summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--apps/twofactor_backupcodes/appinfo/info.xml13
-rw-r--r--apps/twofactor_backupcodes/lib/Activity/GenericFilter.php66
-rw-r--r--apps/twofactor_backupcodes/lib/Activity/GenericProvider.php77
-rw-r--r--apps/twofactor_backupcodes/lib/Activity/GenericSetting.php65
-rw-r--r--apps/twofactor_backupcodes/lib/Activity/Provider.php67
-rw-r--r--apps/twofactor_backupcodes/lib/Service/BackupCodeStorage.php37
-rw-r--r--apps/twofactor_backupcodes/tests/Unit/Activity/GenericFilterTest.php83
-rw-r--r--apps/twofactor_backupcodes/tests/Unit/Activity/ProviderTest.php106
-rw-r--r--apps/twofactor_backupcodes/tests/Unit/Activity/SettingTest.php73
-rw-r--r--apps/twofactor_backupcodes/tests/Unit/Service/BackupCodeStorageTest.php39
-rw-r--r--lib/private/Authentication/TwoFactorAuth/Manager.php45
-rw-r--r--lib/private/Server.php2
-rw-r--r--tests/lib/Authentication/TwoFactorAuth/ManagerTest.php81
13 files changed, 745 insertions, 9 deletions
diff --git a/apps/twofactor_backupcodes/appinfo/info.xml b/apps/twofactor_backupcodes/appinfo/info.xml
index 5f956c6a86d..42985d15481 100644
--- a/apps/twofactor_backupcodes/appinfo/info.xml
+++ b/apps/twofactor_backupcodes/appinfo/info.xml
@@ -16,4 +16,17 @@
<dependencies>
<nextcloud min-version="12" max-version="12" />
</dependencies>
+
+ <activity>
+ <filters>
+ <filter>OCA\TwoFactorBackupCodes\Activity\GenericFilter</filter>
+ </filters>
+ <settings>
+ <setting>OCA\TwoFactorBackupCodes\Activity\GenericSetting</setting>
+ </settings>
+ <providers>
+ <provider>OCA\TwoFactorBackupCodes\Activity\GenericProvider</provider>
+ <provider>OCA\TwoFactorBackupCodes\Activity\Provider</provider>
+ </providers>
+ </activity>
</info>
diff --git a/apps/twofactor_backupcodes/lib/Activity/GenericFilter.php b/apps/twofactor_backupcodes/lib/Activity/GenericFilter.php
new file mode 100644
index 00000000000..27c0274b600
--- /dev/null
+++ b/apps/twofactor_backupcodes/lib/Activity/GenericFilter.php
@@ -0,0 +1,66 @@
+<?php
+
+/**
+ * @author Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\TwoFactorBackupCodes\Activity;
+
+use OCP\Activity\IFilter;
+use OCP\IL10N;
+use OCP\IURLGenerator;
+
+class GenericFilter implements IFilter {
+
+ /** @var IURLGenerator */
+ private $urlGenerator;
+
+ /** @var IL10N */
+ private $l10n;
+
+ public function __construct(IURLGenerator $urlGenerator, IL10N $l10n) {
+ $this->urlGenerator = $urlGenerator;
+ $this->l10n = $l10n;
+ }
+
+ public function allowedApps() {
+ return [];
+ }
+
+ public function filterTypes(array $types) {
+ return array_intersect(['twofactor'], $types);
+ }
+
+ public function getIcon() {
+ return $this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg'));
+ }
+
+ public function getIdentifier() {
+ return 'twofactor';
+ }
+
+ public function getName() {
+ return $this->l10n->t('Two-factor authentication');
+ }
+
+ public function getPriority() {
+ return 30;
+ }
+
+}
diff --git a/apps/twofactor_backupcodes/lib/Activity/GenericProvider.php b/apps/twofactor_backupcodes/lib/Activity/GenericProvider.php
new file mode 100644
index 00000000000..ffdd47708d5
--- /dev/null
+++ b/apps/twofactor_backupcodes/lib/Activity/GenericProvider.php
@@ -0,0 +1,77 @@
+<?php
+
+/**
+ * @author Christoph Wurst <christoph@winzerhof-wurst.at>
+ * @copyright Copyright (c) 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * Two-factor backup codes
