nextcloud / server

lib/public/FullTextSearch/Model/IIndex.php

Indentation +235 added lines, -235 removed lines

@@ -47,241 +47,241 @@
 interface IIndex {
 
 
-	const INDEX_OK = 1;
-	const INDEX_IGNORE = 2;
-
-	const INDEX_META = 4;
-	const INDEX_CONTENT = 8;
-	const INDEX_PARTS = 16;
-	const INDEX_FULL = 28;
-	const INDEX_REMOVE = 32;
-	const INDEX_DONE = 64;
-	const INDEX_FAILED = 128;
-
-	const ERROR_FAILED = 1;
-	const ERROR_FAILED2 = 2;
-	const ERROR_FAILED3 = 4;
-
-	const ERROR_SEV_1 = 1;
-	const ERROR_SEV_2 = 2;
-	const ERROR_SEV_3 = 3;
-	const ERROR_SEV_4 = 4;
-
-
-	/**
-	 * Get the Id of the Content Provider.
-	 *
-	 * @since 15.0.0
-	 *
-	 * @return string
-	 */
-	public function getProviderId(): string;
-
-
-	/**
-	 * Get the Id of the original document.
-	 *
-	 * @since 15.0.0
-	 *
-	 * @return string
-	 */
-	public function getDocumentId(): string;
-
-
-	/**
-	 * Set the source of the original document.
-	 *
-	 * @since 15.0.0
-	 *
-	 * @param string $source
-	 *
-	 * @return IIndex
-	 */
-	public function setSource(string $source): IIndex;
-
-	/**
-	 * Get the source of the original document.
-	 *
-	 * @since 15.0.0
-	 *
-	 * @return string
-	 */
-	public function getSource(): string;
-
-
-	/**
-	 * Set the owner of the original document.
-	 *
-	 * @since 15.0.0
-	 *
-	 * @param string $ownerId
-	 *
-	 * @return IIndex
-	 */
-	public function setOwnerId(string $ownerId): IIndex;
-
-	/**
-	 * Get the owner of the original document.
-	 *
-	 * @since 15.0.0
-	 *
-	 * @return string
-	 */
-	public function getOwnerId(): string;
-
-
-	/**
-	 * Set the current index status (bit flag) of the original document.
-	 * If $reset is true, the status is reset to the defined value.
-	 *
-	 * @since 15.0.0
-	 *
-	 * @param int $status
-	 * @param bool $reset
-	 *
-	 * @return IIndex
-	 */
-	public function setStatus(int $status, bool $reset = false): IIndex;
-
-	/**
-	 * Get the current index status of the original document.
-	 *
-	 * @since 15.0.0
-	 *
-	 * @return int
-	 */
-	public function getStatus(): int;
-
-	/**
-	 * Check if the document fit a specific status.
-	 *
-	 * @since 15.0.0
-	 *
-	 * @param int $status
-	 *
-	 * @return bool
-	 */
-	public function isStatus(int $status): bool;
-
-	/**
-	 * Remove a status.
-	 *
-	 * @since 15.0.0
-	 *
-	 * @param int $status
-	 *
-	 * @return IIndex
-	 */
-	public function unsetStatus(int $status): IIndex;
-
-
-	/**
-	 * Add an option related to the original document (as string).
-	 *
-	 * @since 15.0.0
-	 *
-	 * @param string $option
-	 * @param string $value
-	 *
-	 * @return IIndex
-	 */
-	public function addOption(string $option, string $value): IIndex;
-
-	/**
-	 * Add an option related to the original document (as integer).
-	 *
-	 * @since 15.0.0
-	 *
-	 * @param string $option
-	 * @param int $value
-	 *
-	 * @return IIndex
-	 */
-	public function addOptionInt(string $option, int $value): IIndex;
-
-	/**
-	 * Get the option related to the original document (as string).
-	 *
-	 * @since 15.0.0
-	 *
-	 * @param string $option
-	 * @param string $default
-	 *
-	 * @return string
-	 */
-	public function getOption(string $option, string $default = ''): string;
-
-	/**
-	 * Get the option related to the original document (as integer).
-	 *
-	 * @since 15.0.0
-	 *
-	 * @param string $option
-	 * @param int $default
-	 *
-	 * @return int
-	 */
-	public function getOptionInt(string $option, int $default = 0): int;
-
-	/**
-	 * Get all options related to the original document.
-	 *
-	 * @since 15.0.0
-	 *
-	 * @return array
-	 */
-	public function getOptions(): array;
-
-
-	/**
-	 * Add an error log related to the Index.
-	 *
-	 * @since 15.0.0
-	 *
-	 * @param string $message
-	 * @param string $exception
-	 * @param int $sev
-	 *
-	 * @return IIndex
-	 */
-	public function addError(string $message, string $exception = '', int $sev = self::ERROR_SEV_3): IIndex;
-
-	/**
-	 * Returns the number of known errors related to the Index.
-	 *
-	 * @since 15.0.0
-	 *
-	 * @return int
-	 */
-	public function getErrorCount(): int;
-
-	/**
-	 * Reset all error logs related to the Index.
-	 *
-	 * @since 15.0.0
-	 */
-	public function resetErrors(): IIndex;
-
-
-	/**
-	 * Set the date of the last index.
-	 *
-	 * @since 15.0.0
-	 *
-	 * @param int $lastIndex
-	 *
-	 * @return IIndex
-	 */
-	public function setLastIndex(int $lastIndex = -1): IIndex;
-
-	/**
-	 * Get the date of the last index.
-	 *
-	 * @since 15.0.0
-	 *
-	 * @return int
-	 */
-	public function getLastIndex(): int;
+    const INDEX_OK = 1;
+    const INDEX_IGNORE = 2;
+
+    const INDEX_META = 4;
+    const INDEX_CONTENT = 8;
+    const INDEX_PARTS = 16;
+    const INDEX_FULL = 28;
+    const INDEX_REMOVE = 32;
+    const INDEX_DONE = 64;
+    const INDEX_FAILED = 128;
+
+    const ERROR_FAILED = 1;
+    const ERROR_FAILED2 = 2;
+    const ERROR_FAILED3 = 4;
+
+    const ERROR_SEV_1 = 1;
+    const ERROR_SEV_2 = 2;
+    const ERROR_SEV_3 = 3;
+    const ERROR_SEV_4 = 4;
+
+
+    /**
+     * Get the Id of the Content Provider.
+     *
+     * @since 15.0.0
+     *
+     * @return string
+     */
+    public function getProviderId(): string;
+
+
+    /**
+     * Get the Id of the original document.
+     *
+     * @since 15.0.0
+     *
+     * @return string
+     */
+    public function getDocumentId(): string;
+
+
+    /**
+     * Set the source of the original document.
+     *
+     * @since 15.0.0
+     *
+     * @param string $source
+     *
+     * @return IIndex
+     */
+    public function setSource(string $source): IIndex;
+
+    /**
+     * Get the source of the original document.
+     *
+     * @since 15.0.0
+     *
+     * @return string
+     */
+    public function getSource(): string;
+
+
+    /**
+     * Set the owner of the original document.
+     *
+     * @since 15.0.0
+     *
+     * @param string $ownerId
+     *
+     * @return IIndex
+     */
+    public function setOwnerId(string $ownerId): IIndex;
+
+    /**
+     * Get the owner of the original document.
+     *
+     * @since 15.0.0
+     *
+     * @return string
+     */
+    public function getOwnerId(): string;
+
+
+    /**
+     * Set the current index status (bit flag) of the original document.
+     * If $reset is true, the status is reset to the defined value.
+     *
+     * @since 15.0.0
+     *
+     * @param int $status
+     * @param bool $reset
+     *
+     * @return IIndex
+     */
+    public function setStatus(int $status, bool $reset = false): IIndex;
+
+    /**
+     * Get the current index status of the original document.
+     *
+     * @since 15.0.0
+     *
+     * @return int
+     */
+    public function getStatus(): int;
+
+    /**
+     * Check if the document fit a specific status.
+     *
+     * @since 15.0.0
+     *
+     * @param int $status
+     *
+     * @return bool
+     */
+    public function isStatus(int $status): bool;
+
+    /**
+     * Remove a status.
+     *
+     * @since 15.0.0
+     *
+     * @param int $status
+     *
+     * @return IIndex
+     */
+    public function unsetStatus(int $status): IIndex;
+
+
+    /**
+     * Add an option related to the original document (as string).
+     *
+     * @since 15.0.0
+     *
+     * @param string $option
+     * @param string $value
+     *
+     * @return IIndex
+     */
+    public function addOption(string $option, string $value): IIndex;
+
+    /**
+     * Add an option related to the original document (as integer).
+     *
+     * @since 15.0.0
+     *
+     * @param string $option
+     * @param int $value
+     *
+     * @return IIndex
+     */
+    public function addOptionInt(string $option, int $value): IIndex;
+
+    /**
+     * Get the option related to the original document (as string).
+     *
+     * @since 15.0.0
+     *
+     * @param string $option
+     * @param string $default
+     *
+     * @return string
+     */
+    public function getOption(string $option, string $default = ''): string;
+
+    /**
+     * Get the option related to the original document (as integer).
+     *
+     * @since 15.0.0
+     *
+     * @param string $option
+     * @param int $default
+     *
+     * @return int
+     */
+    public function getOptionInt(string $option, int $default = 0): int;
+
+    /**
+     * Get all options related to the original document.
+     *
+     * @since 15.0.0
+     *
+     * @return array
+     */
+    public function getOptions(): array;
+
+
+    /**
+     * Add an error log related to the Index.
+     *
+     * @since 15.0.0
+     *
+     * @param string $message
+     * @param string $exception
+     * @param int $sev
+     *
+     * @return IIndex
+     */
+    public function addError(string $message, string $exception = '', int $sev = self::ERROR_SEV_3): IIndex;
+
+    /**
+     * Returns the number of known errors related to the Index.
+     *
+     * @since 15.0.0
+     *
+     * @return int
+     */
+    public function getErrorCount(): int;
+
+    /**
+     * Reset all error logs related to the Index.
+     *
+     * @since 15.0.0
+     */
+    public function resetErrors(): IIndex;
+
+
+    /**
+     * Set the date of the last index.
+     *
+     * @since 15.0.0
+     *
+     * @param int $lastIndex
+     *
+     * @return IIndex
+     */
+    public function setLastIndex(int $lastIndex = -1): IIndex;
+
+    /**
+     * Get the date of the last index.
+     *
+     * @since 15.0.0
+     *
+     * @return int
+     */
+    public function getLastIndex(): int;
 
