nextcloud / server

lib/private/Authentication/TwoFactorAuth/Manager.php

Doc Comments +2 added lines, -2 removed lines

@@ -164,8 +164,8 @@
 	}
 
 	/**
-	 * @param array $states
-	 * @param IProvider $providers
+	 * @param string[] $states
+	 * @param IProvider[] $providers
 	 */
 	private function isProviderMissing(array $states, array $providers): bool {
 		$indexed = [];

Indentation +323 added lines, -323 removed lines

@@ -44,331 +44,331 @@
 
 class Manager {
 
-	const SESSION_UID_KEY = 'two_factor_auth_uid';
-	const SESSION_UID_DONE = 'two_factor_auth_passed';
-	const REMEMBER_LOGIN = 'two_factor_remember_login';
-
-	/** @var ProviderLoader */
-	private $providerLoader;
-
-	/** @var IRegistry */
-	private $providerRegistry;
-
-	/** @var ISession */
-	private $session;
-
-	/** @var IConfig */
-	private $config;
-
-	/** @var IManager */
-	private $activityManager;
-
-	/** @var ILogger */
-	private $logger;
-
-	/** @var TokenProvider */
-	private $tokenProvider;
-
-	/** @var ITimeFactory */
-	private $timeFactory;
-
-	/** @var EventDispatcherInterface */
-	private $dispatcher;
-
-	public function __construct(ProviderLoader $providerLoader,
-		IRegistry $providerRegistry, ISession $session, IConfig $config,
-		IManager $activityManager, ILogger $logger, TokenProvider $tokenProvider,
-		ITimeFactory $timeFactory, EventDispatcherInterface $eventDispatcher) {
-		$this->providerLoader = $providerLoader;
-		$this->session = $session;
-		$this->config = $config;
-		$this->activityManager = $activityManager;
-		$this->logger = $logger;
-		$this->tokenProvider = $tokenProvider;
-		$this->timeFactory = $timeFactory;
-		$this->dispatcher = $eventDispatcher;
-		$this->providerRegistry = $providerRegistry;
-	}
-
-	/**
-	 * Determine whether the user must provide a second factor challenge
-	 *
-	 * @param IUser $user
-	 * @return boolean
-	 */
-	public function isTwoFactorAuthenticated(IUser $user): bool {
-		$twoFactorEnabled = ((int) $this->config->getUserValue($user->getUID(), 'core', 'two_factor_auth_disabled', 0)) === 0;
-
-		if (!$twoFactorEnabled) {
-			return false;
-		}
-
-		$providerStates = $this->providerRegistry->getProviderStates($user);
-		$enabled = array_filter($providerStates);
-
-		return $twoFactorEnabled && !empty($enabled);
-	}
-
-	/**
-	 * Disable 2FA checks for the given user
-	 *
-	 * @param IUser $user
-	 */
-	public function disableTwoFactorAuthentication(IUser $user) {
-		$this->config->setUserValue($user->getUID(), 'core', 'two_factor_auth_disabled', 1);
-	}
-
-	/**
-	 * Enable all 2FA checks for the given user
-	 *
-	 * @param IUser $user
-	 */
-	public function enableTwoFactorAuthentication(IUser $user) {
-		$this->config->deleteUserValue($user->getUID(), 'core', 'two_factor_auth_disabled');
-	}
-
-	/**
-	 * Get a 2FA provider by its ID
-	 *
-	 * @param IUser $user
-	 * @param string $challengeProviderId
-	 * @return IProvider|null
-	 */
-	public function getProvider(IUser $user, string $challengeProviderId) {
-		$providers = $this->getProviderSet($user)->getProviders();
-		return $providers[$challengeProviderId] ?? null;
-	}
-
-	/**
-	 * Check if the persistant mapping of enabled/disabled state of each available
-	 * provider is missing an entry and add it to the registry in that case.
-	 *
-	 * @todo remove in Nextcloud 17 as by then all providers should have been updated
-	 *
-	 * @param string[] $providerStates
-	 * @param IProvider[] $providers
-	 * @param IUser $user
-	 * @return string[] the updated $providerStates variable
-	 */
-	private function fixMissingProviderStates(array $providerStates,
-		array $providers, IUser $user): array {
-
-		foreach ($providers as $provider) {
-			if (isset($providerStates[$provider->getId()])) {
-				// All good
-				continue;
-			}
-
-			$enabled = $provider->isTwoFactorAuthEnabledForUser($user);
-			if ($enabled) {
-				$this->providerRegistry->enableProviderFor($provider, $user);
-			} else {
-				$this->providerRegistry->disableProviderFor($provider, $user);
-			}
-			$providerStates[$provider->getId()] = $enabled;
-		}
-
-		return $providerStates;
-	}
-
-	/**
-	 * @param array $states
-	 * @param IProvider $providers
-	 */
-	private function isProviderMissing(array $states, array $providers): bool {
-		$indexed = [];
-		foreach ($providers as $provider) {
-			$indexed[$provider->getId()] = $provider;
-		}
-
-		$missing = [];
-		foreach ($states as $providerId => $enabled) {
-			if (!$enabled) {
-				// Don't care
-				continue;
-			}
-
-			if (!isset($indexed[$providerId])) {
-				$missing[] = $providerId;
-				$this->logger->alert("two-factor auth provider '$providerId' failed to load",
-					[
-					'app' => 'core',
-				]);
-			}
-		}
-
-		if (!empty($missing)) {
-			// There was at least one provider missing
-			$this->logger->alert(count($missing) . " two-factor auth providers failed to load", ['app' => 'core']);
-
-			return true;
-		}
-
-		// If we reach this, there was not a single provider missing
-		return false;
-	}
-
-	/**
-	 * Get the list of 2FA providers for the given user
-	 *
-	 * @param IUser $user
-	 * @throws Exception
-	 */
-	public function getProviderSet(IUser $user): ProviderSet {
-		$providerStates = $this->providerRegistry->getProviderStates($user);
-		$providers = $this->providerLoader->getProviders($user);
-
-		$fixedStates = $this->fixMissingProviderStates($providerStates, $providers, $user);
-		$isProviderMissing = $this->isProviderMissing($fixedStates, $providers);
-
-		$enabled = array_filter($providers, function (IProvider $provider) use ($fixedStates) {
-			return $fixedStates[$provider->getId()];
-		});
-		return new ProviderSet($enabled, $isProviderMissing);
-	}
-
-	/**
-	 * Verify the given challenge
-	 *
-	 * @param string $providerId
-	 * @param IUser $user
-	 * @param string $challenge
-	 * @return boolean
-	 */
-	public function verifyChallenge(string $providerId, IUser $user, string $challenge): bool {
-		$provider = $this->getProvider($user, $providerId);
-		if ($provider === null) {
-			return false;
-		}
-
-		$passed = $provider->verifyChallenge($user, $challenge);
-		if ($passed) {
-			if ($this->session->get(self::REMEMBER_LOGIN) === true) {
-				// TODO: resolve cyclic dependency and use DI
-				\OC::$server->getUserSession()->createRememberMeToken($user);
-			}
-			$this->session->remove(self::SESSION_UID_KEY);
-			$this->session->remove(self::REMEMBER_LOGIN);
-			$this->session->set(self::SESSION_UID_DONE, $user->getUID());
-
-			// Clear token from db
-			$sessionId = $this->session->getId();
-			$token = $this->tokenProvider->getToken($sessionId);
-			$tokenId = $token->getId();
-			$this->config->deleteUserValue($user->getUID(), 'login_token_2fa', $tokenId);
-
-			$dispatchEvent = new GenericEvent($user, ['provider' => $provider->getDisplayName()]);
-			$this->dispatcher->dispatch(IProvider::EVENT_SUCCESS, $dispatchEvent);
-
-			$this->publishEvent($user, 'twofactor_success', [
-				'provider' => $provider->getDisplayName(),
-			]);
-		} else {
-			$dispatchEvent = new GenericEvent($user, ['provider' => $provider->getDisplayName()]);
-			$this->dispatcher->dispatch(IProvider::EVENT_FAILED, $dispatchEvent);
-
-			$this->publishEvent($user, 'twofactor_failed', [
-				'provider' => $provider->getDisplayName(),
-			]);
-		}
-		return $passed;
-	}
-
-	/**
-	 * Push a 2fa event the user's activity stream
-	 *
-	 * @param IUser $user
-	 * @param string $event
-	 * @param array $params
-	 */
-	private function publishEvent(IUser $user, string $event, array $params) {
-		$activity = $this->activityManager->generateEvent();
-		$activity->setApp('core')
-			->setType('security')
-			->setAuthor($user->getUID())
-			->setAffectedUser($user->getUID())
-			->setSubject($event, $params);
-		try {
-			$this->activityManager->publish($activity);
-		} catch (BadMethodCallException $e) {
-			$this->logger->warning('could not publish activity', ['app' => 'core']);
-			$this->logger->logException($e, ['app' => 'core']);
-		}
-	}
-
-	/**
-	 * Check if the currently logged in user needs to pass 2FA
-	 *
-	 * @param IUser $user the currently logged in user
-	 * @return boolean
-	 */
-	public function needsSecondFactor(IUser $user = null): bool {
-		if ($user === null) {
-			return false;
-		}
-
-		// If we are authenticated using an app password skip all this
-		if ($this->session->exists('app_password')) {
-			return false;
-		}
-
-		// First check if the session tells us we should do 2FA (99% case)
-		if (!$this->session->exists(self::SESSION_UID_KEY)) {
-
-			// Check if the session tells us it is 2FA authenticated already
-			if ($this->session->exists(self::SESSION_UID_DONE) &&
-				$this->session->get(self::SESSION_UID_DONE) === $user->getUID()) {
-				return false;
-			}
-
-			/*
+    const SESSION_UID_KEY = 'two_factor_auth_uid';
+    const SESSION_UID_DONE = 'two_factor_auth_passed';
+    const REMEMBER_LOGIN = 'two_factor_remember_login';
+
+    /** @var ProviderLoader */
+    private $providerLoader;
+
+    /** @var IRegistry */
+    private $providerRegistry;
+
+    /** @var ISession */
+    private $session;
+
+    /** @var IConfig */
+    private $config;
+
+    /** @var IManager */
+    private $activityManager;
+
+    /** @var ILogger */
+    private $logger;
+
+    /** @var TokenProvider */
+    private $tokenProvider;
+
+    /** @var ITimeFactory */
+    private $timeFactory;
+
+    /** @var EventDispatcherInterface */
+    private $dispatcher;
+
+    public function __construct(ProviderLoader $providerLoader,
+        IRegistry $providerRegistry, ISession $session, IConfig $config,
+        IManager $activityManager, ILogger $logger, TokenProvider $tokenProvider,
+        ITimeFactory $timeFactory, EventDispatcherInterface $eventDispatcher) {
+        $this->providerLoader = $providerLoader;
+        $this->session = $session;
+        $this->config = $config;
+        $this->activityManager = $activityManager;
+        $this->logger = $logger;
+        $this->tokenProvider = $tokenProvider;
+        $this->timeFactory = $timeFactory;
+        $this->dispatcher = $eventDispatcher;
+        $this->providerRegistry = $providerRegistry;
+    }
+
+    /**
+     * Determine whether the user must provide a second factor challenge
+     *
+     * @param IUser $user
+     * @return boolean
+     */
+    public function isTwoFactorAuthenticated(IUser $user): bool {
+        $twoFactorEnabled = ((int) $this->config->getUserValue($user->getUID(), 'core', 'two_factor_auth_disabled', 0)) === 0;
+
+        if (!$twoFactorEnabled) {
+            return false;
+        }
+
+        $providerStates = $this->providerRegistry->getProviderStates($user);
+        $enabled = array_filter($providerStates);
+
+        return $twoFactorEnabled && !empty($enabled);
+    }
+
+    /**
+     * Disable 2FA checks for the given user
+     *
+     * @param IUser $user
+     */
