aboutsummaryrefslogtreecommitdiffstats
path: root/core/Controller/TwoFactorChallengeController.php
diff options
context:
space:
mode:
Diffstat (limited to 'core/Controller/TwoFactorChallengeController.php')
-rw-r--r--core/Controller/TwoFactorChallengeController.php81
1 files changed, 37 insertions, 44 deletions
diff --git a/core/Controller/TwoFactorChallengeController.php b/core/Controller/TwoFactorChallengeController.php
index bc25121034b..4791139bb12 100644
--- a/core/Controller/TwoFactorChallengeController.php
+++ b/core/Controller/TwoFactorChallengeController.php
@@ -1,34 +1,18 @@
<?php
+
/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Cornelius Kölbel <cornelius.koelbel@netknights.it>
- * @author Joas Schilling <coding@schilljs.com>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- * @author Kate Döen <kate.doeen@nextcloud.com>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
+ * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
+ * SPDX-License-Identifier: AGPL-3.0-only
*/
namespace OC\Core\Controller;
use OC\Authentication\TwoFactorAuth\Manager;
use OC_User;
use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
use OCP\AppFramework\Http\Attribute\UseSession;
use OCP\AppFramework\Http\RedirectResponse;
@@ -41,6 +25,7 @@ use OCP\IRequest;
use OCP\ISession;
use OCP\IURLGenerator;
use OCP\IUserSession;
+use OCP\Util;
use Psr\Log\LoggerInterface;
#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
@@ -82,13 +67,14 @@ class TwoFactorChallengeController extends Controller {
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
* @TwoFactorSetUpDoneRequired
*
* @param string $redirect_url
* @return StandaloneTemplateResponse
*/
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
+ #[FrontpageRoute(verb: 'GET', url: '/login/selectchallenge')]
public function selectChallenge($redirect_url) {
$user = $this->userSession->getUser();
$providerSet = $this->twoFactorManager->getProviderSet($user);
@@ -104,19 +90,21 @@ class TwoFactorChallengeController extends Controller {
'logout_url' => $this->getLogoutUrl(),
'hasSetupProviders' => !empty($setupProviders),
];
+ Util::addScript('core', 'twofactor-request-token');
return new StandaloneTemplateResponse($this->appName, 'twofactorselectchallenge', $data, 'guest');
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
* @TwoFactorSetUpDoneRequired
*
* @param string $challengeProviderId
* @param string $redirect_url
* @return StandaloneTemplateResponse|RedirectResponse
*/
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
#[UseSession]
+ #[FrontpageRoute(verb: 'GET', url: '/login/challenge/{challengeProviderId}')]
public function showChallenge($challengeProviderId, $redirect_url) {
$user = $this->userSession->getUser();
$providerSet = $this->twoFactorManager->getProviderSet($user);
@@ -137,7 +125,7 @@ class TwoFactorChallengeController extends Controller {
if ($this->session->exists('two_factor_auth_error')) {
$this->session->remove('two_factor_auth_error');
$error = true;
- $errorMessage = $this->session->get("two_factor_auth_error_message");
+ $errorMessage = $this->session->get('two_factor_auth_error_message');
$this->session->remove('two_factor_auth_error_message');
}
$tmpl = $provider->getTemplate($user);
@@ -155,12 +143,11 @@ class TwoFactorChallengeController extends Controller {
if ($provider instanceof IProvidesCustomCSP) {
$response->setContentSecurityPolicy($provider->getCSP());
}
+ Util::addScript('core', 'twofactor-request-token');
return $response;
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
* @TwoFactorSetUpDoneRequired
*
* @UserRateThrottle(limit=5, period=100)
@@ -170,7 +157,10 @@ class TwoFactorChallengeController extends Controller {
* @param string $redirect_url
* @return RedirectResponse
*/
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
#[UseSession]
+ #[FrontpageRoute(verb: 'POST', url: '/login/challenge/{challengeProviderId}')]
public function solveChallenge($challengeProviderId, $challenge, $redirect_url = null) {
$user = $this->userSession->getUser();
$provider = $this->twoFactorManager->getProvider($user, $challengeProviderId);
@@ -204,27 +194,27 @@ class TwoFactorChallengeController extends Controller {
]));
}
- /**
- * @NoAdminRequired
- * @NoCSRFRequired
- */
- public function setupProviders(): StandaloneTemplateResponse {
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
+ #[FrontpageRoute(verb: 'GET', url: 'login/setupchallenge')]
+ public function setupProviders(?string $redirect_url = null): StandaloneTemplateResponse {
$user = $this->userSession->getUser();
$setupProviders = $this->twoFactorManager->getLoginSetupProviders($user);
$data = [
'providers' => $setupProviders,
'logout_url' => $this->getLogoutUrl(),
+ 'redirect_url' => $redirect_url,
];
+ Util::addScript('core', 'twofactor-request-token');
return new StandaloneTemplateResponse($this->appName, 'twofactorsetupselection', $data, 'guest');
}
- /**
- * @NoAdminRequired
- * @NoCSRFRequired
- */
- public function setupProvider(string $providerId) {
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
+ #[FrontpageRoute(verb: 'GET', url: 'login/setupchallenge/{providerId}')]
+ public function setupProvider(string $providerId, ?string $redirect_url = null) {
$user = $this->userSession->getUser();
$providers = $this->twoFactorManager->getLoginSetupProviders($user);
@@ -245,23 +235,26 @@ class TwoFactorChallengeController extends Controller {
$data = [
'provider' => $provider,
'logout_url' => $this->getLogoutUrl(),
+ 'redirect_url' => $redirect_url,
'template' => $tmpl->fetchPage(),
];
$response = new StandaloneTemplateResponse($this->appName, 'twofactorsetupchallenge', $data, 'guest');
+ Util::addScript('core', 'twofactor-request-token');
return $response;
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
- *
* @todo handle the extreme edge case of an invalid provider ID and redirect to the provider selection page
*/
- public function confirmProviderSetup(string $providerId) {
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
+ #[FrontpageRoute(verb: 'POST', url: 'login/setupchallenge/{providerId}')]
+ public function confirmProviderSetup(string $providerId, ?string $redirect_url = null) {
return new RedirectResponse($this->urlGenerator->linkToRoute(
'core.TwoFactorChallenge.showChallenge',
[
'challengeProviderId' => $providerId,
+ 'redirect_url' => $redirect_url,
]
));
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-14 21:06:18 +0000