1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
<?php
declare(strict_types=1);
/**
* SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OC\Core\Controller;
use OC\Authentication\TwoFactorAuth\ProviderManager;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\ApiRoute;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCSController;
use OCP\Authentication\TwoFactorAuth\IRegistry;
use OCP\IRequest;
use OCP\IUserManager;
class TwoFactorApiController extends OCSController {
public function __construct(
string $appName,
IRequest $request,
private ProviderManager $tfManager,
private IRegistry $tfRegistry,
private IUserManager $userManager,
) {
parent::__construct($appName, $request);
}
/**
* Get two factor authentication provider states
*
* @param string $user system user id
*
* @return DataResponse<Http::STATUS_OK, array<string, bool>, array{}>|DataResponse<Http::STATUS_NOT_FOUND, null, array{}>
*
* 200: provider states
* 404: user not found
*/
#[ApiRoute(verb: 'GET', url: '/state', root: '/twofactor')]
public function state(string $user): DataResponse {
$userObject = $this->userManager->get($user);
if ($userObject !== null) {
$state = $this->tfRegistry->getProviderStates($userObject);
return new DataResponse($state);
}
return new DataResponse(null, Http::STATUS_NOT_FOUND);
}
/**
* Enable two factor authentication providers for specific user
*
* @param string $user system user identifier
* @param list<string> $providers collection of TFA provider ids
*
* @return DataResponse<Http::STATUS_OK, array<string, bool>, array{}>|DataResponse<Http::STATUS_NOT_FOUND, null, array{}>
*
* 200: provider states
* 404: user not found
*/
#[ApiRoute(verb: 'POST', url: '/enable', root: '/twofactor')]
public function enable(string $user, array $providers = []): DataResponse {
$userObject = $this->userManager->get($user);
if ($userObject !== null) {
foreach ($providers as $providerId) {
$this->tfManager->tryEnableProviderFor($providerId, $userObject);
}
$state = $this->tfRegistry->getProviderStates($userObject);
return new DataResponse($state);
}
return new DataResponse(null, Http::STATUS_NOT_FOUND);
}
/**
* Disable two factor authentication providers for specific user
*
* @param string $user system user identifier
* @param list<string> $providers collection of TFA provider ids
*
* @return DataResponse<Http::STATUS_OK, array<string, bool>, array{}>|DataResponse<Http::STATUS_NOT_FOUND, null, array{}>
*
* 200: provider states
* 404: user not found
*/
#[ApiRoute(verb: 'POST', url: '/disable', root: '/twofactor')]
public function disable(string $user, array $providers = []): DataResponse {
$userObject = $this->userManager->get($user);
if ($userObject !== null) {
foreach ($providers as $providerId) {
$this->tfManager->tryDisableProviderFor($providerId, $userObject);
}
$state = $this->tfRegistry->getProviderStates($userObject);
return new DataResponse($state);
}
return new DataResponse(null, Http::STATUS_NOT_FOUND);
}
}
|