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\TwoFactorBackupCodes\Activity;
+
+use InvalidArgumentException;
+use OCP\Activity\IEvent;
+use OCP\Activity\IProvider;
+use OCP\ILogger;
+use OCP\IURLGenerator;
+use OCP\L10N\IFactory as L10nFactory;
+
+class GenericProvider implements IProvider {
+
+ /** @var L10nFactory */
+ private $l10n;
+
+ /** @var IURLGenerator */
+ private $urlGenerator;
+
+ /** @var ILogger */
+ private $logger;
+
+ public function __construct(L10nFactory $l10n, IURLGenerator $urlGenerator, ILogger $logger) {
+ $this->logger = $logger;
+ $this->urlGenerator = $urlGenerator;
+ $this->l10n = $l10n;
+ }
+
+ public function parse($language, IEvent $event, IEvent $previousEvent = null) {
+ if ($event->getType() !== 'twofactor') {
+ throw new InvalidArgumentException();
+ }
+
+ $l = $this->l10n->get('core', $language);
+
+ switch ($event->getSubject()) {
+ case 'twofactor_success':
+ $params = $event->getSubjectParameters();
+ $event->setParsedSubject($l->t('You successfully logged in using two-factor authentication (%1$s)', [
+ $params['provider'],
+ ]));
+ $event->setIcon($this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg')));
+ break;
+ case 'twofactor_failed':
+ $params = $event->getSubjectParameters();
+ $event->setParsedSubject($l->t('A login attempt using two-factor authentication failed (%1$s)', [
+ $params['provider'],
+ ]));
+ $event->setIcon($this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg')));
+ break;
+ default:
+ throw new InvalidArgumentException();
+ }
+ return $event;
+ }
+
+}
diff --git a/apps/twofactor_backupcodes/lib/Activity/GenericSetting.php b/apps/twofactor_backupcodes/lib/Activity/GenericSetting.php
new file mode 100644
index 00000000000..abd1c60f1d5
--- /dev/null
+++ b/apps/twofactor_backupcodes/lib/Activity/GenericSetting.php
@@ -0,0 +1,65 @@
+<?php
+
+/**
+ * @author Christoph Wurst <christoph@winzerhof-wurst.at>
+ * @copyright Copyright (c) 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * Two-factor backup codes
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\TwoFactorBackupCodes\Activity;
+
+use OCP\Activity\ISetting;
+use OCP\IL10N;
+
+class GenericSetting implements ISetting {
+
+ /** @var IL10N */
+ private $l10n;
+
+ public function __construct(IL10N $l10n) {
+ $this->l10n = $l10n;
+ }
+
+ public function canChangeMail() {
+ return false;
+ }
+
+ public function canChangeStream() {
+ return false;
+ }
+
+ public function getIdentifier() {
+ return 'twofactor';
+ }
+
+ public function getName() {
+ return $this->l10n->t('Two-factor authentication');
+ }
+
+ public function getPriority() {
+ return 30;
+ }
+
+ public function isDefaultEnabledMail() {
+ return true;
+ }
+
+ public function isDefaultEnabledStream() {
+ return true;
+ }
+
+}
diff --git a/apps/twofactor_backupcodes/lib/Activity/Provider.php b/apps/twofactor_backupcodes/lib/Activity/Provider.php
new file mode 100644
index 00000000000..cfb16c9f8d3
--- /dev/null
+++ b/apps/twofactor_backupcodes/lib/Activity/Provider.php
@@ -0,0 +1,67 @@
+<?php
+
+/**
+ * @author Christoph Wurst <christoph@winzerhof-wurst.at>
+ * @copyright Copyright (c) 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * Two-factor backup codes
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\TwoFactorBackupCodes\Activity;
+
+use InvalidArgumentException;
+use OCP\Activity\IEvent;
