1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
<?php
declare(strict_types=1);
/**
* SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OCA\Settings\Settings\Personal\Security;
use Exception;
use OC\Authentication\TwoFactorAuth\MandatoryTwoFactor;
use OC\Authentication\TwoFactorAuth\ProviderLoader;
use OCA\TwoFactorBackupCodes\Provider\BackupCodesProvider;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\Authentication\TwoFactorAuth\IProvider;
use OCP\Authentication\TwoFactorAuth\IProvidesPersonalSettings;
use OCP\IConfig;
use OCP\IUserSession;
use OCP\Settings\ISettings;
use function array_filter;
use function array_map;
use function is_null;
class TwoFactor implements ISettings {
/** @var ProviderLoader */
private $providerLoader;
/** @var MandatoryTwoFactor */
private $mandatoryTwoFactor;
public function __construct(
ProviderLoader $providerLoader,
MandatoryTwoFactor $mandatoryTwoFactor,
private IUserSession $userSession,
private IConfig $config,
private ?string $userId,
) {
$this->providerLoader = $providerLoader;
$this->mandatoryTwoFactor = $mandatoryTwoFactor;
}
public function getForm(): TemplateResponse {
return new TemplateResponse('settings', 'settings/personal/security/twofactor', [
'twoFactorProviderData' => $this->getTwoFactorProviderData(),
]);
}
public function getSection(): ?string {
if (!$this->shouldShow()) {
return null;
}
return 'security';
}
public function getPriority(): int {
return 15;
}
private function shouldShow(): bool {
$user = $this->userSession->getUser();
if (is_null($user)) {
// Actually impossible, but still …
return false;
}
// Anyone who's supposed to use 2FA should see 2FA settings
if ($this->mandatoryTwoFactor->isEnforcedFor($user)) {
return true;
}
// If there is at least one provider with personal settings but it's not
// the backup codes provider, then these settings should show.
try {
$providers = $this->providerLoader->getProviders($user);
} catch (Exception $e) {
// Let's hope for the best
return true;
}
foreach ($providers as $provider) {
if ($provider instanceof IProvidesPersonalSettings
&& !($provider instanceof BackupCodesProvider)) {
return true;
}
}
return false;
}
private function getTwoFactorProviderData(): array {
$user = $this->userSession->getUser();
if (is_null($user)) {
// Actually impossible, but still …
return [];
}
return [
'providers' => array_map(function (IProvidesPersonalSettings $provider) use ($user) {
return [
'provider' => $provider,
'settings' => $provider->getPersonalSettings($user)
];
}, array_filter($this->providerLoader->getProviders($user), function (IProvider $provider) {
return $provider instanceof IProvidesPersonalSettings;
}))
];
}
}
|
