From b2ca1d65532a49d13d1727ea837ac13e4f8bfcd6 Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Wed, 17 Jan 2018 14:51:03 +0100 Subject: Make admin_audit listen to 2fa events Signed-off-by: Roeland Jago Douma --- apps/admin_audit/lib/Actions/Security.php | 75 ++++++++++++++++++++++++++++ apps/admin_audit/lib/AppInfo/Application.php | 16 ++++++ 2 files changed, 91 insertions(+) create mode 100644 apps/admin_audit/lib/Actions/Security.php (limited to 'apps/admin_audit') diff --git a/apps/admin_audit/lib/Actions/Security.php b/apps/admin_audit/lib/Actions/Security.php new file mode 100644 index 00000000000..4e631aedddd --- /dev/null +++ b/apps/admin_audit/lib/Actions/Security.php @@ -0,0 +1,75 @@ + + * + * @author Roeland Jago Douma + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\AdminAudit\Actions; +use OCP\IUser; + +/** + * Class Sharing logs the sharing actions + * + * @package OCA\AdminAudit\Actions + */ +class Security extends Action { + /** + * Log twofactor auth enabled + * + * @param IUser $user + * @param array $params + */ + public function twofactorFailed(IUser $user, array $params) { + $params['uid'] = $user->getUID(); + $params['displayName'] = $user->getDisplayName(); + + $this->log( + 'Failed two factor attempt by user %s (%s) with provider %s', + $params, + [ + 'displayname', + 'uid', + 'provider', + ] + ); + } + + /** + * Logs unsharing of data + * + * @param IUser $user + * @param array $params + */ + public function twofactorSuccess(IUser $user, array $params) { + $params['uid'] = $user->getUID(); + $params['displayName'] = $user->getDisplayName(); + + $this->log( + 'Successful two factor attempt by user %s (%s) with provider %s', + $params, + [ + 'displayname', + 'uid', + 'provider', + ] + ); + } +} diff --git a/apps/admin_audit/lib/AppInfo/Application.php b/apps/admin_audit/lib/AppInfo/Application.php index d3ae4ad26c1..470352f895e 100644 --- a/apps/admin_audit/lib/AppInfo/Application.php +++ b/apps/admin_audit/lib/AppInfo/Application.php @@ -33,12 +33,14 @@ use OCA\AdminAudit\Actions\Auth; use OCA\AdminAudit\Actions\Console; use OCA\AdminAudit\Actions\Files; use OCA\AdminAudit\Actions\GroupManagement; +use OCA\AdminAudit\Actions\Security; use OCA\AdminAudit\Actions\Sharing; use OCA\AdminAudit\Actions\Trashbin; use OCA\AdminAudit\Actions\UserManagement; use OCA\AdminAudit\Actions\Versions; use OCP\App\ManagerEvent; use OCP\AppFramework\App; +use OCP\Authentication\TwoFactorAuth\IProvider; use OCP\Console\ConsoleEvent; use OCP\IGroupManager; use OCP\ILogger; @@ -75,6 +77,8 @@ class Application extends App { $this->fileHooks($logger); $this->trashbinHooks($logger); $this->versionsHooks($logger); + + $this->securityHooks($logger); } protected function userManagementHooks(ILogger $logger) { @@ -218,4 +222,16 @@ class Application extends App { Util::connectHook('\OCP\Trashbin', 'preDelete', $trashActions, 'delete'); Util::connectHook('\OCA\Files_Trashbin\Trashbin', 'post_restore', $trashActions, 'restore'); } + + protected function securityHooks(ILogger $logger) { + $eventDispatcher = $this->getContainer()->getServer()->getEventDispatcher(); + $eventDispatcher->addListener(IProvider::EVENT_SUCCESS, function(GenericEvent $event) use ($logger) { + $security = new Security($logger); + $security->twofactorSuccess($event->getSubject(), $event->getArguments()); + }); + $eventDispatcher->addListener(IProvider::EVENT_FAILED, function(GenericEvent $event) use ($logger) { + $security = new Security($logger); + $security->twofactorFailed($event->getSubject(), $event->getArguments()); + }); + } } -- cgit v1.2.3