+    public function disableTwoFactorAuthentication(IUser $user) {
+        $this->config->setUserValue($user->getUID(), 'core', 'two_factor_auth_disabled', 1);
+    }
+
+    /**
+     * Enable all 2FA checks for the given user
+     *
+     * @param IUser $user
+     */
+    public function enableTwoFactorAuthentication(IUser $user) {
+        $this->config->deleteUserValue($user->getUID(), 'core', 'two_factor_auth_disabled');
+    }
+
+    /**
+     * Get a 2FA provider by its ID
+     *
+     * @param IUser $user
+     * @param string $challengeProviderId
+     * @return IProvider|null
+     */
+    public function getProvider(IUser $user, string $challengeProviderId) {
+        $providers = $this->getProviderSet($user)->getProviders();
+        return $providers[$challengeProviderId] ?? null;
+    }
+
+    /**
+     * Check if the persistant mapping of enabled/disabled state of each available
+     * provider is missing an entry and add it to the registry in that case.
+     *
+     * @todo remove in Nextcloud 17 as by then all providers should have been updated
+     *
+     * @param string[] $providerStates
+     * @param IProvider[] $providers
+     * @param IUser $user
+     * @return string[] the updated $providerStates variable
+     */
+    private function fixMissingProviderStates(array $providerStates,
+        array $providers, IUser $user): array {
+
+        foreach ($providers as $provider) {
+            if (isset($providerStates[$provider->getId()])) {
+                // All good
+                continue;
+            }
+
+            $enabled = $provider->isTwoFactorAuthEnabledForUser($user);
+            if ($enabled) {
+                $this->providerRegistry->enableProviderFor($provider, $user);
+            } else {
+                $this->providerRegistry->disableProviderFor($provider, $user);
+            }
+            $providerStates[$provider->getId()] = $enabled;
+        }
+
+        return $providerStates;
+    }
+
+    /**
+     * @param array $states
+     * @param IProvider $providers
+     */
+    private function isProviderMissing(array $states, array $providers): bool {
+        $indexed = [];
+        foreach ($providers as $provider) {
+            $indexed[$provider->getId()] = $provider;
+        }
+
+        $missing = [];
+        foreach ($states as $providerId => $enabled) {
+            if (!$enabled) {
+                // Don't care
+                continue;
+            }
+
+            if (!isset($indexed[$providerId])) {
+                $missing[] = $providerId;
+                $this->logger->alert("two-factor auth provider '$providerId' failed to load",
+                    [
+                    'app' => 'core',
+                ]);
+            }
+        }
+
+        if (!empty($missing)) {
+            // There was at least one provider missing
+            $this->logger->alert(count($missing) . " two-factor auth providers failed to load", ['app' => 'core']);
+
+            return true;
+        }
+
+        // If we reach this, there was not a single provider missing
+        return false;
+    }
+
+    /**
+     * Get the list of 2FA providers for the given user
+     *
+     * @param IUser $user
+     * @throws Exception
+     */
+    public function getProviderSet(IUser $user): ProviderSet {
+        $providerStates = $this->providerRegistry->getProviderStates($user);
+        $providers = $this->providerLoader->getProviders($user);
+
+        $fixedStates = $this->fixMissingProviderStates($providerStates, $providers, $user);
+        $isProviderMissing = $this->isProviderMissing($fixedStates, $providers);
+
+        $enabled = array_filter($providers, function (IProvider $provider) use ($fixedStates) {
+            return $fixedStates[$provider->getId()];
+        });
+        return new ProviderSet($enabled, $isProviderMissing);
+    }
+
+    /**
+     * Verify the given challenge
+     *
+     * @param string $providerId
+     * @param IUser $user
+     * @param string $challenge
+     * @return boolean
+     */
+    public function verifyChallenge(string $providerId, IUser $user, string $challenge): bool {
+        $provider = $this->getProvider($user, $providerId);
+        if ($provider === null) {
+            return false;
+        }
+
+        $passed = $provider->verifyChallenge($user, $challenge);
+        if ($passed) {
+            if ($this->session->get(self::REMEMBER_LOGIN) === true) {
+                // TODO: resolve cyclic dependency and use DI
+                \OC::$server->getUserSession()->createRememberMeToken($user);
+            }
+            $this->session->remove(self::SESSION_UID_KEY);
+            $this->session->remove(self::REMEMBER_LOGIN);
+            $this->session->set(self::SESSION_UID_DONE, $user->getUID());
+
+            // Clear token from db
+            $sessionId = $this->session->getId();
+            $token = $this->tokenProvider->getToken($sessionId);
+            $tokenId = $token->getId();
+            $this->config->deleteUserValue($user->getUID(), 'login_token_2fa', $tokenId);
+
+            $dispatchEvent = new GenericEvent($user, ['provider' => $provider->getDisplayName()]);
+            $this->dispatcher->dispatch(IProvider::EVENT_SUCCESS, $dispatchEvent);
+
+            $this->publishEvent($user, 'twofactor_success', [
+                'provider' => $provider->getDisplayName(),
+            ]);
+        } else {
+            $dispatchEvent = new GenericEvent($user, ['provider' => $provider->getDisplayName()]);
+            $this->dispatcher->dispatch(IProvider::EVENT_FAILED, $dispatchEvent);
+
+            $this->publishEvent($user, 'twofactor_failed', [
+                'provider' => $provider->getDisplayName(),
+            ]);
+        }
+        return $passed;
+    }
+
+    /**
+     * Push a 2fa event the user's activity stream
+     *
+     * @param IUser $user
+     * @param string $event
+     * @param array $params
+     */
+    private function publishEvent(IUser $user, string $event, array $params) {
+        $activity = $this->activityManager->generateEvent();
+        $activity->setApp('core')
+            ->setType('security')
+            ->setAuthor($user->getUID())
+            ->setAffectedUser($user->getUID())
+            ->setSubject($event, $params);
+        try {
+            $this->activityManager->publish($activity);
+        } catch (BadMethodCallException $e) {
+            $this->logger->warning('could not publish activity', ['app' => 'core']);
+            $this->logger->logException($e, ['app' => 'core']);
+        }
+    }
+
+    /**
+     * Check if the currently logged in user needs to pass 2FA
+     *
+     * @param IUser $user the currently logged in user
+     * @return boolean
+     */
+    public function needsSecondFactor(IUser $user = null): bool {
+        if ($user === null) {
+            return false;
+        }
+
+        // If we are authenticated using an app password skip all this
+        if ($this->session->exists('app_password')) {
+            return false;
+        }
+
+        // First check if the session tells us we should do 2FA (99% case)
+        if (!$this->session->exists(self::SESSION_UID_KEY)) {
+
+            // Check if the session tells us it is 2FA authenticated already
+            if ($this->session->exists(self::SESSION_UID_DONE) &&
+                $this->session->get(self::SESSION_UID_DONE) === $user->getUID()) {
+                return false;
+            }
+
+            /*
 			 * If the session is expired check if we are not logged in by a token
 			 * that still needs 2FA auth
 			 */
-			try {
-				$sessionId = $this->session->getId();
-				$token = $this->tokenProvider->getToken($sessionId);
-				$tokenId = $token->getId();
-				$tokensNeeding2FA = $this->config->getUserKeys($user->getUID(), 'login_token_2fa');
-
-				if (!\in_array($tokenId, $tokensNeeding2FA, true)) {
-					$this->session->set(self::SESSION_UID_DONE, $user->getUID());
-					return false;
-				}
-			} catch (InvalidTokenException $e) {
-			}
-		}
-
-		if (!$this->isTwoFactorAuthenticated($user)) {
-			// There is no second factor any more -> let the user pass
-			//   This prevents infinite redirect loops when a user is about
-			//   to solve the 2FA challenge, and the provider app is
-			//   disabled the same time
-			$this->session->remove(self::SESSION_UID_KEY);
-
-			$keys = $this->config->getUserKeys($user->getUID(), 'login_token_2fa');
-			foreach ($keys as $key) {
-				$this->config->deleteUserValue($user->getUID(), 'login_token_2fa', $key);
-			}
-			return false;
-		}
-
-		return true;
-	}
-
-	/**
-	 * Prepare the 2FA login
-	 *
-	 * @param IUser $user
-	 * @param boolean $rememberMe
-	 */
-	public function prepareTwoFactorLogin(IUser $user, bool $rememberMe) {
-		$this->session->set(self::SESSION_UID_KEY, $user->getUID());
-		$this->session->set(self::REMEMBER_LOGIN, $rememberMe);
-
-		$id = $this->session->getId();
-		$token = $this->tokenProvider->getToken($id);
-		$this->config->setUserValue($user->getUID(), 'login_token_2fa', $token->getId(), $this->timeFactory->getTime());
-	}
+            try {
+                $sessionId = $this->session->getId();
+                $token = $this->tokenProvider->getToken($sessionId);
+                $tokenId = $token->getId();
+                $tokensNeeding2FA = $this->config->getUserKeys($user->getUID(), 'login_token_2fa');
+
+                if (!\in_array($tokenId, $tokensNeeding2FA, true)) {
+                    $this->session->set(self::SESSION_UID_DONE, $user->getUID());
+                    return false;
+                }
+            } catch (InvalidTokenException $e) {
+            }
+        }
+
+        if (!$this->isTwoFactorAuthenticated($user)) {
+            // There is no second factor any more -> let the user pass
+            //   This prevents infinite redirect loops when a user is about
+            //   to solve the 2FA challenge, and the provider app is
+            //   disabled the same time
+            $this->session->remove(self::SESSION_UID_KEY);
+
+            $keys = $this->config->getUserKeys($user->getUID(), 'login_token_2fa');
+            foreach ($keys as $key) {
+                $this->config->deleteUserValue($user->getUID(), 'login_token_2fa', $key);
+            }
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Prepare the 2FA login
+     *
+     * @param IUser $user
+     * @param boolean $rememberMe
+     */
+    public function prepareTwoFactorLogin(IUser $user, bool $rememberMe) {
+        $this->session->set(self::SESSION_UID_KEY, $user->getUID());
+        $this->session->set(self::REMEMBER_LOGIN, $rememberMe);
+
+        $id = $this->session->getId();
+        $token = $this->tokenProvider->getToken($id);
+        $this->config->setUserValue($user->getUID(), 'login_token_2fa', $token->getId(), $this->timeFactory->getTime());
+    }
 