+use OCP\Activity\IProvider;
+use OCP\ILogger;
+use OCP\IURLGenerator;
+use OCP\L10N\IFactory as L10nFactory;
+
+class Provider implements IProvider {
+
+ /** @var L10nFactory */
+ private $l10n;
+
+ /** @var IURLGenerator */
+ private $urlGenerator;
+
+ /** @var ILogger */
+ private $logger;
+
+ public function __construct(L10nFactory $l10n, IURLGenerator $urlGenerator, ILogger $logger) {
+ $this->logger = $logger;
+ $this->urlGenerator = $urlGenerator;
+ $this->l10n = $l10n;
+ }
+
+ public function parse($language, IEvent $event, IEvent $previousEvent = null) {
+ if ($event->getApp() !== 'twofactor_backupcodes') {
+ throw new InvalidArgumentException();
+ }
+
+ $l = $this->l10n->get('twofactor_backupcodes', $language);
+
+ switch ($event->getSubject()) {
+ case 'codes_generated':
+ $event->setParsedSubject($l->t('You created two-factor backup codes for your account'));
+ $event->setIcon($this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg')));
+ break;
+ default:
+ throw new InvalidArgumentException();
+ }
+ return $event;
+ }
+
+}
diff --git a/apps/twofactor_backupcodes/lib/Service/BackupCodeStorage.php b/apps/twofactor_backupcodes/lib/Service/BackupCodeStorage.php
index bb10081bb54..ecb16305e92 100644
--- a/apps/twofactor_backupcodes/lib/Service/BackupCodeStorage.php
+++ b/apps/twofactor_backupcodes/lib/Service/BackupCodeStorage.php
@@ -22,8 +22,11 @@
namespace OCA\TwoFactorBackupCodes\Service;
+use BadMethodCallException;
use OCA\TwoFactorBackupCodes\Db\BackupCode;
use OCA\TwoFactorBackupCodes\Db\BackupCodeMapper;
+use OCP\Activity\IManager;
+use OCP\ILogger;
use OCP\IUser;
use OCP\Security\IHasher;
use OCP\Security\ISecureRandom;
@@ -39,10 +42,19 @@ class BackupCodeStorage {
/** @var ISecureRandom */
private $random;
- public function __construct(BackupCodeMapper $mapper, ISecureRandom $random, IHasher $hasher) {
+ /** @var IManager */
+ private $activityManager;
+
+ /** @var ILogger */
+ private $logger;
+
+ public function __construct(BackupCodeMapper $mapper, ISecureRandom $random, IHasher $hasher,
+ IManager $activityManager, ILogger $logger) {
$this->mapper = $mapper;
$this->hasher = $hasher;
$this->random = $random;
+ $this->activityManager = $activityManager;
+ $this->logger = $logger;
}
/**
@@ -68,10 +80,33 @@ class BackupCodeStorage {
array_push($result, $code);
}
+ $this->publishEvent($user, 'codes_generated');
+
return $result;
}
/**
+ * Push an event the user's activity stream
+ *
+ * @param IUser $user
+ * @param string $event
+ */
+ private function publishEvent(IUser $user, $event) {
+ $activity = $this->activityManager->generateEvent();
+ $activity->setApp('twofactor_backupcodes')
+ ->setType('twofactor')
+ ->setAuthor($user->getUID())
+ ->setAffectedUser($user->getUID())
+ ->setSubject($event);
+ try {
+ $this->activityManager->publish($activity);
+ } catch (BadMethodCallException $e) {
+ $this->logger->warning('could not publish backup code creation activity', ['app' => 'twofactor_backupcodes']);
+ $this->logger->logException($e, ['app' => 'twofactor_backupcodes']);
+ }
+ }
+
+ /**
* @param IUser $user
* @return bool
*/
diff --git a/apps/twofactor_backupcodes/tests/Unit/Activity/GenericFilterTest.php b/apps/twofactor_backupcodes/tests/Unit/Activity/GenericFilterTest.php
new file mode 100644
index 00000000000..ca24c0be647
--- /dev/null
+++ b/apps/twofactor_backupcodes/tests/Unit/Activity/GenericFilterTest.php