 
 }

lib/private/AppFramework/OCS/BaseResponse.php

Indentation +118 added lines, -118 removed lines

@@ -30,122 +30,122 @@
 use OCP\AppFramework\Http\Response;
 
 abstract class BaseResponse extends Response   {
-	/** @var array */
-	protected $data;
-
-	/** @var string */
-	protected $format;
-
-	/** @var string */
-	protected $statusMessage;
-
-	/** @var int */
-	protected $itemsCount;
-
-	/** @var int */
-	protected $itemsPerPage;
-
-	/**
-	 * BaseResponse constructor.
-	 *
-	 * @param DataResponse $dataResponse
-	 * @param string $format
-	 * @param string|null $statusMessage
-	 * @param int|null $itemsCount
-	 * @param int|null $itemsPerPage
-	 */
-	public function __construct(DataResponse $dataResponse,
-								$format = 'xml',
-								$statusMessage = null,
-								$itemsCount = null,
-								$itemsPerPage = null) {
-		parent::__construct();
-
-		$this->format = $format;
-		$this->statusMessage = $statusMessage;
-		$this->itemsCount = $itemsCount;
-		$this->itemsPerPage = $itemsPerPage;
-
-		$this->data = $dataResponse->getData();
-
-		$this->setHeaders($dataResponse->getHeaders());
-		$this->setStatus($dataResponse->getStatus());
-		$this->setETag($dataResponse->getETag());
-		$this->setLastModified($dataResponse->getLastModified());
-		$this->setCookies($dataResponse->getCookies());
-
-		if ($format === 'json') {
-			$this->addHeader(
-				'Content-Type', 'application/json; charset=utf-8'
-			);
-		} else {
-			$this->addHeader(
-				'Content-Type', 'application/xml; charset=utf-8'
-			);
-		}
-	}
-
-	/**
-	 * @param string[] $meta
-	 * @return string
-	 */
-	protected function renderResult(array $meta): string {
-		$status = $this->getStatus();
-		if ($status === Http::STATUS_NO_CONTENT ||
-			$status === Http::STATUS_NOT_MODIFIED ||
-			($status >= 100 && $status <= 199)) {
-			// Those status codes are not supposed to have a body:
-			// https://stackoverflow.com/q/8628725
-			return '';
-		}
-
-		$response = [
-			'ocs' => [
-				'meta' => $meta,
-				'data' => $this->data,
-			],
-		];
-
-		if ($this->format === 'json') {
-			return json_encode($response, JSON_HEX_TAG);
-		}
-
-		$writer = new \XMLWriter();
-		$writer->openMemory();
-		$writer->setIndent(true);
-		$writer->startDocument();
-		$this->toXML($response, $writer);
-		$writer->endDocument();
-		return $writer->outputMemory(true);
-
-	}
-
-	/**
-	 * @param array $array
-	 * @param \XMLWriter $writer
-	 */
-	protected function toXML(array $array, \XMLWriter $writer) {
-		foreach ($array as $k => $v) {
-			if (\is_string($k) && strpos($k, '@') === 0) {
-				$writer->writeAttribute(substr($k, 1), $v);
-				continue;
-			}
-
-			if (\is_numeric($k)) {
-				$k = 'element';
-			}
-
-			if (\is_array($v)) {
-				$writer->startElement($k);
-				$this->toXML($v, $writer);
-				$writer->endElement();
-			} else {
-				$writer->writeElement($k, $v);
-			}
-		}
-	}
-
-	public function getOCSStatus() {
-		return parent::getStatus();
-	}
+    /** @var array */
+    protected $data;
+
+    /** @var string */
+    protected $format;
+
+    /** @var string */
+    protected $statusMessage;
+
+    /** @var int */
+    protected $itemsCount;
+
+    /** @var int */
+    protected $itemsPerPage;
+
+    /**
+     * BaseResponse constructor.
+     *
+     * @param DataResponse $dataResponse
+     * @param string $format
+     * @param string|null $statusMessage
+     * @param int|null $itemsCount
+     * @param int|null $itemsPerPage
+     */
+    public function __construct(DataResponse $dataResponse,
+                                $format = 'xml',
+                                $statusMessage = null,
+                                $itemsCount = null,
+                                $itemsPerPage = null) {
+        parent::__construct();
+
+        $this->format = $format;
+        $this->statusMessage = $statusMessage;
+        $this->itemsCount = $itemsCount;
+        $this->itemsPerPage = $itemsPerPage;
+
+        $this->data = $dataResponse->getData();
+
+        $this->setHeaders($dataResponse->getHeaders());
+        $this->setStatus($dataResponse->getStatus());
+        $this->setETag($dataResponse->getETag());
+        $this->setLastModified($dataResponse->getLastModified());
+        $this->setCookies($dataResponse->getCookies());
+
+        if ($format === 'json') {
+            $this->addHeader(
+                'Content-Type', 'application/json; charset=utf-8'
+            );
+        } else {
+            $this->addHeader(
+                'Content-Type', 'application/xml; charset=utf-8'
+            );
+        }
+    }
+
+    /**
+     * @param string[] $meta
+     * @return string
+     */
+    protected function renderResult(array $meta): string {
+        $status = $this->getStatus();
+        if ($status === Http::STATUS_NO_CONTENT ||
+            $status === Http::STATUS_NOT_MODIFIED ||
+            ($status >= 100 && $status <= 199)) {
+            // Those status codes are not supposed to have a body:
+            // https://stackoverflow.com/q/8628725
+            return '';
+        }
+
+        $response = [
+            'ocs' => [
+                'meta' => $meta,
+                'data' => $this->data,
+            ],
+        ];
+
+        if ($this->format === 'json') {
+            return json_encode($response, JSON_HEX_TAG);
+        }
+
+        $writer = new \XMLWriter();
+        $writer->openMemory();
+        $writer->setIndent(true);
+        $writer->startDocument();
+        $this->toXML($response, $writer);
+        $writer->endDocument();
+        return $writer->outputMemory(true);
+
+    }
+
+    /**
+     * @param array $array
+     * @param \XMLWriter $writer
+     */
+    protected function toXML(array $array, \XMLWriter $writer) {
+        foreach ($array as $k => $v) {
+            if (\is_string($k) && strpos($k, '@') === 0) {
+                $writer->writeAttribute(substr($k, 1), $v);
+                continue;
+            }
+
+            if (\is_numeric($k)) {
+                $k = 'element';
+            }
+
+            if (\is_array($v)) {
+                $writer->startElement($k);
+                $this->toXML($v, $writer);
+                $writer->endElement();
+            } else {
+                $writer->writeElement($k, $v);
+            }
+        }
+    }
+
+    public function getOCSStatus() {
+        return parent::getStatus();
+    }
 }

