aboutsummaryrefslogtreecommitdiffstats
path: root/core/Controller/TwoFactorChallengeController.php
diff options
context:
space:
mode:
Diffstat (limited to 'core/Controller/TwoFactorChallengeController.php')
-rw-r--r--core/Controller/TwoFactorChallengeController.php133
1 files changed, 53 insertions, 80 deletions
diff --git a/core/Controller/TwoFactorChallengeController.php b/core/Controller/TwoFactorChallengeController.php
index 8f82346c050..4791139bb12 100644
--- a/core/Controller/TwoFactorChallengeController.php
+++ b/core/Controller/TwoFactorChallengeController.php
@@ -1,79 +1,45 @@
<?php
+
/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Cornelius Kölbel <cornelius.koelbel@netknights.it>
- * @author Joas Schilling <coding@schilljs.com>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
+ * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
+ * SPDX-License-Identifier: AGPL-3.0-only
*/
namespace OC\Core\Controller;
use OC\Authentication\TwoFactorAuth\Manager;
use OC_User;
use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
+use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\UseSession;
use OCP\AppFramework\Http\RedirectResponse;
use OCP\AppFramework\Http\StandaloneTemplateResponse;
use OCP\Authentication\TwoFactorAuth\IActivatableAtLogin;
use OCP\Authentication\TwoFactorAuth\IProvider;
use OCP\Authentication\TwoFactorAuth\IProvidesCustomCSP;
use OCP\Authentication\TwoFactorAuth\TwoFactorException;
-use OCP\ILogger;
use OCP\IRequest;
use OCP\ISession;
use OCP\IURLGenerator;
use OCP\IUserSession;
+use OCP\Util;
+use Psr\Log\LoggerInterface;
+#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
class TwoFactorChallengeController extends Controller {
-
- /** @var Manager */
- private $twoFactorManager;
-
- /** @var IUserSession */
- private $userSession;
-
- /** @var ISession */
- private $session;
-
- /** @var ILogger */
- private $logger;
-
- /** @var IURLGenerator */
- private $urlGenerator;
-
- /**
- * @param string $appName
- * @param IRequest $request
- * @param Manager $twoFactorManager
- * @param IUserSession $userSession
- * @param ISession $session
- * @param IURLGenerator $urlGenerator
- * @param ILogger $logger
- */
- public function __construct($appName, IRequest $request, Manager $twoFactorManager, IUserSession $userSession,
- ISession $session, IURLGenerator $urlGenerator, ILogger $logger) {
+ public function __construct(
+ string $appName,
+ IRequest $request,
+ private Manager $twoFactorManager,
+ private IUserSession $userSession,
+ private ISession $session,
+ private IURLGenerator $urlGenerator,
+ private LoggerInterface $logger,
+ ) {
parent::__construct($appName, $request);
- $this->twoFactorManager = $twoFactorManager;
- $this->userSession = $userSession;
- $this->session = $session;
- $this->urlGenerator = $urlGenerator;
- $this->logger = $logger;
}
/**
@@ -101,13 +67,14 @@ class TwoFactorChallengeController extends Controller {
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
* @TwoFactorSetUpDoneRequired
*
* @param string $redirect_url
* @return StandaloneTemplateResponse
*/
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
+ #[FrontpageRoute(verb: 'GET', url: '/login/selectchallenge')]
public function selectChallenge($redirect_url) {
$user = $this->userSession->getUser();
$providerSet = $this->twoFactorManager->getProviderSet($user);
@@ -123,19 +90,21 @@ class TwoFactorChallengeController extends Controller {
'logout_url' => $this->getLogoutUrl(),
'hasSetupProviders' => !empty($setupProviders),
];
+ Util::addScript('core', 'twofactor-request-token');
return new StandaloneTemplateResponse($this->appName, 'twofactorselectchallenge', $data, 'guest');
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
- * @UseSession
* @TwoFactorSetUpDoneRequired
*
* @param string $challengeProviderId
* @param string $redirect_url
* @return StandaloneTemplateResponse|RedirectResponse
*/
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
+ #[UseSession]