@@ -0,0 +1,83 @@
+<?php
+
+/**
+ * @author Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\TwoFactorBackupCodes\Test\Unit\Activity;
+
+use OCA\TwoFactorBackupCodes\Activity\GenericFilter;
+use OCP\IL10N;
+use OCP\IURLGenerator;
+use Test\TestCase;
+
+class GenericFilterTest extends TestCase {
+
+ private $urlGenerator;
+ private $l10n;
+
+ /** @var GenericFilter */
+ private $filter;
+
+ protected function setUp() {
+ parent::setUp();
+
+ $this->urlGenerator = $this->createMock(IURLGenerator::class);
+ $this->l10n = $this->createMock(IL10N::class);
+
+ $this->filter = new GenericFilter($this->urlGenerator, $this->l10n);
+ }
+
+ public function testAllowedApps() {
+ $this->assertEquals([], $this->filter->allowedApps());
+ }
+
+ public function testFilterTypes() {
+ $this->assertEquals(['twofactor'], $this->filter->filterTypes(['comments', 'twofactor']));
+ }
+
+ public function testGetIcon() {
+ $this->urlGenerator->expects($this->once())
+ ->method('imagePath')
+ ->with('core', 'actions/password.svg')
+ ->will($this->returnValue('path/to/icon.svg'));
+ $this->urlGenerator->expects($this->once())
+ ->method('getAbsoluteURL')
+ ->with('path/to/icon.svg')
+ ->will($this->returnValue('abs/path/to/icon.svg'));
+ $this->assertEquals('abs/path/to/icon.svg', $this->filter->getIcon());
+ }
+
+ public function testGetIdentifier() {
+ $this->assertEquals('twofactor', $this->filter->getIdentifier());
+ }
+
+ public function testGetName() {
+ $this->l10n->expects($this->once())
+ ->method('t')
+ ->with('Two-factor authentication')
+ ->will($this->returnValue('translated'));
+ $this->assertEquals('translated', $this->filter->getName());
+ }
+
+ public function testGetPriority() {
+ $this->assertEquals(30, $this->filter->getPriority());
+ }
+
+}
diff --git a/apps/twofactor_backupcodes/tests/Unit/Activity/ProviderTest.php b/apps/twofactor_backupcodes/tests/Unit/Activity/ProviderTest.php
new file mode 100644
index 00000000000..36e85ec1872
--- /dev/null
+++ b/apps/twofactor_backupcodes/tests/Unit/Activity/ProviderTest.php
@@ -0,0 +1,106 @@
+<?php
+
+/**
+ * @author Christoph Wurst <christoph@winzerhof-wurst.at>
+ * @copyright Copyright (c) 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * Two-factor backup codes
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\TwoFactorBackupCodes\Test\Unit\Activity;
+
+use InvalidArgumentException;
+use OCA\TwoFactorBackupCodes\Activity\GenericProvider;
+use OCP\Activity\IEvent;
+use OCP\IL10N;
+use OCP\ILogger;
+use OCP\IURLGenerator;
+use OCP\L10N\IFactory;
+use Test\TestCase;
+
+class ProviderTest extends TestCase {
+
+ private $l10n;
+ private $urlGenerator;
+ private $logger;
+
+ /** @var GenericProvider */
+ private $provider;
+
+ protected function setUp() {
+ parent::setUp();
+
+ $this->l10n = $this->createMock(IFactory::class);
+ $this->urlGenerator = $this->createMock(IURLGenerator::class);
+ $this->logger = $this->createMock(ILogger::class);
+
+ $this->provider = new GenericProvider($this->l10n, $this->urlGenerator, $this->logger);
+ }
+
+ public function testParseUnrelated() {
+ $lang = 'ru';
+ $event = $this->createMock(IEvent::class);
+ $event->expects($this->once())
+ ->method('getType')
+ ->will($this->returnValue('comments'));
+ $this->setExpectedException(InvalidArgumentException::class);
+
+ $this->provider->parse($lang, $event);
+ }
+
+ public function subjectData() {
