Inspection of "Change 2FA activities to more generic security act..." - nextcloud/server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#4894)

by Christoph

created 2017-05-16 08:31 UTC

Status

Indentation +203 added lines, -203 removed lines patch added patch discarded remove patch

@@ -38,232 +38,232 @@
 block discarded – undo
 
 class Manager {
 
-	const SESSION_UID_KEY = 'two_factor_auth_uid';
-	const BACKUP_CODES_APP_ID = 'twofactor_backupcodes';
-	const BACKUP_CODES_PROVIDER_ID = 'backup_codes';
-	const REMEMBER_LOGIN = 'two_factor_remember_login';
+    const SESSION_UID_KEY = 'two_factor_auth_uid';
+    const BACKUP_CODES_APP_ID = 'twofactor_backupcodes';
+    const BACKUP_CODES_PROVIDER_ID = 'backup_codes';
+    const REMEMBER_LOGIN = 'two_factor_remember_login';
 
-	/** @var AppManager */
-	private $appManager;
+    /** @var AppManager */
+    private $appManager;
 
-	/** @var ISession */
-	private $session;
+    /** @var ISession */
+    private $session;
 
-	/** @var IConfig */
-	private $config;
+    /** @var IConfig */
+    private $config;
 
-	/** @var IManager */
-	private $activityManager;
+    /** @var IManager */
+    private $activityManager;
 
-	/** @var ILogger */
-	private $logger;
+    /** @var ILogger */
+    private $logger;
 
-	/**
-	 * @param AppManager $appManager
-	 * @param ISession $session
-	 * @param IConfig $config
-	 * @param IManager $activityManager
-	 * @param ILogger $logger
-	 */
-	public function __construct(AppManager $appManager, ISession $session, IConfig $config, IManager $activityManager,
-		ILogger $logger) {
-		$this->appManager = $appManager;
-		$this->session = $session;
-		$this->config = $config;
-		$this->activityManager = $activityManager;
-		$this->logger = $logger;
-	}
+    /**
+     * @param AppManager $appManager
+     * @param ISession $session
+     * @param IConfig $config
+     * @param IManager $activityManager
+     * @param ILogger $logger
+     */
+    public function __construct(AppManager $appManager, ISession $session, IConfig $config, IManager $activityManager,
+        ILogger $logger) {
+        $this->appManager = $appManager;
+        $this->session = $session;
+        $this->config = $config;
+        $this->activityManager = $activityManager;
+        $this->logger = $logger;
+    }
 
-	/**
-	 * Determine whether the user must provide a second factor challenge
-	 *
-	 * @param IUser $user
-	 * @return boolean
-	 */
-	public function isTwoFactorAuthenticated(IUser $user) {
-		$twoFactorEnabled = ((int) $this->config->getUserValue($user->getUID(), 'core', 'two_factor_auth_disabled', 0)) === 0;
-		return $twoFactorEnabled && count($this->getProviders($user)) > 0;
-	}
+    /**
+     * Determine whether the user must provide a second factor challenge
+     *
+     * @param IUser $user
+     * @return boolean
+     */
+    public function isTwoFactorAuthenticated(IUser $user) {
+        $twoFactorEnabled = ((int) $this->config->getUserValue($user->getUID(), 'core', 'two_factor_auth_disabled', 0)) === 0;
+        return $twoFactorEnabled && count($this->getProviders($user)) > 0;
+    }
 
-	/**
-	 * Disable 2FA checks for the given user
-	 *
-	 * @param IUser $user
-	 */
-	public function disableTwoFactorAuthentication(IUser $user) {
-		$this->config->setUserValue($user->getUID(), 'core', 'two_factor_auth_disabled', 1);
-	}
+    /**
+     * Disable 2FA checks for the given user
+     *
+     * @param IUser $user
+     */
+    public function disableTwoFactorAuthentication(IUser $user) {
+        $this->config->setUserValue($user->getUID(), 'core', 'two_factor_auth_disabled', 1);
+    }
 
-	/**
-	 * Enable all 2FA checks for the given user
-	 *
-	 * @param IUser $user
-	 */
-	public function enableTwoFactorAuthentication(IUser $user) {
-		$this->config->deleteUserValue($user->getUID(), 'core', 'two_factor_auth_disabled');
-	}
+    /**
+     * Enable all 2FA checks for the given user
+     *
+     * @param IUser $user
+     */
+    public function enableTwoFactorAuthentication(IUser $user) {
+        $this->config->deleteUserValue($user->getUID(), 'core', 'two_factor_auth_disabled');
+    }
 
