nextcloud / server

core/routes.php

Indentation +78 added lines, -78 removed lines

@@ -36,86 +36,86 @@ 
 
 $application = new Application();
 $application->registerRoutes($this, [
-	'routes' => [
-		['name' => 'lost#email', 'url' => '/lostpassword/email', 'verb' => 'POST'],
-		['name' => 'lost#resetform', 'url' => '/lostpassword/reset/form/{token}/{userId}', 'verb' => 'GET'],
-		['name' => 'lost#setPassword', 'url' => '/lostpassword/set/{token}/{userId}', 'verb' => 'POST'],
-		['name' => 'user#getDisplayNames', 'url' => '/displaynames', 'verb' => 'POST'],
-		['name' => 'avatar#getAvatar', 'url' => '/avatar/{userId}/{size}', 'verb' => 'GET'],
-		['name' => 'avatar#deleteAvatar', 'url' => '/avatar/', 'verb' => 'DELETE'],
-		['name' => 'avatar#postCroppedAvatar', 'url' => '/avatar/cropped', 'verb' => 'POST'],
-		['name' => 'avatar#getTmpAvatar', 'url' => '/avatar/tmp', 'verb' => 'GET'],
-		['name' => 'avatar#postAvatar', 'url' => '/avatar/', 'verb' => 'POST'],
-		['name' => 'GuestAvatar#getAvatar', 'url' => '/avatar/guest/{guestName}/{size}', 'verb' => 'GET'],
-		['name' => 'CSRFToken#index', 'url' => '/csrftoken', 'verb' => 'GET'],
-		['name' => 'login#tryLogin', 'url' => '/login', 'verb' => 'POST'],
-		['name' => 'login#confirmPassword', 'url' => '/login/confirm', 'verb' => 'POST'],
-		['name' => 'login#showLoginForm', 'url' => '/login', 'verb' => 'GET'],
-		['name' => 'login#logout', 'url' => '/logout', 'verb' => 'GET'],
-		// Original login flow used by all clients
-		['name' => 'ClientFlowLogin#showAuthPickerPage', 'url' => '/login/flow', 'verb' => 'GET'],
-		['name' => 'ClientFlowLogin#generateAppPassword', 'url' => '/login/flow', 'verb' => 'POST'],
-		['name' => 'ClientFlowLogin#grantPage', 'url' => '/login/flow/grant', 'verb' => 'GET'],
-		['name' => 'ClientFlowLogin#apptokenRedirect', 'url' => '/login/flow/apptoken', 'verb' => 'POST'],
-		// NG login flow used by desktop client in case of Kerberos/fancy 2fa (smart cards for example)
-		['name' => 'ClientFlowLoginV2#poll', 'url' => '/login/v2/poll', 'verb' => 'POST'],
-		['name' => 'ClientFlowLoginV2#showAuthPickerPage', 'url' => '/login/v2/flow', 'verb' => 'GET'],
-		['name' => 'ClientFlowLoginV2#landing', 'url' => '/login/v2/flow/{token}', 'verb' => 'GET'],
-		['name' => 'ClientFlowLoginV2#grantPage', 'url' => '/login/v2/grant', 'verb' => 'GET'],
-		['name' => 'ClientFlowLoginV2#generateAppPassword', 'url' => '/login/v2/grant', 'verb' => 'POST'],
-		['name' => 'ClientFlowLoginV2#init', 'url' => '/login/v2', 'verb' => 'POST'],
-		['name' => 'TwoFactorChallenge#selectChallenge', 'url' => '/login/selectchallenge', 'verb' => 'GET'],
-		['name' => 'TwoFactorChallenge#showChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'GET'],
-		['name' => 'TwoFactorChallenge#solveChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'POST'],
-		['name' => 'TwoFactorChallenge#setupProviders', 'url' => 'login/setupchallenge', 'verb' => 'GET'],
-		['name' => 'TwoFactorChallenge#setupProvider', 'url' => 'login/setupchallenge/{providerId}', 'verb' => 'GET'],
-		['name' => 'TwoFactorChallenge#confirmProviderSetup', 'url' => 'login/setupchallenge/{providerId}', 'verb' => 'POST'],
-		['name' => 'OCJS#getConfig', 'url' => '/core/js/oc.js', 'verb' => 'GET'],
-		['name' => 'Preview#getPreviewByFileId', 'url' => '/core/preview', 'verb' => 'GET'],
-		['name' => 'Preview#getPreview', 'url' => '/core/preview.png', 'verb' => 'GET'],
-		['name' => 'Svg#getSvgFromCore', 'url' => '/svg/core/{folder}/{fileName}', 'verb' => 'GET'],
-		['name' => 'Svg#getSvgFromApp', 'url' => '/svg/{app}/{fileName}', 'verb' => 'GET'],
-		['name' => 'Css#getCss', 'url' => '/css/{appName}/{fileName}', 'verb' => 'GET'],
-		['name' => 'Js#getJs', 'url' => '/js/{appName}/{fileName}', 'verb' => 'GET'],
-		['name' => 'contactsMenu#index', 'url' => '/contactsmenu/contacts', 'verb' => 'POST'],
-		['name' => 'contactsMenu#findOne', 'url' => '/contactsmenu/findOne', 'verb' => 'POST'],
-		['name' => 'WalledGarden#get', 'url' => '/204', 'verb' => 'GET'],
-		['name' => 'Search#search', 'url' => '/core/search', 'verb' => 'GET'],
+    'routes' => [
+        ['name' => 'lost#email', 'url' => '/lostpassword/email', 'verb' => 'POST'],
+        ['name' => 'lost#resetform', 'url' => '/lostpassword/reset/form/{token}/{userId}', 'verb' => 'GET'],
+        ['name' => 'lost#setPassword', 'url' => '/lostpassword/set/{token}/{userId}', 'verb' => 'POST'],
+        ['name' => 'user#getDisplayNames', 'url' => '/displaynames', 'verb' => 'POST'],
+        ['name' => 'avatar#getAvatar', 'url' => '/avatar/{userId}/{size}', 'verb' => 'GET'],
+        ['name' => 'avatar#deleteAvatar', 'url' => '/avatar/', 'verb' => 'DELETE'],
+        ['name' => 'avatar#postCroppedAvatar', 'url' => '/avatar/cropped', 'verb' => 'POST'],
+        ['name' => 'avatar#getTmpAvatar', 'url' => '/avatar/tmp', 'verb' => 'GET'],
+        ['name' => 'avatar#postAvatar', 'url' => '/avatar/', 'verb' => 'POST'],
+        ['name' => 'GuestAvatar#getAvatar', 'url' => '/avatar/guest/{guestName}/{size}', 'verb' => 'GET'],
+        ['name' => 'CSRFToken#index', 'url' => '/csrftoken', 'verb' => 'GET'],
+        ['name' => 'login#tryLogin', 'url' => '/login', 'verb' => 'POST'],
+        ['name' => 'login#confirmPassword', 'url' => '/login/confirm', 'verb' => 'POST'],
+        ['name' => 'login#showLoginForm', 'url' => '/login', 'verb' => 'GET'],
+        ['name' => 'login#logout', 'url' => '/logout', 'verb' => 'GET'],
+        // Original login flow used by all clients
+        ['name' => 'ClientFlowLogin#showAuthPickerPage', 'url' => '/login/flow', 'verb' => 'GET'],
+        ['name' => 'ClientFlowLogin#generateAppPassword', 'url' => '/login/flow', 'verb' => 'POST'],
+        ['name' => 'ClientFlowLogin#grantPage', 'url' => '/login/flow/grant', 'verb' => 'GET'],
+        ['name' => 'ClientFlowLogin#apptokenRedirect', 'url' => '/login/flow/apptoken', 'verb' => 'POST'],
+        // NG login flow used by desktop client in case of Kerberos/fancy 2fa (smart cards for example)
+        ['name' => 'ClientFlowLoginV2#poll', 'url' => '/login/v2/poll', 'verb' => 'POST'],
+        ['name' => 'ClientFlowLoginV2#showAuthPickerPage', 'url' => '/login/v2/flow', 'verb' => 'GET'],
+        ['name' => 'ClientFlowLoginV2#landing', 'url' => '/login/v2/flow/{token}', 'verb' => 'GET'],
+        ['name' => 'ClientFlowLoginV2#grantPage', 'url' => '/login/v2/grant', 'verb' => 'GET'],
+        ['name' => 'ClientFlowLoginV2#generateAppPassword', 'url' => '/login/v2/grant', 'verb' => 'POST'],
+        ['name' => 'ClientFlowLoginV2#init', 'url' => '/login/v2', 'verb' => 'POST'],
+        ['name' => 'TwoFactorChallenge#selectChallenge', 'url' => '/login/selectchallenge', 'verb' => 'GET'],
+        ['name' => 'TwoFactorChallenge#showChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'GET'],
+        ['name' => 'TwoFactorChallenge#solveChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'POST'],
+        ['name' => 'TwoFactorChallenge#setupProviders', 'url' => 'login/setupchallenge', 'verb' => 'GET'],
+        ['name' => 'TwoFactorChallenge#setupProvider', 'url' => 'login/setupchallenge/{providerId}', 'verb' => 'GET'],
+        ['name' => 'TwoFactorChallenge#confirmProviderSetup', 'url' => 'login/setupchallenge/{providerId}', 'verb' => 'POST'],
+        ['name' => 'OCJS#getConfig', 'url' => '/core/js/oc.js', 'verb' => 'GET'],
+        ['name' => 'Preview#getPreviewByFileId', 'url' => '/core/preview', 'verb' => 'GET'],
+        ['name' => 'Preview#getPreview', 'url' => '/core/preview.png', 'verb' => 'GET'],
+        ['name' => 'Svg#getSvgFromCore', 'url' => '/svg/core/{folder}/{fileName}', 'verb' => 'GET'],
+        ['name' => 'Svg#getSvgFromApp', 'url' => '/svg/{app}/{fileName}', 'verb' => 'GET'],
+        ['name' => 'Css#getCss', 'url' => '/css/{appName}/{fileName}', 'verb' => 'GET'],
+        ['name' => 'Js#getJs', 'url' => '/js/{appName}/{fileName}', 'verb' => 'GET'],
+        ['name' => 'contactsMenu#index', 'url' => '/contactsmenu/contacts', 'verb' => 'POST'],
+        ['name' => 'contactsMenu#findOne', 'url' => '/contactsmenu/findOne', 'verb' => 'POST'],
+        ['name' => 'WalledGarden#get', 'url' => '/204', 'verb' => 'GET'],
+        ['name' => 'Search#search', 'url' => '/core/search', 'verb' => 'GET'],
 