+ return [
+ ['twofactor_success'],
+ ['twofactor_failed'],
+ ];
+ }
+
+ /**
+ * @dataProvider subjectData
+ */
+ public function testParse($subject) {
+ $lang = 'ru';
+ $event = $this->createMock(IEvent::class);
+ $l = $this->createMock(IL10N::class);
+
+ $event->expects($this->once())
+ ->method('getType')
+ ->will($this->returnValue('twofactor'));
+ $this->l10n->expects($this->once())
+ ->method('get')
+ ->with('core', $lang)
+ ->will($this->returnValue($l));
+ $this->urlGenerator->expects($this->once())
+ ->method('imagePath')
+ ->with('core', 'actions/password.svg')
+ ->will($this->returnValue('path/to/image'));
+ $this->urlGenerator->expects($this->once())
+ ->method('getAbsoluteURL')
+ ->with('path/to/image')
+ ->will($this->returnValue('absolute/path/to/image'));
+ $event->expects($this->once())
+ ->method('setIcon')
+ ->with('absolute/path/to/image');
+ $event->expects($this->once())
+ ->method('getSubject')
+ ->will($this->returnValue($subject));
+ $event->expects($this->once())
+ ->method('setParsedSubject');
+
+ $this->provider->parse($lang, $event);
+ }
+
+}
diff --git a/apps/twofactor_backupcodes/tests/Unit/Activity/SettingTest.php b/apps/twofactor_backupcodes/tests/Unit/Activity/SettingTest.php
new file mode 100644
index 00000000000..2f6aed040f0
--- /dev/null
+++ b/apps/twofactor_backupcodes/tests/Unit/Activity/SettingTest.php
@@ -0,0 +1,73 @@
+<?php
+
+/**
+ * @author Christoph Wurst <christoph@winzerhof-wurst.at>
+ * @copyright Copyright (c) 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * Two-factor backup codes
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\TwoFactorBackupCodes\Test\Unit\Activity;
+
+use OCA\TwoFactorBackupCodes\Activity\GenericSetting;
+use OCP\IL10N;
+use Test\TestCase;
+
+class SettingTest extends TestCase {
+
+ private $l10n;
+
+ /** @var GenericSetting */
+ private $setting;
+
+ protected function setUp() {
+ parent::setUp();
+
+ $this->l10n = $this->createMock(IL10N::class);
+
+ $this->setting = new GenericSetting($this->l10n);
+ }
+
+ public function testCanChangeMail() {
+ $this->assertFalse($this->setting->canChangeMail());
+ }
+
+ public function testCanChangeStream() {
+ $this->assertFalse($this->setting->canChangeStream());
+ }
+
+ public function testGetIdentifier() {
+ $this->assertEquals('twofactor', $this->setting->getIdentifier());
+ }
+
+ public function testGetName() {
+ $this->l10n->expects($this->once())
+ ->method('t')
+ ->with('Two-factor authentication')
+ ->will($this->returnValue('Zwei-Faktor-Authentifizierung'));
+ $this->assertEquals('Zwei-Faktor-Authentifizierung', $this->setting->getName());
+ }
+
+ public function testGetPriority() {
+ $this->assertEquals(30, $this->setting->getPriority());
+ }
+
+ public function testIsDefaultEnabled() {
+ $this->assertTrue($this->setting->isDefaultEnabledMail());
+ $this->assertTrue($this->setting->isDefaultEnabledStream());
+ }
+
+}
diff --git a/apps/twofactor_backupcodes/tests/Unit/Service/BackupCodeStorageTest.php b/apps/twofactor_backupcodes/tests/Unit/Service/BackupCodeStorageTest.php
index 7a1132b064b..54738f74600 100644
--- a/apps/twofactor_backupcodes/tests/Unit/Service/BackupCodeStorageTest.php
+++ b/apps/twofactor_backupcodes/tests/Unit/Service/BackupCodeStorageTest.php
@@ -25,6 +25,9 @@ namespace OCA\TwoFactorBackupCodes\Tests\Unit\Service;
use OCA\TwoFactorBackupCodes\Db\BackupCode;
