l10n) { + $this->urlGenerator = $urlGenerator; + $this->l10n = $l10n; + } + + public function allowedApps() { + return []; + } + + public function filterTypes(array $types) { + return array_intersect(['twofactor'], $types); + } + + public function getIcon() { + return $this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg')); + } + + public function getIdentifier() { + return 'twofactor'; + } + + public function getName() { + return $this->l10n->t('Two-factor authentication'); + } + + public function getPriority() { + return 30; + } + +} diff --git a/apps/twofactor_backupcodes/lib/Activity/GenericProvider.php b/apps/twofactor_backupcodes/lib/Activity/GenericProvider.php new file mode 100644 index 00000000000..ffdd47708d5 --- /dev/null +++ b/apps/twofactor_backupcodes/lib/Activity/GenericProvider.php @@ -0,0 +1,77 @@ +<?php + +/** + * @author Christoph Wurst <christoph@winzerhof-wurst.at> + * @copyright Copyright (c) 2016 Christoph Wurst <christoph@winzerhof-wurst.at> + * + * Two-factor backup codes + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\TwoFactorBackupCodes\Activity; + +use InvalidArgumentException; +use OCP\Activity\IEvent; +use OCP\Activity\IProvider; +use OCP\ILogger; +use OCP\IURLGenerator; +use OCP\L10N\IFactory as L10nFactory; + +class GenericProvider implements IProvider { + + /** @var L10nFactory */ + private $l10n; + + /** @var IURLGenerator */ + private $urlGenerator; + + /** @var ILogger */ + private $logger; + + public function __construct(L10nFactory $l10n, IURLGenerator $urlGenerator, ILogger $logger) { + $this->logger = $logger; + $this->urlGenerator = $urlGenerator; + $this->l10n = $l10n; + } + + public function parse($language, IEvent $event, IEvent $previousEvent = null) { + if ($event->getType() !== 'twofactor') { + throw new InvalidArgumentException(); + } + + $l = $this->l10n->get('core', $language); + + switch ($event->getSubject()) { + case 'twofactor_success': + $params = $event->getSubjectParameters(); + $event->setParsedSubject($l->t('You successfully logged in using two-factor authentication (%1$s)', [ + $params['provider'], + ])); + $event->setIcon($this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg'))); + break; + case 'twofactor_failed': + $params = $event->getSubjectParameters(); + $event->setParsedSubject($l->t('A login attempt using two-factor authentication failed (%1$s)', [ + $params['provider'], + ])); + $event->setIcon($this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg'))); + break; + default: + throw new InvalidArgumentException(); + } + return $event; + } + +} diff --git a/apps/twofactor_backupcodes/lib/Activity/GenericSetting.php b/apps/twofactor_backupcodes/lib/Activity/GenericSetting.php new file mode 100644 index 00000000000..abd1c60f1d5 --- /dev/null +++ b/apps/twofactor_backupcodes/lib/Activity/GenericSetting.php @@ -0,0 +1,65 @@ +<?php + +/** + * @author Christoph Wurst <christoph@winzerhof-wurst.at> + * @copyright Copyright (c) 2016 Christoph Wurst <christoph@winzerhof-wurst.at> + * + * Two-factor backup codes + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\TwoFactorBackupCodes\Activity; + +use OCP\Activity\ISetting; +use OCP\IL10N; + +class GenericSetting implements ISetting { + + /** @var IL10N */ + private $l10n; + + public function __construct(IL10N $l10n) { + $this->l10n = $l10n; + } + + public function canChangeMail() { + return false; + } + + public function canChangeStream() { + return false; + } + + public function getIdentifier() { + return 'twofactor'; + } + + public function getName() { + return $this->l10n->t('Two-factor authentication'); + } + + public function getPriority() { + return 30; + } + + public function isDefaultEnabledMail() { + return true; + } + + public function isDefaultEnabledStream() { + return true; + } + +} diff --git a/apps/twofactor_backupcodes/lib/Activity/Provider.php b/apps/twofactor_backupcodes/lib/Activity/Provider.php new file mode 100644 index 00000000000..cfb16c9f8d3 --- /dev/null +++ b/apps/twofactor_backupcodes/lib/Activity/Provider.php @@ -0,0 +1,67 @@ +<?php + +/** + * @author Christoph Wurst <christoph@winzerhof-wurst.at> + * @copyright