 }

Spacing +3 added lines, -3 removed lines

@@ -1,6 +1,6 @@ 
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 /**
  * @copyright Copyright (c) 2016, ownCloud, Inc.
  *
@@ -199,7 +199,7 @@ 
 
 		if (!empty($missing)) {
 			// There was at least one provider missing
-			$this->logger->alert(count($missing) . " two-factor auth providers failed to load", ['app' => 'core']);
+			$this->logger->alert(count($missing)." two-factor auth providers failed to load", ['app' => 'core']);
 
 			return true;
 		}
@@ -221,7 +221,7 @@ 
 		$fixedStates = $this->fixMissingProviderStates($providerStates, $providers, $user);
 		$isProviderMissing = $this->isProviderMissing($fixedStates, $providers);
 
-		$enabled = array_filter($providers, function (IProvider $provider) use ($fixedStates) {
+		$enabled = array_filter($providers, function(IProvider $provider) use ($fixedStates) {
 			return $fixedStates[$provider->getId()];
 		});
 		return new ProviderSet($enabled, $isProviderMissing);

core/Controller/LoginController.php

Indentation +295 added lines, -295 removed lines

@@ -58,299 +58,299 @@
 use OCP\Util;
 
 class LoginController extends Controller {
-	/** @var IUserManager */
-	private $userManager;
-	/** @var IConfig */
-	private $config;
-	/** @var ISession */
-	private $session;
-	/** @var IUserSession|Session */
-	private $userSession;
-	/** @var IURLGenerator */
-	private $urlGenerator;
-	/** @var ILogger */
-	private $logger;
-	/** @var Manager */
-	private $twoFactorManager;
-	/** @var Defaults */
-	private $defaults;
-	/** @var Throttler */
-	private $throttler;
-
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param IUserManager $userManager
-	 * @param IConfig $config
-	 * @param ISession $session
-	 * @param IUserSession $userSession
-	 * @param IURLGenerator $urlGenerator
-	 * @param ILogger $logger
-	 * @param Manager $twoFactorManager
-	 * @param Defaults $defaults
-	 * @param Throttler $throttler
-	 */
-	public function __construct($appName,
-								IRequest $request,
-								IUserManager $userManager,
-								IConfig $config,
-								ISession $session,
-								IUserSession $userSession,
-								IURLGenerator $urlGenerator,
-								ILogger $logger,
-								Manager $twoFactorManager,
-								Defaults $defaults,
-								Throttler $throttler) {
-		parent::__construct($appName, $request);
-		$this->userManager = $userManager;
-		$this->config = $config;
-		$this->session = $session;
-		$this->userSession = $userSession;
-		$this->urlGenerator = $urlGenerator;
-		$this->logger = $logger;
-		$this->twoFactorManager = $twoFactorManager;
-		$this->defaults = $defaults;
-		$this->throttler = $throttler;
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @UseSession
-	 *
-	 * @return RedirectResponse
-	 */
-	public function logout() {
-		$loginToken = $this->request->getCookie('nc_token');
-		if (!is_null($loginToken)) {
-			$this->config->deleteUserValue($this->userSession->getUser()->getUID(), 'login_token', $loginToken);
-		}
-		$this->userSession->logout();
-
-		$response = new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
-		$response->addHeader('Clear-Site-Data', '"cache", "cookies", "storage", "executionContexts"');
-		return $response;
-	}
-
-	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 * @UseSession
-	 *
-	 * @param string $user
-	 * @param string $redirect_url
-	 *
-	 * @return TemplateResponse|RedirectResponse
-	 */
-	public function showLoginForm(string $user = null, string $redirect_url = null): Http\Response {
-
-		if ($this->userSession->isLoggedIn()) {
-			return new RedirectResponse(OC_Util::getDefaultPageUrl());
-		}
-
-		$parameters = array();
-		$loginMessages = $this->session->get('loginMessages');
-		$errors = [];
-		$messages = [];
-		if (is_array($loginMessages)) {
-			list($errors, $messages) = $loginMessages;
-		}
-		$this->session->remove('loginMessages');
-		foreach ($errors as $value) {
-			$parameters[$value] = true;
-		}
-
-		$parameters['messages'] = $messages;
-		if ($user !== null && $user !== '') {
-			$parameters['loginName'] = $user;
-			$parameters['user_autofocus'] = false;
-		} else {
-			$parameters['loginName'] = '';
-			$parameters['user_autofocus'] = true;
-		}
-		if (!empty($redirect_url)) {
-			$parameters['redirect_url'] = $redirect_url;
-		}
-
-		$parameters['canResetPassword'] = true;
-		$parameters['resetPasswordLink'] = $this->config->getSystemValue('lost_password_link', '');
-		if (!$parameters['resetPasswordLink']) {
-			if ($user !== null && $user !== '') {
-				$userObj = $this->userManager->get($user);
-				if ($userObj instanceof IUser) {
-					$parameters['canResetPassword'] = $userObj->canChangePassword();
-				}
-			}
-		} elseif ($parameters['resetPasswordLink'] === 'disabled') {
-			$parameters['canResetPassword'] = false;
-		}
-
-		$parameters['alt_login'] = OC_App::getAlternativeLogIns();
-
-		if ($user !== null && $user !== '') {
-			$parameters['loginName'] = $user;
-			$parameters['user_autofocus'] = false;
-		} else {
-			$parameters['loginName'] = '';
-			$parameters['user_autofocus'] = true;
-		}
-
-		$parameters['throttle_delay'] = $this->throttler->getDelay($this->request->getRemoteAddress());
-
-		// OpenGraph Support: http://ogp.me/
-		Util::addHeader('meta', ['property' => 'og:title', 'content' => Util::sanitizeHTML($this->defaults->getName())]);
-		Util::addHeader('meta', ['property' => 'og:description', 'content' => Util::sanitizeHTML($this->defaults->getSlogan())]);
-		Util::addHeader('meta', ['property' => 'og:site_name', 'content' => Util::sanitizeHTML($this->defaults->getName())]);
-		Util::addHeader('meta', ['property' => 'og:url', 'content' => $this->urlGenerator->getAbsoluteURL('/')]);
-		Util::addHeader('meta', ['property' => 'og:type', 'content' => 'website']);
-		Util::addHeader('meta', ['property' => 'og:image', 'content' => $this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core','favicon-touch.png'))]);
-
-		return new TemplateResponse(
-			$this->appName, 'login', $parameters, 'guest'
-		);
-	}
-
-	/**
-	 * @param string $redirectUrl
-	 * @return RedirectResponse
-	 */
-	private function generateRedirect($redirectUrl) {
-		if (!is_null($redirectUrl) && $this->userSession->isLoggedIn()) {
-			$location = $this->urlGenerator->getAbsoluteURL(urldecode($redirectUrl));
-			// Deny the redirect if the URL contains a @
-			// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
-			if (strpos($location, '@') === false) {
-				return new RedirectResponse($location);
-			}
-		}
-		return new RedirectResponse(OC_Util::getDefaultPageUrl());
-	}
-
-	/**
-	 * @PublicPage
-	 * @UseSession
-	 * @NoCSRFRequired
-	 * @BruteForceProtection(action=login)
-	 *
-	 * @param string $user
-	 * @param string $password
-	 * @param string $redirect_url
-	 * @param boolean $remember_login
-	 * @param string $timezone
-	 * @param string $timezone_offset
-	 * @return RedirectResponse
-	 */
-	public function tryLogin($user, $password, $redirect_url, $remember_login = true, $timezone = '', $timezone_offset = '') {
-		if(!is_string($user)) {
-			throw new \InvalidArgumentException('Username must be string');
-		}
-
-		// If the user is already logged in and the CSRF check does not pass then
-		// simply redirect the user to the correct page as required. This is the
-		// case when an user has already logged-in, in another tab.
-		if(!$this->request->passesCSRFCheck()) {
-			return $this->generateRedirect($redirect_url);
-		}
-
-		if ($this->userManager instanceof PublicEmitter) {
-			$this->userManager->emit('\OC\User', 'preLogin', array($user, $password));
-		}
-
-		$originalUser = $user;
-		// TODO: Add all the insane error handling
-		/* @var $loginResult IUser */
-		$loginResult = $this->userManager->checkPasswordNoLogging($user, $password);
-		if ($loginResult === false) {
-			$users = $this->userManager->getByEmail($user);
-			// we only allow login by email if unique
-			if (count($users) === 1) {
-				$previousUser = $user;
-				$user = $users[0]->getUID();
-				if($user !== $previousUser) {
-					$loginResult = $this->userManager->checkPassword($user, $password);
-				}
-			}
-		}
-		if ($loginResult === false) {
-			$this->logger->warning('Login failed: \''. $user .'\' (Remote IP: \''. $this->request->getRemoteAddress(). '\')', ['app' => 'core']);
-			// Read current user and append if possible - we need to return the unmodified user otherwise we will leak the login name
-			$args = !is_null($user) ? ['user' => $originalUser] : [];
-			if (!is_null($redirect_url)) {
-				$args['redirect_url'] = $redirect_url;
-			}
-			$response = new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args));
-			$response->throttle(['user' => $user]);
-			$this->session->set('loginMessages', [
-				['invalidpassword'], []
-			]);
-			return $response;
-		}
-		// TODO: remove password checks from above and let the user session handle failures
-		// requires https://github.com/owncloud/core/pull/24616
-		$this->userSession->completeLogin($loginResult, ['loginName' => $user, 'password' => $password]);
-		$this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, IToken::REMEMBER);
-
-		// User has successfully logged in, now remove the password reset link, when it is available
-		$this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword');
-
-		$this->session->set('last-password-confirm', $loginResult->getLastLogin());
-
-		if ($timezone_offset !== '') {
-			$this->config->setUserValue($loginResult->getUID(), 'core', 'timezone', $timezone);
-			$this->session->set('timezone', $timezone_offset);
-		}
-
-		if ($this->twoFactorManager->isTwoFactorAuthenticated($loginResult)) {
-			$this->twoFactorManager->prepareTwoFactorLogin($loginResult, $remember_login);
-
-			$providers = $this->twoFactorManager->getProviderSet($loginResult)->getProviders();
-			if (count($providers) === 1) {
-				// Single provider, hence we can redirect to that provider's challenge page directly
-				/* @var $provider IProvider */
-				$provider = array_pop($providers);
-				$url = 'core.TwoFactorChallenge.showChallenge';
-				$urlParams = [
-					'challengeProviderId' => $provider->getId(),
-				];
-			} else {
-				$url = 'core.TwoFactorChallenge.selectChallenge';
-				$urlParams = [];
-			}
-
-			if (!is_null($redirect_url)) {
-				$urlParams['redirect_url'] = $redirect_url;
-			}
-
-			return new RedirectResponse($this->urlGenerator->linkToRoute($url, $urlParams));
-		}
-
-		if ($remember_login) {
-			$this->userSession->createRememberMeToken($loginResult);
-		}
-
-		return $this->generateRedirect($redirect_url);
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @UseSession
-	 * @BruteForceProtection(action=sudo)
-	 *
-	 * @license GNU AGPL version 3 or any later version
-	 *
-	 * @param string $password
-	 * @return DataResponse
-	 */
-	public function confirmPassword($password) {
-		$loginName = $this->userSession->getLoginName();
-		$loginResult = $this->userManager->checkPassword($loginName, $password);
-		if ($loginResult === false) {
-			$response = new DataResponse([], Http::STATUS_FORBIDDEN);
-			$response->throttle();
-			return $response;
-		}
-
-		$confirmTimestamp = time();
-		$this->session->set('last-password-confirm', $confirmTimestamp);
-		return new DataResponse(['lastLogin' => $confirmTimestamp], Http::STATUS_OK);
-	}
+    /** @var IUserManager */
+    private $userManager;
+    /** @var IConfig */
+    private $config;
+    /** @var ISession */
+    private $session;
+    /** @var IUserSession|Session */
+    private $userSession;
+    /** @var IURLGenerator */
+    private $urlGenerator;
+    /** @var ILogger */
+    private $logger;
+    /** @var Manager */