use OCA\TwoFactorBackupCodes\Db\BackupCodeMapper;
use OCA\TwoFactorBackupCodes\Service\BackupCodeStorage;
+use OCP\Activity\IEvent;
+use OCP\Activity\IManager;
+use OCP\ILogger;
use OCP\IUser;
use OCP\Security\IHasher;
use OCP\Security\ISecureRandom;
@@ -41,6 +44,12 @@ class BackupCodeStorageTest extends TestCase {
/** @var IHasher|\PHPUnit_Framework_MockObject_MockObject */
private $hasher;
+ /** @var IManager|\PHPUnit_Framework_MockObject_MockObject */
+ private $activityManager;
+
+ /** @var ILogger|\PHPUnit_Framework_MockObject_MockObject */
+ private $logger;
+
/** @var BackupCodeStorage */
private $storage;
@@ -52,14 +61,18 @@ class BackupCodeStorageTest extends TestCase {
->getMock();
$this->random = $this->getMockBuilder(ISecureRandom::class)->getMock();
$this->hasher = $this->getMockBuilder(IHasher::class)->getMock();
- $this->storage = new BackupCodeStorage($this->mapper, $this->random, $this->hasher);
+ $this->activityManager = $this->createMock(IManager::class);
+ $this->logger = $this->createMock(ILogger::class);
+
+ $this->storage = new BackupCodeStorage($this->mapper, $this->random, $this->hasher, $this->activityManager, $this->logger);
}
public function testCreateCodes() {
$user = $this->getMockBuilder(IUser::class)->getMock();
$number = 5;
+ $event = $this->createMock(IEvent::class);
- $user->expects($this->once())
+ $user->expects($this->any())
->method('getUID')
->will($this->returnValue('fritz'));
$this->random->expects($this->exactly($number))
@@ -77,6 +90,28 @@ class BackupCodeStorageTest extends TestCase {
$this->mapper->expects($this->exactly($number))
->method('insert')
->with($this->equalTo($row));
+ $this->activityManager->expects($this->once())
+ ->method('generateEvent')
+ ->will($this->returnValue($event));
+ $event->expects($this->once())
+ ->method('setApp')
+ ->with('twofactor_backupcodes')
+ ->will($this->returnSelf());
+ $event->expects($this->once())
+ ->method('setType')
+ ->with('twofactor')
+ ->will($this->returnSelf());
+ $event->expects($this->once())
+ ->method('setAuthor')
+ ->with('fritz')
+ ->will($this->returnSelf());
+ $event->expects($this->once())
+ ->method('setAffectedUser')
+ ->with('fritz')
+ ->will($this->returnSelf());
+ $this->activityManager->expects($this->once())
+ ->method('publish')
+ ->will($this->returnValue($event));
$codes = $this->storage->createCodes($user, $number);
$this->assertCount($number, $codes);
diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php
index 48792aa685b..1d0deada696 100644
--- a/lib/private/Authentication/TwoFactorAuth/Manager.php
+++ b/lib/private/Authentication/TwoFactorAuth/Manager.php
@@ -1,4 +1,5 @@
<?php
+
/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
*
@@ -26,9 +27,11 @@ use Exception;
use OC;
use OC\App\AppManager;
use OC_App;
+use OCP\Activity\IManager;
use OCP\AppFramework\QueryException;
use OCP\Authentication\TwoFactorAuth\IProvider;
use OCP\IConfig;
+use OCP\ILogger;
use OCP\ISession;
use OCP\IUser;
@@ -48,15 +51,26 @@ class Manager {
/** @var IConfig */
private $config;
+ /** @var IManager */
+ private $activityManager;
+
+ /** @var ILogger */
+ private $logger;
+
/**
* @param AppManager $appManager
* @param ISession $session
* @param IConfig $config
+ * @param IManager $activityManager
+ * @param ILogger $logger
*/
- public function __construct(AppManager $appManager, ISession $session, IConfig $config) {