lib/private/Authentication/TwoFactorAuth/Manager.php

Indentation +334 added lines, -334 removed lines

@@ -49,342 +49,342 @@
 
 class Manager {
 
-	const SESSION_UID_KEY = 'two_factor_auth_uid';
-	const SESSION_UID_DONE = 'two_factor_auth_passed';
-	const REMEMBER_LOGIN = 'two_factor_remember_login';
-	const BACKUP_CODES_PROVIDER_ID = 'backup_codes';
-
-	/** @var ProviderLoader */
-	private $providerLoader;
-
-	/** @var IRegistry */
-	private $providerRegistry;
-
-	/** @var MandatoryTwoFactor */
-	private $mandatoryTwoFactor;
-
-	/** @var ISession */
-	private $session;
-
-	/** @var IConfig */
-	private $config;
-
-	/** @var IManager */
-	private $activityManager;
-
-	/** @var ILogger */
-	private $logger;
-
-	/** @var TokenProvider */
-	private $tokenProvider;
-
-	/** @var ITimeFactory */
-	private $timeFactory;
-
-	/** @var EventDispatcherInterface */
-	private $dispatcher;
-
-	public function __construct(ProviderLoader $providerLoader,
-								IRegistry $providerRegistry,
-								MandatoryTwoFactor $mandatoryTwoFactor,
-								ISession $session, IConfig $config,
-								IManager $activityManager, ILogger $logger, TokenProvider $tokenProvider,
-								ITimeFactory $timeFactory, EventDispatcherInterface $eventDispatcher) {
-		$this->providerLoader = $providerLoader;
-		$this->providerRegistry = $providerRegistry;
-		$this->mandatoryTwoFactor = $mandatoryTwoFactor;
-		$this->session = $session;
-		$this->config = $config;
-		$this->activityManager = $activityManager;
-		$this->logger = $logger;
-		$this->tokenProvider = $tokenProvider;
-		$this->timeFactory = $timeFactory;
-		$this->dispatcher = $eventDispatcher;
-	}
-
-	/**
-	 * Determine whether the user must provide a second factor challenge
-	 *
-	 * @param IUser $user
-	 * @return boolean
-	 */
-	public function isTwoFactorAuthenticated(IUser $user): bool {
-		if ($this->mandatoryTwoFactor->isEnforcedFor($user)) {
-			return true;
-		}
-
-		$providerStates = $this->providerRegistry->getProviderStates($user);
-		$providers = $this->providerLoader->getProviders($user);
-		$fixedStates = $this->fixMissingProviderStates($providerStates, $providers, $user);
-		$enabled = array_filter($fixedStates);
-		$providerIds = array_keys($enabled);
-		$providerIdsWithoutBackupCodes = array_diff($providerIds, [self::BACKUP_CODES_PROVIDER_ID]);
-
-		return !empty($providerIdsWithoutBackupCodes);
-	}
-
-	/**
-	 * Get a 2FA provider by its ID
-	 *
-	 * @param IUser $user
-	 * @param string $challengeProviderId
-	 * @return IProvider|null
-	 */
-	public function getProvider(IUser $user, string $challengeProviderId) {
-		$providers = $this->getProviderSet($user)->getProviders();
-		return $providers[$challengeProviderId] ?? null;
-	}
-
-	/**
-	 * @param IUser $user
-	 * @return IActivatableAtLogin[]
-	 * @throws Exception
-	 */
-	public function getLoginSetupProviders(IUser $user): array {
-		$providers = $this->providerLoader->getProviders($user);
-		return array_filter($providers, function(IProvider $provider) {
-			return ($provider instanceof IActivatableAtLogin);
-		});
-	}
-
-	/**
-	 * Check if the persistant mapping of enabled/disabled state of each available
-	 * provider is missing an entry and add it to the registry in that case.
-	 *
-	 * @todo remove in Nextcloud 17 as by then all providers should have been updated
-	 *
-	 * @param string[] $providerStates
-	 * @param IProvider[] $providers
-	 * @param IUser $user
-	 * @return string[] the updated $providerStates variable
-	 */
-	private function fixMissingProviderStates(array $providerStates,
-		array $providers, IUser $user): array {
-
-		foreach ($providers as $provider) {
-			if (isset($providerStates[$provider->getId()])) {
-				// All good
-				continue;
-			}
-
-			$enabled = $provider->isTwoFactorAuthEnabledForUser($user);
-			if ($enabled) {
-				$this->providerRegistry->enableProviderFor($provider, $user);
-			} else {
-				$this->providerRegistry->disableProviderFor($provider, $user);
-			}
-			$providerStates[$provider->getId()] = $enabled;
-		}
-
-		return $providerStates;
-	}
-
-	/**
-	 * @param array $states
-	 * @param IProvider[] $providers
-	 */
-	private function isProviderMissing(array $states, array $providers): bool {
-		$indexed = [];
-		foreach ($providers as $provider) {
-			$indexed[$provider->getId()] = $provider;
-		}
-
-		$missing = [];
-		foreach ($states as $providerId => $enabled) {
-			if (!$enabled) {
-				// Don't care
-				continue;
-			}
-
-			if (!isset($indexed[$providerId])) {
-				$missing[] = $providerId;
-				$this->logger->alert("two-factor auth provider '$providerId' failed to load",
-					[
-					'app' => 'core',
-				]);
-			}
-		}
-
-		if (!empty($missing)) {
-			// There was at least one provider missing
-			$this->logger->alert(count($missing) . " two-factor auth providers failed to load", ['app' => 'core']);
-
-			return true;
-		}
-
-		// If we reach this, there was not a single provider missing
-		return false;
-	}
-
-	/**
-	 * Get the list of 2FA providers for the given user
-	 *
-	 * @param IUser $user
-	 * @throws Exception
-	 */
-	public function getProviderSet(IUser $user): ProviderSet {
-		$providerStates = $this->providerRegistry->getProviderStates($user);
-		$providers = $this->providerLoader->getProviders($user);
-
-		$fixedStates = $this->fixMissingProviderStates($providerStates, $providers, $user);
-		$isProviderMissing = $this->isProviderMissing($fixedStates, $providers);
-
-		$enabled = array_filter($providers, function (IProvider $provider) use ($fixedStates) {
-			return $fixedStates[$provider->getId()];
-		});
-		return new ProviderSet($enabled, $isProviderMissing);
-	}
-
-	/**
-	 * Verify the given challenge
-	 *
-	 * @param string $providerId
-	 * @param IUser $user
-	 * @param string $challenge
-	 * @return boolean
-	 */
-	public function verifyChallenge(string $providerId, IUser $user, string $challenge): bool {
-		$provider = $this->getProvider($user, $providerId);
-		if ($provider === null) {
-			return false;
-		}
-
-		$passed = $provider->verifyChallenge($user, $challenge);
-		if ($passed) {
-			if ($this->session->get(self::REMEMBER_LOGIN) === true) {
-				// TODO: resolve cyclic dependency and use DI
-				\OC::$server->getUserSession()->createRememberMeToken($user);
-			}
-			$this->session->remove(self::SESSION_UID_KEY);
-			$this->session->remove(self::REMEMBER_LOGIN);
-			$this->session->set(self::SESSION_UID_DONE, $user->getUID());
-
-			// Clear token from db
-			$sessionId = $this->session->getId();
-			$token = $this->tokenProvider->getToken($sessionId);
-			$tokenId = $token->getId();
-			$this->config->deleteUserValue($user->getUID(), 'login_token_2fa', $tokenId);
-
-			$dispatchEvent = new GenericEvent($user, ['provider' => $provider->getDisplayName()]);
-			$this->dispatcher->dispatch(IProvider::EVENT_SUCCESS, $dispatchEvent);
-
-			$this->publishEvent($user, 'twofactor_success', [
-				'provider' => $provider->getDisplayName(),
-			]);
-		} else {
-			$dispatchEvent = new GenericEvent($user, ['provider' => $provider->getDisplayName()]);
-			$this->dispatcher->dispatch(IProvider::EVENT_FAILED, $dispatchEvent);
-
-			$this->publishEvent($user, 'twofactor_failed', [
-				'provider' => $provider->getDisplayName(),
-			]);
-		}
-		return $passed;
-	}
-
-	/**
-	 * Push a 2fa event the user's activity stream
-	 *
-	 * @param IUser $user
-	 * @param string $event
-	 * @param array $params
-	 */
-	private function publishEvent(IUser $user, string $event, array $params) {
-		$activity = $this->activityManager->generateEvent();
-		$activity->setApp('core')