Copyright (c) 2016 Christoph Wurst <christoph@winzerhof-wurst.at> + * + * Two-factor backup codes + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\TwoFactorBackupCodes\Activity; + +use InvalidArgumentException; +use OCP\Activity\IEvent; +use OCP\Activity\IProvider; +use OCP\ILogger; +use OCP\IURLGenerator; +use OCP\L10N\IFactory as L10nFactory; + +class Provider implements IProvider { + + /** @var L10nFactory */ + private $l10n; + + /** @var IURLGenerator */ + private $urlGenerator; + + /** @var ILogger */ + private $logger; + + public function __construct(L10nFactory $l10n, IURLGenerator $urlGenerator, ILogger $logger) { + $this->logger = $logger; + $this->urlGenerator = $urlGenerator; + $this->l10n = $l10n; + } + + public function parse($language, IEvent $event, IEvent $previousEvent = null) { + if ($event->getApp() !== 'twofactor_backupcodes') { + throw new InvalidArgumentException(); + } + + $l = $this->l10n->get('twofactor_backupcodes', $language); + + switch ($event->getSubject()) { + case 'codes_generated': + $event->setParsedSubject($l->t('You created two-factor backup codes for your account')); + $event->setIcon($this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg'))); + break; + default: + throw new InvalidArgumentException(); + } + return $event; + } + +} diff --git a/apps/twofactor_backupcodes/lib/Service/BackupCodeStorage.php b/apps/twofactor_backupcodes/lib/Service/BackupCodeStorage.php index bb10081bb54..ecb16305e92 100644 --- a/apps/twofactor_backupcodes/lib/Service/BackupCodeStorage.php +++ b/apps/twofactor_backupcodes/lib/Service/BackupCodeStorage.php @@ -22,8 +22,11 @@ namespace OCA\TwoFactorBackupCodes\Service; +use BadMethodCallException; use OCA\TwoFactorBackupCodes\Db\BackupCode; use OCA\TwoFactorBackupCodes\Db\BackupCodeMapper; +use OCP\Activity\IManager; +use OCP\ILogger; use OCP\IUser; use OCP\Security\IHasher; use OCP\Security\ISecureRandom; @@ -39,10 +42,19 @@ class BackupCodeStorage { /** @var ISecureRandom */ private $random; - public function __construct(BackupCodeMapper $mapper, ISecureRandom $random, IHasher $hasher) { + /** @var IManager */ + private $activityManager; + + /** @var ILogger */ + private $logger; + + public function __construct(BackupCodeMapper $mapper, ISecureRandom $random, IHasher $hasher, + IManager $activityManager, ILogger $logger) { $this->mapper = $mapper; $this->hasher = $hasher; $this->random = $random; + $this->activityManager = $activityManager; + $this->logger = $logger; } /** @@ -68,10 +80,33 @@ class BackupCodeStorage { array_push($result, $code); } + $this->publishEvent($user, 'codes_generated'); + return $result; } /** + * Push an event the user's activity stream + * + * @param IUser $user + * @param string $event + */ + private function publishEvent(IUser $user, $event) { + $activity = $this->activityManager->generateEvent(); + $activity->setApp('twofactor_backupcodes') + ->setType('twofactor') + ->setAuthor($user->getUID()) + ->setAffectedUser($user->getUID()) + ->setSubject($event); + try { + $this->activityManager->publish($activity); + } catch (BadMethodCallException $e) { + $this->logger->warning('could not publish backup code creation activity', ['app' => 'twofactor_backupcodes']); + $this->logger->logException($e, ['app' => 'twofactor_backupcodes']); + } + } + + /** * @param IUser $user * @return bool */ diff --git a/apps/twofactor_backupcodes/tests/Unit/Activity/GenericFilterTest.php b/apps/twofactor_backupcodes/tests/Unit/Activity/GenericFilterTest.php new file mode 100644 index 00000000000..ca24c0be647 --- /dev/null +++ b/apps/twofactor_backupcodes/tests/Unit/Activity/GenericFilterTest.php @@ -0,0 +1,83 @@ +<?php + +/** + * @author Christoph Wurst <christoph@winzerhof-wurst.at> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\TwoFactorBackupCodes\Test\Unit\Activity; + +use OCA\TwoFactorBackupCodes\Activity\GenericFilter; +use OCP\IL10N; +use OCP\IURLGenerator; +use Test\TestCase; + +class GenericFilterTest extends TestCase { + + private $urlGenerator; + private $l10n; + + /** @var GenericFilter */ + private $filter; + + protected function