-		// Legacy routes that need to be globally available while they are handled by an app
-		['name' => 'viewcontroller#showFile', 'url' => '/f/{fileid}', 'verb' => 'GET', 'app' => 'files'],
-		['name' => 'sharecontroller#showShare', 'url' => '/s/{token}', 'verb' => 'GET', 'app' => 'files_sharing'],
-		['name' => 'sharecontroller#showAuthenticate', 'url' => '/s/{token}/authenticate/{redirect}', 'verb' => 'GET', 'app' => 'files_sharing'],
-		['name' => 'sharecontroller#authenticate', 'url' => '/s/{token}/authenticate/{redirect}', 'verb' => 'POST', 'app' => 'files_sharing'],
-		['name' => 'sharecontroller#downloadShare', 'url' => '/s/{token}/download', 'verb' => 'GET', 'app' => 'files_sharing'],
-		['name' => 'publicpreview#directLink', 'url' => '/s/{token}/preview', 'verb' => 'GET', 'app' => 'files_sharing'],
-		['name' => 'requesthandlercontroller#addShare', 'url' => '/ocm/shares', 'verb' => 'POST', 'app' => 'cloud_federation_api'],
-		['name' => 'requesthandlercontroller#receiveNotification', 'url' => '/ocm/notifications', 'verb' => 'POST', 'app' => 'cloud_federation_api'],
-		['name' => 'pagecontroller#showCall', 'url' => '/call/{token}', 'verb' => 'GET', 'app' => 'spreed'],
-		['name' => 'pagecontroller#authenticatePassword', 'url' => '/call/{token}', 'verb' => 'POST', 'app' => 'spreed'],
-	],
-	'ocs' => [
-		['root' => '/cloud', 'name' => 'OCS#getCapabilities', 'url' => '/capabilities', 'verb' => 'GET'],
-		['root' => '', 'name' => 'OCS#getConfig', 'url' => '/config', 'verb' => 'GET'],
-		['root' => '/person', 'name' => 'OCS#personCheck', 'url' => '/check', 'verb' => 'POST'],
-		['root' => '/identityproof', 'name' => 'OCS#getIdentityProof', 'url' => '/key/{cloudId}', 'verb' => 'GET'],
-		['root' => '/core', 'name' => 'Navigation#getAppsNavigation', 'url' => '/navigation/apps', 'verb' => 'GET'],
-		['root' => '/core', 'name' => 'Navigation#getSettingsNavigation', 'url' => '/navigation/settings', 'verb' => 'GET'],
-		['root' => '/core', 'name' => 'AutoComplete#get', 'url' => '/autocomplete/get', 'verb' => 'GET'],
-		['root' => '/core', 'name' => 'WhatsNew#get', 'url' => '/whatsnew', 'verb' => 'GET'],
-		['root' => '/core', 'name' => 'WhatsNew#dismiss', 'url' => '/whatsnew', 'verb' => 'POST'],
-		['root' => '/core', 'name' => 'AppPassword#getAppPassword', 'url' => '/getapppassword', 'verb' => 'GET'],
-		['root' => '/core', 'name' => 'AppPassword#deleteAppPassword', 'url' => '/apppassword', 'verb' => 'DELETE'],
+        // Legacy routes that need to be globally available while they are handled by an app
+        ['name' => 'viewcontroller#showFile', 'url' => '/f/{fileid}', 'verb' => 'GET', 'app' => 'files'],
+        ['name' => 'sharecontroller#showShare', 'url' => '/s/{token}', 'verb' => 'GET', 'app' => 'files_sharing'],
+        ['name' => 'sharecontroller#showAuthenticate', 'url' => '/s/{token}/authenticate/{redirect}', 'verb' => 'GET', 'app' => 'files_sharing'],
+        ['name' => 'sharecontroller#authenticate', 'url' => '/s/{token}/authenticate/{redirect}', 'verb' => 'POST', 'app' => 'files_sharing'],
+        ['name' => 'sharecontroller#downloadShare', 'url' => '/s/{token}/download', 'verb' => 'GET', 'app' => 'files_sharing'],
+        ['name' => 'publicpreview#directLink', 'url' => '/s/{token}/preview', 'verb' => 'GET', 'app' => 'files_sharing'],
+        ['name' => 'requesthandlercontroller#addShare', 'url' => '/ocm/shares', 'verb' => 'POST', 'app' => 'cloud_federation_api'],
+        ['name' => 'requesthandlercontroller#receiveNotification', 'url' => '/ocm/notifications', 'verb' => 'POST', 'app' => 'cloud_federation_api'],
+        ['name' => 'pagecontroller#showCall', 'url' => '/call/{token}', 'verb' => 'GET', 'app' => 'spreed'],
+        ['name' => 'pagecontroller#authenticatePassword', 'url' => '/call/{token}', 'verb' => 'POST', 'app' => 'spreed'],
+    ],
+    'ocs' => [
+        ['root' => '/cloud', 'name' => 'OCS#getCapabilities', 'url' => '/capabilities', 'verb' => 'GET'],
+        ['root' => '', 'name' => 'OCS#getConfig', 'url' => '/config', 'verb' => 'GET'],
+        ['root' => '/person', 'name' => 'OCS#personCheck', 'url' => '/check', 'verb' => 'POST'],
+        ['root' => '/identityproof', 'name' => 'OCS#getIdentityProof', 'url' => '/key/{cloudId}', 'verb' => 'GET'],
+        ['root' => '/core', 'name' => 'Navigation#getAppsNavigation', 'url' => '/navigation/apps', 'verb' => 'GET'],
+        ['root' => '/core', 'name' => 'Navigation#getSettingsNavigation', 'url' => '/navigation/settings', 'verb' => 'GET'],
+        ['root' => '/core', 'name' => 'AutoComplete#get', 'url' => '/autocomplete/get', 'verb' => 'GET'],
+        ['root' => '/core', 'name' => 'WhatsNew#get', 'url' => '/whatsnew', 'verb' => 'GET'],
+        ['root' => '/core', 'name' => 'WhatsNew#dismiss', 'url' => '/whatsnew', 'verb' => 'POST'],
+        ['root' => '/core', 'name' => 'AppPassword#getAppPassword', 'url' => '/getapppassword', 'verb' => 'GET'],
+        ['root' => '/core', 'name' => 'AppPassword#deleteAppPassword', 'url' => '/apppassword', 'verb' => 'DELETE'],
 
-		['root' => '/collaboration', 'name' => 'CollaborationResources#searchCollections', 'url' => '/resources/collections/search/{filter}', 'verb' => 'GET'],
-		['root' => '/collaboration', 'name' => 'CollaborationResources#listCollection', 'url' => '/resources/collections/{collectionId}', 'verb' => 'GET'],
-		['root' => '/collaboration', 'name' => 'CollaborationResources#renameCollection', 'url' => '/resources/collections/{collectionId}', 'verb' => 'PUT'],
-		['root' => '/collaboration', 'name' => 'CollaborationResources#addResource', 'url' => '/resources/collections/{collectionId}', 'verb' => 'POST'],
+        ['root' => '/collaboration', 'name' => 'CollaborationResources#searchCollections', 'url' => '/resources/collections/search/{filter}', 'verb' => 'GET'],
+        ['root' => '/collaboration', 'name' => 'CollaborationResources#listCollection', 'url' => '/resources/collections/{collectionId}', 'verb' => 'GET'],
+        ['root' => '/collaboration', 'name' => 'CollaborationResources#renameCollection', 'url' => '/resources/collections/{collectionId}', 'verb' => 'PUT'],
+        ['root' => '/collaboration', 'name' => 'CollaborationResources#addResource', 'url' => '/resources/collections/{collectionId}', 'verb' => 'POST'],
 
-		['root' => '/collaboration', 'name' => 'CollaborationResources#removeResource', 'url' => '/resources/collections/{collectionId}', 'verb' => 'DELETE'],
-		['root' => '/collaboration', 'name' => 'CollaborationResources#getCollectionsByResource', 'url' => '/resources/{resourceType}/{resourceId}', 'verb' => 'GET'],
-		['root' => '/collaboration', 'name' => 'CollaborationResources#createCollectionOnResource', 'url' => '/resources/{baseResourceType}/{baseResourceId}', 'verb' => 'POST'],
-	],
+        ['root' => '/collaboration', 'name' => 'CollaborationResources#removeResource', 'url' => '/resources/collections/{collectionId}', 'verb' => 'DELETE'],
+        ['root' => '/collaboration', 'name' => 'CollaborationResources#getCollectionsByResource', 'url' => '/resources/{resourceType}/{resourceId}', 'verb' => 'GET'],
+        ['root' => '/collaboration', 'name' => 'CollaborationResources#createCollectionOnResource', 'url' => '/resources/{baseResourceType}/{baseResourceId}', 'verb' => 'POST'],
+    ],
 ]);
 