-			->setType('security')
-			->setAuthor($user->getUID())
-			->setAffectedUser($user->getUID())
-			->setSubject($event, $params);
-		try {
-			$this->activityManager->publish($activity);
-		} catch (BadMethodCallException $e) {
-			$this->logger->warning('could not publish activity', ['app' => 'core']);
-			$this->logger->logException($e, ['app' => 'core']);
-		}
-	}
-
-	/**
-	 * Check if the currently logged in user needs to pass 2FA
-	 *
-	 * @param IUser $user the currently logged in user
-	 * @return boolean
-	 */
-	public function needsSecondFactor(IUser $user = null): bool {
-		if ($user === null) {
-			return false;
-		}
-
-		// If we are authenticated using an app password skip all this
-		if ($this->session->exists('app_password')) {
-			return false;
-		}
-
-		// First check if the session tells us we should do 2FA (99% case)
-		if (!$this->session->exists(self::SESSION_UID_KEY)) {
-
-			// Check if the session tells us it is 2FA authenticated already
-			if ($this->session->exists(self::SESSION_UID_DONE) &&
-				$this->session->get(self::SESSION_UID_DONE) === $user->getUID()) {
-				return false;
-			}
-
-			/*
+    const SESSION_UID_KEY = 'two_factor_auth_uid';
+    const SESSION_UID_DONE = 'two_factor_auth_passed';
+    const REMEMBER_LOGIN = 'two_factor_remember_login';
+    const BACKUP_CODES_PROVIDER_ID = 'backup_codes';
+
+    /** @var ProviderLoader */
+    private $providerLoader;
+
+    /** @var IRegistry */
+    private $providerRegistry;
+
+    /** @var MandatoryTwoFactor */
+    private $mandatoryTwoFactor;
+
+    /** @var ISession */
+    private $session;
+
+    /** @var IConfig */
+    private $config;
+
+    /** @var IManager */
+    private $activityManager;
+
+    /** @var ILogger */
+    private $logger;
+
+    /** @var TokenProvider */
+    private $tokenProvider;
+
+    /** @var ITimeFactory */
+    private $timeFactory;
+
+    /** @var EventDispatcherInterface */
+    private $dispatcher;
+
+    public function __construct(ProviderLoader $providerLoader,
+                                IRegistry $providerRegistry,
+                                MandatoryTwoFactor $mandatoryTwoFactor,
+                                ISession $session, IConfig $config,
+                                IManager $activityManager, ILogger $logger, TokenProvider $tokenProvider,
+                                ITimeFactory $timeFactory, EventDispatcherInterface $eventDispatcher) {
+        $this->providerLoader = $providerLoader;
+        $this->providerRegistry = $providerRegistry;
+        $this->mandatoryTwoFactor = $mandatoryTwoFactor;
+        $this->session = $session;
+        $this->config = $config;
+        $this->activityManager = $activityManager;
+        $this->logger = $logger;
+        $this->tokenProvider = $tokenProvider;
+        $this->timeFactory = $timeFactory;
+        $this->dispatcher = $eventDispatcher;
+    }
+
+    /**
+     * Determine whether the user must provide a second factor challenge
+     *
+     * @param IUser $user
+     * @return boolean
+     */
+    public function isTwoFactorAuthenticated(IUser $user): bool {
+        if ($this->mandatoryTwoFactor->isEnforcedFor($user)) {
+            return true;
+        }
+
+        $providerStates = $this->providerRegistry->getProviderStates($user);
+        $providers = $this->providerLoader->getProviders($user);
+        $fixedStates = $this->fixMissingProviderStates($providerStates, $providers, $user);
+        $enabled = array_filter($fixedStates);
+        $providerIds = array_keys($enabled);
+        $providerIdsWithoutBackupCodes = array_diff($providerIds, [self::BACKUP_CODES_PROVIDER_ID]);
+
+        return !empty($providerIdsWithoutBackupCodes);
+    }
+
+    /**
+     * Get a 2FA provider by its ID
+     *
+     * @param IUser $user
+     * @param string $challengeProviderId
+     * @return IProvider|null
+     */
+    public function getProvider(IUser $user, string $challengeProviderId) {
+        $providers = $this->getProviderSet($user)->getProviders();
+        return $providers[$challengeProviderId] ?? null;
+    }
+
+    /**
+     * @param IUser $user
+     * @return IActivatableAtLogin[]
+     * @throws Exception
+     */
+    public function getLoginSetupProviders(IUser $user): array {
+        $providers = $this->providerLoader->getProviders($user);
+        return array_filter($providers, function(IProvider $provider) {
+            return ($provider instanceof IActivatableAtLogin);
+        });
+    }
+
+    /**
+     * Check if the persistant mapping of enabled/disabled state of each available
+     * provider is missing an entry and add it to the registry in that case.
+     *
+     * @todo remove in Nextcloud 17 as by then all providers should have been updated
+     *
+     * @param string[] $providerStates
+     * @param IProvider[] $providers
+     * @param IUser $user
+     * @return string[] the updated $providerStates variable
+     */
+    private function fixMissingProviderStates(array $providerStates,
+        array $providers, IUser $user): array {
+
+        foreach ($providers as $provider) {
+            if (isset($providerStates[$provider->getId()])) {
+                // All good
+                continue;
+            }
+
+            $enabled = $provider->isTwoFactorAuthEnabledForUser($user);
+            if ($enabled) {
+                $this->providerRegistry->enableProviderFor($provider, $user);
+            } else {
+                $this->providerRegistry->disableProviderFor($provider, $user);
+            }
+            $providerStates[$provider->getId()] = $enabled;
+        }
+
+        return $providerStates;
+    }
+
+    /**
+     * @param array $states
+     * @param IProvider[] $providers
+     */
+    private function isProviderMissing(array $states, array $providers): bool {
+        $indexed = [];
+        foreach ($providers as $provider) {
+            $indexed[$provider->getId()] = $provider;
+        }
+
+        $missing = [];
+        foreach ($states as $providerId => $enabled) {
+            if (!$enabled) {
+                // Don't care
+                continue;
+            }
+
+            if (!isset($indexed[$providerId])) {
+                $missing[] = $providerId;
+                $this->logger->alert("two-factor auth provider '$providerId' failed to load",
+                    [
+                    'app' => 'core',
+                ]);
+            }
+        }
+
+        if (!empty($missing)) {
+            // There was at least one provider missing
+            $this->logger->alert(count($missing) . " two-factor auth providers failed to load", ['app' => 'core']);
+
+            return true;
+        }
+
+        // If we reach this, there was not a single provider missing
+        return false;
+    }
+
+    /**
+     * Get the list of 2FA providers for the given user
+     *
+     * @param IUser $user
+     * @throws Exception
+     */
+    public function getProviderSet(IUser $user): ProviderSet {
+        $providerStates = $this->providerRegistry->getProviderStates($user);
+        $providers = $this->providerLoader->getProviders($user);
+
+        $fixedStates = $this->fixMissingProviderStates($providerStates, $providers, $user);
+        $isProviderMissing = $this->isProviderMissing($fixedStates, $providers);
+
+        $enabled = array_filter($providers, function (IProvider $provider) use ($fixedStates) {
+            return $fixedStates[$provider->getId()];
+        });
+        return new ProviderSet($enabled, $isProviderMissing);
+    }
+
+    /**