-	/**
-	 * Get a 2FA provider by its ID
-	 *
-	 * @param IUser $user
-	 * @param string $challengeProviderId
-	 * @return IProvider|null
-	 */
-	public function getProvider(IUser $user, $challengeProviderId) {
-		$providers = $this->getProviders($user, true);
-		return isset($providers[$challengeProviderId]) ? $providers[$challengeProviderId] : null;
-	}
+    /**
+     * Get a 2FA provider by its ID
+     *
+     * @param IUser $user
+     * @param string $challengeProviderId
+     * @return IProvider|null
+     */
+    public function getProvider(IUser $user, $challengeProviderId) {
+        $providers = $this->getProviders($user, true);
+        return isset($providers[$challengeProviderId]) ? $providers[$challengeProviderId] : null;
+    }
 
-	/**
-	 * @param IUser $user
-	 * @return IProvider|null the backup provider, if enabled for the given user
-	 */
-	public function getBackupProvider(IUser $user) {
-		$providers = $this->getProviders($user, true);
-		if (!isset($providers[self::BACKUP_CODES_PROVIDER_ID])) {
-			return null;
-		}
-		return $providers[self::BACKUP_CODES_PROVIDER_ID];
-	}
+    /**
+     * @param IUser $user
+     * @return IProvider|null the backup provider, if enabled for the given user
+     */
+    public function getBackupProvider(IUser $user) {
+        $providers = $this->getProviders($user, true);
+        if (!isset($providers[self::BACKUP_CODES_PROVIDER_ID])) {
+            return null;
+        }
+        return $providers[self::BACKUP_CODES_PROVIDER_ID];
+    }
 
-	/**
-	 * Get the list of 2FA providers for the given user
-	 *
-	 * @param IUser $user
-	 * @param bool $includeBackupApp
-	 * @return IProvider[]
-	 * @throws Exception
-	 */
-	public function getProviders(IUser $user, $includeBackupApp = false) {
-		$allApps = $this->appManager->getEnabledAppsForUser($user);
-		$providers = [];
+    /**
+     * Get the list of 2FA providers for the given user
+     *
+     * @param IUser $user
+     * @param bool $includeBackupApp
+     * @return IProvider[]
+     * @throws Exception
+     */
+    public function getProviders(IUser $user, $includeBackupApp = false) {
+        $allApps = $this->appManager->getEnabledAppsForUser($user);
+        $providers = [];
 
-		foreach ($allApps as $appId) {
-			if (!$includeBackupApp && $appId === self::BACKUP_CODES_APP_ID) {
-				continue;
-			}
+        foreach ($allApps as $appId) {
+            if (!$includeBackupApp && $appId === self::BACKUP_CODES_APP_ID) {
+                continue;
+            }
 
-			$info = $this->appManager->getAppInfo($appId);
-			if (isset($info['two-factor-providers'])) {
-				$providerClasses = $info['two-factor-providers'];
-				foreach ($providerClasses as $class) {
-					try {
-						$this->loadTwoFactorApp($appId);
-						$provider = OC::$server->query($class);
-						$providers[$provider->getId()] = $provider;
-					} catch (QueryException $exc) {
-						// Provider class can not be resolved
-						throw new Exception("Could not load two-factor auth provider $class");
-					}
-				}
-			}
-		}
+            $info = $this->appManager->getAppInfo($appId);
+            if (isset($info['two-factor-providers'])) {
+                $providerClasses = $info['two-factor-providers'];
+                foreach ($providerClasses as $class) {
+                    try {
+                        $this->loadTwoFactorApp($appId);
+                        $provider = OC::$server->query($class);
+                        $providers[$provider->getId()] = $provider;
+                    } catch (QueryException $exc) {
+                        // Provider class can not be resolved
+                        throw new Exception("Could not load two-factor auth provider $class");
+                    }
+                }
+            }
+        }
 
-		return array_filter($providers, function ($provider) use ($user) {
-			/* @var $provider IProvider */
-			return $provider->isTwoFactorAuthEnabledForUser($user);
-		});
-	}
+        return array_filter($providers, function ($provider) use ($user) {
+            /* @var $provider IProvider */
+            return $provider->isTwoFactorAuthEnabledForUser($user);
+        });
+    }
 
-	/**
-	 * Load an app by ID if it has not been loaded yet
-	 *
-	 * @param string $appId
-	 */
-	protected function loadTwoFactorApp($appId) {
-		if (!OC_App::isAppLoaded($appId)) {
-			OC_App::loadApp($appId);
-		}
-	}
+    /**
+     * Load an app by ID if it has not been loaded yet
+     *
+     * @param string $appId
+     */
+    protected function loadTwoFactorApp($appId) {
+        if (!OC_App::isAppLoaded($appId)) {
+            OC_App::loadApp($appId);
+        }
+    }
 