 // Post installation check
@@ -124,4 +124,4 @@ 
 // Core ajax actions
 // Routing
 $this->create('core_ajax_update', '/core/ajax/update.php')
-	->actionInclude('core/ajax/update.php');
+    ->actionInclude('core/ajax/update.php');

core/templates/twofactorselectchallenge.php

Indentation +20 added lines, -20 removed lines

@@ -20,10 +20,10 @@ 
 			<?php } else { ?>
 				<strong><?php p($l->t('Two-factor authentication is enforced but has not been configured on your account. Please continue to setup two-factor authentication.')) ?></strong>
 				<a class="button primary two-factor-primary" href="<?php p(\OC::$server->getURLGenerator()->linkToRoute('core.TwoFactorChallenge.setupProviders',
-					[
-						'redirect_url' => $_['redirect_url'],
-					]
-				)) ?>">
+                    [
+                        'redirect_url' => $_['redirect_url'],
+                    ]
+                )) ?>">
 					<?php p($l->t('Set up two-factor authentication')) ?>
 				</a>
 			<?php } ?>
@@ -37,18 +37,18 @@ 
 		<li>
 			<a class="two-factor-provider"
 			   href="<?php p(\OC::$server->getURLGenerator()->linkToRoute('core.TwoFactorChallenge.showChallenge',
-								[
-									'challengeProviderId' => $provider->getId(),
-									'redirect_url' => $_['redirect_url'],
-								]
-							)) ?>">
+                                [
+                                    'challengeProviderId' => $provider->getId(),
+                                    'redirect_url' => $_['redirect_url'],
+                                ]
+                            )) ?>">
 				<?php
-				if ($provider instanceof \OCP\Authentication\TwoFactorAuth\IProvidesIcons) {
-					$icon = $provider->getLightIcon();
-				} else {
-					$icon = image_path('core', 'actions/password-white.svg');
-				}
-				?>
+                if ($provider instanceof \OCP\Authentication\TwoFactorAuth\IProvidesIcons) {
+                    $icon = $provider->getLightIcon();
+                } else {
+                    $icon = image_path('core', 'actions/password-white.svg');
+                }
+                ?>
 				<img src="<?php p($icon) ?>" alt="" />
 				<div>
 					<h3><?php p($provider->getDisplayName()) ?></h3>
@@ -62,11 +62,11 @@ 
 	<?php if (!is_null($_['backupProvider'])): ?>
 	<p>
 		<a class="<?php if($noProviders): ?>button primary two-factor-primary<?php else: ?>two-factor-secondary<?php endif ?>" href="<?php p(\OC::$server->getURLGenerator()->linkToRoute('core.TwoFactorChallenge.showChallenge',
-			[
-				'challengeProviderId' => $_['backupProvider']->getId(),
-				'redirect_url' => $_['redirect_url'],
-			]
-		)) ?>">
+            [
+                'challengeProviderId' => $_['backupProvider']->getId(),
+                'redirect_url' => $_['redirect_url'],
+            ]
+        )) ?>">
 			<?php p($l->t('Use backup code')) ?>
 		</a>
 	</p>

Braces +13 added lines, -5 removed lines

@@ -27,11 +27,15 @@ 
 					<?php p($l->t('Set up two-factor authentication')) ?>
 				</a>
 			<?php } ?>
-		<?php else: ?>
+		<?php else {
+    : ?>
 			<strong><?php p($l->t('Two-factor authentication is enforced but has not been configured on your account. Use one of your backup codes to log in or contact your admin for assistance.')) ?></strong>
-		<?php endif; ?>
+		<?php endif;
+}
+?>
 	</p>
-	<?php else: ?>
+	<?php else {
+    : ?>
 	<ul>
 	<?php foreach ($_['providers'] as $provider): ?>
 		<li>
@@ -45,6 +49,7 @@ 
 				<?php
 				if ($provider instanceof \OCP\Authentication\TwoFactorAuth\IProvidesIcons) {
 					$icon = $provider->getLightIcon();
+}
 				} else {
 					$icon = image_path('core', 'actions/password-white.svg');
 				}
@@ -61,7 +66,8 @@ 
 	<?php endif ?>
 	<?php if (!is_null($_['backupProvider'])): ?>
 	<p>
-		<a class="<?php if($noProviders): ?>button primary two-factor-primary<?php else: ?>two-factor-secondary<?php endif ?>" href="<?php p(\OC::$server->getURLGenerator()->linkToRoute('core.TwoFactorChallenge.showChallenge',
+		<a class="<?php if($noProviders): ?>button primary two-factor-primary<?php else {
+    : ?>two-factor-secondary<?php endif ?>" href="<?php p(\OC::$server->getURLGenerator()->linkToRoute('core.TwoFactorChallenge.showChallenge',
 			[
 				'challengeProviderId' => $_['backupProvider']->getId(),
 				'redirect_url' => $_['redirect_url'],
@@ -70,7 +76,9 @@ 
 			<?php p($l->t('Use backup code')) ?>
 		</a>
 	</p>
-	<?php endif; ?>
+	<?php endif;
+}
+?>
 	<p><a class="two-factor-secondary" href="<?php print_unescaped($_['logout_url']); ?>">
 		<?php p($l->t('Cancel log in')) ?>
 	</a></p>

core/templates/twofactorsetupselection.php

Indentation +11 added lines, -11 removed lines

@@ -31,18 +31,18 @@
 		<li>
 			<a class="two-factor-provider"
 			   href="<?php p(\OC::$server->getURLGenerator()->linkToRoute('core.TwoFactorChallenge.setupProvider',
-								[
-									'providerId' => $provider->getId(),
-									'redirect_url' => $_['redirect_url'],
-								]
-							)) ?>">
+                                [
+                                    'providerId' => $provider->getId(),
+                                    'redirect_url' => $_['redirect_url'],
+                                ]
+                            )) ?>">
 				<?php
-				if ($provider instanceof \OCP\Authentication\TwoFactorAuth\IProvidesIcons) {
-					$icon = $provider->getLightIcon();
-				} else {
-					$icon = image_path('core', 'actions/password-white.svg');
-				}
-				?>
+                if ($provider instanceof \OCP\Authentication\TwoFactorAuth\IProvidesIcons) {
+                    $icon = $provider->getLightIcon();
+                } else {
+                    $icon = image_path('core', 'actions/password-white.svg');
+                }
+                ?>
 				<img src="<?php p($icon) ?>" alt="" />
 				<div>
 					<h3><?php p($provider->getDisplayName()) ?></h3>