+     * Verify the given challenge
+     *
+     * @param string $providerId
+     * @param IUser $user
+     * @param string $challenge
+     * @return boolean
+     */
+    public function verifyChallenge(string $providerId, IUser $user, string $challenge): bool {
+        $provider = $this->getProvider($user, $providerId);
+        if ($provider === null) {
+            return false;
+        }
+
+        $passed = $provider->verifyChallenge($user, $challenge);
+        if ($passed) {
+            if ($this->session->get(self::REMEMBER_LOGIN) === true) {
+                // TODO: resolve cyclic dependency and use DI
+                \OC::$server->getUserSession()->createRememberMeToken($user);
+            }
+            $this->session->remove(self::SESSION_UID_KEY);
+            $this->session->remove(self::REMEMBER_LOGIN);
+            $this->session->set(self::SESSION_UID_DONE, $user->getUID());
+
+            // Clear token from db
+            $sessionId = $this->session->getId();
+            $token = $this->tokenProvider->getToken($sessionId);
+            $tokenId = $token->getId();
+            $this->config->deleteUserValue($user->getUID(), 'login_token_2fa', $tokenId);
+
+            $dispatchEvent = new GenericEvent($user, ['provider' => $provider->getDisplayName()]);
+            $this->dispatcher->dispatch(IProvider::EVENT_SUCCESS, $dispatchEvent);
+
+            $this->publishEvent($user, 'twofactor_success', [
+                'provider' => $provider->getDisplayName(),
+            ]);
+        } else {
+            $dispatchEvent = new GenericEvent($user, ['provider' => $provider->getDisplayName()]);
+            $this->dispatcher->dispatch(IProvider::EVENT_FAILED, $dispatchEvent);
+
+            $this->publishEvent($user, 'twofactor_failed', [
+                'provider' => $provider->getDisplayName(),
+            ]);
+        }
+        return $passed;
+    }
+
+    /**
+     * Push a 2fa event the user's activity stream
+     *
+     * @param IUser $user
+     * @param string $event
+     * @param array $params
+     */
+    private function publishEvent(IUser $user, string $event, array $params) {
+        $activity = $this->activityManager->generateEvent();
+        $activity->setApp('core')
+            ->setType('security')
+            ->setAuthor($user->getUID())
+            ->setAffectedUser($user->getUID())
+            ->setSubject($event, $params);
+        try {
+            $this->activityManager->publish($activity);
+        } catch (BadMethodCallException $e) {
+            $this->logger->warning('could not publish activity', ['app' => 'core']);
+            $this->logger->logException($e, ['app' => 'core']);
+        }
+    }
+
+    /**
+     * Check if the currently logged in user needs to pass 2FA
+     *
+     * @param IUser $user the currently logged in user
+     * @return boolean
+     */
+    public function needsSecondFactor(IUser $user = null): bool {
+        if ($user === null) {
+            return false;
+        }
+
+        // If we are authenticated using an app password skip all this
+        if ($this->session->exists('app_password')) {
+            return false;
+        }
+
+        // First check if the session tells us we should do 2FA (99% case)
+        if (!$this->session->exists(self::SESSION_UID_KEY)) {
+
+            // Check if the session tells us it is 2FA authenticated already
+            if ($this->session->exists(self::SESSION_UID_DONE) &&
+                $this->session->get(self::SESSION_UID_DONE) === $user->getUID()) {
+                return false;
+            }
+
+            /*
 			 * If the session is expired check if we are not logged in by a token
 			 * that still needs 2FA auth
 			 */
-			try {
-				$sessionId = $this->session->getId();
-				$token = $this->tokenProvider->getToken($sessionId);
-				$tokenId = $token->getId();
-				$tokensNeeding2FA = $this->config->getUserKeys($user->getUID(), 'login_token_2fa');
-
-				if (!\in_array($tokenId, $tokensNeeding2FA, true)) {
-					$this->session->set(self::SESSION_UID_DONE, $user->getUID());
-					return false;
-				}
-			} catch (InvalidTokenException $e) {
-			}
-		}
-
-		if (!$this->isTwoFactorAuthenticated($user)) {
-			// There is no second factor any more -> let the user pass
-			//   This prevents infinite redirect loops when a user is about
-			//   to solve the 2FA challenge, and the provider app is
-			//   disabled the same time
-			$this->session->remove(self::SESSION_UID_KEY);
-
-			$keys = $this->config->getUserKeys($user->getUID(), 'login_token_2fa');
-			foreach ($keys as $key) {
-				$this->config->deleteUserValue($user->getUID(), 'login_token_2fa', $key);
-			}
-			return false;
-		}
-
-		return true;
-	}
-
-	/**
-	 * Prepare the 2FA login
-	 *
-	 * @param IUser $user
-	 * @param boolean $rememberMe
-	 */
-	public function prepareTwoFactorLogin(IUser $user, bool $rememberMe) {
-		$this->session->set(self::SESSION_UID_KEY, $user->getUID());
-		$this->session->set(self::REMEMBER_LOGIN, $rememberMe);
-
-		$id = $this->session->getId();
-		$token = $this->tokenProvider->getToken($id);
-		$this->config->setUserValue($user->getUID(), 'login_token_2fa', $token->getId(), $this->timeFactory->getTime());
-	}
-
-	public function clearTwoFactorPending(string $userId) {
-		$tokensNeeding2FA = $this->config->getUserKeys($userId, 'login_token_2fa');
-
-		foreach ($tokensNeeding2FA as $tokenId) {
-			$this->tokenProvider->invalidateTokenById($userId, $tokenId);
-		}
-	}
+            try {
+                $sessionId = $this->session->getId();
+                $token = $this->tokenProvider->getToken($sessionId);
+                $tokenId = $token->getId();
+                $tokensNeeding2FA = $this->config->getUserKeys($user->getUID(), 'login_token_2fa');
+
+                if (!\in_array($tokenId, $tokensNeeding2FA, true)) {
+                    $this->session->set(self::SESSION_UID_DONE, $user->getUID());
+                    return false;
+                }
+            } catch (InvalidTokenException $e) {
+            }
+        }
+
+        if (!$this->isTwoFactorAuthenticated($user)) {
+            // There is no second factor any more -> let the user pass
+            //   This prevents infinite redirect loops when a user is about
+            //   to solve the 2FA challenge, and the provider app is
+            //   disabled the same time
+            $this->session->remove(self::SESSION_UID_KEY);
+
+            $keys = $this->config->getUserKeys($user->getUID(), 'login_token_2fa');
+            foreach ($keys as $key) {
+                $this->config->deleteUserValue($user->getUID(), 'login_token_2fa', $key);
+            }
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Prepare the 2FA login
+     *
+     * @param IUser $user
+     * @param boolean $rememberMe
+     */
+    public function prepareTwoFactorLogin(IUser $user, bool $rememberMe) {
+        $this->session->set(self::SESSION_UID_KEY, $user->getUID());
+        $this->session->set(self::REMEMBER_LOGIN, $rememberMe);
+
+        $id = $this->session->getId();
+        $token = $this->tokenProvider->getToken($id);
+        $this->config->setUserValue($user->getUID(), 'login_token_2fa', $token->getId(), $this->timeFactory->getTime());
+    }
+
+    public function clearTwoFactorPending(string $userId) {
+        $tokensNeeding2FA = $this->config->getUserKeys($userId, 'login_token_2fa');
+
+        foreach ($tokensNeeding2FA as $tokenId) {
+            $this->tokenProvider->invalidateTokenById($userId, $tokenId);
+        }
+    }
 