+    private $twoFactorManager;
+    /** @var Defaults */
+    private $defaults;
+    /** @var Throttler */
+    private $throttler;
+
+    /**
+     * @param string $appName
+     * @param IRequest $request
+     * @param IUserManager $userManager
+     * @param IConfig $config
+     * @param ISession $session
+     * @param IUserSession $userSession
+     * @param IURLGenerator $urlGenerator
+     * @param ILogger $logger
+     * @param Manager $twoFactorManager
+     * @param Defaults $defaults
+     * @param Throttler $throttler
+     */
+    public function __construct($appName,
+                                IRequest $request,
+                                IUserManager $userManager,
+                                IConfig $config,
+                                ISession $session,
+                                IUserSession $userSession,
+                                IURLGenerator $urlGenerator,
+                                ILogger $logger,
+                                Manager $twoFactorManager,
+                                Defaults $defaults,
+                                Throttler $throttler) {
+        parent::__construct($appName, $request);
+        $this->userManager = $userManager;
+        $this->config = $config;
+        $this->session = $session;
+        $this->userSession = $userSession;
+        $this->urlGenerator = $urlGenerator;
+        $this->logger = $logger;
+        $this->twoFactorManager = $twoFactorManager;
+        $this->defaults = $defaults;
+        $this->throttler = $throttler;
+    }
+
+    /**
+     * @NoAdminRequired
+     * @UseSession
+     *
+     * @return RedirectResponse
+     */
+    public function logout() {
+        $loginToken = $this->request->getCookie('nc_token');
+        if (!is_null($loginToken)) {
+            $this->config->deleteUserValue($this->userSession->getUser()->getUID(), 'login_token', $loginToken);
+        }
+        $this->userSession->logout();
+
+        $response = new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
+        $response->addHeader('Clear-Site-Data', '"cache", "cookies", "storage", "executionContexts"');
+        return $response;
+    }
+
+    /**
+     * @PublicPage
+     * @NoCSRFRequired
+     * @UseSession
+     *
+     * @param string $user
+     * @param string $redirect_url
+     *
+     * @return TemplateResponse|RedirectResponse
+     */
+    public function showLoginForm(string $user = null, string $redirect_url = null): Http\Response {
+
+        if ($this->userSession->isLoggedIn()) {
+            return new RedirectResponse(OC_Util::getDefaultPageUrl());
+        }
+
+        $parameters = array();
+        $loginMessages = $this->session->get('loginMessages');
+        $errors = [];
+        $messages = [];
+        if (is_array($loginMessages)) {
+            list($errors, $messages) = $loginMessages;
+        }
+        $this->session->remove('loginMessages');
+        foreach ($errors as $value) {
+            $parameters[$value] = true;
+        }
+
+        $parameters['messages'] = $messages;
+        if ($user !== null && $user !== '') {
+            $parameters['loginName'] = $user;
+            $parameters['user_autofocus'] = false;
+        } else {
+            $parameters['loginName'] = '';
+            $parameters['user_autofocus'] = true;
+        }
+        if (!empty($redirect_url)) {
+            $parameters['redirect_url'] = $redirect_url;
+        }
+
+        $parameters['canResetPassword'] = true;
+        $parameters['resetPasswordLink'] = $this->config->getSystemValue('lost_password_link', '');
+        if (!$parameters['resetPasswordLink']) {
+            if ($user !== null && $user !== '') {
+                $userObj = $this->userManager->get($user);
+                if ($userObj instanceof IUser) {
+                    $parameters['canResetPassword'] = $userObj->canChangePassword();
+                }
+            }
+        } elseif ($parameters['resetPasswordLink'] === 'disabled') {
+            $parameters['canResetPassword'] = false;
+        }
+
+        $parameters['alt_login'] = OC_App::getAlternativeLogIns();
+
+        if ($user !== null && $user !== '') {
+            $parameters['loginName'] = $user;
+            $parameters['user_autofocus'] = false;
+        } else {
+            $parameters['loginName'] = '';
+            $parameters['user_autofocus'] = true;
+        }
+
+        $parameters['throttle_delay'] = $this->throttler->getDelay($this->request->getRemoteAddress());
+
+        // OpenGraph Support: http://ogp.me/
+        Util::addHeader('meta', ['property' => 'og:title', 'content' => Util::sanitizeHTML($this->defaults->getName())]);
+        Util::addHeader('meta', ['property' => 'og:description', 'content' => Util::sanitizeHTML($this->defaults->getSlogan())]);
+        Util::addHeader('meta', ['property' => 'og:site_name', 'content' => Util::sanitizeHTML($this->defaults->getName())]);
+        Util::addHeader('meta', ['property' => 'og:url', 'content' => $this->urlGenerator->getAbsoluteURL('/')]);
+        Util::addHeader('meta', ['property' => 'og:type', 'content' => 'website']);
+        Util::addHeader('meta', ['property' => 'og:image', 'content' => $this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core','favicon-touch.png'))]);
+
+        return new TemplateResponse(
+            $this->appName, 'login', $parameters, 'guest'
+        );
+    }
+
+    /**
+     * @param string $redirectUrl
+     * @return RedirectResponse
+     */
+    private function generateRedirect($redirectUrl) {
+        if (!is_null($redirectUrl) && $this->userSession->isLoggedIn()) {
+            $location = $this->urlGenerator->getAbsoluteURL(urldecode($redirectUrl));
+            // Deny the redirect if the URL contains a @
+            // This prevents unvalidated redirects like ?redirect_url=:user@domain.com
+            if (strpos($location, '@') === false) {
+                return new RedirectResponse($location);
+            }
+        }
+        return new RedirectResponse(OC_Util::getDefaultPageUrl());
+    }
+
+    /**
+     * @PublicPage
+     * @UseSession
+     * @NoCSRFRequired
+     * @BruteForceProtection(action=login)
+     *
+     * @param string $user
+     * @param string $password
+     * @param string $redirect_url
+     * @param boolean $remember_login
+     * @param string $timezone
+     * @param string $timezone_offset
+     * @return RedirectResponse
+     */
+    public function tryLogin($user, $password, $redirect_url, $remember_login = true, $timezone = '', $timezone_offset = '') {
+        if(!is_string($user)) {
+            throw new \InvalidArgumentException('Username must be string');
+        }
+
+        // If the user is already logged in and the CSRF check does not pass then
+        // simply redirect the user to the correct page as required. This is the
+        // case when an user has already logged-in, in another tab.
+        if(!$this->request->passesCSRFCheck()) {
+            return $this->generateRedirect($redirect_url);
+        }
+
+        if ($this->userManager instanceof PublicEmitter) {
+            $this->userManager->emit('\OC\User', 'preLogin', array($user, $password));
+        }
+
+        $originalUser = $user;
+        // TODO: Add all the insane error handling
+        /* @var $loginResult IUser */
+        $loginResult = $this->userManager->checkPasswordNoLogging($user, $password);
+        if ($loginResult === false) {
+            $users = $this->userManager->getByEmail($user);
+            // we only allow login by email if unique
+            if (count($users) === 1) {
+                $previousUser = $user;
+                $user = $users[0]->getUID();
+                if($user !== $previousUser) {
+                    $loginResult = $this->userManager->checkPassword($user, $password);
+                }
+            }
+        }
+        if ($loginResult === false) {
+            $this->logger->warning('Login failed: \''. $user .'\' (Remote IP: \''. $this->request->getRemoteAddress(). '\')', ['app' => 'core']);
+            // Read current user and append if possible - we need to return the unmodified user otherwise we will leak the login name
+            $args = !is_null($user) ? ['user' => $originalUser] : [];
+            if (!is_null($redirect_url)) {
+                $args['redirect_url'] = $redirect_url;
+            }
+            $response = new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args));
+            $response->throttle(['user' => $user]);
+            $this->session->set('loginMessages', [
+                ['invalidpassword'], []
+            ]);
+            return $response;
+        }
+        // TODO: remove password checks from above and let the user session handle failures
+        // requires https://github.com/owncloud/core/pull/24616
+        $this->userSession->completeLogin($loginResult, ['loginName' => $user, 'password' => $password]);
+        $this->userSession->createSessionToken($this->request, $loginResult->getUID(), $user, $password, IToken::REMEMBER);
+
+        // User has successfully logged in, now remove the password reset link, when it is available
+        $this->config->deleteUserValue($loginResult->getUID(), 'core', 'lostpassword');
+
+        $this->session->set('last-password-confirm', $loginResult->getLastLogin());
+
+        if ($timezone_offset !== '') {
+            $this->config->setUserValue($loginResult->getUID(), 'core', 'timezone', $timezone);
+            $this->session->set('timezone', $timezone_offset);
+        }
+
+        if ($this->twoFactorManager->isTwoFactorAuthenticated($loginResult)) {
+            $this->twoFactorManager->prepareTwoFactorLogin($loginResult, $remember_login);
+
+            $providers = $this->twoFactorManager->getProviderSet($loginResult)->getProviders();
+            if (count($providers) === 1) {
+                // Single provider, hence we can redirect to that provider's challenge page directly
+                /* @var $provider IProvider */
+                $provider = array_pop($providers);
+                $url = 'core.TwoFactorChallenge.showChallenge';
+                $urlParams = [
+                    'challengeProviderId' => $provider->getId(),
+                ];
+            } else {
+                $url = 'core.TwoFactorChallenge.selectChallenge';
+                $urlParams = [];
+            }
+
+            if (!is_null($redirect_url)) {
+                $urlParams['redirect_url'] = $redirect_url;
+            }
+
+            return new RedirectResponse($this->urlGenerator->linkToRoute($url, $urlParams));
+        }
+
+        if ($remember_login) {
+            $this->userSession->createRememberMeToken($loginResult);
+        }
+
+        return $this->generateRedirect($redirect_url);
+    }
+
+    /**
+     * @NoAdminRequired
+     * @UseSession
+     * @BruteForceProtection(action=sudo)
+     *
+     * @license GNU AGPL version 3 or any later version
+     *
+     * @param string $password
+     * @return DataResponse
+     */
+    public function confirmPassword($password) {
+        $loginName = $this->userSession->getLoginName();
+        $loginResult = $this->userManager->checkPassword($loginName, $password);
+        if ($loginResult === false) {
+            $response = new DataResponse([], Http::STATUS_FORBIDDEN);
+            $response->throttle();
+            return $response;
+        }
+
+        $confirmTimestamp = time();
+        $this->session->set('last-password-confirm', $confirmTimestamp);
+        return new DataResponse(['lastLogin' => $confirmTimestamp], Http::STATUS_OK);
+    }
 }