core/Middleware/TwoFactorMiddleware.php

Indentation +101 added lines, -101 removed lines

@@ -44,106 +44,106 @@
 
 class TwoFactorMiddleware extends Middleware {
 
-	/** @var Manager */
-	private $twoFactorManager;
-
-	/** @var Session */
-	private $userSession;
-
-	/** @var ISession */
-	private $session;
-
-	/** @var IURLGenerator */
-	private $urlGenerator;
-
-	/** @var IControllerMethodReflector */
-	private $reflector;
-
-	/** @var IRequest */
-	private $request;
-
-	/**
-	 * @param Manager $twoFactorManager
-	 * @param Session $userSession
-	 * @param ISession $session
-	 * @param IURLGenerator $urlGenerator
-	 */
-	public function __construct(Manager $twoFactorManager, Session $userSession, ISession $session,
-		IURLGenerator $urlGenerator, IControllerMethodReflector $reflector, IRequest $request) {
-		$this->twoFactorManager = $twoFactorManager;
-		$this->userSession = $userSession;
-		$this->session = $session;
-		$this->urlGenerator = $urlGenerator;
-		$this->reflector = $reflector;
-		$this->request = $request;
-	}
-
-	/**
-	 * @param Controller $controller
-	 * @param string $methodName
-	 */
-	public function beforeController($controller, $methodName) {
-		if ($this->reflector->hasAnnotation('PublicPage')) {
-			// Don't block public pages
-			return;
-		}
-
-		if ($controller instanceof ALoginSetupController
-			&& $this->userSession->getUser() !== null
-			&& $this->twoFactorManager->needsSecondFactor($this->userSession->getUser())) {
-			return;
-		}
-
-		if ($controller instanceof LoginController && $methodName === 'logout') {
-			// Don't block the logout page, to allow canceling the 2FA
-			return;
-		}
-
-		if ($this->userSession->isLoggedIn()) {
-			$user = $this->userSession->getUser();
-
-			if ($this->session->exists('app_password') || $this->twoFactorManager->isTwoFactorAuthenticated($user)) {
-				$this->checkTwoFactor($controller, $methodName, $user);
-			} else if ($controller instanceof TwoFactorChallengeController) {
-				// Allow access to the two-factor controllers only if two-factor authentication
-				// is in progress.
-				throw new UserAlreadyLoggedInException();
-			}
-		}
-		// TODO: dont check/enforce 2FA if a auth token is used
-	}
-
-	private function checkTwoFactor(Controller $controller, $methodName, IUser $user) {
-		// If two-factor auth is in progress disallow access to any controllers
-		// defined within "LoginController".
-		$needsSecondFactor = $this->twoFactorManager->needsSecondFactor($user);
-		$twoFactor = $controller instanceof TwoFactorChallengeController;
-
-		// Disallow access to any controller if 2FA needs to be checked
-		if ($needsSecondFactor && !$twoFactor) {
-			throw new TwoFactorAuthRequiredException();
-		}
-
-		// Allow access to the two-factor controllers only if two-factor authentication
-		// is in progress.
-		if (!$needsSecondFactor && $twoFactor) {
-			throw new UserAlreadyLoggedInException();
-		}
-	}
-
-	public function afterException($controller, $methodName, Exception $exception) {
-		if ($exception instanceof TwoFactorAuthRequiredException) {
-			$params = [];
-			if (isset($this->request->server['REQUEST_URI'])) {
-				$params['redirect_url'] = $this->request->server['REQUEST_URI'];
-			}
-			return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge', $params));
-		}
-		if ($exception instanceof UserAlreadyLoggedInException) {
-			return new RedirectResponse($this->urlGenerator->linkToRoute('files.view.index'));
-		}
-
-		throw $exception;
-	}
+    /** @var Manager */
+    private $twoFactorManager;
+
+    /** @var Session */
+    private $userSession;
+
+    /** @var ISession */
+    private $session;
+
+    /** @var IURLGenerator */
+    private $urlGenerator;
+
+    /** @var IControllerMethodReflector */
+    private $reflector;
+
+    /** @var IRequest */
+    private $request;
+
+    /**
+     * @param Manager $twoFactorManager
+     * @param Session $userSession
+     * @param ISession $session
+     * @param IURLGenerator $urlGenerator
+     */
+    public function __construct(Manager $twoFactorManager, Session $userSession, ISession $session,
+        IURLGenerator $urlGenerator, IControllerMethodReflector $reflector, IRequest $request) {
+        $this->twoFactorManager = $twoFactorManager;
+        $this->userSession = $userSession;
+        $this->session = $session;
+        $this->urlGenerator = $urlGenerator;
+        $this->reflector = $reflector;
+        $this->request = $request;
+    }
+
+    /**
+     * @param Controller $controller
+     * @param string $methodName
+     */
+    public function beforeController($controller, $methodName) {
+        if ($this->reflector->hasAnnotation('PublicPage')) {
+            // Don't block public pages
+            return;
+        }
+
+        if ($controller instanceof ALoginSetupController
+            && $this->userSession->getUser() !== null
+            && $this->twoFactorManager->needsSecondFactor($this->userSession->getUser())) {
+            return;
+        }
+
+        if ($controller instanceof LoginController && $methodName === 'logout') {
+            // Don't block the logout page, to allow canceling the 2FA
+            return;
+        }
+
+        if ($this->userSession->isLoggedIn()) {
+            $user = $this->userSession->getUser();
+
+            if ($this->session->exists('app_password') || $this->twoFactorManager->isTwoFactorAuthenticated($user)) {
+                $this->checkTwoFactor($controller, $methodName, $user);
+            } else if ($controller instanceof TwoFactorChallengeController) {
+                // Allow access to the two-factor controllers only if two-factor authentication
+                // is in progress.
+                throw new UserAlreadyLoggedInException();
+            }
+        }
+        // TODO: dont check/enforce 2FA if a auth token is used
+    }
+
+    private function checkTwoFactor(Controller $controller, $methodName, IUser $user) {
+        // If two-factor auth is in progress disallow access to any controllers
+        // defined within "LoginController".
+        $needsSecondFactor = $this->twoFactorManager->needsSecondFactor($user);
+        $twoFactor = $controller instanceof TwoFactorChallengeController;
+
+        // Disallow access to any controller if 2FA needs to be checked
+        if ($needsSecondFactor && !$twoFactor) {
+            throw new TwoFactorAuthRequiredException();
+        }
+
+        // Allow access to the two-factor controllers only if two-factor authentication
+        // is in progress.
+        if (!$needsSecondFactor && $twoFactor) {
+            throw new UserAlreadyLoggedInException();
+        }
+    }
+
+    public function afterException($controller, $methodName, Exception $exception) {
+        if ($exception instanceof TwoFactorAuthRequiredException) {
+            $params = [];
+            if (isset($this->request->server['REQUEST_URI'])) {
+                $params['redirect_url'] = $this->request->server['REQUEST_URI'];
+            }
+            return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge', $params));
+        }
+        if ($exception instanceof UserAlreadyLoggedInException) {
+            return new RedirectResponse($this->urlGenerator->linkToRoute('files.view.index'));
+        }
+
+        throw $exception;
+    }
 
 }

core/Controller/TwoFactorChallengeController.php

Indentation +204 added lines, -204 removed lines

@@ -43,237 +43,237 @@
 
 class TwoFactorChallengeController extends Controller {
 
-	/** @var Manager */
-	private $twoFactorManager;
+    /** @var Manager */
+    private $twoFactorManager;
 
-	/** @var IUserSession */
-	private $userSession;
+    /** @var IUserSession */
+    private $userSession;
 
-	/** @var ISession */
-	private $session;
+    /** @var ISession */
+    private $session;
 
-	/** @var IURLGenerator */
-	private $urlGenerator;
+    /** @var IURLGenerator */
+    private $urlGenerator;
 
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param Manager $twoFactorManager
-	 * @param IUserSession $userSession
-	 * @param ISession $session
-	 * @param IURLGenerator $urlGenerator
-	 */
-	public function __construct($appName, IRequest $request, Manager $twoFactorManager, IUserSession $userSession,
-		ISession $session, IURLGenerator $urlGenerator) {
-		parent::__construct($appName, $request);
-		$this->twoFactorManager = $twoFactorManager;
-		$this->userSession = $userSession;
-		$this->session = $session;
-		$this->urlGenerator = $urlGenerator;
-	}
+    /**
+     * @param string $appName
+     * @param IRequest $request
+     * @param Manager $twoFactorManager
+     * @param IUserSession $userSession
+     * @param ISession $session
+     * @param IURLGenerator $urlGenerator
+     */
+    public function __construct($appName, IRequest $request, Manager $twoFactorManager, IUserSession $userSession,
+        ISession $session, IURLGenerator $urlGenerator) {
+        parent::__construct($appName, $request);
+        $this->twoFactorManager = $twoFactorManager;
+        $this->userSession = $userSession;
+        $this->session = $session;
+        $this->urlGenerator = $urlGenerator;
+    }
 
-	/**
-	 * @return string
-	 */
-	protected function getLogoutUrl() {
-		return OC_User::getLogoutUrl($this->urlGenerator);
-	}
+    /**
+     * @return string
+     */
+    protected function getLogoutUrl() {
+        return OC_User::getLogoutUrl($this->urlGenerator);
+    }
 	
-	/**
-	 * @param IProvider[] $providers
-	 */
-	private function splitProvidersAndBackupCodes(array $providers): array {
-		$regular = [];
-		$backup = null;
-		foreach ($providers as $provider) {
-			if ($provider->getId() === 'backup_codes') {
-				$backup = $provider;
-			} else {
-				$regular[] = $provider;
-			}
-		}
+    /**
+     * @param IProvider[] $providers
+     */
+    private function splitProvidersAndBackupCodes(array $providers): array {
+        $regular = [];
+        $backup = null;
+        foreach ($providers as $provider) {
+            if ($provider->getId() === 'backup_codes') {
+                $backup = $provider;
+            } else {
+                $regular[] = $provider;
+            }
+        }
 
-		return [$regular, $backup];
-	}
+        return [$regular, $backup];
+    }
 
-	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 *
-	 * @param string $redirect_url
-	 * @return StandaloneTemplateResponse
-	 */
-	public function selectChallenge($redirect_url) {
-		$user = $this->userSession->getUser();
-		$providerSet = $this->twoFactorManager->getProviderSet($user);
-		$allProviders = $providerSet->getProviders();
-		list($providers, $backupProvider) = $this->splitProvidersAndBackupCodes($allProviders);
-		$setupProviders = $this->twoFactorManager->getLoginSetupProviders($user);
+    /**
+     * @NoAdminRequired
+     * @NoCSRFRequired
+     *
+     * @param string $redirect_url
+     * @return StandaloneTemplateResponse
+     */
+    public function selectChallenge($redirect_url) {
+        $user = $this->userSession->getUser();
+        $providerSet = $this->twoFactorManager->getProviderSet($user);
+        $allProviders = $providerSet->getProviders();
+        list($providers, $backupProvider) = $this->splitProvidersAndBackupCodes($allProviders);
+        $setupProviders = $this->twoFactorManager->getLoginSetupProviders($user);
 
-		$data = [
-			'providers' => $providers,
-			'backupProvider' => $backupProvider,
-			'providerMissing' => $providerSet->isProviderMissing(),
-			'redirect_url' => $redirect_url,
-			'logout_url' => $this->getLogoutUrl(),
-			'hasSetupProviders' => !empty($setupProviders),
-		];
-		return new StandaloneTemplateResponse($this->appName, 'twofactorselectchallenge', $data, 'guest');
-	}
+        $data = [
+            'providers' => $providers,
+            'backupProvider' => $backupProvider,
+            'providerMissing' => $providerSet->isProviderMissing(),
+            'redirect_url' => $redirect_url,
+            'logout_url' => $this->getLogoutUrl(),
+            'hasSetupProviders' => !empty($setupProviders),
+        ];
+        return new StandaloneTemplateResponse($this->appName, 'twofactorselectchallenge', $data, 'guest');
+    }
 
-	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 * @UseSession
-	 *
-	 * @param string $challengeProviderId
-	 * @param string $redirect_url
-	 * @return StandaloneTemplateResponse|RedirectResponse
-	 */
-	public function showChallenge($challengeProviderId, $redirect_url) {
-		$user = $this->userSession->getUser();
-		$providerSet = $this->twoFactorManager->getProviderSet($user);
-		$provider = $providerSet->getProvider($challengeProviderId);
+    /**
+     * @NoAdminRequired
+     * @NoCSRFRequired
+     * @UseSession
+     *
+     * @param string $challengeProviderId
+     * @param string $redirect_url
+     * @return StandaloneTemplateResponse|RedirectResponse
+     */
+    public function showChallenge($challengeProviderId, $redirect_url) {
+        $user = $this->userSession->getUser();
+        $providerSet = $this->twoFactorManager->getProviderSet($user);
+        $provider = $providerSet->getProvider($challengeProviderId);
 