 }

lib/private/Preview/GeneratorHelper.php

Indentation +39 added lines, -39 removed lines

@@ -40,48 +40,48 @@
  */
 class GeneratorHelper {
 
-	/** @var IRootFolder */
-	private $rootFolder;
+    /** @var IRootFolder */
+    private $rootFolder;
 
-	/** @var IConfig */
-	private $config;
+    /** @var IConfig */
+    private $config;
 
-	public function __construct(IRootFolder $rootFolder, IConfig $config) {
-		$this->rootFolder = $rootFolder;
-		$this->config = $config;
-	}
+    public function __construct(IRootFolder $rootFolder, IConfig $config) {
+        $this->rootFolder = $rootFolder;
+        $this->config = $config;
+    }
 
-	/**
-	 * @param IProviderV2 $provider
-	 * @param File $file
-	 * @param int $maxWidth
-	 * @param int $maxHeight
-	 *
-	 * @return bool|IImage
-	 */
-	public function getThumbnail(IProviderV2 $provider, File $file, $maxWidth, $maxHeight) {
-		return $provider->getThumbnail($file, $maxWidth, $maxHeight);
-	}
+    /**
+     * @param IProviderV2 $provider
+     * @param File $file
+     * @param int $maxWidth
+     * @param int $maxHeight
+     *
+     * @return bool|IImage
+     */
+    public function getThumbnail(IProviderV2 $provider, File $file, $maxWidth, $maxHeight) {
+        return $provider->getThumbnail($file, $maxWidth, $maxHeight);
+    }
 
-	/**
-	 * @param ISimpleFile $maxPreview
-	 * @return IImage
-	 */
-	public function getImage(ISimpleFile $maxPreview) {
-		$image = new OCPImage();
-		$image->loadFromData($maxPreview->getContent());
-		return $image;
-	}
+    /**
+     * @param ISimpleFile $maxPreview
+     * @return IImage
+     */
+    public function getImage(ISimpleFile $maxPreview) {
+        $image = new OCPImage();
+        $image->loadFromData($maxPreview->getContent());
+        return $image;
+    }
 
-	/**
-	 * @param callable $providerClosure
-	 * @return IProviderV2
-	 */
-	public function getProvider($providerClosure) {
-		$provider = $providerClosure();
-		if ($provider instanceof IProvider) {
-			$provider = new ProviderV1Adapter($provider);
-		}
-		return $provider;
-	}
+    /**
+     * @param callable $providerClosure
+     * @return IProviderV2
+     */
+    public function getProvider($providerClosure) {
+        $provider = $providerClosure();
+        if ($provider instanceof IProvider) {
+            $provider = new ProviderV1Adapter($provider);
+        }
+        return $provider;
+    }
 }