core/Command/TwoFactorAuth/State.php

Indentation +71 added lines, -71 removed lines

@@ -35,76 +35,76 @@
 
 class State extends Base {
 
-	/** @var IRegistry */
-	private $registry;
-
-	/** @var IUserManager */
-	private $userManager;
-
-	public function __construct(IRegistry $registry, IUserManager $userManager) {
-		parent::__construct('twofactorauth:state');
-
-		$this->registry = $registry;
-		$this->userManager = $userManager;
-	}
-
-	protected function configure() {
-		parent::configure();
-
-		$this->setName('twofactorauth:state');
-		$this->setDescription('Get the two-factor authentication (2FA) state of a user');
-		$this->addArgument('uid', InputArgument::REQUIRED);
-	}
-
-	protected function execute(InputInterface $input, OutputInterface $output) {
-		$uid = $input->getArgument('uid');
-		$user = $this->userManager->get($uid);
-		if (is_null($user)) {
-			$output->writeln("<error>Invalid UID</error>");
-			return;
-		}
-
-		$providerStates = $this->registry->getProviderStates($user);
-		$filtered = $this->filterEnabledDisabledUnknownProviders($providerStates);
-		list ($enabled, $disabled) = $filtered;
-
-		if (!empty($enabled)) {
-			$output->writeln("Two-factor authentication is enabled for user $uid");
-		} else {
-			$output->writeln("Two-factor authentication is not enabled for user $uid");
-		}
-
-		$output->writeln("");
-		$this->printProviders("Enabled providers", $enabled, $output);
-		$this->printProviders("Disabled providers", $disabled, $output);
-	}
-
-	private function filterEnabledDisabledUnknownProviders(array $providerStates): array {
-		$enabled = [];
-		$disabled = [];
-
-		foreach ($providerStates as $providerId => $isEnabled) {
-			if ($isEnabled) {
-				$enabled[] = $providerId;
-			} else {
-				$disabled[] = $providerId;
-			}
-		}
-
-		return [$enabled, $disabled];
-	}
-
-	private function printProviders(string $title, array $providers,
-		OutputInterface $output) {
-		if (empty($providers)) {
-			// Ignore and don't print anything
-			return;
-		}
-
-		$output->writeln($title . ":");
-		foreach ($providers as $provider) {
-			$output->writeln("- " . $provider);
-		}
-	}
+    /** @var IRegistry */
+    private $registry;
+
+    /** @var IUserManager */
+    private $userManager;
+
+    public function __construct(IRegistry $registry, IUserManager $userManager) {
+        parent::__construct('twofactorauth:state');
+
+        $this->registry = $registry;
+        $this->userManager = $userManager;
+    }
+
+    protected function configure() {
+        parent::configure();
+
+        $this->setName('twofactorauth:state');
+        $this->setDescription('Get the two-factor authentication (2FA) state of a user');
+        $this->addArgument('uid', InputArgument::REQUIRED);
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output) {
+        $uid = $input->getArgument('uid');
+        $user = $this->userManager->get($uid);
+        if (is_null($user)) {
+            $output->writeln("<error>Invalid UID</error>");
+            return;
+        }
+
+        $providerStates = $this->registry->getProviderStates($user);
+        $filtered = $this->filterEnabledDisabledUnknownProviders($providerStates);
+        list ($enabled, $disabled) = $filtered;
+
+        if (!empty($enabled)) {
+            $output->writeln("Two-factor authentication is enabled for user $uid");
+        } else {
+            $output->writeln("Two-factor authentication is not enabled for user $uid");
+        }
+
+        $output->writeln("");
+        $this->printProviders("Enabled providers", $enabled, $output);
+        $this->printProviders("Disabled providers", $disabled, $output);
+    }
+
+    private function filterEnabledDisabledUnknownProviders(array $providerStates): array {
+        $enabled = [];
+        $disabled = [];
+
+        foreach ($providerStates as $providerId => $isEnabled) {
+            if ($isEnabled) {
+                $enabled[] = $providerId;
+            } else {
+                $disabled[] = $providerId;
+            }
+        }
+
+        return [$enabled, $disabled];
+    }
+
+    private function printProviders(string $title, array $providers,
+        OutputInterface $output) {
+        if (empty($providers)) {
+            // Ignore and don't print anything
+            return;
+        }
+
+        $output->writeln($title . ":");
+        foreach ($providers as $provider) {
+            $output->writeln("- " . $provider);
+        }
+    }
 
 }

Spacing +3 added lines, -3 removed lines

@@ -1,6 +1,6 @@ 
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 /**
  * @copyright 2018 Christoph Wurst <christoph@winzerhof-wurst.at>
@@ -101,9 +101,9 @@ 
 			return;
 		}
 
-		$output->writeln($title . ":");
+		$output->writeln($title.":");
 		foreach ($providers as $provider) {
-			$output->writeln("- " . $provider);
+			$output->writeln("- ".$provider);
 		}
 	}
 

core/register_command.php

Indentation +97 added lines, -97 removed lines

@@ -43,124 +43,124 @@
 $application->add(new OC\Core\Command\App\CheckCode());
 $application->add(new OC\Core\Command\L10n\CreateJs());
 $application->add(new \OC\Core\Command\Integrity\SignApp(
-		\OC::$server->getIntegrityCodeChecker(),
-		new \OC\IntegrityCheck\Helpers\FileAccessHelper(),
-		\OC::$server->getURLGenerator()
+        \OC::$server->getIntegrityCodeChecker(),
+        new \OC\IntegrityCheck\Helpers\FileAccessHelper(),
+        \OC::$server->getURLGenerator()
 ));
 $application->add(new \OC\Core\Command\Integrity\SignCore(
-		\OC::$server->getIntegrityCodeChecker(),
-		new \OC\IntegrityCheck\Helpers\FileAccessHelper()
+        \OC::$server->getIntegrityCodeChecker(),
+        new \OC\IntegrityCheck\Helpers\FileAccessHelper()
 ));
 $application->add(new \OC\Core\Command\Integrity\CheckApp(
-		\OC::$server->getIntegrityCodeChecker()
+        \OC::$server->getIntegrityCodeChecker()
 ));
 $application->add(new \OC\Core\Command\Integrity\CheckCore(
-		\OC::$server->getIntegrityCodeChecker()
+        \OC::$server->getIntegrityCodeChecker()
 ));
 
 
 if (\OC::$server->getConfig()->getSystemValue('installed', false)) {
-	$application->add(new OC\Core\Command\App\Disable(\OC::$server->getAppManager()));
-	$application->add(new OC\Core\Command\App\Enable(\OC::$server->getAppManager()));
-	$application->add(new OC\Core\Command\App\Install());
-	$application->add(new OC\Core\Command\App\GetPath());
-	$application->add(new OC\Core\Command\App\ListApps(\OC::$server->getAppManager()));
+    $application->add(new OC\Core\Command\App\Disable(\OC::$server->getAppManager()));
+    $application->add(new OC\Core\Command\App\Enable(\OC::$server->getAppManager()));
+    $application->add(new OC\Core\Command\App\Install());
+    $application->add(new OC\Core\Command\App\GetPath());
+    $application->add(new OC\Core\Command\App\ListApps(\OC::$server->getAppManager()));
 
-	$application->add(new OC\Core\Command\TwoFactorAuth\Enable(
-		\OC::$server->getTwoFactorAuthManager(), \OC::$server->getUserManager()
-	));
-	$application->add(new OC\Core\Command\TwoFactorAuth\Disable(
-		\OC::$server->getTwoFactorAuthManager(), \OC::$server->getUserManager()
-	));
-	$application->add(\OC::$server->query(\OC\Core\Command\TwoFactorAuth\State::class));
+    $application->add(new OC\Core\Command\TwoFactorAuth\Enable(
+        \OC::$server->getTwoFactorAuthManager(), \OC::$server->getUserManager()
+    ));
+    $application->add(new OC\Core\Command\TwoFactorAuth\Disable(
+        \OC::$server->getTwoFactorAuthManager(), \OC::$server->getUserManager()
+    ));
+    $application->add(\OC::$server->query(\OC\Core\Command\TwoFactorAuth\State::class));
 
-	$application->add(new OC\Core\Command\Background\Cron(\OC::$server->getConfig()));
-	$application->add(new OC\Core\Command\Background\WebCron(\OC::$server->getConfig()));
-	$application->add(new OC\Core\Command\Background\Ajax(\OC::$server->getConfig()));
+    $application->add(new OC\Core\Command\Background\Cron(\OC::$server->getConfig()));
+    $application->add(new OC\Core\Command\Background\WebCron(\OC::$server->getConfig()));
+    $application->add(new OC\Core\Command\Background\Ajax(\OC::$server->getConfig()));
 
-	$application->add(new OC\Core\Command\Config\App\DeleteConfig(\OC::$server->getConfig()));
-	$application->add(new OC\Core\Command\Config\App\GetConfig(\OC::$server->getConfig()));
-	$application->add(new OC\Core\Command\Config\App\SetConfig(\OC::$server->getConfig()));
-	$application->add(new OC\Core\Command\Config\Import(\OC::$server->getConfig()));
-	$application->add(new OC\Core\Command\Config\ListConfigs(\OC::$server->getSystemConfig(), \OC::$server->getAppConfig()));
-	$application->add(new OC\Core\Command\Config\System\DeleteConfig(\OC::$server->getSystemConfig()));
-	$application->add(new OC\Core\Command\Config\System\GetConfig(\OC::$server->getSystemConfig()));
-	$application->add(new OC\Core\Command\Config\System\SetConfig(\OC::$server->getSystemConfig()));
+    $application->add(new OC\Core\Command\Config\App\DeleteConfig(\OC::$server->getConfig()));
+    $application->add(new OC\Core\Command\Config\App\GetConfig(\OC::$server->getConfig()));
+    $application->add(new OC\Core\Command\Config\App\SetConfig(\OC::$server->getConfig()));
+    $application->add(new OC\Core\Command\Config\Import(\OC::$server->getConfig()));
+    $application->add(new OC\Core\Command\Config\ListConfigs(\OC::$server->getSystemConfig(), \OC::$server->getAppConfig()));
+    $application->add(new OC\Core\Command\Config\System\DeleteConfig(\OC::$server->getSystemConfig()));
+    $application->add(new OC\Core\Command\Config\System\GetConfig(\OC::$server->getSystemConfig()));
+    $application->add(new OC\Core\Command\Config\System\SetConfig(\OC::$server->getSystemConfig()));
 