-		if (is_null($provider)) {
-			return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
-		}
+        if (is_null($provider)) {
+            return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
+        }
 
-		$backupProvider = $providerSet->getProvider('backup_codes');
-		if (!is_null($backupProvider) && $backupProvider->getId() === $provider->getId()) {
-			// Don't show the backup provider link if we're already showing that provider's challenge
-			$backupProvider = null;
-		}
+        $backupProvider = $providerSet->getProvider('backup_codes');
+        if (!is_null($backupProvider) && $backupProvider->getId() === $provider->getId()) {
+            // Don't show the backup provider link if we're already showing that provider's challenge
+            $backupProvider = null;
+        }
 
-		$errorMessage = '';
-		$error = false;
-		if ($this->session->exists('two_factor_auth_error')) {
-			$this->session->remove('two_factor_auth_error');
-			$error = true;
-			$errorMessage = $this->session->get("two_factor_auth_error_message");
-			$this->session->remove('two_factor_auth_error_message');
-		}
-		$tmpl = $provider->getTemplate($user);
-		$tmpl->assign('redirect_url', $redirect_url);
-		$data = [
-			'error' => $error,
-			'error_message' => $errorMessage,
-			'provider' => $provider,
-			'backupProvider' => $backupProvider,
-			'logout_url' => $this->getLogoutUrl(),
-			'redirect_url' => $redirect_url,
-			'template' => $tmpl->fetchPage(),
-		];
-		$response = new StandaloneTemplateResponse($this->appName, 'twofactorshowchallenge', $data, 'guest');
-		if ($provider instanceof IProvidesCustomCSP) {
-			$response->setContentSecurityPolicy($provider->getCSP());
-		}
-		return $response;
-	}
+        $errorMessage = '';
+        $error = false;
+        if ($this->session->exists('two_factor_auth_error')) {
+            $this->session->remove('two_factor_auth_error');
+            $error = true;
+            $errorMessage = $this->session->get("two_factor_auth_error_message");
+            $this->session->remove('two_factor_auth_error_message');
+        }
+        $tmpl = $provider->getTemplate($user);
+        $tmpl->assign('redirect_url', $redirect_url);
+        $data = [
+            'error' => $error,
+            'error_message' => $errorMessage,
+            'provider' => $provider,
+            'backupProvider' => $backupProvider,
+            'logout_url' => $this->getLogoutUrl(),
+            'redirect_url' => $redirect_url,
+            'template' => $tmpl->fetchPage(),
+        ];
+        $response = new StandaloneTemplateResponse($this->appName, 'twofactorshowchallenge', $data, 'guest');
+        if ($provider instanceof IProvidesCustomCSP) {
+            $response->setContentSecurityPolicy($provider->getCSP());
+        }
+        return $response;
+    }
 
-	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 * @UseSession
-	 *
-	 * @UserRateThrottle(limit=5, period=100)
-	 *
-	 * @param string $challengeProviderId
-	 * @param string $challenge
-	 * @param string $redirect_url
-	 * @return RedirectResponse
-	 */
-	public function solveChallenge($challengeProviderId, $challenge, $redirect_url = null) {
-		$user = $this->userSession->getUser();
-		$provider = $this->twoFactorManager->getProvider($user, $challengeProviderId);
-		if (is_null($provider)) {
-			return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
-		}
+    /**
+     * @NoAdminRequired
+     * @NoCSRFRequired
+     * @UseSession
+     *
+     * @UserRateThrottle(limit=5, period=100)
+     *
+     * @param string $challengeProviderId
+     * @param string $challenge
+     * @param string $redirect_url
+     * @return RedirectResponse
+     */
+    public function solveChallenge($challengeProviderId, $challenge, $redirect_url = null) {
+        $user = $this->userSession->getUser();
+        $provider = $this->twoFactorManager->getProvider($user, $challengeProviderId);
+        if (is_null($provider)) {
+            return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
+        }
 
-		try {
-			if ($this->twoFactorManager->verifyChallenge($challengeProviderId, $user, $challenge)) {
-				if (!is_null($redirect_url)) {
-					return new RedirectResponse($this->urlGenerator->getAbsoluteURL(urldecode($redirect_url)));
-				}
-				return new RedirectResponse(OC_Util::getDefaultPageUrl());
-			}
-		} catch (TwoFactorException $e) {
-			/*
+        try {
+            if ($this->twoFactorManager->verifyChallenge($challengeProviderId, $user, $challenge)) {
+                if (!is_null($redirect_url)) {
+                    return new RedirectResponse($this->urlGenerator->getAbsoluteURL(urldecode($redirect_url)));
+                }
+                return new RedirectResponse(OC_Util::getDefaultPageUrl());
+            }
+        } catch (TwoFactorException $e) {
+            /*
 			 * The 2FA App threw an TwoFactorException. Now we display more
 			 * information to the user. The exception text is stored in the
 			 * session to be used in showChallenge()
 			 */
-			$this->session->set('two_factor_auth_error_message', $e->getMessage());
-		}
+            $this->session->set('two_factor_auth_error_message', $e->getMessage());
+        }
 
-		$this->session->set('two_factor_auth_error', true);
-		return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.showChallenge', [
-			'challengeProviderId' => $provider->getId(),
-			'redirect_url' => $redirect_url,
-		]));
-	}
+        $this->session->set('two_factor_auth_error', true);
+        return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.showChallenge', [
+            'challengeProviderId' => $provider->getId(),
+            'redirect_url' => $redirect_url,
+        ]));
+    }
 
-	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 */
-	public function setupProviders() {
-		$user = $this->userSession->getUser();
-		$setupProviders = $this->twoFactorManager->getLoginSetupProviders($user);
+    /**
+     * @NoAdminRequired
+     * @NoCSRFRequired
+     */
+    public function setupProviders() {
+        $user = $this->userSession->getUser();
+        $setupProviders = $this->twoFactorManager->getLoginSetupProviders($user);
 
-		$data = [
-			'providers' => $setupProviders,
-			'logout_url' => $this->getLogoutUrl(),
-		];
+        $data = [
+            'providers' => $setupProviders,
+            'logout_url' => $this->getLogoutUrl(),
+        ];
 
-		$response = new StandaloneTemplateResponse($this->appName, 'twofactorsetupselection', $data, 'guest');
-		return $response;
-	}
+        $response = new StandaloneTemplateResponse($this->appName, 'twofactorsetupselection', $data, 'guest');
+        return $response;
+    }
 
-	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 */
-	public function setupProvider(string $providerId) {
-		$user = $this->userSession->getUser();
-		$providers = $this->twoFactorManager->getLoginSetupProviders($user);
+    /**
+     * @NoAdminRequired
+     * @NoCSRFRequired
+     */
+    public function setupProvider(string $providerId) {
+        $user = $this->userSession->getUser();
+        $providers = $this->twoFactorManager->getLoginSetupProviders($user);
 
-		$provider = null;
-		foreach ($providers as $p) {
-			if ($p->getId() === $providerId) {
-				$provider = $p;
-				break;
-			}
-		}
+        $provider = null;
+        foreach ($providers as $p) {
+            if ($p->getId() === $providerId) {
+                $provider = $p;
+                break;
+            }
+        }
 
-		if ($provider === null) {
-			return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
-		}
+        if ($provider === null) {
+            return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
+        }
 
-		/** @var IActivatableAtLogin $provider */
-		$tmpl = $provider->getLoginSetup($user)->getBody();
-		$data = [
-			'provider' => $provider,
-			'logout_url' => $this->getLogoutUrl(),
-			'template' => $tmpl->fetchPage(),
-		];
-		$response = new StandaloneTemplateResponse($this->appName, 'twofactorsetupchallenge', $data, 'guest');
-		return $response;
-	}
+        /** @var IActivatableAtLogin $provider */
+        $tmpl = $provider->getLoginSetup($user)->getBody();
+        $data = [
+            'provider' => $provider,
+            'logout_url' => $this->getLogoutUrl(),
+            'template' => $tmpl->fetchPage(),
+        ];
+        $response = new StandaloneTemplateResponse($this->appName, 'twofactorsetupchallenge', $data, 'guest');
+        return $response;
+    }
 
-	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 *
-	 * @todo handle the extreme edge case of an invalid provider ID and redirect to the provider selection page
-	 */
-	public function confirmProviderSetup(string $providerId) {
-		return new RedirectResponse($this->urlGenerator->linkToRoute(
-			'core.TwoFactorChallenge.showChallenge',
-			[
-				'challengeProviderId' => $providerId,
-			]
-		));
-	}
+    /**
+     * @NoAdminRequired
+     * @NoCSRFRequired
+     *
+     * @todo handle the extreme edge case of an invalid provider ID and redirect to the provider selection page
+     */
+    public function confirmProviderSetup(string $providerId) {
+        return new RedirectResponse($this->urlGenerator->linkToRoute(
+            'core.TwoFactorChallenge.showChallenge',
+            [
+                'challengeProviderId' => $providerId,
+            ]
+        ));
+    }
 
 }

lib/public/Authentication/TwoFactorAuth/IActivatableAtLogin.php

Indentation +8 added lines, -8 removed lines

@@ -31,13 +31,13 @@
  */
 interface IActivatableAtLogin extends IProvider {
 
-	/**
-	 * @param IUser $user
-	 *
-	 * @return ILoginSetupProvider
-	 *
-	 * @since 17.0.0
-	 */
-	public function getLoginSetup(IUser $user): ILoginSetupProvider;
+    /**
+     * @param IUser $user
+     *
+     * @return ILoginSetupProvider
+     *
+     * @since 17.0.0
+     */
+    public function getLoginSetup(IUser $user): ILoginSetupProvider;
 