lib/private/DB/Migrator.php

Indentation +268 added lines, -268 removed lines

@@ -46,272 +46,272 @@
 
 class Migrator {
 
-	/** @var \Doctrine\DBAL\Connection */
-	protected $connection;
-
-	/** @var ISecureRandom */
-	private $random;
-
-	/** @var IConfig */
-	protected $config;
-
-	/** @var EventDispatcherInterface  */
-	private $dispatcher;
-
-	/** @var bool */
-	private $noEmit = false;
-
-	/**
-	 * @param \Doctrine\DBAL\Connection $connection
-	 * @param ISecureRandom $random
-	 * @param IConfig $config
-	 * @param EventDispatcherInterface $dispatcher
-	 */
-	public function __construct(\Doctrine\DBAL\Connection $connection,
-								ISecureRandom $random,
-								IConfig $config,
-								EventDispatcherInterface $dispatcher = null) {
-		$this->connection = $connection;
-		$this->random = $random;
-		$this->config = $config;
-		$this->dispatcher = $dispatcher;
-	}
-
-	/**
-	 * @param \Doctrine\DBAL\Schema\Schema $targetSchema
-	 */
-	public function migrate(Schema $targetSchema) {
-		$this->noEmit = true;
-		$this->applySchema($targetSchema);
-	}
-
-	/**
-	 * @param \Doctrine\DBAL\Schema\Schema $targetSchema
-	 * @return string
-	 */
-	public function generateChangeScript(Schema $targetSchema) {
-		$schemaDiff = $this->getDiff($targetSchema, $this->connection);
-
-		$script = '';
-		$sqls = $schemaDiff->toSql($this->connection->getDatabasePlatform());
-		foreach ($sqls as $sql) {
-			$script .= $this->convertStatementToScript($sql);
-		}
-
-		return $script;
-	}
-
-	/**
-	 * @param Schema $targetSchema
-	 * @throws \OC\DB\MigrationException
-	 */
-	public function checkMigrate(Schema $targetSchema) {
-		$this->noEmit = true;
-		/**@var \Doctrine\DBAL\Schema\Table[] $tables */
-		$tables = $targetSchema->getTables();
-		$filterExpression = $this->getFilterExpression();
-		$this->connection->getConfiguration()->
-			setFilterSchemaAssetsExpression($filterExpression);
-		$existingTables = $this->connection->getSchemaManager()->listTableNames();
-
-		$step = 0;
-		foreach ($tables as $table) {
-			if (strpos($table->getName(), '.')) {
-				list(, $tableName) = explode('.', $table->getName());
-			} else {
-				$tableName = $table->getName();
-			}
-			$this->emitCheckStep($tableName, $step++, count($tables));
-			// don't need to check for new tables
-			if (array_search($tableName, $existingTables) !== false) {
-				$this->checkTableMigrate($table);
-			}
-		}
-	}
-
-	/**
-	 * Create a unique name for the temporary table
-	 *
-	 * @param string $name
-	 * @return string
-	 */
-	protected function generateTemporaryTableName($name) {
-		return $this->config->getSystemValue('dbtableprefix', 'oc_') . $name . '_' . $this->random->generate(13, ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_DIGITS);
-	}
-
-	/**
-	 * Check the migration of a table on a copy so we can detect errors before messing with the real table
-	 *
-	 * @param \Doctrine\DBAL\Schema\Table $table
-	 * @throws \OC\DB\MigrationException
-	 */
-	protected function checkTableMigrate(Table $table) {
-		$name = $table->getName();
-		$tmpName = $this->generateTemporaryTableName($name);
-
-		$this->copyTable($name, $tmpName);
-
-		//create the migration schema for the temporary table
-		$tmpTable = $this->renameTableSchema($table, $tmpName);
-		$schemaConfig = new SchemaConfig();
-		$schemaConfig->setName($this->connection->getDatabase());
-		$schema = new Schema(array($tmpTable), array(), $schemaConfig);
-
-		try {
-			$this->applySchema($schema);
-			$this->dropTable($tmpName);
-		} catch (DBALException $e) {
-			// pgsql needs to commit it's failed transaction before doing anything else
-			if ($this->connection->isTransactionActive()) {
-				$this->connection->commit();
-			}
-			$this->dropTable($tmpName);
-			throw new MigrationException($table->getName(), $e->getMessage());
-		}
-	}
-
-	/**
-	 * @param \Doctrine\DBAL\Schema\Table $table
-	 * @param string $newName
-	 * @return \Doctrine\DBAL\Schema\Table
-	 */
-	protected function renameTableSchema(Table $table, $newName) {
-		/**
-		 * @var \Doctrine\DBAL\Schema\Index[] $indexes
-		 */
-		$indexes = $table->getIndexes();
-		$newIndexes = array();
-		foreach ($indexes as $index) {
-			if ($index->isPrimary()) {
-				// do not rename primary key
-				$indexName = $index->getName();
-			} else {
-				// avoid conflicts in index names
-				$indexName = $this->config->getSystemValue('dbtableprefix', 'oc_') . $this->random->generate(13, ISecureRandom::CHAR_LOWER);
-			}
-			$newIndexes[] = new Index($indexName, $index->getColumns(), $index->isUnique(), $index->isPrimary());
-		}
-
-		// foreign keys are not supported so we just set it to an empty array
-		return new Table($newName, $table->getColumns(), $newIndexes, array(), 0, $table->getOptions());
-	}
-
-	public function createSchema() {
-		$filterExpression = $this->getFilterExpression();
-		$this->connection->getConfiguration()->setFilterSchemaAssetsExpression($filterExpression);
-		return $this->connection->getSchemaManager()->createSchema();
-	}
-
-	/**
-	 * @param Schema $targetSchema
-	 * @param \Doctrine\DBAL\Connection $connection
-	 * @return \Doctrine\DBAL\Schema\SchemaDiff
-	 * @throws DBALException
-	 */
-	protected function getDiff(Schema $targetSchema, \Doctrine\DBAL\Connection $connection) {
-		// adjust varchar columns with a length higher then getVarcharMaxLength to clob
-		foreach ($targetSchema->getTables() as $table) {
-			foreach ($table->getColumns() as $column) {
-				if ($column->getType() instanceof StringType) {
-					if ($column->getLength() > $connection->getDatabasePlatform()->getVarcharMaxLength()) {
-						$column->setType(Type::getType('text'));
-						$column->setLength(null);
-					}
-				}
-			}
-		}
-
-		$filterExpression = $this->getFilterExpression();
-		$this->connection->getConfiguration()->setFilterSchemaAssetsExpression($filterExpression);
-		$sourceSchema = $connection->getSchemaManager()->createSchema();
-
-		// remove tables we don't know about
-		/** @var $table \Doctrine\DBAL\Schema\Table */
-		foreach ($sourceSchema->getTables() as $table) {
-			if (!$targetSchema->hasTable($table->getName())) {
-				$sourceSchema->dropTable($table->getName());
-			}
-		}
-		// remove sequences we don't know about
-		foreach ($sourceSchema->getSequences() as $table) {
-			if (!$targetSchema->hasSequence($table->getName())) {
-				$sourceSchema->dropSequence($table->getName());
-			}
-		}
-
-		$comparator = new Comparator();
-		return $comparator->compare($sourceSchema, $targetSchema);
-	}
-
-	/**
-	 * @param \Doctrine\DBAL\Schema\Schema $targetSchema
-	 * @param \Doctrine\DBAL\Connection $connection
-	 */
-	protected function applySchema(Schema $targetSchema, \Doctrine\DBAL\Connection $connection = null) {
-		if (is_null($connection)) {
-			$connection = $this->connection;
-		}
-
-		$schemaDiff = $this->getDiff($targetSchema, $connection);
-
-		$connection->beginTransaction();
-		$sqls = $schemaDiff->toSql($connection->getDatabasePlatform());
-		$step = 0;
-		foreach ($sqls as $sql) {
-			$this->emit($sql, $step++, count($sqls));
-			$connection->query($sql);
-		}
-		$connection->commit();
-	}
-
-	/**
-	 * @param string $sourceName
-	 * @param string $targetName
-	 */
-	protected function copyTable($sourceName, $targetName) {
-		$quotedSource = $this->connection->quoteIdentifier($sourceName);
-		$quotedTarget = $this->connection->quoteIdentifier($targetName);
-
-		$this->connection->exec('CREATE TABLE ' . $quotedTarget . ' (LIKE ' . $quotedSource . ')');
-		$this->connection->exec('INSERT INTO ' . $quotedTarget . ' SELECT * FROM ' . $quotedSource);
-	}
-
-	/**
-	 * @param string $name
-	 */
-	protected function dropTable($name) {
-		$this->connection->exec('DROP TABLE ' . $this->connection->quoteIdentifier($name));
-	}
-
-	/**
-	 * @param $statement
-	 * @return string
-	 */
-	protected function convertStatementToScript($statement) {
-		$script = $statement . ';';
-		$script .= PHP_EOL;
-		$script .= PHP_EOL;
-		return $script;
-	}
-
-	protected function getFilterExpression() {
-		return '/^' . preg_quote($this->config->getSystemValue('dbtableprefix', 'oc_')) . '/';
-	}
-
-	protected function emit($sql, $step, $max) {
-		if ($this->noEmit) {
-			return;
-		}
-		if(is_null($this->dispatcher)) {
-			return;
-		}
-		$this->dispatcher->dispatch('\OC\DB\Migrator::executeSql', new GenericEvent($sql, [$step+1, $max]));
-	}
-
-	private function emitCheckStep($tableName, $step, $max) {
-		if(is_null($this->dispatcher)) {
-			return;
-		}
-		$this->dispatcher->dispatch('\OC\DB\Migrator::checkTable', new GenericEvent($tableName, [$step+1, $max]));
-	}
+    /** @var \Doctrine\DBAL\Connection */
+    protected $connection;
+
+    /** @var ISecureRandom */
+    private $random;
+
+    /** @var IConfig */
+    protected $config;
+
+    /** @var EventDispatcherInterface  */
+    private $dispatcher;
+
+    /** @var bool */
+    private $noEmit = false;
+
+    /**
+     * @param \Doctrine\DBAL\Connection $connection
+     * @param ISecureRandom $random
+     * @param IConfig $config
+     * @param EventDispatcherInterface $dispatcher
+     */
+    public function __construct(\Doctrine\DBAL\Connection $connection,
+                                ISecureRandom $random,