+ public function __construct(AppManager $appManager, ISession $session, IConfig $config, IManager $activityManager,
+ ILogger $logger) {
$this->appManager = $appManager;
$this->session = $session;
$this->config = $config;
+ $this->activityManager = $activityManager;
+ $this->logger = $logger;
}
/**
@@ -184,11 +198,40 @@ class Manager {
}
$this->session->remove(self::SESSION_UID_KEY);
$this->session->remove(self::REMEMBER_LOGIN);
+
+ $this->publishEvent($user, 'twofactor_success', [
+ 'provider' => $provider->getDisplayName(),
+ ]);
+ } else {
+ $this->publishEvent($user, 'twofactor_failed', [
+ 'provider' => $provider->getDisplayName(),
+ ]);
}
return $passed;
}
/**
+ * Push a 2fa event the user's activity stream
+ *
+ * @param IUser $user
+ * @param string $event
+ */
+ private function publishEvent(IUser $user, $event, array $params) {
+ $activity = $this->activityManager->generateEvent();
+ $activity->setApp('twofactor_generic')
+ ->setType('twofactor')
+ ->setAuthor($user->getUID())
+ ->setAffectedUser($user->getUID())
+ ->setSubject($event, $params);
+ try {
+ $this->activityManager->publish($activity);
+ } catch (Exception $e) {
+ $this->logger->warning('could not publish backup code creation activity', ['app' => 'twofactor_backupcodes']);
+ $this->logger->logException($e, ['app' => 'twofactor_backupcodes']);
+ }
+ }
+
+ /**
* Check if the currently logged in user needs to pass 2FA
*
* @param IUser $user the currently logged in user
diff --git a/lib/private/Server.php b/lib/private/Server.php
index 969e5a25b9b..6f4d4f066e7 100644
--- a/lib/private/Server.php
+++ b/lib/private/Server.php
@@ -312,7 +312,7 @@ class Server extends ServerContainer implements IServerContainer {
});
$this->registerService(\OC\Authentication\TwoFactorAuth\Manager::class, function (Server $c) {
- return new \OC\Authentication\TwoFactorAuth\Manager($c->getAppManager(), $c->getSession(), $c->getConfig());
+ return new \OC\Authentication\TwoFactorAuth\Manager($c->getAppManager(), $c->getSession(), $c->getConfig(), $c->getActivityManager(), $c->getLogger());
});
$this->registerService('NavigationManager', function ($c) {
diff --git a/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php b/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php
index 52f3ca28500..1ea17f5d307 100644
--- a/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php
+++ b/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php
@@ -26,8 +26,11 @@ use Exception;
use OC;
use OC\App\AppManager;
use OC\Authentication\TwoFactorAuth\Manager;
+use OCP\Activity\IEvent;
+use OCP\Activity\IManager;
use OCP\Authentication\TwoFactorAuth\IProvider;
use OCP\IConfig;
+use OCP\ILogger;
use OCP\ISession;
use OCP\IUser;
use Test\TestCase;
@@ -49,6 +52,12 @@ class ManagerTest extends TestCase {
/** @var IConfig|PHPUnit_Framework_MockObject_MockObject */
private $config;
+ /** @var IManager|PHPUnit_Framework_MockObject_MockObject */
+ private $activityManager;
+
+ /** @var ILogger|PHPUnit_Framework_MockObject_MockObject */
+ private $logger;
+
/** @var IProvider|PHPUnit_Framework_MockObject_MockObject */
private $fakeProvider;
@@ -59,14 +68,14 @@ class ManagerTest extends TestCase {
parent::setUp();
$this->user = $this->createMock(IUser::class);
- $this->appManager = $this->getMockBuilder('\OC\App\AppManager')
- ->disableOriginalConstructor()
- ->getMock();
+ $this->appManager = $this->createMock('\OC\App\AppManager');