setUp() { + parent::setUp(); + + $this->urlGenerator = $this->createMock(IURLGenerator::class); + $this->l10n = $this->createMock(IL10N::class); + + $this->filter = new GenericFilter($this->urlGenerator, $this->l10n); + } + + public function testAllowedApps() { + $this->assertEquals([], $this->filter->allowedApps()); + } + + public function testFilterTypes() { + $this->assertEquals(['twofactor'], $this->filter->filterTypes(['comments', 'twofactor'])); + } + + public function testGetIcon() { + $this->urlGenerator->expects($this->once()) + ->method('imagePath') + ->with('core', 'actions/password.svg') + ->will($this->returnValue('path/to/icon.svg')); + $this->urlGenerator->expects($this->once()) + ->method('getAbsoluteURL') + ->with('path/to/icon.svg') + ->will($this->returnValue('abs/path/to/icon.svg')); + $this->assertEquals('abs/path/to/icon.svg', $this->filter->getIcon()); + } + + public function testGetIdentifier() { + $this->assertEquals('twofactor', $this->filter->getIdentifier()); + } + + public function testGetName() { + $this->l10n->expects($this->once()) + ->method('t') + ->with('Two-factor authentication') + ->will($this->returnValue('translated')); + $this->assertEquals('translated', $this->filter->getName()); + } + + public function testGetPriority() { + $this->assertEquals(30, $this->filter->getPriority()); + } + +} diff --git a/apps/twofactor_backupcodes/tests/Unit/Activity/ProviderTest.php b/apps/twofactor_backupcodes/tests/Unit/Activity/ProviderTest.php new file mode 100644 index 00000000000..36e85ec1872 --- /dev/null +++ b/apps/twofactor_backupcodes/tests/Unit/Activity/ProviderTest.php @@ -0,0 +1,106 @@ +<?php + +/** + * @author Christoph Wurst <christoph@winzerhof-wurst.at> + * @copyright Copyright (c) 2016 Christoph Wurst <christoph@winzerhof-wurst.at> + * + * Two-factor backup codes + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\TwoFactorBackupCodes\Test\Unit\Activity; + +use InvalidArgumentException; +use OCA\TwoFactorBackupCodes\Activity\GenericProvider; +use OCP\Activity\IEvent; +use OCP\IL10N; +use OCP\ILogger; +use OCP\IURLGenerator; +use OCP\L10N\IFactory; +use Test\TestCase; + +class ProviderTest extends TestCase { + + private $l10n; + private $urlGenerator; + private $logger; + + /** @var GenericProvider */ + private $provider; + + protected function setUp() { + parent::setUp(); + + $this->l10n = $this->createMock(IFactory::class); + $this->urlGenerator = $this->createMock(IURLGenerator::class); + $this->logger = $this->createMock(ILogger::class); + + $this->provider = new GenericProvider($this->l10n, $this->urlGenerator, $this->logger); + } + + public function testParseUnrelated() { + $lang = 'ru'; + $event = $this->createMock(IEvent::class); + $event->expects($this->once()) + ->method('getType') + ->will($this->returnValue('comments')); + $this->setExpectedException(InvalidArgumentException::class); + + $this->provider->parse($lang, $event); + } + + public function subjectData() { + return [ + ['twofactor_success'], + ['twofactor_failed'], + ]; + } + + /** + * @dataProvider subjectData + */ + public function testParse($subject) { + $lang = 'ru'; + $event = $this->createMock(IEvent::class); + $l = $this->createMock(IL10N::class); + + $event->expects($this->once()) + ->method('getType') + ->will($this->returnValue('twofactor')); + $this->l10n->expects($this->once()) + ->method('get') + ->with('core', $lang) + ->will($this->returnValue($l)); + $this->urlGenerator->expects($this->once()) + ->method('imagePath') + ->with('core', 'actions/password.svg') + ->will($this->returnValue('path/to/image')); + $this->urlGenerator->expects($this->once()) + ->method('getAbsoluteURL') + ->with('path/to/image') + ->will($this->returnValue('absolute/path/to/image')); + $event->expects($this->once()) + ->method('setIcon') + ->with('absolute/path/to/image'); + $event->expects($this->once()) + ->method('getSubject') + ->will($this->returnValue($subject)); + $event->expects($this->once()) + ->method('setParsedSubject'); + + $this->provider->parse($lang, $event); + } + +} diff --git a/apps/twofactor_backupcodes/tests/Unit/Activity/SettingTest.php