aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Authentication/TwoFactorAuth/Manager.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private/Authentication/TwoFactorAuth/Manager.php')
-rw-r--r--lib/private/Authentication/TwoFactorAuth/Manager.php105
1 files changed, 37 insertions, 68 deletions
diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php
index 1b22300e317..1fd5bfefd63 100644
--- a/lib/private/Authentication/TwoFactorAuth/Manager.php
+++ b/lib/private/Authentication/TwoFactorAuth/Manager.php
@@ -36,68 +36,32 @@ class Manager {
public const SESSION_UID_DONE = 'two_factor_auth_passed';
public const REMEMBER_LOGIN = 'two_factor_remember_login';
public const BACKUP_CODES_PROVIDER_ID = 'backup_codes';
-
- /** @var ProviderLoader */
- private $providerLoader;
-
- /** @var IRegistry */
- private $providerRegistry;
-
- /** @var MandatoryTwoFactor */
- private $mandatoryTwoFactor;
-
- /** @var ISession */
- private $session;
-
- /** @var IConfig */
- private $config;
-
- /** @var IManager */
- private $activityManager;
-
- /** @var LoggerInterface */
- private $logger;
-
- /** @var TokenProvider */
- private $tokenProvider;
-
- /** @var ITimeFactory */
- private $timeFactory;
-
- /** @var IEventDispatcher */
- private $dispatcher;
-
+
/** @psalm-var array<string, bool> */
- private $userIsTwoFactorAuthenticated = [];
-
- public function __construct(ProviderLoader $providerLoader,
- IRegistry $providerRegistry,
- MandatoryTwoFactor $mandatoryTwoFactor,
- ISession $session,
- IConfig $config,
- IManager $activityManager,
- LoggerInterface $logger,
- TokenProvider $tokenProvider,
- ITimeFactory $timeFactory,
- IEventDispatcher $eventDispatcher) {
- $this->providerLoader = $providerLoader;
- $this->providerRegistry = $providerRegistry;
- $this->mandatoryTwoFactor = $mandatoryTwoFactor;
- $this->session = $session;
- $this->config = $config;
- $this->activityManager = $activityManager;
- $this->logger = $logger;
- $this->tokenProvider = $tokenProvider;
- $this->timeFactory = $timeFactory;
- $this->dispatcher = $eventDispatcher;
+ private array $userIsTwoFactorAuthenticated = [];
+
+ public function __construct(
+ private ProviderLoader $providerLoader,
+ private IRegistry $providerRegistry,
+ private MandatoryTwoFactor $mandatoryTwoFactor,
+ private ISession $session,
+ private IConfig $config,
+ private IManager $activityManager,
+ private LoggerInterface $logger,
+ private TokenProvider $tokenProvider,
+ private ITimeFactory $timeFactory,
+ private IEventDispatcher $dispatcher,
+ ) {
}
/**
* Determine whether the user must provide a second factor challenge
*/
public function isTwoFactorAuthenticated(IUser $user): bool {
- if (isset($this->userIsTwoFactorAuthenticated[$user->getUID()])) {
- return $this->userIsTwoFactorAuthenticated[$user->getUID()];
+ $uid = $user->getUID();
+
+ if (isset($this->userIsTwoFactorAuthenticated[$uid])) {
+ return $this->userIsTwoFactorAuthenticated[$uid];
}
if ($this->mandatoryTwoFactor->isEnforcedFor($user)) {
@@ -111,8 +75,8 @@ class Manager {
$providerIds = array_keys($enabled);
$providerIdsWithoutBackupCodes = array_diff($providerIds, [self::BACKUP_CODES_PROVIDER_ID]);
- $this->userIsTwoFactorAuthenticated[$user->getUID()] = !empty($providerIdsWithoutBackupCodes);
- return $this->userIsTwoFactorAuthenticated[$user->getUID()];