 }

lib/public/Authentication/TwoFactorAuth/ILoginSetupProvider.php

Indentation +6 added lines, -6 removed lines

@@ -31,11 +31,11 @@
  */
 interface ILoginSetupProvider {
 
-	/**
-	 * @return Template
-	 *
-	 * @since 17.0.0
-	 */
-	public function getBody(): Template;
+    /**
+     * @return Template
+     *
+     * @since 17.0.0
+     */
+    public function getBody(): Template;
 
 }

lib/private/Authentication/TwoFactorAuth/Manager.php

Indentation +334 added lines, -334 removed lines

@@ -49,342 +49,342 @@
 
 class Manager {
 
-	const SESSION_UID_KEY = 'two_factor_auth_uid';
-	const SESSION_UID_DONE = 'two_factor_auth_passed';
-	const REMEMBER_LOGIN = 'two_factor_remember_login';
-	const BACKUP_CODES_PROVIDER_ID = 'backup_codes';
-
-	/** @var ProviderLoader */
-	private $providerLoader;
-
-	/** @var IRegistry */
-	private $providerRegistry;
-
-	/** @var MandatoryTwoFactor */
-	private $mandatoryTwoFactor;
-
-	/** @var ISession */
-	private $session;
-
-	/** @var IConfig */
-	private $config;
-
-	/** @var IManager */
-	private $activityManager;
-
-	/** @var ILogger */
-	private $logger;
-
-	/** @var TokenProvider */
-	private $tokenProvider;
-
-	/** @var ITimeFactory */
-	private $timeFactory;
-
-	/** @var EventDispatcherInterface */
-	private $dispatcher;
-
-	public function __construct(ProviderLoader $providerLoader,
-								IRegistry $providerRegistry,
-								MandatoryTwoFactor $mandatoryTwoFactor,
-								ISession $session, IConfig $config,
-								IManager $activityManager, ILogger $logger, TokenProvider $tokenProvider,
-								ITimeFactory $timeFactory, EventDispatcherInterface $eventDispatcher) {
-		$this->providerLoader = $providerLoader;
-		$this->providerRegistry = $providerRegistry;
-		$this->mandatoryTwoFactor = $mandatoryTwoFactor;
-		$this->session = $session;
-		$this->config = $config;
-		$this->activityManager = $activityManager;
-		$this->logger = $logger;
-		$this->tokenProvider = $tokenProvider;
-		$this->timeFactory = $timeFactory;
-		$this->dispatcher = $eventDispatcher;
-	}
-
-	/**
-	 * Determine whether the user must provide a second factor challenge
-	 *
-	 * @param IUser $user
-	 * @return boolean
-	 */
-	public function isTwoFactorAuthenticated(IUser $user): bool {
-		if ($this->mandatoryTwoFactor->isEnforcedFor($user)) {
-			return true;
-		}
-
-		$providerStates = $this->providerRegistry->getProviderStates($user);
-		$providers = $this->providerLoader->getProviders($user);
-		$fixedStates = $this->fixMissingProviderStates($providerStates, $providers, $user);
-		$enabled = array_filter($fixedStates);
-		$providerIds = array_keys($enabled);
-		$providerIdsWithoutBackupCodes = array_diff($providerIds, [self::BACKUP_CODES_PROVIDER_ID]);
-
-		return !empty($providerIdsWithoutBackupCodes);
-	}
-
-	/**
-	 * Get a 2FA provider by its ID
-	 *
-	 * @param IUser $user
-	 * @param string $challengeProviderId
-	 * @return IProvider|null
-	 */
-	public function getProvider(IUser $user, string $challengeProviderId) {
-		$providers = $this->getProviderSet($user)->getProviders();
-		return $providers[$challengeProviderId] ?? null;
-	}
-
-	/**
-	 * @param IUser $user
-	 * @return IActivatableAtLogin[]
-	 * @throws Exception
-	 */
-	public function getLoginSetupProviders(IUser $user): array {
-		$providers = $this->providerLoader->getProviders($user);
-		return array_filter($providers, function(IProvider $provider) {
-			return ($provider instanceof IActivatableAtLogin);
-		});
-	}
-
-	/**
-	 * Check if the persistant mapping of enabled/disabled state of each available
-	 * provider is missing an entry and add it to the registry in that case.
-	 *
-	 * @todo remove in Nextcloud 17 as by then all providers should have been updated
-	 *
-	 * @param string[] $providerStates
-	 * @param IProvider[] $providers
-	 * @param IUser $user
-	 * @return string[] the updated $providerStates variable
-	 */
-	private function fixMissingProviderStates(array $providerStates,
-		array $providers, IUser $user): array {
-
-		foreach ($providers as $provider) {
-			if (isset($providerStates[$provider->getId()])) {
-				// All good
-				continue;
-			}
-
-			$enabled = $provider->isTwoFactorAuthEnabledForUser($user);
-			if ($enabled) {
-				$this->providerRegistry->enableProviderFor($provider, $user);
-			} else {
-				$this->providerRegistry->disableProviderFor($provider, $user);
-			}
-			$providerStates[$provider->getId()] = $enabled;
-		}
-
-		return $providerStates;
-	}
-
-	/**
-	 * @param array $states
-	 * @param IProvider $providers
-	 */
-	private function isProviderMissing(array $states, array $providers): bool {
-		$indexed = [];
-		foreach ($providers as $provider) {
-			$indexed[$provider->getId()] = $provider;
-		}
-
-		$missing = [];
-		foreach ($states as $providerId => $enabled) {
-			if (!$enabled) {
-				// Don't care
-				continue;
-			}
-
-			if (!isset($indexed[$providerId])) {
-				$missing[] = $providerId;
-				$this->logger->alert("two-factor auth provider '$providerId' failed to load",
-					[
-					'app' => 'core',
-				]);
-			}
-		}
-
-		if (!empty($missing)) {
-			// There was at least one provider missing
-			$this->logger->alert(count($missing) . " two-factor auth providers failed to load", ['app' => 'core']);
-
-			return true;
-		}
-
-		// If we reach this, there was not a single provider missing
-		return false;
-	}
-
-	/**
-	 * Get the list of 2FA providers for the given user
-	 *
-	 * @param IUser $user
-	 * @throws Exception
-	 */
-	public function getProviderSet(IUser $user): ProviderSet {
-		$providerStates = $this->providerRegistry->getProviderStates($user);
-		$providers = $this->providerLoader->getProviders($user);
-
-		$fixedStates = $this->fixMissingProviderStates($providerStates, $providers, $user);
-		$isProviderMissing = $this->isProviderMissing($fixedStates, $providers);
-
-		$enabled = array_filter($providers, function (IProvider $provider) use ($fixedStates) {
-			return $fixedStates[$provider->getId()];
-		});
-		return new ProviderSet($enabled, $isProviderMissing);
-	}
-
-	/**
-	 * Verify the given challenge
-	 *
-	 * @param string $providerId
-	 * @param IUser $user
-	 * @param string $challenge
-	 * @return boolean
-	 */
-	public function verifyChallenge(string $providerId, IUser $user, string $challenge): bool {
-		$provider = $this->getProvider($user, $providerId);
-		if ($provider === null) {
-			return false;
-		}
-
-		$passed = $provider->verifyChallenge($user, $challenge);
-		if ($passed) {
-			if ($this->session->get(self::REMEMBER_LOGIN) === true) {
-				// TODO: resolve cyclic dependency and use DI
-				\OC::$server->getUserSession()->createRememberMeToken($user);
-			}
-			$this->session->remove(self::SESSION_UID_KEY);
-			$this->session->remove(self::REMEMBER_LOGIN);
-			$this->session->set(self::SESSION_UID_DONE, $user->getUID());
-
-			// Clear token from db
-			$sessionId = $this->session->getId();
-			$token = $this->tokenProvider->getToken($sessionId);
-			$tokenId = $token->getId();
-			$this->config->deleteUserValue($user->getUID(), 'login_token_2fa', $tokenId);
-
-			$dispatchEvent = new GenericEvent($user, ['provider' => $provider->getDisplayName()]);
-			$this->dispatcher->dispatch(IProvider::EVENT_SUCCESS, $dispatchEvent);
-
-			$this->publishEvent($user, 'twofactor_success', [
-				'provider' => $provider->getDisplayName(),
-			]);
-		} else {
-			$dispatchEvent = new GenericEvent($user, ['provider' => $provider->getDisplayName()]);
-			$this->dispatcher->dispatch(IProvider::EVENT_FAILED, $dispatchEvent);
-
-			$this->publishEvent($user, 'twofactor_failed', [
-				'provider' => $provider->getDisplayName(),
-			]);
-		}
-		return $passed;
-	}
-
-	/**
-	 * Push a 2fa event the user's activity stream
-	 *
-	 * @param IUser $user
-	 * @param string $event
-	 * @param array $params
-	 */
-	private function publishEvent(IUser $user, string $event, array $params) {
-		$activity = $this->activityManager->generateEvent();
-		$activity->setApp('core')
-			->setType('security')
-			->setAuthor($user->getUID())
-			->setAffectedUser($user->getUID())
-			->setSubject($event, $params);
-		try {
-			$this->activityManager->publish($activity);
-		} catch (BadMethodCallException $e) {
-			$this->logger->warning('could not publish activity', ['app' => 'core']);
-			$this->logger->logException($e, ['app' => 'core']);
-		}
-	}
-
-	/**
-	 * Check if the currently logged in user needs to pass 2FA
-	 *
-	 * @param IUser $user the currently logged in user
-	 * @return boolean
-	 */
-	public function needsSecondFactor(IUser $user = null): bool {
-		if ($user === null) {
-			return false;
-		}
-
-		// If we are authenticated using an app password skip all this
-		if ($this->session->exists('app_password')) {
-			return false;
-		}
-
-		// First check if the session tells us we should do 2FA (99% case)
-		if (!$this->session->exists(self::SESSION_UID_KEY)) {
-
-			// Check if the session tells us it is 2FA authenticated already
-			if ($this->session->exists(self::SESSION_UID_DONE) &&
-				$this->session->get(self::SESSION_UID_DONE) === $user->getUID()) {
-				return false;
-			}
-
-			/*
+    const SESSION_UID_KEY = 'two_factor_auth_uid';
+    const SESSION_UID_DONE = 'two_factor_auth_passed';
+    const REMEMBER_LOGIN = 'two_factor_remember_login';
+    const BACKUP_CODES_PROVIDER_ID = 'backup_codes';
+
+    /** @var ProviderLoader */
+    private $providerLoader;
+
+    /** @var IRegistry */
+    private $providerRegistry;
+
+    /** @var MandatoryTwoFactor */
+    private $mandatoryTwoFactor;
+
+    /** @var ISession */
+    private $session;
+
+    /** @var IConfig */
+    private $config;
+
+    /** @var IManager */
+    private $activityManager;
+
+    /** @var ILogger */
+    private $logger;
+
+    /** @var TokenProvider */
+    private $tokenProvider;
+
+    /** @var ITimeFactory */
+    private $timeFactory;
+
+    /** @var EventDispatcherInterface */
+    private $dispatcher;
+
+    public function __construct(ProviderLoader $providerLoader,
+                                IRegistry $providerRegistry,
+                                MandatoryTwoFactor $mandatoryTwoFactor,
+                                ISession $session, IConfig $config,
+                                IManager $activityManager, ILogger $logger, TokenProvider $tokenProvider,
+                                ITimeFactory $timeFactory, EventDispatcherInterface $eventDispatcher) {
+        $this->providerLoader = $providerLoader;
+        $this->providerRegistry = $providerRegistry;
+        $this->mandatoryTwoFactor = $mandatoryTwoFactor;
+        $this->session = $session;
+        $this->config = $config;
+        $this->activityManager = $activityManager;
+        $this->logger = $logger;
+        $this->tokenProvider = $tokenProvider;
+        $this->timeFactory = $timeFactory;
+        $this->dispatcher = $eventDispatcher;
+    }
+
+    /**
+     * Determine whether the user must provide a second factor challenge
+     *
+     * @param IUser $user
+     * @return boolean
+     */
+    public function isTwoFactorAuthenticated(IUser $user): bool {
+        if ($this->mandatoryTwoFactor->isEnforcedFor($user)) {
+            return true;
+        }
+
+        $providerStates = $this->providerRegistry->getProviderStates($user);
+        $providers = $this->providerLoader->getProviders($user);
+        $fixedStates = $this->fixMissingProviderStates($providerStates, $providers, $user);
+        $enabled = array_filter($fixedStates);
+        $providerIds = array_keys($enabled);