-	$application->add(new OC\Core\Command\Db\ConvertType(\OC::$server->getConfig(), new \OC\DB\ConnectionFactory(\OC::$server->getSystemConfig())));
-	$application->add(new OC\Core\Command\Db\ConvertMysqlToMB4(\OC::$server->getConfig(), \OC::$server->getDatabaseConnection(), \OC::$server->getURLGenerator(), \OC::$server->getLogger()));
-	$application->add(new OC\Core\Command\Db\ConvertFilecacheBigInt(\OC::$server->getDatabaseConnection()));
-	$application->add(new OC\Core\Command\Db\AddMissingIndices(\OC::$server->getDatabaseConnection(), \OC::$server->getEventDispatcher()));
-	$application->add(new OC\Core\Command\Db\Migrations\StatusCommand(\OC::$server->getDatabaseConnection()));
-	$application->add(new OC\Core\Command\Db\Migrations\MigrateCommand(\OC::$server->getDatabaseConnection()));
-	$application->add(new OC\Core\Command\Db\Migrations\GenerateCommand(\OC::$server->getDatabaseConnection(), \OC::$server->getAppManager()));
-	$application->add(new OC\Core\Command\Db\Migrations\GenerateFromSchemaFileCommand(\OC::$server->getConfig(), \OC::$server->getAppManager(), \OC::$server->getDatabaseConnection()));
-	$application->add(new OC\Core\Command\Db\Migrations\ExecuteCommand(\OC::$server->getDatabaseConnection(), \OC::$server->getAppManager(), \OC::$server->getConfig()));
+    $application->add(new OC\Core\Command\Db\ConvertType(\OC::$server->getConfig(), new \OC\DB\ConnectionFactory(\OC::$server->getSystemConfig())));
+    $application->add(new OC\Core\Command\Db\ConvertMysqlToMB4(\OC::$server->getConfig(), \OC::$server->getDatabaseConnection(), \OC::$server->getURLGenerator(), \OC::$server->getLogger()));
+    $application->add(new OC\Core\Command\Db\ConvertFilecacheBigInt(\OC::$server->getDatabaseConnection()));
+    $application->add(new OC\Core\Command\Db\AddMissingIndices(\OC::$server->getDatabaseConnection(), \OC::$server->getEventDispatcher()));
+    $application->add(new OC\Core\Command\Db\Migrations\StatusCommand(\OC::$server->getDatabaseConnection()));
+    $application->add(new OC\Core\Command\Db\Migrations\MigrateCommand(\OC::$server->getDatabaseConnection()));
+    $application->add(new OC\Core\Command\Db\Migrations\GenerateCommand(\OC::$server->getDatabaseConnection(), \OC::$server->getAppManager()));
+    $application->add(new OC\Core\Command\Db\Migrations\GenerateFromSchemaFileCommand(\OC::$server->getConfig(), \OC::$server->getAppManager(), \OC::$server->getDatabaseConnection()));
+    $application->add(new OC\Core\Command\Db\Migrations\ExecuteCommand(\OC::$server->getDatabaseConnection(), \OC::$server->getAppManager(), \OC::$server->getConfig()));
 
-	$application->add(new OC\Core\Command\Encryption\Disable(\OC::$server->getConfig()));
-	$application->add(new OC\Core\Command\Encryption\Enable(\OC::$server->getConfig(), \OC::$server->getEncryptionManager()));
-	$application->add(new OC\Core\Command\Encryption\ListModules(\OC::$server->getEncryptionManager()));
-	$application->add(new OC\Core\Command\Encryption\SetDefaultModule(\OC::$server->getEncryptionManager()));
-	$application->add(new OC\Core\Command\Encryption\Status(\OC::$server->getEncryptionManager()));
-	$application->add(new OC\Core\Command\Encryption\EncryptAll(\OC::$server->getEncryptionManager(), \OC::$server->getAppManager(), \OC::$server->getConfig(), new \Symfony\Component\Console\Helper\QuestionHelper()));
-	$application->add(new OC\Core\Command\Encryption\DecryptAll(
-		\OC::$server->getEncryptionManager(),
-		\OC::$server->getAppManager(),
-		\OC::$server->getConfig(),
-		new \OC\Encryption\DecryptAll(\OC::$server->getEncryptionManager(), \OC::$server->getUserManager(), new \OC\Files\View()),
-		new \Symfony\Component\Console\Helper\QuestionHelper())
-	);
+    $application->add(new OC\Core\Command\Encryption\Disable(\OC::$server->getConfig()));
+    $application->add(new OC\Core\Command\Encryption\Enable(\OC::$server->getConfig(), \OC::$server->getEncryptionManager()));
+    $application->add(new OC\Core\Command\Encryption\ListModules(\OC::$server->getEncryptionManager()));
+    $application->add(new OC\Core\Command\Encryption\SetDefaultModule(\OC::$server->getEncryptionManager()));
+    $application->add(new OC\Core\Command\Encryption\Status(\OC::$server->getEncryptionManager()));
+    $application->add(new OC\Core\Command\Encryption\EncryptAll(\OC::$server->getEncryptionManager(), \OC::$server->getAppManager(), \OC::$server->getConfig(), new \Symfony\Component\Console\Helper\QuestionHelper()));
+    $application->add(new OC\Core\Command\Encryption\DecryptAll(
+        \OC::$server->getEncryptionManager(),
+        \OC::$server->getAppManager(),
+        \OC::$server->getConfig(),
+        new \OC\Encryption\DecryptAll(\OC::$server->getEncryptionManager(), \OC::$server->getUserManager(), new \OC\Files\View()),
+        new \Symfony\Component\Console\Helper\QuestionHelper())
+    );
 
-	$application->add(new OC\Core\Command\Log\Manage(\OC::$server->getConfig()));
-	$application->add(new OC\Core\Command\Log\File(\OC::$server->getConfig()));
+    $application->add(new OC\Core\Command\Log\Manage(\OC::$server->getConfig()));
+    $application->add(new OC\Core\Command\Log\File(\OC::$server->getConfig()));
 
-	$view = new \OC\Files\View();
-	$util = new \OC\Encryption\Util(
-		$view,
-		\OC::$server->getUserManager(),
-		\OC::$server->getGroupManager(),
-		\OC::$server->getConfig()
-	);
-	$application->add(new OC\Core\Command\Encryption\ChangeKeyStorageRoot(
-			$view,
-			\OC::$server->getUserManager(),
-			\OC::$server->getConfig(),
-			$util,
-			new \Symfony\Component\Console\Helper\QuestionHelper()
-		)
-	);
-	$application->add(new OC\Core\Command\Encryption\ShowKeyStorageRoot($util));
+    $view = new \OC\Files\View();
+    $util = new \OC\Encryption\Util(
+        $view,
+        \OC::$server->getUserManager(),
+        \OC::$server->getGroupManager(),
+        \OC::$server->getConfig()
+    );
+    $application->add(new OC\Core\Command\Encryption\ChangeKeyStorageRoot(
+            $view,
+            \OC::$server->getUserManager(),
+            \OC::$server->getConfig(),
+            $util,
+            new \Symfony\Component\Console\Helper\QuestionHelper()
+        )
+    );
+    $application->add(new OC\Core\Command\Encryption\ShowKeyStorageRoot($util));
 
-	$application->add(new OC\Core\Command\Maintenance\DataFingerprint(\OC::$server->getConfig(), new \OC\AppFramework\Utility\TimeFactory()));
-	$application->add(new OC\Core\Command\Maintenance\Mimetype\UpdateDB(\OC::$server->getMimeTypeDetector(), \OC::$server->getMimeTypeLoader()));
-	$application->add(new OC\Core\Command\Maintenance\Mimetype\UpdateJS(\OC::$server->getMimeTypeDetector()));
-	$application->add(new OC\Core\Command\Maintenance\Mode(\OC::$server->getConfig()));
-	$application->add(new OC\Core\Command\Maintenance\UpdateHtaccess());
-	$application->add(new OC\Core\Command\Maintenance\UpdateTheme(\OC::$server->getMimeTypeDetector(), \OC::$server->getMemCacheFactory()));
+    $application->add(new OC\Core\Command\Maintenance\DataFingerprint(\OC::$server->getConfig(), new \OC\AppFramework\Utility\TimeFactory()));
+    $application->add(new OC\Core\Command\Maintenance\Mimetype\UpdateDB(\OC::$server->getMimeTypeDetector(), \OC::$server->getMimeTypeLoader()));
+    $application->add(new OC\Core\Command\Maintenance\Mimetype\UpdateJS(\OC::$server->getMimeTypeDetector()));
+    $application->add(new OC\Core\Command\Maintenance\Mode(\OC::$server->getConfig()));
+    $application->add(new OC\Core\Command\Maintenance\UpdateHtaccess());
+    $application->add(new OC\Core\Command\Maintenance\UpdateTheme(\OC::$server->getMimeTypeDetector(), \OC::$server->getMemCacheFactory()));
 
-	$application->add(new OC\Core\Command\Upgrade(\OC::$server->getConfig(), \OC::$server->getLogger(), \OC::$server->query(\OC\Installer::class)));
-	$application->add(new OC\Core\Command\Maintenance\Repair(
-		new \OC\Repair(\OC\Repair::getRepairSteps(), \OC::$server->getEventDispatcher()), \OC::$server->getConfig(),
-		\OC::$server->getEventDispatcher(), \OC::$server->getAppManager()));
+    $application->add(new OC\Core\Command\Upgrade(\OC::$server->getConfig(), \OC::$server->getLogger(), \OC::$server->query(\OC\Installer::class)));
+    $application->add(new OC\Core\Command\Maintenance\Repair(
+        new \OC\Repair(\OC\Repair::getRepairSteps(), \OC::$server->getEventDispatcher()), \OC::$server->getConfig(),
+        \OC::$server->getEventDispatcher(), \OC::$server->getAppManager()));
 
-	$application->add(new OC\Core\Command\User\Add(\OC::$server->getUserManager(), \OC::$server->getGroupManager()));
-	$application->add(new OC\Core\Command\User\Delete(\OC::$server->getUserManager()));
-	$application->add(new OC\Core\Command\User\Disable(\OC::$server->getUserManager()));
-	$application->add(new OC\Core\Command\User\Enable(\OC::$server->getUserManager()));
-	$application->add(new OC\Core\Command\User\LastSeen(\OC::$server->getUserManager()));
-	$application->add(new OC\Core\Command\User\Report(\OC::$server->getUserManager()));
-	$application->add(new OC\Core\Command\User\ResetPassword(\OC::$server->getUserManager()));
-	$application->add(new OC\Core\Command\User\Setting(\OC::$server->getUserManager(), \OC::$server->getConfig(), \OC::$server->getDatabaseConnection()));
-	$application->add(new OC\Core\Command\User\ListCommand(\OC::$server->getUserManager()));
-	$application->add(new OC\Core\Command\User\Info(\OC::$server->getUserManager(), \OC::$server->getGroupManager()));
+    $application->add(new OC\Core\Command\User\Add(\OC::$server->getUserManager(), \OC::$server->getGroupManager()));
+    $application->add(new OC\Core\Command\User\Delete(\OC::$server->getUserManager()));
+    $application->add(new OC\Core\Command\User\Disable(\OC::$server->getUserManager()));
+    $application->add(new OC\Core\Command\User\Enable(\OC::$server->getUserManager()));
+    $application->add(new OC\Core\Command\User\LastSeen(\OC::$server->getUserManager()));
+    $application->add(new OC\Core\Command\User\Report(\OC::$server->getUserManager()));
+    $application->add(new OC\Core\Command\User\ResetPassword(\OC::$server->getUserManager()));
+    $application->add(new OC\Core\Command\User\Setting(\OC::$server->getUserManager(), \OC::$server->getConfig(), \OC::$server->getDatabaseConnection()));
+    $application->add(new OC\Core\Command\User\ListCommand(\OC::$server->getUserManager()));
+    $application->add(new OC\Core\Command\User\Info(\OC::$server->getUserManager(), \OC::$server->getGroupManager()));
 