-	/**
-	 * Verify the given challenge
-	 *
-	 * @param string $providerId
-	 * @param IUser $user
-	 * @param string $challenge
-	 * @return boolean
-	 */
-	public function verifyChallenge($providerId, IUser $user, $challenge) {
-		$provider = $this->getProvider($user, $providerId);
-		if (is_null($provider)) {
-			return false;
-		}
+    /**
+     * Verify the given challenge
+     *
+     * @param string $providerId
+     * @param IUser $user
+     * @param string $challenge
+     * @return boolean
+     */
+    public function verifyChallenge($providerId, IUser $user, $challenge) {
+        $provider = $this->getProvider($user, $providerId);
+        if (is_null($provider)) {
+            return false;
+        }
 
-		$passed = $provider->verifyChallenge($user, $challenge);
-		if ($passed) {
-			if ($this->session->get(self::REMEMBER_LOGIN) === true) {
-				// TODO: resolve cyclic dependency and use DI
-				\OC::$server->getUserSession()->createRememberMeToken($user);
-			}
-			$this->session->remove(self::SESSION_UID_KEY);
-			$this->session->remove(self::REMEMBER_LOGIN);
+        $passed = $provider->verifyChallenge($user, $challenge);
+        if ($passed) {
+            if ($this->session->get(self::REMEMBER_LOGIN) === true) {
+                // TODO: resolve cyclic dependency and use DI
+                \OC::$server->getUserSession()->createRememberMeToken($user);
+            }
+            $this->session->remove(self::SESSION_UID_KEY);
+            $this->session->remove(self::REMEMBER_LOGIN);
 
-			$this->publishEvent($user, 'twofactor_success', [
-				'provider' => $provider->getDisplayName(),
-			]);
-		} else {
-			$this->publishEvent($user, 'twofactor_failed', [
-				'provider' => $provider->getDisplayName(),
-			]);
-		}
-		return $passed;
-	}
+            $this->publishEvent($user, 'twofactor_success', [
+                'provider' => $provider->getDisplayName(),
+            ]);
+        } else {
+            $this->publishEvent($user, 'twofactor_failed', [
+                'provider' => $provider->getDisplayName(),
+            ]);
+        }
+        return $passed;
+    }
 
-	/**
-	 * Push a 2fa event the user's activity stream
-	 *
-	 * @param IUser $user
-	 * @param string $event
-	 */
-	private function publishEvent(IUser $user, $event, array $params) {
-		$activity = $this->activityManager->generateEvent();
-		$activity->setApp('core')
-			->setType('security')
-			->setAuthor($user->getUID())
-			->setAffectedUser($user->getUID())
-			->setSubject($event, $params);
-		try {
-			$this->activityManager->publish($activity);
-		} catch (BadMethodCallException $e) {
-			$this->logger->warning('could not publish backup code creation activity', ['app' => 'core']);
-			$this->logger->logException($e, ['app' => 'core']);
-		}
-	}
+    /**
+     * Push a 2fa event the user's activity stream
+     *
+     * @param IUser $user
+     * @param string $event
+     */
+    private function publishEvent(IUser $user, $event, array $params) {
+        $activity = $this->activityManager->generateEvent();
+        $activity->setApp('core')
+            ->setType('security')
+            ->setAuthor($user->getUID())
+            ->setAffectedUser($user->getUID())
+            ->setSubject($event, $params);
+        try {
+            $this->activityManager->publish($activity);
+        } catch (BadMethodCallException $e) {
+            $this->logger->warning('could not publish backup code creation activity', ['app' => 'core']);
+            $this->logger->logException($e, ['app' => 'core']);
+        }
+    }
 
-	/**
-	 * Check if the currently logged in user needs to pass 2FA
-	 *
-	 * @param IUser $user the currently logged in user
-	 * @return boolean
-	 */
-	public function needsSecondFactor(IUser $user = null) {
-		if (is_null($user) || !$this->session->exists(self::SESSION_UID_KEY)) {
-			return false;
-		}
+    /**
+     * Check if the currently logged in user needs to pass 2FA
+     *
+     * @param IUser $user the currently logged in user
+     * @return boolean
+     */
+    public function needsSecondFactor(IUser $user = null) {
+        if (is_null($user) || !$this->session->exists(self::SESSION_UID_KEY)) {
+            return false;
+        }
 