+        $providerIdsWithoutBackupCodes = array_diff($providerIds, [self::BACKUP_CODES_PROVIDER_ID]);
+
+        return !empty($providerIdsWithoutBackupCodes);
+    }
+
+    /**
+     * Get a 2FA provider by its ID
+     *
+     * @param IUser $user
+     * @param string $challengeProviderId
+     * @return IProvider|null
+     */
+    public function getProvider(IUser $user, string $challengeProviderId) {
+        $providers = $this->getProviderSet($user)->getProviders();
+        return $providers[$challengeProviderId] ?? null;
+    }
+
+    /**
+     * @param IUser $user
+     * @return IActivatableAtLogin[]
+     * @throws Exception
+     */
+    public function getLoginSetupProviders(IUser $user): array {
+        $providers = $this->providerLoader->getProviders($user);
+        return array_filter($providers, function(IProvider $provider) {
+            return ($provider instanceof IActivatableAtLogin);
+        });
+    }
+
+    /**
+     * Check if the persistant mapping of enabled/disabled state of each available
+     * provider is missing an entry and add it to the registry in that case.
+     *
+     * @todo remove in Nextcloud 17 as by then all providers should have been updated
+     *
+     * @param string[] $providerStates
+     * @param IProvider[] $providers
+     * @param IUser $user
+     * @return string[] the updated $providerStates variable
+     */
+    private function fixMissingProviderStates(array $providerStates,
+        array $providers, IUser $user): array {
+
+        foreach ($providers as $provider) {
+            if (isset($providerStates[$provider->getId()])) {
+                // All good
+                continue;
+            }
+
+            $enabled = $provider->isTwoFactorAuthEnabledForUser($user);
+            if ($enabled) {
+                $this->providerRegistry->enableProviderFor($provider, $user);
+            } else {
+                $this->providerRegistry->disableProviderFor($provider, $user);
+            }
+            $providerStates[$provider->getId()] = $enabled;
+        }
+
+        return $providerStates;
+    }
+
+    /**
+     * @param array $states
+     * @param IProvider $providers
+     */
+    private function isProviderMissing(array $states, array $providers): bool {
+        $indexed = [];
+        foreach ($providers as $provider) {
+            $indexed[$provider->getId()] = $provider;
+        }
+
+        $missing = [];
+        foreach ($states as $providerId => $enabled) {
+            if (!$enabled) {
+                // Don't care
+                continue;
+            }
+
+            if (!isset($indexed[$providerId])) {
+                $missing[] = $providerId;
+                $this->logger->alert("two-factor auth provider '$providerId' failed to load",
+                    [
+                    'app' => 'core',
+                ]);
+            }
+        }
+
+        if (!empty($missing)) {
+            // There was at least one provider missing
+            $this->logger->alert(count($missing) . " two-factor auth providers failed to load", ['app' => 'core']);
+
+            return true;
+        }
+
+        // If we reach this, there was not a single provider missing
+        return false;
+    }
+
+    /**
+     * Get the list of 2FA providers for the given user
+     *
+     * @param IUser $user
+     * @throws Exception
+     */
+    public function getProviderSet(IUser $user): ProviderSet {
+        $providerStates = $this->providerRegistry->getProviderStates($user);
+        $providers = $this->providerLoader->getProviders($user);
+
+        $fixedStates = $this->fixMissingProviderStates($providerStates, $providers, $user);
+        $isProviderMissing = $this->isProviderMissing($fixedStates, $providers);
+
+        $enabled = array_filter($providers, function (IProvider $provider) use ($fixedStates) {
+            return $fixedStates[$provider->getId()];
+        });
+        return new ProviderSet($enabled, $isProviderMissing);
+    }
+
+    /**
+     * Verify the given challenge
+     *
+     * @param string $providerId
+     * @param IUser $user
+     * @param string $challenge
+     * @return boolean
+     */
+    public function verifyChallenge(string $providerId, IUser $user, string $challenge): bool {
+        $provider = $this->getProvider($user, $providerId);
+        if ($provider === null) {
+            return false;
+        }
+
+        $passed = $provider->verifyChallenge($user, $challenge);
+        if ($passed) {
+            if ($this->session->get(self::REMEMBER_LOGIN) === true) {
+                // TODO: resolve cyclic dependency and use DI
+                \OC::$server->getUserSession()->createRememberMeToken($user);
+            }
+            $this->session->remove(self::SESSION_UID_KEY);
+            $this->session->remove(self::REMEMBER_LOGIN);
+            $this->session->set(self::SESSION_UID_DONE, $user->getUID());
+
+            // Clear token from db
+            $sessionId = $this->session->getId();
+            $token = $this->tokenProvider->getToken($sessionId);
+            $tokenId = $token->getId();
+            $this->config->deleteUserValue($user->getUID(), 'login_token_2fa', $tokenId);
+
+            $dispatchEvent = new GenericEvent($user, ['provider' => $provider->getDisplayName()]);
+            $this->dispatcher->dispatch(IProvider::EVENT_SUCCESS, $dispatchEvent);
+
+            $this->publishEvent($user, 'twofactor_success', [
+                'provider' => $provider->getDisplayName(),
+            ]);
+        } else {
+            $dispatchEvent = new GenericEvent($user, ['provider' => $provider->getDisplayName()]);
+            $this->dispatcher->dispatch(IProvider::EVENT_FAILED, $dispatchEvent);
+
+            $this->publishEvent($user, 'twofactor_failed', [
+                'provider' => $provider->getDisplayName(),
+            ]);
+        }
+        return $passed;
+    }
+
+    /**
+     * Push a 2fa event the user's activity stream
+     *
+     * @param IUser $user
+     * @param string $event
+     * @param array $params
+     */
+    private function publishEvent(IUser $user, string $event, array $params) {
+        $activity = $this->activityManager->generateEvent();
+        $activity->setApp('core')
+            ->setType('security')
+            ->setAuthor($user->getUID())
+            ->setAffectedUser($user->getUID())
+            ->setSubject($event, $params);
+        try {
+            $this->activityManager->publish($activity);
+        } catch (BadMethodCallException $e) {
+            $this->logger->warning('could not publish activity', ['app' => 'core']);
+            $this->logger->logException($e, ['app' => 'core']);
+        }
+    }
+
+    /**
+     * Check if the currently logged in user needs to pass 2FA
+     *
+     * @param IUser $user the currently logged in user
+     * @return boolean
+     */
+    public function needsSecondFactor(IUser $user = null): bool {
+        if ($user === null) {
+            return false;
+        }
+
+        // If we are authenticated using an app password skip all this
+        if ($this->session->exists('app_password')) {
+            return false;
+        }
+
+        // First check if the session tells us we should do 2FA (99% case)
+        if (!$this->session->exists(self::SESSION_UID_KEY)) {
+
+            // Check if the session tells us it is 2FA authenticated already
+            if ($this->session->exists(self::SESSION_UID_DONE) &&
+                $this->session->get(self::SESSION_UID_DONE) === $user->getUID()) {
+                return false;
+            }
+
+            /*
 			 * If the session is expired check if we are not logged in by a token
 			 * that still needs 2FA auth
 			 */
-			try {
-				$sessionId = $this->session->getId();
-				$token = $this->tokenProvider->getToken($sessionId);
-				$tokenId = $token->getId();
-				$tokensNeeding2FA = $this->config->getUserKeys($user->getUID(), 'login_token_2fa');
-
-				if (!\in_array($tokenId, $tokensNeeding2FA, true)) {
-					$this->session->set(self::SESSION_UID_DONE, $user->getUID());
-					return false;
-				}
-			} catch (InvalidTokenException $e) {
-			}
-		}
-
-		if (!$this->isTwoFactorAuthenticated($user)) {
-			// There is no second factor any more -> let the user pass
-			//   This prevents infinite redirect loops when a user is about
-			//   to solve the 2FA challenge, and the provider app is
-			//   disabled the same time
-			$this->session->remove(self::SESSION_UID_KEY);
-
-			$keys = $this->config->getUserKeys($user->getUID(), 'login_token_2fa');
-			foreach ($keys as $key) {
-				$this->config->deleteUserValue($user->getUID(), 'login_token_2fa', $key);
-			}
-			return false;
-		}
-
-		return true;
-	}
-
-	/**
-	 * Prepare the 2FA login
-	 *
-	 * @param IUser $user
-	 * @param boolean $rememberMe
-	 */
-	public function prepareTwoFactorLogin(IUser $user, bool $rememberMe) {
-		$this->session->set(self::SESSION_UID_KEY, $user->getUID());
-		$this->session->set(self::REMEMBER_LOGIN, $rememberMe);
-
-		$id = $this->session->getId();
-		$token = $this->tokenProvider->getToken($id);
-		$this->config->setUserValue($user->getUID(), 'login_token_2fa', $token->getId(), $this->timeFactory->getTime());
-	}
-
-	public function clearTwoFactorPending(string $userId) {
-		$tokensNeeding2FA = $this->config->getUserKeys($userId, 'login_token_2fa');
-
-		foreach ($tokensNeeding2FA as $tokenId) {
-			$this->tokenProvider->invalidateTokenById($userId, $tokenId);
-		}
-	}
+            try {
+                $sessionId = $this->session->getId();
+                $token = $this->tokenProvider->getToken($sessionId);
+                $tokenId = $token->getId();
+                $tokensNeeding2FA = $this->config->getUserKeys($user->getUID(), 'login_token_2fa');
+
+                if (!\in_array($tokenId, $tokensNeeding2FA, true)) {
+                    $this->session->set(self::SESSION_UID_DONE, $user->getUID());
+                    return false;
+                }
+            } catch (InvalidTokenException $e) {
+            }
+        }
+
+        if (!$this->isTwoFactorAuthenticated($user)) {
+            // There is no second factor any more -> let the user pass
+            //   This prevents infinite redirect loops when a user is about
+            //   to solve the 2FA challenge, and the provider app is
+            //   disabled the same time
+            $this->session->remove(self::SESSION_UID_KEY);
+
+            $keys = $this->config->getUserKeys($user->getUID(), 'login_token_2fa');
+            foreach ($keys as $key) {
+                $this->config->deleteUserValue($user->getUID(), 'login_token_2fa', $key);
+            }
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Prepare the 2FA login
+     *
+     * @param IUser $user
+     * @param boolean $rememberMe
+     */
+    public function prepareTwoFactorLogin(IUser $user, bool $rememberMe) {
+        $this->session->set(self::SESSION_UID_KEY, $user->getUID());
+        $this->session->set(self::REMEMBER_LOGIN, $rememberMe);
+
+        $id = $this->session->getId();
+        $token = $this->tokenProvider->getToken($id);
+        $this->config->setUserValue($user->getUID(), 'login_token_2fa', $token->getId(), $this->timeFactory->getTime());
+    }
+
+    public function clearTwoFactorPending(string $userId) {
+        $tokensNeeding2FA = $this->config->getUserKeys($userId, 'login_token_2fa');
+
+        foreach ($tokensNeeding2FA as $tokenId) {
+            $this->tokenProvider->invalidateTokenById($userId, $tokenId);
+        }
+    }
 