-	$application->add(new OC\Core\Command\Group\ListCommand(\OC::$server->getGroupManager()));
-	$application->add(new OC\Core\Command\Group\AddUser(\OC::$server->getUserManager(), \OC::$server->getGroupManager()));
-	$application->add(new OC\Core\Command\Group\RemoveUser(\OC::$server->getUserManager(), \OC::$server->getGroupManager()));
+    $application->add(new OC\Core\Command\Group\ListCommand(\OC::$server->getGroupManager()));
+    $application->add(new OC\Core\Command\Group\AddUser(\OC::$server->getUserManager(), \OC::$server->getGroupManager()));
+    $application->add(new OC\Core\Command\Group\RemoveUser(\OC::$server->getUserManager(), \OC::$server->getGroupManager()));
 
-	$application->add(new OC\Core\Command\Security\ListCertificates(\OC::$server->getCertificateManager(null), \OC::$server->getL10N('core')));
-	$application->add(new OC\Core\Command\Security\ImportCertificate(\OC::$server->getCertificateManager(null)));
-	$application->add(new OC\Core\Command\Security\RemoveCertificate(\OC::$server->getCertificateManager(null)));
+    $application->add(new OC\Core\Command\Security\ListCertificates(\OC::$server->getCertificateManager(null), \OC::$server->getL10N('core')));
+    $application->add(new OC\Core\Command\Security\ImportCertificate(\OC::$server->getCertificateManager(null)));
+    $application->add(new OC\Core\Command\Security\RemoveCertificate(\OC::$server->getCertificateManager(null)));
 } else {
-	$application->add(new OC\Core\Command\Maintenance\Install(\OC::$server->getSystemConfig()));
+    $application->add(new OC\Core\Command\Maintenance\Install(\OC::$server->getSystemConfig()));
 }

lib/private/Authentication/TwoFactorAuth/Db/ProviderUserAssignmentDao.php

Spacing +1 added lines, -1 removed lines

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 /**
  * @copyright 2018 Christoph Wurst <christoph@winzerhof-wurst.at>

Indentation +39 added lines, -39 removed lines

@@ -35,52 +35,52 @@
  */
 class ProviderUserAssignmentDao {
 
-	const TABLE_NAME = 'twofactor_providers';
+    const TABLE_NAME = 'twofactor_providers';
 
-	/** @var IDBConnection */
-	private $conn;
+    /** @var IDBConnection */
+    private $conn;
 
-	public function __construct(IDBConnection $dbConn) {
-		$this->conn = $dbConn;
-	}
+    public function __construct(IDBConnection $dbConn) {
+        $this->conn = $dbConn;
+    }
 
-	/**
-	 * Get all assigned provider IDs for the given user ID
-	 *
-	 * @return string[] where the array key is the provider ID (string) and the
-	 *                  value is the enabled state (bool)
-	 */
-	public function getState(string $uid): array {
-		$qb = $this->conn->getQueryBuilder();
+    /**
+     * Get all assigned provider IDs for the given user ID
+     *
+     * @return string[] where the array key is the provider ID (string) and the
+     *                  value is the enabled state (bool)
+     */
+    public function getState(string $uid): array {
+        $qb = $this->conn->getQueryBuilder();
 
-		$query = $qb->select('provider_id', 'enabled')
-			->from(self::TABLE_NAME)
-			->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid)));
-		$result = $query->execute();
-		$providers = [];
-		foreach ($result->fetchAll() as $row) {
-			$providers[$row['provider_id']] = 1 === (int) $row['enabled'];
-		}
-		$result->closeCursor();
+        $query = $qb->select('provider_id', 'enabled')
+            ->from(self::TABLE_NAME)
+            ->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid)));
+        $result = $query->execute();
+        $providers = [];
+        foreach ($result->fetchAll() as $row) {
+            $providers[$row['provider_id']] = 1 === (int) $row['enabled'];
+        }
+        $result->closeCursor();
 
-		return $providers;
-	}
+        return $providers;
+    }
 
-	/**
-	 * Persist a new/updated (provider_id, uid, enabled) tuple
-	 */
-	public function persist(string $providerId, string $uid, int $enabled) {
-		$qb = $this->conn->getQueryBuilder();
+    /**
+     * Persist a new/updated (provider_id, uid, enabled) tuple
+     */
+    public function persist(string $providerId, string $uid, int $enabled) {
+        $qb = $this->conn->getQueryBuilder();
 
-		// TODO: concurrency? What if (providerId, uid) private key is inserted
-		//       twice at the same time?
-		$query = $qb->insert(self::TABLE_NAME)->values([
-			'provider_id' => $qb->createNamedParameter($providerId),
-			'uid' => $qb->createNamedParameter($uid),
-			'enabled' => $qb->createNamedParameter($enabled, IQueryBuilder::PARAM_INT),
-		]);
+        // TODO: concurrency? What if (providerId, uid) private key is inserted
+        //       twice at the same time?
+        $query = $qb->insert(self::TABLE_NAME)->values([
+            'provider_id' => $qb->createNamedParameter($providerId),
+            'uid' => $qb->createNamedParameter($uid),
+            'enabled' => $qb->createNamedParameter($enabled, IQueryBuilder::PARAM_INT),
+        ]);
 
-		$query->execute();
-	}
+        $query->execute();
+    }
 
 }

lib/private/Authentication/TwoFactorAuth/ProviderLoader.php

Indentation +44 added lines, -44 removed lines

@@ -34,55 +34,55 @@
 
 class ProviderLoader {
 
-	const BACKUP_CODES_APP_ID = 'twofactor_backupcodes';
+    const BACKUP_CODES_APP_ID = 'twofactor_backupcodes';
 
-	/** @var IAppManager */
-	private $appManager;
+    /** @var IAppManager */
+    private $appManager;
 
-	public function __construct(IAppManager $appManager) {
-		$this->appManager = $appManager;
-	}
+    public function __construct(IAppManager $appManager) {
+        $this->appManager = $appManager;
+    }
 
-	/**
-	 * Get the list of 2FA providers for the given user
-	 *
-	 * @return IProvider[]
-	 * @throws Exception
-	 */
-	public function getProviders(IUser $user): array {
-		$allApps = $this->appManager->getEnabledAppsForUser($user);
-		$providers = [];
+    /**
+     * Get the list of 2FA providers for the given user
+     *
+     * @return IProvider[]
+     * @throws Exception
+     */
+    public function getProviders(IUser $user): array {
+        $allApps = $this->appManager->getEnabledAppsForUser($user);
+        $providers = [];
 
-		foreach ($allApps as $appId) {
-			$info = $this->appManager->getAppInfo($appId);
-			if (isset($info['two-factor-providers'])) {
-				/** @var string[] $providerClasses */
-				$providerClasses = $info['two-factor-providers'];
-				foreach ($providerClasses as $class) {
-					try {
-						$this->loadTwoFactorApp($appId);
-						$provider = OC::$server->query($class);
-						$providers[$provider->getId()] = $provider;
-					} catch (QueryException $exc) {
-						// Provider class can not be resolved
-						throw new Exception("Could not load two-factor auth provider $class");
-					}
-				}
-			}
-		}
+        foreach ($allApps as $appId) {
+            $info = $this->appManager->getAppInfo($appId);
+            if (isset($info['two-factor-providers'])) {
+                /** @var string[] $providerClasses */
+                $providerClasses = $info['two-factor-providers'];
+                foreach ($providerClasses as $class) {
+                    try {
+                        $this->loadTwoFactorApp($appId);
+                        $provider = OC::$server->query($class);
+                        $providers[$provider->getId()] = $provider;
+                    } catch (QueryException $exc) {
+                        // Provider class can not be resolved
+                        throw new Exception("Could not load two-factor auth provider $class");
+                    }
+                }
+            }
+        }
 
-		return $providers;
-	}
+        return $providers;
+    }
 
-	/**
-	 * Load an app by ID if it has not been loaded yet
-	 *
-	 * @param string $appId
-	 */
-	protected function loadTwoFactorApp(string $appId) {
-		if (!OC_App::isAppLoaded($appId)) {
-			OC_App::loadApp($appId);
-		}
-	}
+    /**
+     * Load an app by ID if it has not been loaded yet
+     *
+     * @param string $appId
+     */
+    protected function loadTwoFactorApp(string $appId) {
+        if (!OC_App::isAppLoaded($appId)) {
+            OC_App::loadApp($appId);
+        }
+    }
 
 }

lib/public/Authentication/TwoFactorAuth/IRegistry.php

Indentation +21 added lines, -21 removed lines

@@ -39,27 +39,27 @@
  */
 interface IRegistry {
 
-	/**
-	 * Get a key-value map of providers and their enabled/disabled state for
-	 * the given user.
-	 *
-	 * @since 14.0.0
-	 * @return string[] where the array key is the provider ID (string) and the
-	 *                  value is the enabled state (bool)
-	 */
-	public function getProviderStates(IUser $user): array;
+    /**
+     * Get a key-value map of providers and their enabled/disabled state for
+     * the given user.
+     *
+     * @since 14.0.0
+     * @return string[] where the array key is the provider ID (string) and the
+     *                  value is the enabled state (bool)
+     */
+    public function getProviderStates(IUser $user): array;
 
-	/**
-	 * Enable the given 2FA provider for the given user
-	 *
-	 * @since 14.0.0
-	 */
-	public function enableProviderFor(IProvider $provider, IUser $user);
+    /**
+     * Enable the given 2FA provider for the given user
+     *
+     * @since 14.0.0
+     */
+    public function enableProviderFor(IProvider $provider, IUser $user);
 
-	/**
-	 * Disable the given 2FA provider for the given user
-	 *
-	 * @since 14.0.0
-	 */
-	public function disableProviderFor(IProvider $provider, IUser $user);
+    /**
+     * Disable the given 2FA provider for the given user
+     *
+     * @since 14.0.0
+     */
+    public function disableProviderFor(IProvider $provider, IUser $user);
 }

Spacing +1 added lines, -1 removed lines

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 /**
  * @copyright 2018 Christoph Wurst <christoph@winzerhof-wurst.at>

lib/private/Authentication/TwoFactorAuth/Registry.php

Spacing +1 added lines, -1 removed lines

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 /**
  * @copyright 2018 Christoph Wurst <christoph@winzerhof-wurst.at>

Indentation +14 added lines, -14 removed lines

@@ -33,23 +33,23 @@
 
 class Registry implements IRegistry {
 
-	/** @var ProviderUserAssignmentDao */
-	private $assignmentDao;
+    /** @var ProviderUserAssignmentDao */
+    private $assignmentDao;
 
-	public function __construct(ProviderUserAssignmentDao $assignmentDao) {
-		$this->assignmentDao = $assignmentDao;
-	}
+    public function __construct(ProviderUserAssignmentDao $assignmentDao) {
+        $this->assignmentDao = $assignmentDao;
+    }
 
-	public function getProviderStates(IUser $user): array {
-		return $this->assignmentDao->getState($user->getUID());
-	}
+    public function getProviderStates(IUser $user): array {
+        return $this->assignmentDao->getState($user->getUID());
+    }
 
-	public function enableProviderFor(IProvider $provider, IUser $user) {
-		$this->assignmentDao->persist($provider->getId(), $user->getUID(), 1);
-	}
+    public function enableProviderFor(IProvider $provider, IUser $user) {
+        $this->assignmentDao->persist($provider->getId(), $user->getUID(), 1);
+    }
 