$this->session = $this->createMock(ISession::class);
$this->config = $this->createMock(IConfig::class);
+ $this->activityManager = $this->createMock(IManager::class);
+ $this->logger = $this->createMock(ILogger::class);
$this->manager = $this->getMockBuilder('\OC\Authentication\TwoFactorAuth\Manager')
- ->setConstructorArgs([$this->appManager, $this->session, $this->config])
+ ->setConstructorArgs([$this->appManager, $this->session, $this->config, $this->activityManager, $this->logger])
->setMethods(['loadTwoFactorApp']) // Do not actually load the apps
->getMock();
@@ -228,6 +237,7 @@ class ManagerTest extends TestCase {
$this->prepareProviders();
$challenge = 'passme';
+ $event = $this->createMock(IEvent::class);
$this->fakeProvider->expects($this->once())
->method('verifyChallenge')
->with($this->user, $challenge)
@@ -242,6 +252,37 @@ class ManagerTest extends TestCase {
$this->session->expects($this->at(2))
->method('remove')
->with('two_factor_remember_login');
+ $this->activityManager->expects($this->once())
+ ->method('generateEvent')
+ ->willReturn($event);
+ $this->user->expects($this->any())
+ ->method('getUID')
+ ->willReturn('jos');
+ $event->expects($this->once())
+ ->method('setApp')
+ ->with($this->equalTo('twofactor_generic'))
+ ->willReturnSelf();
+ $event->expects($this->once())
+ ->method('setType')
+ ->with($this->equalTo('twofactor'))
+ ->willReturnSelf();
+ $event->expects($this->once())
+ ->method('setAuthor')
+ ->with($this->equalTo('jos'))
+ ->willReturnSelf();
+ $event->expects($this->once())
+ ->method('setAffectedUser')
+ ->with($this->equalTo('jos'))
+ ->willReturnSelf();
+ $this->fakeProvider->expects($this->once())
+ ->method('getDisplayName')
+ ->willReturn('Fake 2FA');
+ $event->expects($this->once())
+ ->method('setSubject')
+ ->with($this->equalTo('twofactor_success'), $this->equalTo([
+ 'provider' => 'Fake 2FA',
+ ]))
+ ->willReturnSelf();
$this->assertTrue($this->manager->verifyChallenge('email', $this->user, $challenge));
}
@@ -263,12 +304,44 @@ class ManagerTest extends TestCase {
$this->prepareProviders();
$challenge = 'dontpassme';
+ $event = $this->createMock(IEvent::class);
$this->fakeProvider->expects($this->once())
->method('verifyChallenge')
->with($this->user, $challenge)
->will($this->returnValue(false));
$this->session->expects($this->never())
->method('remove');
+ $this->activityManager->expects($this->once())
+ ->method('generateEvent')
+ ->willReturn($event);
+ $this->user->expects($this->any())
+ ->method('getUID')
+ ->willReturn('jos');
+ $event->expects($this->once())
+ ->method('setApp')
+ ->with($this->equalTo('twofactor_generic'))
+ ->willReturnSelf();
+ $event->expects($this->once())
+ ->method('setType')
+ ->with($this->equalTo('twofactor'))
+ ->willReturnSelf();
+ $event->expects($this->once())
+ ->method('setAuthor')
+ ->with($this->equalTo('jos'))
+ ->willReturnSelf();
+ $event->expects($this->once())
+ ->method('setAffectedUser')
+ ->with($this->equalTo('jos'))
+ ->willReturnSelf();
+ $this->fakeProvider->expects($this->once())
+ ->method('getDisplayName')
+ ->willReturn('Fake 2FA');
+ $event->expects($this->once())
+ ->method('setSubject')
+ ->with($this->equalTo('twofactor_failed'), $this->equalTo([
+ 'provider' => 'Fake 2FA',
+ ]))
+ ->willReturnSelf();
$this->assertFalse($this->manager->verifyChallenge('email', $this->user, $challenge));
}