b/apps/twofactor_backupcodes/tests/Unit/Activity/SettingTest.php new file mode 100644 index 00000000000..2f6aed040f0 --- /dev/null +++ b/apps/twofactor_backupcodes/tests/Unit/Activity/SettingTest.php @@ -0,0 +1,73 @@ +<?php + +/** + * @author Christoph Wurst <christoph@winzerhof-wurst.at> + * @copyright Copyright (c) 2016 Christoph Wurst <christoph@winzerhof-wurst.at> + * + * Two-factor backup codes + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\TwoFactorBackupCodes\Test\Unit\Activity; + +use OCA\TwoFactorBackupCodes\Activity\GenericSetting; +use OCP\IL10N; +use Test\TestCase; + +class SettingTest extends TestCase { + + private $l10n; + + /** @var GenericSetting */ + private $setting; + + protected function setUp() { + parent::setUp(); + + $this->l10n = $this->createMock(IL10N::class); + + $this->setting = new GenericSetting($this->l10n); + } + + public function testCanChangeMail() { + $this->assertFalse($this->setting->canChangeMail()); + } + + public function testCanChangeStream() { + $this->assertFalse($this->setting->canChangeStream()); + } + + public function testGetIdentifier() { + $this->assertEquals('twofactor', $this->setting->getIdentifier()); + } + + public function testGetName() { + $this->l10n->expects($this->once()) + ->method('t') + ->with('Two-factor authentication') + ->will($this->returnValue('Zwei-Faktor-Authentifizierung')); + $this->assertEquals('Zwei-Faktor-Authentifizierung', $this->setting->getName()); + } + + public function testGetPriority() { + $this->assertEquals(30, $this->setting->getPriority()); + } + + public function testIsDefaultEnabled() { + $this->assertTrue($this->setting->isDefaultEnabledMail()); + $this->assertTrue($this->setting->isDefaultEnabledStream()); + } + +} diff --git a/apps/twofactor_backupcodes/tests/Unit/Service/BackupCodeStorageTest.php b/apps/twofactor_backupcodes/tests/Unit/Service/BackupCodeStorageTest.php index 7a1132b064b..54738f74600 100644 --- a/apps/twofactor_backupcodes/tests/Unit/Service/BackupCodeStorageTest.php +++ b/apps/twofactor_backupcodes/tests/Unit/Service/BackupCodeStorageTest.php @@ -25,6 +25,9 @@ namespace OCA\TwoFactorBackupCodes\Tests\Unit\Service; use OCA\TwoFactorBackupCodes\Db\BackupCode; use OCA\TwoFactorBackupCodes\Db\BackupCodeMapper; use OCA\TwoFactorBackupCodes\Service\BackupCodeStorage; +use OCP\Activity\IEvent; +use OCP\Activity\IManager; +use OCP\ILogger; use OCP\IUser; use OCP\Security\IHasher; use OCP\Security\ISecureRandom; @@ -41,6 +44,12 @@ class BackupCodeStorageTest extends TestCase { /** @var IHasher|\PHPUnit_Framework_MockObject_MockObject */ private $hasher; + /** @var IManager|\PHPUnit_Framework_MockObject_MockObject */ + private $activityManager; + + /** @var ILogger|\PHPUnit_Framework_MockObject_MockObject */ + private $logger; + /** @var BackupCodeStorage */ private $storage; @@ -52,14 +61,18 @@ class BackupCodeStorageTest extends TestCase { ->getMock(); $this->random = $this->getMockBuilder(ISecureRandom::class)->getMock(); $this->hasher = $this->getMockBuilder(IHasher::class)->getMock(); - $this->storage = new BackupCodeStorage($this->mapper, $this->random, $this->hasher); + $this->activityManager = $this->createMock(IManager::class); + $this->logger = $this->createMock(ILogger::class); + + $this->storage = new BackupCodeStorage($this->mapper, $this->random, $this->hasher, $this->activityManager, $this->logger); } public function testCreateCodes() { $user = $this->getMockBuilder(IUser::class)->getMock(); $number = 5; + $event = $this->createMock(IEvent::class); - $user->expects($this->once()) + $user->expects($this->any()) ->method('getUID') ->will($this->returnValue('fritz')); $this->random->expects($this->exactly($number)) @@ -77,6 +90,28 @@ class BackupCodeStorageTest extends TestCase { $this->mapper->expects($this->exactly($number)) ->method('insert') ->with($this->equalTo($row)); + $this->activityManager->expects($this->once()) + ->method('generateEvent') + ->will($this->returnValue($event)); + $event->expects($this->once()) + ->method('setApp') + ->with('twofactor_backupcodes') + ->will($this->returnSelf()); + $event->expects($this->once()) + ->method('setType') + ->with('twofactor') + ->will($this->returnSelf()); + $event->expects($this->once()) + ->method('setAuthor') + ->with('fritz') + ->will($this->returnSelf()); + $event->expects($this->once()) + ->method('setAffectedUser') + ->with('fritz') + ->will($this->returnSelf()); + $this->activityManager->expects($this->once()) + ->method('publish') + ->will($this->returnValue($event)); $codes = $this->storage->createCodes($user, $number); $this->assertCount($number, $codes); diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php index 48792aa685b..1d0deada696 100644 --- a/lib/private/Authentication/TwoFactorAuth/Manager.php +++ b/lib/private/Authentication/TwoFactorAuth/Manager.php @@ -1,4 +1,5 @@ <?php + /** * @copyright Copyright (c) 2016, ownCloud, Inc. * @@ -26,9 +27,11 @@ use Exception; use OC; use OC\App\AppManager; use OC_App; +use OCP\Activity\IManager; use OCP\AppFramework\QueryException; use OCP\Authentication\TwoFactorAuth\IProvider; use OCP\IConfig; +use OCP\ILogger; use OCP\ISession; use OCP\IUser; @@ -48,15 +51,26 @@ class Manager { /** @var IConfig */ private $config; + /** @var IManager */ + private $activityManager; + + /** @var ILogger */ + private $logger; + /** * @param AppManager $appManager * @param ISession $session * @param IConfig $config + * @param IManager $activityManager + * @param ILogger $logger */ - public function __construct(AppManager $appManager, ISession $session, IConfig $config) { + public function __construct(AppManager $appManager, ISession $session, IConfig $config, IManager $activityManager, + ILogger $logger) { $this->appManager = $appManager; $this->session = $session; $this->config = $config; + $this->activityManager = $activityManager; + $this->logger = $logger; } /** @@ -184,11 +198,40 @@ class Manager { } $this->session->remove(self::SESSION_UID_KEY); $this->session->remove(self::REMEMBER_LOGIN); + + $this->publishEvent($user, 'twofactor_success', [ + 'provider' => $provider->getDisplayName(), + ]); + } else { + $this->publishEvent($user, 'twofactor_failed', [ + 'provider' => $provider->getDisplayName(), + ]); } return $passed; } /** + * Push a 2fa event the user's activity stream + * + * @param IUser $user + * @param string $event + */ + private function publishEvent(IUser $user, $event, array $params) { + $activity = $this->activityManager->generateEvent(); + $activity->setApp('twofactor_generic') + ->setType('twofactor') + ->setAuthor($user->getUID()) + ->setAffectedUser($user->getUID()) + ->setSubject($event, $params); + try { + $this->activityManager->publish($activity); + } catch (Exception $e) { + $this->logger->warning('could not publish backup code creation activity', ['app' => 'twofactor_backupcodes']); + $this->logger->logException($e, ['app' => 'twofactor_backupcodes']); + } + } + + /** * Check if the currently logged in user needs to pass 2FA * * @param IUser $user the currently logged in user diff --git a/lib/private/Server.php b/lib/private/Server.php index 969e5a25b9b..6f4d4f066e7 100644 --- a/lib/private/Server.php +++ b/lib/private/Server.php @@ -312,7 +312,7 @@ class Server extends ServerContainer implements IServerContainer { }); $this->registerService(\OC\Authentication\TwoFactorAuth\Manager::class, function (Server $c) { - return new \OC\Authentication\TwoFactorAuth\Manager($c->getAppManager(), $c->getSession(), $c->getConfig()); + return new \OC\Authentication\TwoFactorAuth\Manager($c->getAppManager(), $c->getSession(), $c->getConfig(), $c->getActivityManager(), $c->getLogger()); }); $this->registerService('NavigationManager', function ($c) { diff --git a/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php b/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php index 52f3ca28500..1ea17f5d307 100644 --- a/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php +++ b/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php @@ -26,8 +26,11 @@ use Exception; use OC; use OC\App\AppManager; use OC\Authentication\TwoFactorAuth\Manager; +use OCP\Activity\IEvent; +use OCP\Activity\IManager; use OCP\Authentication\TwoFactorAuth\IProvider; use OCP\IConfig; +use