-	public function disableProviderFor(IProvider $provider, IUser $user) {
-		$this->assignmentDao->persist($provider->getId(), $user->getUID(), 0);
-	}
+    public function disableProviderFor(IProvider $provider, IUser $user) {
+        $this->assignmentDao->persist($provider->getId(), $user->getUID(), 0);
+    }
 
 }

core/Controller/TwoFactorChallengeController.php

Indentation +161 added lines, -161 removed lines

@@ -42,171 +42,171 @@
 
 class TwoFactorChallengeController extends Controller {
 
-	/** @var Manager */
-	private $twoFactorManager;
-
-	/** @var IUserSession */
-	private $userSession;
-
-	/** @var ISession */
-	private $session;
-
-	/** @var IURLGenerator */
-	private $urlGenerator;
-
-	/**
-	 * @param string $appName
-	 * @param IRequest $request
-	 * @param Manager $twoFactorManager
-	 * @param IUserSession $userSession
-	 * @param ISession $session
-	 * @param IURLGenerator $urlGenerator
-	 */
-	public function __construct($appName, IRequest $request, Manager $twoFactorManager, IUserSession $userSession,
-		ISession $session, IURLGenerator $urlGenerator) {
-		parent::__construct($appName, $request);
-		$this->twoFactorManager = $twoFactorManager;
-		$this->userSession = $userSession;
-		$this->session = $session;
-		$this->urlGenerator = $urlGenerator;
-	}
-
-	/**
-	 * @return string
-	 */
-	protected function getLogoutUrl() {
-		return OC_User::getLogoutUrl($this->urlGenerator);
-	}
+    /** @var Manager */
+    private $twoFactorManager;
+
+    /** @var IUserSession */
+    private $userSession;
+
+    /** @var ISession */
+    private $session;
+
+    /** @var IURLGenerator */
+    private $urlGenerator;
+
+    /**
+     * @param string $appName
+     * @param IRequest $request
+     * @param Manager $twoFactorManager
+     * @param IUserSession $userSession
+     * @param ISession $session
+     * @param IURLGenerator $urlGenerator
+     */
+    public function __construct($appName, IRequest $request, Manager $twoFactorManager, IUserSession $userSession,
+        ISession $session, IURLGenerator $urlGenerator) {
+        parent::__construct($appName, $request);
+        $this->twoFactorManager = $twoFactorManager;
+        $this->userSession = $userSession;
+        $this->session = $session;
+        $this->urlGenerator = $urlGenerator;
+    }
+
+    /**
+     * @return string
+     */
+    protected function getLogoutUrl() {
+        return OC_User::getLogoutUrl($this->urlGenerator);
+    }
 	
-	/**
-	 * @param IProvider[] $providers
-	 */
-	private function splitProvidersAndBackupCodes(array $providers): array {
-		$regular = [];
-		$backup = null;
-		foreach ($providers as $provider) {
-			if ($provider->getId() === 'backup_codes') {
-				$backup = $provider;
-			} else {
-				$regular[] = $provider;
-			}
-		}
-
-		return [$regular, $backup];
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 *
-	 * @param string $redirect_url
-	 * @return TemplateResponse
-	 */
-	public function selectChallenge($redirect_url) {
-		$user = $this->userSession->getUser();
-		$providerSet = $this->twoFactorManager->getProviderSet($user);
-		$allProviders = $providerSet->getProviders();
-		list($providers, $backupProvider) = $this->splitProvidersAndBackupCodes($allProviders);
-
-		$data = [
-			'providers' => $providers,
-			'backupProvider' => $backupProvider,
-			'providerMissing' => $providerSet->isProviderMissing(),
-			'redirect_url' => $redirect_url,
-			'logout_url' => $this->getLogoutUrl(),
-		];
-		return new TemplateResponse($this->appName, 'twofactorselectchallenge', $data, 'guest');
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 * @UseSession
-	 *
-	 * @param string $challengeProviderId
-	 * @param string $redirect_url
-	 * @return TemplateResponse|RedirectResponse
-	 */
-	public function showChallenge($challengeProviderId, $redirect_url) {
-		$user = $this->userSession->getUser();
-		$providerSet = $this->twoFactorManager->getProviderSet($user);
-		$provider = $providerSet->getProvider($challengeProviderId);
-		if (is_null($provider)) {
-			return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
-		}
-
-		$backupProvider = $providerSet->getProvider('backup_codes');
-		if (!is_null($backupProvider) && $backupProvider->getId() === $provider->getId()) {
-			// Don't show the backup provider link if we're already showing that provider's challenge
-			$backupProvider = null;
-		}
-
-		$errorMessage = '';
-		$error = false;
-		if ($this->session->exists('two_factor_auth_error')) {
-			$this->session->remove('two_factor_auth_error');
-			$error = true;
-			$errorMessage = $this->session->get("two_factor_auth_error_message");
-			$this->session->remove('two_factor_auth_error_message');
-		}
-		$tmpl = $provider->getTemplate($user);
-		$tmpl->assign('redirect_url', $redirect_url);
-		$data = [
-			'error' => $error,
-			'error_message' => $errorMessage,
-			'provider' => $provider,
-			'backupProvider' => $backupProvider,
-			'logout_url' => $this->getLogoutUrl(),
-			'redirect_url' => $redirect_url,
-			'template' => $tmpl->fetchPage(),
-		];
-		$response = new TemplateResponse($this->appName, 'twofactorshowchallenge', $data, 'guest');
-		if ($provider instanceof IProvidesCustomCSP) {
-			$response->setContentSecurityPolicy($provider->getCSP());
-		}
-		return $response;
-	}
-
-	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 * @UseSession
-	 *
-	 * @UserRateThrottle(limit=5, period=100)
-	 *
-	 * @param string $challengeProviderId
-	 * @param string $challenge
-	 * @param string $redirect_url
-	 * @return RedirectResponse
-	 */
-	public function solveChallenge($challengeProviderId, $challenge, $redirect_url = null) {
-		$user = $this->userSession->getUser();
-		$provider = $this->twoFactorManager->getProvider($user, $challengeProviderId);
-		if (is_null($provider)) {
-			return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
-		}
-
-		try {
-			if ($this->twoFactorManager->verifyChallenge($challengeProviderId, $user, $challenge)) {
-				if (!is_null($redirect_url)) {
-					return new RedirectResponse($this->urlGenerator->getAbsoluteURL(urldecode($redirect_url)));
-				}
-				return new RedirectResponse(OC_Util::getDefaultPageUrl());
-			}
-		} catch (TwoFactorException $e) {
-			/*
+    /**
+     * @param IProvider[] $providers
+     */
+    private function splitProvidersAndBackupCodes(array $providers): array {
+        $regular = [];
+        $backup = null;
+        foreach ($providers as $provider) {
+            if ($provider->getId() === 'backup_codes') {
+                $backup = $provider;
+            } else {
+                $regular[] = $provider;
+            }
+        }
+
+        return [$regular, $backup];
+    }
+
+    /**
+     * @NoAdminRequired
+     * @NoCSRFRequired
+     *
+     * @param string $redirect_url
+     * @return TemplateResponse
+     */
+    public function selectChallenge($redirect_url) {
+        $user = $this->userSession->getUser();
+        $providerSet = $this->twoFactorManager->getProviderSet($user);
+        $allProviders = $providerSet->getProviders();
+        list($providers, $backupProvider) = $this->splitProvidersAndBackupCodes($allProviders);
+
+        $data = [
+            'providers' => $providers,
+            'backupProvider' => $backupProvider,
+            'providerMissing' => $providerSet->isProviderMissing(),
+            'redirect_url' => $redirect_url,
+            'logout_url' => $this->getLogoutUrl(),
+        ];
+        return new TemplateResponse($this->appName, 'twofactorselectchallenge', $data, 'guest');
+    }
+
+    /**
+     * @NoAdminRequired
+     * @NoCSRFRequired
+     * @UseSession
+     *
+     * @param string $challengeProviderId
+     * @param string $redirect_url
+     * @return TemplateResponse|RedirectResponse
+     */
+    public function showChallenge($challengeProviderId, $redirect_url) {
+        $user = $this->userSession->getUser();
+        $providerSet = $this->twoFactorManager->getProviderSet($user);
+        $provider = $providerSet->getProvider($challengeProviderId);
+        if (is_null($provider)) {
+            return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
+        }
+
+        $backupProvider = $providerSet->getProvider('backup_codes');
+        if (!is_null($backupProvider) && $backupProvider->getId() === $provider->getId()) {
+            // Don't show the backup provider link if we're already showing that provider's challenge
+            $backupProvider = null;
+        }
+
+        $errorMessage = '';
+        $error = false;
+        if ($this->session->exists('two_factor_auth_error')) {
+            $this->session->remove('two_factor_auth_error');
+            $error = true;
+            $errorMessage = $this->session->get("two_factor_auth_error_message");
+            $this->session->remove('two_factor_auth_error_message');
+        }
+        $tmpl = $provider->getTemplate($user);
+        $tmpl->assign('redirect_url', $redirect_url);
+        $data = [
+            'error' => $error,
+            'error_message' => $errorMessage,
+            'provider' => $provider,
+            'backupProvider' => $backupProvider,
+            'logout_url' => $this->getLogoutUrl(),
+            'redirect_url' => $redirect_url,
+            'template' => $tmpl->fetchPage(),
+        ];
+        $response = new TemplateResponse($this->appName, 'twofactorshowchallenge', $data, 'guest');
+        if ($provider instanceof IProvidesCustomCSP) {
+            $response->setContentSecurityPolicy($provider->getCSP());
+        }
+        return $response;
+    }
+
+    /**
+     * @NoAdminRequired
+     * @NoCSRFRequired
+     * @UseSession
+     *
+     * @UserRateThrottle(limit=5, period=100)
+     *
+     * @param string $challengeProviderId
+     * @param string $challenge
+     * @param string $redirect_url
+     * @return RedirectResponse
+     */
+    public function solveChallenge($challengeProviderId, $challenge, $redirect_url = null) {
+        $user = $this->userSession->getUser();
+        $provider = $this->twoFactorManager->getProvider($user, $challengeProviderId);
+        if (is_null($provider)) {
+            return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
+        }
+
+        try {
+            if ($this->twoFactorManager->verifyChallenge($challengeProviderId, $user, $challenge)) {
+                if (!is_null($redirect_url)) {
+                    return new RedirectResponse($this->urlGenerator->getAbsoluteURL(urldecode($redirect_url)));
+                }
+                return new RedirectResponse(OC_Util::getDefaultPageUrl());
+            }
+        } catch (TwoFactorException $e) {
+            /*
 			 * The 2FA App threw an TwoFactorException. Now we display more
 			 * information to the user. The exception text is stored in the
 			 * session to be used in showChallenge()
 			 */
-			$this->session->set('two_factor_auth_error_message', $e->getMessage());
-		}
-
-		$this->session->set('two_factor_auth_error', true);
-		return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.showChallenge', [
-			'challengeProviderId' => $provider->getId(),
-			'redirect_url' => $redirect_url,
-		]));
-	}
+            $this->session->set('two_factor_auth_error_message', $e->getMessage());
+        }
+
+        $this->session->set('two_factor_auth_error', true);
+        return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.showChallenge', [
+            'challengeProviderId' => $provider->getId(),
+            'redirect_url' => $redirect_url,
+        ]));
+    }
 
 }