summaryrefslogtreecommitdiffstats
path: root/lib/private/Authentication/TwoFactorAuth/Manager.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private/Authentication/TwoFactorAuth/Manager.php')
-rw-r--r--lib/private/Authentication/TwoFactorAuth/Manager.php163
1 files changed, 91 insertions, 72 deletions
diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php
index 933b86ffda5..0837ec339a5 100644
--- a/lib/private/Authentication/TwoFactorAuth/Manager.php
+++ b/lib/private/Authentication/TwoFactorAuth/Manager.php
@@ -1,5 +1,6 @@
<?php
-declare(strict_types=1);
+
+declare(strict_types = 1);
/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
*
@@ -28,15 +29,12 @@ namespace OC\Authentication\TwoFactorAuth;
use BadMethodCallException;
use Exception;
-use OC;
-use OC\App\AppManager;
-use OC_App;
use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Token\IProvider as TokenProvider;
use OCP\Activity\IManager;
-use OCP\AppFramework\QueryException;
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\Authentication\TwoFactorAuth\IProvider;
+use OCP\Authentication\TwoFactorAuth\IRegistry;
use OCP\IConfig;
use OCP\ILogger;
use OCP\ISession;
@@ -48,12 +46,13 @@ class Manager {
const SESSION_UID_KEY = 'two_factor_auth_uid';
const SESSION_UID_DONE = 'two_factor_auth_passed';
- const BACKUP_CODES_APP_ID = 'twofactor_backupcodes';
- const BACKUP_CODES_PROVIDER_ID = 'backup_codes';
const REMEMBER_LOGIN = 'two_factor_remember_login';
- /** @var AppManager */
- private $appManager;
+ /** @var ProviderLoader */
+ private $providerLoader;
+
+ /** @var IRegistry */
+ private $providerRegistry;
/** @var ISession */
private $session;
@@ -76,25 +75,11 @@ class Manager {
/** @var EventDispatcherInterface */
private $dispatcher;
- /**
- * @param AppManager $appManager
- * @param ISession $session
- * @param IConfig $config
- * @param IManager $activityManager
- * @param ILogger $logger
- * @param TokenProvider $tokenProvider
- * @param ITimeFactory $timeFactory
- * @param EventDispatcherInterface $eventDispatcher
- */
- public function __construct(AppManager $appManager,
- ISession $session,
- IConfig $config,
- IManager $activityManager,
- ILogger $logger,
- TokenProvider $tokenProvider,
- ITimeFactory $timeFactory,
- EventDispatcherInterface $eventDispatcher) {
- $this->appManager = $appManager;
+ public function __construct(ProviderLoader $providerLoader,
+ IRegistry $providerRegistry, ISession $session, IConfig $config,
+ IManager $activityManager, ILogger $logger, TokenProvider $tokenProvider,
+ ITimeFactory $timeFactory, EventDispatcherInterface $eventDispatcher) {
+ $this->providerLoader = $providerLoader;
$this->session = $session;
$this->config = $config;
$this->activityManager = $activityManager;
@@ -102,6 +87,7 @@ class Manager {
$this->tokenProvider = $tokenProvider;
$this->timeFactory = $timeFactory;
$this->dispatcher = $eventDispatcher;
+ $this->providerRegistry = $providerRegistry;
}
/**
@@ -112,7 +98,15 @@ class Manager {
*/
public function isTwoFactorAuthenticated(IUser $user): bool {
$twoFactorEnabled = ((int) $this->config->getUserValue($user->getUID(), 'core', 'two_factor_auth_disabled', 0)) === 0;
- return $twoFactorEnabled && \count($this->getProviders($user)) > 0;
+
+ if (!$twoFactorEnabled) {
+ return false;
+ }
+
+ $providerStates = $this->providerRegistry->getProviderStates($user);
+ $enabled = array_filter($providerStates);
+
+ return $twoFactorEnabled && !empty($enabled);
}
/**
@@ -141,71 +135,96 @@ class Manager {
* @return IProvider|null
*/
public function getProvider(IUser $user, string $challengeProviderId) {
- $providers = $this->getProviders($user, true);
+ $providers = $this->getProviderSet($user)->getProviders();
return $providers[$challengeProviderId] ?? null;
}
/**
+ * Check if the persistant mapping of enabled/disabled state of each available
+ * provider is missing an entry and add it to the registry in that case.