OCP\ILogger; use OCP\ISession; use OCP\IUser; use Test\TestCase; @@ -49,6 +52,12 @@ class ManagerTest extends TestCase { /** @var IConfig|PHPUnit_Framework_MockObject_MockObject */ private $config; + /** @var IManager|PHPUnit_Framework_MockObject_MockObject */ + private $activityManager; + + /** @var ILogger|PHPUnit_Framework_MockObject_MockObject */ + private $logger; + /** @var IProvider|PHPUnit_Framework_MockObject_MockObject */ private $fakeProvider; @@ -59,14 +68,14 @@ class ManagerTest extends TestCase { parent::setUp(); $this->user = $this->createMock(IUser::class); - $this->appManager = $this->getMockBuilder('\OC\App\AppManager') - ->disableOriginalConstructor() - ->getMock(); + $this->appManager = $this->createMock('\OC\App\AppManager'); $this->session = $this->createMock(ISession::class); $this->config = $this->createMock(IConfig::class); + $this->activityManager = $this->createMock(IManager::class); + $this->logger = $this->createMock(ILogger::class); $this->manager = $this->getMockBuilder('\OC\Authentication\TwoFactorAuth\Manager') - ->setConstructorArgs([$this->appManager, $this->session, $this->config]) + ->setConstructorArgs([$this->appManager, $this->session, $this->config, $this->activityManager, $this->logger]) ->setMethods(['loadTwoFactorApp']) // Do not actually load the apps ->getMock(); @@ -228,6 +237,7 @@ class ManagerTest extends TestCase { $this->prepareProviders(); $challenge = 'passme'; + $event = $this->createMock(IEvent::class); $this->fakeProvider->expects($this->once()) ->method('verifyChallenge') ->with($this->user, $challenge) @@ -242,6 +252,37 @@ class ManagerTest extends TestCase { $this->session->expects($this->at(2)) ->method('remove') ->with('two_factor_remember_login'); + $this->activityManager->expects($this->once()) + ->method('generateEvent') + ->willReturn($event); + $this->user->expects($this->any()) + ->method('getUID') + ->willReturn('jos'); + $event->expects($this->once()) + ->method('setApp') + ->with($this->equalTo('twofactor_generic')) + ->willReturnSelf(); + $event->expects($this->once()) + ->method('setType') + ->with($this->equalTo('twofactor')) + ->willReturnSelf(); + $event->expects($this->once()) + ->method('setAuthor') + ->with($this->equalTo('jos')) + ->willReturnSelf(); + $event->expects($this->once()) + ->method('setAffectedUser') + ->with($this->equalTo('jos')) + ->willReturnSelf(); + $this->fakeProvider->expects($this->once()) + ->method('getDisplayName') + ->willReturn('Fake 2FA'); + $event->expects($this->once()) + ->method('setSubject') + ->with($this->equalTo('twofactor_success'), $this->equalTo([ + 'provider' => 'Fake 2FA', + ])) + ->willReturnSelf(); $this->assertTrue($this->manager->verifyChallenge('email', $this->user, $challenge)); } @@ -263,12 +304,44 @@ class ManagerTest extends TestCase { $this->prepareProviders(); $challenge = 'dontpassme'; + $event = $this->createMock(IEvent::class); $this->fakeProvider->expects($this->once()) ->method('verifyChallenge') ->with($this->user, $challenge) ->will($this->returnValue(false)); $this->session->expects($this->never()) ->method('remove'); + $this->activityManager->expects($this->once()) + ->method('generateEvent') + ->willReturn($event); + $this->user->expects($this->any()) + ->method('getUID') + ->willReturn('jos'); + $event->expects($this->once()) + ->method('setApp') + ->with($this->equalTo('twofactor_generic')) + ->willReturnSelf(); + $event->expects($this->once()) + ->method('setType') + ->with($this->equalTo('twofactor')) + ->willReturnSelf(); + $event->expects($this->once()) + ->method('setAuthor') + ->with($this->equalTo('jos')) + ->willReturnSelf(); + $event->expects($this->once()) + ->method('setAffectedUser') + ->with($this->equalTo('jos')) + ->willReturnSelf(); + $this->fakeProvider->expects($this->once()) + ->method('getDisplayName') + ->willReturn('Fake 2FA'); + $event->expects($this->once()) + ->method('setSubject') + ->with($this->equalTo('twofactor_failed'), $this->equalTo([ + 'provider' => 'Fake 2FA', + ])) + ->willReturnSelf(); $this->assertFalse($this->manager->verifyChallenge('email', $this->user, $challenge)); } |