aboutsummaryrefslogtreecommitdiffstats
path: root/core/Controller/TwoFactorChallengeController.php
diff options
context:
space:
mode:
Diffstat (limited to 'core/Controller/TwoFactorChallengeController.php')
-rw-r--r--core/Controller/TwoFactorChallengeController.php38
1 files changed, 20 insertions, 18 deletions
diff --git a/core/Controller/TwoFactorChallengeController.php b/core/Controller/TwoFactorChallengeController.php
index ee84cbd2aa9..4791139bb12 100644
--- a/core/Controller/TwoFactorChallengeController.php
+++ b/core/Controller/TwoFactorChallengeController.php
@@ -11,6 +11,8 @@ use OC\Authentication\TwoFactorAuth\Manager;
use OC_User;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\Attribute\FrontpageRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
use OCP\AppFramework\Http\Attribute\UseSession;
use OCP\AppFramework\Http\RedirectResponse;
@@ -23,6 +25,7 @@ use OCP\IRequest;
use OCP\ISession;
use OCP\IURLGenerator;
use OCP\IUserSession;
+use OCP\Util;
use Psr\Log\LoggerInterface;
#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
@@ -64,13 +67,13 @@ class TwoFactorChallengeController extends Controller {
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
* @TwoFactorSetUpDoneRequired
*
* @param string $redirect_url
* @return StandaloneTemplateResponse
*/
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'GET', url: '/login/selectchallenge')]
public function selectChallenge($redirect_url) {
$user = $this->userSession->getUser();
@@ -87,18 +90,19 @@ class TwoFactorChallengeController extends Controller {
'logout_url' => $this->getLogoutUrl(),
'hasSetupProviders' => !empty($setupProviders),
];
+ Util::addScript('core', 'twofactor-request-token');
return new StandaloneTemplateResponse($this->appName, 'twofactorselectchallenge', $data, 'guest');
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
* @TwoFactorSetUpDoneRequired
*
* @param string $challengeProviderId
* @param string $redirect_url
* @return StandaloneTemplateResponse|RedirectResponse
*/
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
#[UseSession]
#[FrontpageRoute(verb: 'GET', url: '/login/challenge/{challengeProviderId}')]
public function showChallenge($challengeProviderId, $redirect_url) {
@@ -121,7 +125,7 @@ class TwoFactorChallengeController extends Controller {
if ($this->session->exists('two_factor_auth_error')) {
$this->session->remove('two_factor_auth_error');
$error = true;
- $errorMessage = $this->session->get("two_factor_auth_error_message");
+ $errorMessage = $this->session->get('two_factor_auth_error_message');
$this->session->remove('two_factor_auth_error_message');
}
$tmpl = $provider->getTemplate($user);
@@ -139,12 +143,11 @@ class TwoFactorChallengeController extends Controller {
if ($provider instanceof IProvidesCustomCSP) {
$response->setContentSecurityPolicy($provider->getCSP());
}
+ Util::addScript('core', 'twofactor-request-token');
return $response;
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
* @TwoFactorSetUpDoneRequired
*
* @UserRateThrottle(limit=5, period=100)
@@ -154,6 +157,8 @@ class TwoFactorChallengeController extends Controller {
* @param string $redirect_url
* @return RedirectResponse
*/
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
#[UseSession]
#[FrontpageRoute(verb: 'POST', url: '/login/challenge/{challengeProviderId}')]
public function solveChallenge($challengeProviderId, $challenge, $redirect_url = null) {
@@ -189,10 +194,8 @@ class TwoFactorChallengeController extends Controller {
]));
}
- /**
- * @NoAdminRequired
- * @NoCSRFRequired
- */
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'GET', url: 'login/setupchallenge')]
public function setupProviders(?string $redirect_url = null): StandaloneTemplateResponse {
$user = $this->userSession->getUser();
@@ -204,13 +207,12 @@ class TwoFactorChallengeController extends Controller {
'redirect_url' => $redirect_url,
];
+ Util::addScript('core', 'twofactor-request-token');
return new StandaloneTemplateResponse($this->appName, 'twofactorsetupselection', $data, 'guest');
}
- /**
- * @NoAdminRequired
- * @NoCSRFRequired
- */
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'GET', url: 'login/setupchallenge/{providerId}')]
public function setupProvider(string $providerId, ?string $redirect_url = null) {
$user = $this->userSession->getUser();
@@ -237,15 +239,15 @@ class TwoFactorChallengeController extends Controller {
'template' => $tmpl->fetchPage(),
];
$response = new StandaloneTemplateResponse($this->appName, 'twofactorsetupchallenge', $data, 'guest');
+ Util::addScript('core', 'twofactor-request-token');
return $response;
}
/**
- * @NoAdminRequired
- * @NoCSRFRequired
- *
* @todo handle the extreme edge case of an invalid provider ID and redirect to the provider selection page
*/
+ #[NoAdminRequired]
+ #[NoCSRFRequired]
#[FrontpageRoute(verb: 'POST', url: 'login/setupchallenge/{providerId}')]
public function confirmProviderSetup(string $providerId, ?string $redirect_url = null) {
return new RedirectResponse($this->urlGenerator->linkToRoute(
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-16 04:27:55 +0000