+ *
+ * @todo remove in Nextcloud 17 as by then all providers should have been updated
+ *
+ * @param string[] $providerStates
+ * @param IProvider[] $providers
* @param IUser $user
- * @return IProvider|null the backup provider, if enabled for the given user
+ * @return string[] the updated $providerStates variable
*/
- public function getBackupProvider(IUser $user) {
- $providers = $this->getProviders($user, true);
- if (!isset($providers[self::BACKUP_CODES_PROVIDER_ID])) {
- return null;
+ private function fixMissingProviderStates(array $providerStates,
+ array $providers, IUser $user): array {
+
+ foreach ($providers as $provider) {
+ if (isset($providerStates[$provider->getId()])) {
+ // All good
+ continue;
+ }
+
+ $enabled = $provider->isTwoFactorAuthEnabledForUser($user);
+ if ($enabled) {
+ $this->providerRegistry->enableProviderFor($provider, $user);
+ } else {
+ $this->providerRegistry->disableProviderFor($provider, $user);
+ }
+ $providerStates[$provider->getId()] = $enabled;
}
- return $providers[self::BACKUP_CODES_PROVIDER_ID];
+
+ return $providerStates;
}
/**
- * Get the list of 2FA providers for the given user
- *
- * @param IUser $user
- * @param bool $includeBackupApp
- * @return IProvider[]
- * @throws Exception
+ * @param array $states
+ * @param IProvider $providers
*/
- public function getProviders(IUser $user, bool $includeBackupApp = false): array {
- $allApps = $this->appManager->getEnabledAppsForUser($user);
- $providers = [];
+ private function isProviderMissing(array $states, array $providers): bool {
+ $indexed = [];
+ foreach ($providers as $provider) {
+ $indexed[$provider->getId()] = $provider;
+ }
- foreach ($allApps as $appId) {
- if (!$includeBackupApp && $appId === self::BACKUP_CODES_APP_ID) {
+ $missing = [];
+ foreach ($states as $providerId => $enabled) {
+ if (!$enabled) {
+ // Don't care
continue;
}
- $info = $this->appManager->getAppInfo($appId);
- if (isset($info['two-factor-providers'])) {
- /** @var string[] $providerClasses */
- $providerClasses = $info['two-factor-providers'];
- foreach ($providerClasses as $class) {
- try {
- $this->loadTwoFactorApp($appId);
- $provider = OC::$server->query($class);
- $providers[$provider->getId()] = $provider;
- } catch (QueryException $exc) {
- // Provider class can not be resolved
- throw new Exception("Could not load two-factor auth provider $class");
- }
- }
+ if (!isset($indexed[$providerId])) {
+ $missing[] = $providerId;
+ $this->logger->alert("two-factor auth provider '$providerId' failed to load",
+ [
+ 'app' => 'core',
+ ]);
}
}
- return array_filter($providers, function ($provider) use ($user) {
- /* @var $provider IProvider */
- return $provider->isTwoFactorAuthEnabledForUser($user);
- });
+ if (!empty($missing)) {
+ // There was at least one provider missing
+ $this->logger->alert(count($missing) . " two-factor auth providers failed to load", ['app' => 'core']);
+
+ return true;
+ }
+
+ // If we reach this, there was not a single provider missing
+ return false;
}
/**
- * Load an app by ID if it has not been loaded yet
+ * Get the list of 2FA providers for the given user
*
- * @param string $appId
+ * @param IUser $user
+ * @throws Exception
*/
- protected function loadTwoFactorApp(string $appId) {
- if (!OC_App::isAppLoaded($appId)) {
- OC_App::loadApp($appId);
- }
+ public function getProviderSet(IUser $user): ProviderSet {
+ $providerStates = $this->providerRegistry->getProviderStates($user);
+ $providers = $this->providerLoader->getProviders($user);
+
+ $fixedStates = $this->fixMissingProviderStates($providerStates, $providers, $user);
+ $isProviderMissing = $this->isProviderMissing($fixedStates, $providers);
+
+ $enabled = array_filter($providers, function (IProvider $provider) use ($fixedStates) {
+ return $fixedStates[$provider->getId()];
+ });
+ return new ProviderSet($enabled, $isProviderMissing);
}
/**
@@ -272,7 +291,7 @@ class Manager {
try {
$this->activityManager->publish($activity);
} catch (BadMethodCallException $e) {
- $this->logger->warning('could not publish backup code creation activity', ['app' => 'core']);
+ $this->logger->warning('could not publish activity', ['app' => 'core']);
$this->logger->logException($e, ['app' => 'core']);
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-16 08:06:42 +0000