+                                IConfig $config,
+                                EventDispatcherInterface $dispatcher = null) {
+        $this->connection = $connection;
+        $this->random = $random;
+        $this->config = $config;
+        $this->dispatcher = $dispatcher;
+    }
+
+    /**
+     * @param \Doctrine\DBAL\Schema\Schema $targetSchema
+     */
+    public function migrate(Schema $targetSchema) {
+        $this->noEmit = true;
+        $this->applySchema($targetSchema);
+    }
+
+    /**
+     * @param \Doctrine\DBAL\Schema\Schema $targetSchema
+     * @return string
+     */
+    public function generateChangeScript(Schema $targetSchema) {
+        $schemaDiff = $this->getDiff($targetSchema, $this->connection);
+
+        $script = '';
+        $sqls = $schemaDiff->toSql($this->connection->getDatabasePlatform());
+        foreach ($sqls as $sql) {
+            $script .= $this->convertStatementToScript($sql);
+        }
+
+        return $script;
+    }
+
+    /**
+     * @param Schema $targetSchema
+     * @throws \OC\DB\MigrationException
+     */
+    public function checkMigrate(Schema $targetSchema) {
+        $this->noEmit = true;
+        /**@var \Doctrine\DBAL\Schema\Table[] $tables */
+        $tables = $targetSchema->getTables();
+        $filterExpression = $this->getFilterExpression();
+        $this->connection->getConfiguration()->
+            setFilterSchemaAssetsExpression($filterExpression);
+        $existingTables = $this->connection->getSchemaManager()->listTableNames();
+
+        $step = 0;
+        foreach ($tables as $table) {
+            if (strpos($table->getName(), '.')) {
+                list(, $tableName) = explode('.', $table->getName());
+            } else {
+                $tableName = $table->getName();
+            }
+            $this->emitCheckStep($tableName, $step++, count($tables));
+            // don't need to check for new tables
+            if (array_search($tableName, $existingTables) !== false) {
+                $this->checkTableMigrate($table);
+            }
+        }
+    }
+
+    /**
+     * Create a unique name for the temporary table
+     *
+     * @param string $name
+     * @return string
+     */
+    protected function generateTemporaryTableName($name) {
+        return $this->config->getSystemValue('dbtableprefix', 'oc_') . $name . '_' . $this->random->generate(13, ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_DIGITS);
+    }
+
+    /**
+     * Check the migration of a table on a copy so we can detect errors before messing with the real table
+     *
+     * @param \Doctrine\DBAL\Schema\Table $table
+     * @throws \OC\DB\MigrationException
+     */
+    protected function checkTableMigrate(Table $table) {
+        $name = $table->getName();
+        $tmpName = $this->generateTemporaryTableName($name);
+
+        $this->copyTable($name, $tmpName);
+
+        //create the migration schema for the temporary table
+        $tmpTable = $this->renameTableSchema($table, $tmpName);
+        $schemaConfig = new SchemaConfig();
+        $schemaConfig->setName($this->connection->getDatabase());
+        $schema = new Schema(array($tmpTable), array(), $schemaConfig);
+
+        try {
+            $this->applySchema($schema);
+            $this->dropTable($tmpName);
+        } catch (DBALException $e) {
+            // pgsql needs to commit it's failed transaction before doing anything else
+            if ($this->connection->isTransactionActive()) {
+                $this->connection->commit();
+            }
+            $this->dropTable($tmpName);
+            throw new MigrationException($table->getName(), $e->getMessage());
+        }
+    }
+
+    /**
+     * @param \Doctrine\DBAL\Schema\Table $table
+     * @param string $newName
+     * @return \Doctrine\DBAL\Schema\Table
+     */
+    protected function renameTableSchema(Table $table, $newName) {
+        /**
+         * @var \Doctrine\DBAL\Schema\Index[] $indexes
+         */
+        $indexes = $table->getIndexes();
+        $newIndexes = array();
+        foreach ($indexes as $index) {
+            if ($index->isPrimary()) {
+                // do not rename primary key
+                $indexName = $index->getName();
+            } else {
+                // avoid conflicts in index names
+                $indexName = $this->config->getSystemValue('dbtableprefix', 'oc_') . $this->random->generate(13, ISecureRandom::CHAR_LOWER);
+            }
+            $newIndexes[] = new Index($indexName, $index->getColumns(), $index->isUnique(), $index->isPrimary());
+        }
+
+        // foreign keys are not supported so we just set it to an empty array
+        return new Table($newName, $table->getColumns(), $newIndexes, array(), 0, $table->getOptions());
+    }
+
+    public function createSchema() {
+        $filterExpression = $this->getFilterExpression();
+        $this->connection->getConfiguration()->setFilterSchemaAssetsExpression($filterExpression);
+        return $this->connection->getSchemaManager()->createSchema();
+    }
+
+    /**
+     * @param Schema $targetSchema
+     * @param \Doctrine\DBAL\Connection $connection
+     * @return \Doctrine\DBAL\Schema\SchemaDiff
+     * @throws DBALException
+     */
+    protected function getDiff(Schema $targetSchema, \Doctrine\DBAL\Connection $connection) {
+        // adjust varchar columns with a length higher then getVarcharMaxLength to clob
+        foreach ($targetSchema->getTables() as $table) {
+            foreach ($table->getColumns() as $column) {
+                if ($column->getType() instanceof StringType) {
+                    if ($column->getLength() > $connection->getDatabasePlatform()->getVarcharMaxLength()) {
+                        $column->setType(Type::getType('text'));
+                        $column->setLength(null);
+                    }
+                }
+            }
+        }
+
+        $filterExpression = $this->getFilterExpression();
+        $this->connection->getConfiguration()->setFilterSchemaAssetsExpression($filterExpression);
+        $sourceSchema = $connection->getSchemaManager()->createSchema();
+
+        // remove tables we don't know about
+        /** @var $table \Doctrine\DBAL\Schema\Table */
+        foreach ($sourceSchema->getTables() as $table) {
+            if (!$targetSchema->hasTable($table->getName())) {
+                $sourceSchema->dropTable($table->getName());
+            }
+        }
+        // remove sequences we don't know about
+        foreach ($sourceSchema->getSequences() as $table) {
+            if (!$targetSchema->hasSequence($table->getName())) {
+                $sourceSchema->dropSequence($table->getName());
+            }
+        }
+
+        $comparator = new Comparator();
+        return $comparator->compare($sourceSchema, $targetSchema);
+    }
+
+    /**
+     * @param \Doctrine\DBAL\Schema\Schema $targetSchema
+     * @param \Doctrine\DBAL\Connection $connection
+     */
+    protected function applySchema(Schema $targetSchema, \Doctrine\DBAL\Connection $connection = null) {
+        if (is_null($connection)) {
+            $connection = $this->connection;
+        }
+
+        $schemaDiff = $this->getDiff($targetSchema, $connection);
+
+        $connection->beginTransaction();
+        $sqls = $schemaDiff->toSql($connection->getDatabasePlatform());
+        $step = 0;
+        foreach ($sqls as $sql) {
+            $this->emit($sql, $step++, count($sqls));
+            $connection->query($sql);
+        }
+        $connection->commit();
+    }
+
+    /**
+     * @param string $sourceName
+     * @param string $targetName
+     */
+    protected function copyTable($sourceName, $targetName) {
+        $quotedSource = $this->connection->quoteIdentifier($sourceName);
+        $quotedTarget = $this->connection->quoteIdentifier($targetName);
+
+        $this->connection->exec('CREATE TABLE ' . $quotedTarget . ' (LIKE ' . $quotedSource . ')');
+        $this->connection->exec('INSERT INTO ' . $quotedTarget . ' SELECT * FROM ' . $quotedSource);
+    }
+
+    /**
+     * @param string $name
+     */
+    protected function dropTable($name) {
+        $this->connection->exec('DROP TABLE ' . $this->connection->quoteIdentifier($name));
+    }
+
+    /**
+     * @param $statement
+     * @return string
+     */
+    protected function convertStatementToScript($statement) {
+        $script = $statement . ';';
+        $script .= PHP_EOL;
+        $script .= PHP_EOL;
+        return $script;
+    }
+
+    protected function getFilterExpression() {
+        return '/^' . preg_quote($this->config->getSystemValue('dbtableprefix', 'oc_')) . '/';
+    }
+
+    protected function emit($sql, $step, $max) {
+        if ($this->noEmit) {
+            return;
+        }
+        if(is_null($this->dispatcher)) {
+            return;
+        }
+        $this->dispatcher->dispatch('\OC\DB\Migrator::executeSql', new GenericEvent($sql, [$step+1, $max]));
+    }
+
+    private function emitCheckStep($tableName, $step, $max) {
+        if(is_null($this->dispatcher)) {
+            return;
+        }
+        $this->dispatcher->dispatch('\OC\DB\Migrator::checkTable', new GenericEvent($tableName, [$step+1, $max]));
+    }
 }