 }

lib/private/Authentication/Login/TwoFactorCommand.php

Indentation +48 added lines, -48 removed lines

@@ -34,61 +34,61 @@
 
 class TwoFactorCommand extends ALoginCommand {
 
-	/** @var Manager */
-	private $twoFactorManager;
+    /** @var Manager */
+    private $twoFactorManager;
 
-	/** @var MandatoryTwoFactor */
-	private $mandatoryTwoFactor;
+    /** @var MandatoryTwoFactor */
+    private $mandatoryTwoFactor;
 
-	/** @var IURLGenerator */
-	private $urlGenerator;
+    /** @var IURLGenerator */
+    private $urlGenerator;
 
-	public function __construct(Manager $twoFactorManager,
-								MandatoryTwoFactor $mandatoryTwoFactor,
-								IURLGenerator $urlGenerator) {
-		$this->twoFactorManager = $twoFactorManager;
-		$this->mandatoryTwoFactor = $mandatoryTwoFactor;
-		$this->urlGenerator = $urlGenerator;
-	}
+    public function __construct(Manager $twoFactorManager,
+                                MandatoryTwoFactor $mandatoryTwoFactor,
+                                IURLGenerator $urlGenerator) {
+        $this->twoFactorManager = $twoFactorManager;
+        $this->mandatoryTwoFactor = $mandatoryTwoFactor;
+        $this->urlGenerator = $urlGenerator;
+    }
 
-	public function process(LoginData $loginData): LoginResult {
-		if (!$this->twoFactorManager->isTwoFactorAuthenticated($loginData->getUser())) {
-			return $this->processNextOrFinishSuccessfully($loginData);
-		}
+    public function process(LoginData $loginData): LoginResult {
+        if (!$this->twoFactorManager->isTwoFactorAuthenticated($loginData->getUser())) {
+            return $this->processNextOrFinishSuccessfully($loginData);
+        }
 
-		$this->twoFactorManager->prepareTwoFactorLogin($loginData->getUser(), $loginData->isRememberLogin());
+        $this->twoFactorManager->prepareTwoFactorLogin($loginData->getUser(), $loginData->isRememberLogin());
 
-		$providerSet = $this->twoFactorManager->getProviderSet($loginData->getUser());
-		$loginProviders = $this->twoFactorManager->getLoginSetupProviders($loginData->getUser());
-		$providers = $providerSet->getPrimaryProviders();
-		if (empty($providers)
-			&& !$providerSet->isProviderMissing()
-			&& !empty($loginProviders)
-			&& $this->mandatoryTwoFactor->isEnforcedFor($loginData->getUser())) {
-			// No providers set up, but 2FA is enforced and setup providers are available
-			$url = 'core.TwoFactorChallenge.setupProviders';
-			$urlParams = [];
-		} else if (!$providerSet->isProviderMissing() && count($providers) === 1) {
-			// Single provider (and no missing ones), hence we can redirect to that provider's challenge page directly
-			/* @var $provider IProvider */
-			$provider = array_pop($providers);
-			$url = 'core.TwoFactorChallenge.showChallenge';
-			$urlParams = [
-				'challengeProviderId' => $provider->getId(),
-			];
-		} else {
-			$url = 'core.TwoFactorChallenge.selectChallenge';
-			$urlParams = [];
-		}
+        $providerSet = $this->twoFactorManager->getProviderSet($loginData->getUser());
+        $loginProviders = $this->twoFactorManager->getLoginSetupProviders($loginData->getUser());
+        $providers = $providerSet->getPrimaryProviders();
+        if (empty($providers)
+            && !$providerSet->isProviderMissing()
+            && !empty($loginProviders)
+            && $this->mandatoryTwoFactor->isEnforcedFor($loginData->getUser())) {
+            // No providers set up, but 2FA is enforced and setup providers are available
+            $url = 'core.TwoFactorChallenge.setupProviders';
+            $urlParams = [];
+        } else if (!$providerSet->isProviderMissing() && count($providers) === 1) {
+            // Single provider (and no missing ones), hence we can redirect to that provider's challenge page directly
+            /* @var $provider IProvider */
+            $provider = array_pop($providers);
+            $url = 'core.TwoFactorChallenge.showChallenge';
+            $urlParams = [
+                'challengeProviderId' => $provider->getId(),
+            ];
+        } else {
+            $url = 'core.TwoFactorChallenge.selectChallenge';
+            $urlParams = [];
+        }
 
-		if ($loginData->getRedirectUrl() !== null) {
-			$urlParams['redirect_url'] = $loginData->getRedirectUrl();
-		}
+        if ($loginData->getRedirectUrl() !== null) {
+            $urlParams['redirect_url'] = $loginData->getRedirectUrl();
+        }
 
-		return LoginResult::success(
-			$loginData,
-			$this->urlGenerator->linkToRoute($url, $urlParams)
-		);
-	}
+        return LoginResult::success(
+            $loginData,
+            $this->urlGenerator->linkToRoute($url, $urlParams)
+        );
+    }
 
 }