+ $this->userIsTwoFactorAuthenticated[$uid] = !empty($providerIdsWithoutBackupCodes);
+ return $this->userIsTwoFactorAuthenticated[$uid];
}
/**
@@ -148,7 +112,8 @@ class Manager {
private function fixMissingProviderStates(array $providerStates,
array $providers, IUser $user): array {
foreach ($providers as $provider) {
- if (isset($providerStates[$provider->getId()])) {
+ $pid = $provider->getId();
+ if (isset($providerStates[$pid])) {
// All good
continue;
}
@@ -159,7 +124,7 @@ class Manager {
} else {
$this->providerRegistry->disableProviderFor($provider, $user);
}
- $providerStates[$provider->getId()] = $enabled;
+ $providerStates[$pid] = $enabled;
}
return $providerStates;
@@ -276,11 +241,12 @@ class Manager {
* @param array $params
*/
private function publishEvent(IUser $user, string $event, array $params) {
+ $uid = $user->getUID();
$activity = $this->activityManager->generateEvent();
$activity->setApp('core')
->setType('security')
- ->setAuthor($user->getUID())
- ->setAffectedUser($user->getUID())
+ ->setAuthor($uid)
+ ->setAffectedUser($uid)
->setSubject($event, $params);
try {
$this->activityManager->publish($activity);
@@ -307,9 +273,10 @@ class Manager {
// First check if the session tells us we should do 2FA (99% case)
if (!$this->session->exists(self::SESSION_UID_KEY)) {
+ $uid = $user->getUID();
// Check if the session tells us it is 2FA authenticated already
if ($this->session->exists(self::SESSION_UID_DONE) &&
- $this->session->get(self::SESSION_UID_DONE) === $user->getUID()) {
+ $this->session->get(self::SESSION_UID_DONE) === $uid) {
return false;
}
@@ -321,10 +288,10 @@ class Manager {
$sessionId = $this->session->getId();
$token = $this->tokenProvider->getToken($sessionId);
$tokenId = $token->getId();
- $tokensNeeding2FA = $this->config->getUserKeys($user->getUID(), 'login_token_2fa');
+ $tokensNeeding2FA = $this->config->getUserKeys($uid, 'login_token_2fa');
if (!\in_array((string)$tokenId, $tokensNeeding2FA, true)) {
- $this->session->set(self::SESSION_UID_DONE, $user->getUID());
+ $this->session->set(self::SESSION_UID_DONE, $uid);
return false;
}
} catch (InvalidTokenException|SessionNotAvailableException $e) {
@@ -338,9 +305,10 @@ class Manager {
// disabled the same time
$this->session->remove(self::SESSION_UID_KEY);
- $keys = $this->config->getUserKeys($user->getUID(), 'login_token_2fa');
+ $uid = $user->getUID();
+ $keys = $this->config->getUserKeys($uid, 'login_token_2fa');
foreach ($keys as $key) {
- $this->config->deleteUserValue($user->getUID(), 'login_token_2fa', $key);
+ $this->config->deleteUserValue($uid, 'login_token_2fa', $key);
}
return false;
}
@@ -355,12 +323,13 @@ class Manager {
* @param boolean $rememberMe
*/
public function prepareTwoFactorLogin(IUser $user, bool $rememberMe) {
- $this->session->set(self::SESSION_UID_KEY, $user->getUID());
+ $uid = $user->getUID();
+ $this->session->set(self::SESSION_UID_KEY, $uid);
$this->session->set(self::REMEMBER_LOGIN, $rememberMe);
$id = $this->session->getId();
$token = $this->tokenProvider->getToken($id);
- $this->config->setUserValue($user->getUID(), 'login_token_2fa', (string)$token->getId(), (string)$this->timeFactory->getTime());
+ $this->config->setUserValue($uid, 'login_token_2fa', (string)$token->getId(), (string)$this->timeFactory->getTime());
}
public function clearTwoFactorPending(string $userId) {