+ #[FrontpageRoute(verb: 'GET', url: '/login/challenge/{challengeProviderId}')]
public function showChallenge($challengeProviderId, $redirect_url) {
$user = $this->userSession->getUser();
$providerSet = $this->twoFactorManager->getProviderSet($user);
@@ -156,7 +125,7 @@ class TwoFactorChallengeController extends Controller {
if ($this->session->exists('two_factor_auth_error')) {
$this->session->remove('two_factor_auth_error');
$error = true;
- $errorMessage = $this->session->get("two_factor_auth_error_message");
+ $errorMessage = $this->session->get('two_factor_auth_error_message');
$this->session->remove('two_factor_auth_error_message');
}
$tmpl = $provider->getTemplate($user);
@@ -174,13 +143,11 @@ class TwoFactorChallengeController extends Controller {
if ($provider instanceof IProvidesCustomCSP) {
$response->setContentSecurityPolicy($provider->getCSP());
}
+ Util::addScript('core', 'twofactor-request-token');
return $response;
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
- * @UseSession
* @TwoFactorSetUpDoneRequired
*
* @UserRateThrottle(limit=5, period=100)
@@ -190,6 +157,10 @@ class TwoFactorChallengeController extends Controller {
* @param string $redirect_url
* @return RedirectResponse
*/
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
+ #[UseSession]
+ #[FrontpageRoute(verb: 'POST', url: '/login/challenge/{challengeProviderId}')]
public function solveChallenge($challengeProviderId, $challenge, $redirect_url = null) {
$user = $this->userSession->getUser();
$provider = $this->twoFactorManager->getProvider($user, $challengeProviderId);
@@ -223,28 +194,27 @@ class TwoFactorChallengeController extends Controller {
]));
}
- /**
- * @NoAdminRequired
- * @NoCSRFRequired
- */
- public function setupProviders() {
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
+ #[FrontpageRoute(verb: 'GET', url: 'login/setupchallenge')]
+ public function setupProviders(?string $redirect_url = null): StandaloneTemplateResponse {
$user = $this->userSession->getUser();
$setupProviders = $this->twoFactorManager->getLoginSetupProviders($user);
$data = [
'providers' => $setupProviders,
'logout_url' => $this->getLogoutUrl(),
+ 'redirect_url' => $redirect_url,
];
- $response = new StandaloneTemplateResponse($this->appName, 'twofactorsetupselection', $data, 'guest');
- return $response;
+ Util::addScript('core', 'twofactor-request-token');
+ return new StandaloneTemplateResponse($this->appName, 'twofactorsetupselection', $data, 'guest');
}
- /**
- * @NoAdminRequired
- * @NoCSRFRequired
- */
- public function setupProvider(string $providerId) {
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
+ #[FrontpageRoute(verb: 'GET', url: 'login/setupchallenge/{providerId}')]
+ public function setupProvider(string $providerId, ?string $redirect_url = null) {
$user = $this->userSession->getUser();
$providers = $this->twoFactorManager->getLoginSetupProviders($user);
@@ -265,23 +235,26 @@ class TwoFactorChallengeController extends Controller {
$data = [
'provider' => $provider,
'logout_url' => $this->getLogoutUrl(),
+ 'redirect_url' => $redirect_url,
'template' => $tmpl->fetchPage(),
];
$response = new StandaloneTemplateResponse($this->appName, 'twofactorsetupchallenge', $data, 'guest');
+ Util::addScript('core', 'twofactor-request-token');
return $response;
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
- *
* @todo handle the extreme edge case of an invalid provider ID and redirect to the provider selection page
*/
- public function confirmProviderSetup(string $providerId) {
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
+ #[FrontpageRoute(verb: 'POST', url: 'login/setupchallenge/{providerId}')]
+ public function confirmProviderSetup(string $providerId, ?string $redirect_url = null) {
return new RedirectResponse($this->urlGenerator->linkToRoute(
'core.TwoFactorChallenge.showChallenge',
[
'challengeProviderId' => $providerId,
+ 'redirect_url' => $redirect_url,
]
));
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-14 15:01:32 +0000