-		if (!$this->isTwoFactorAuthenticated($user)) {
-			// There is no second factor any more -> let the user pass
-			//   This prevents infinite redirect loops when a user is about
-			//   to solve the 2FA challenge, and the provider app is
-			//   disabled the same time
-			$this->session->remove(self::SESSION_UID_KEY);
-			return false;
-		}
+        if (!$this->isTwoFactorAuthenticated($user)) {
+            // There is no second factor any more -> let the user pass
+            //   This prevents infinite redirect loops when a user is about
+            //   to solve the 2FA challenge, and the provider app is
+            //   disabled the same time
+            $this->session->remove(self::SESSION_UID_KEY);
+            return false;
+        }
 
-		return true;
-	}
+        return true;
+    }
 
-	/**
-	 * Prepare the 2FA login
-	 *
-	 * @param IUser $user
-	 * @param boolean $rememberMe
-	 */
-	public function prepareTwoFactorLogin(IUser $user, $rememberMe) {
-		$this->session->set(self::SESSION_UID_KEY, $user->getUID());
-		$this->session->set(self::REMEMBER_LOGIN, $rememberMe);
-	}
+    /**
+     * Prepare the 2FA login
+     *
+     * @param IUser $user
+     * @param boolean $rememberMe
+     */
+    public function prepareTwoFactorLogin(IUser $user, $rememberMe) {
+        $this->session->set(self::SESSION_UID_KEY, $user->getUID());
+        $this->session->set(self::REMEMBER_LOGIN, $rememberMe);
+    }
 
 }

Please login to merge, or discard this patch.

settings/Application.php 1 patch

Indentation +92 added lines, -92 removed lines patch added patch discarded remove patch

@@ -52,106 +52,106 @@
 block discarded – undo
 class Application extends App {
 
 
-	/**
-	 * @param array $urlParams
-	 */
-	public function __construct(array $urlParams=[]){
-		parent::__construct('settings', $urlParams);
+    /**
+     * @param array $urlParams
+     */
+    public function __construct(array $urlParams=[]){
+        parent::__construct('settings', $urlParams);
 
-		$container = $this->getContainer();
+        $container = $this->getContainer();
 
-		// Register Middleware
-		$container->registerAlias('SubadminMiddleware', SubadminMiddleware::class);
-		$container->registerMiddleWare('SubadminMiddleware');
+        // Register Middleware
+        $container->registerAlias('SubadminMiddleware', SubadminMiddleware::class);
+        $container->registerMiddleWare('SubadminMiddleware');
 
-		/**
-		 * Core class wrappers
-		 */
-		/** FIXME: Remove once OC_User is non-static and mockable */
-		$container->registerService('isAdmin', function() {
-			return \OC_User::isAdminUser(\OC_User::getUser());
-		});
-		/** FIXME: Remove once OC_SubAdmin is non-static and mockable */
-		$container->registerService('isSubAdmin', function(IContainer $c) {
-			$userObject = \OC::$server->getUserSession()->getUser();
-			$isSubAdmin = false;
-			if($userObject !== null) {
-				$isSubAdmin = \OC::$server->getGroupManager()->getSubAdmin()->isSubAdmin($userObject);
-			}
-			return $isSubAdmin;
-		});
-		$container->registerService('userCertificateManager', function(IContainer $c) {
-			return $c->query('ServerContainer')->getCertificateManager();
-		}, false);
-		$container->registerService('systemCertificateManager', function (IContainer $c) {
-			return $c->query('ServerContainer')->getCertificateManager(null);
-		}, false);
-		$container->registerService(IProvider::class, function (IContainer $c) {
-			return $c->query('ServerContainer')->query(IProvider::class);
-		});
-		$container->registerService(IManager::class, function (IContainer $c) {
-			return $c->query('ServerContainer')->getSettingsManager();
-		});
+        /**
+         * Core class wrappers
+         */
+        /** FIXME: Remove once OC_User is non-static and mockable */
+        $container->registerService('isAdmin', function() {
+            return \OC_User::isAdminUser(\OC_User::getUser());
+        });
+        /** FIXME: Remove once OC_SubAdmin is non-static and mockable */
+        $container->registerService('isSubAdmin', function(IContainer $c) {
+            $userObject = \OC::$server->getUserSession()->getUser();
+            $isSubAdmin = false;
+            if($userObject !== null) {
+                $isSubAdmin = \OC::$server->getGroupManager()->getSubAdmin()->isSubAdmin($userObject);
+            }
+            return $isSubAdmin;
+        });
+        $container->registerService('userCertificateManager', function(IContainer $c) {
+            return $c->query('ServerContainer')->getCertificateManager();
+        }, false);
+        $container->registerService('systemCertificateManager', function (IContainer $c) {
+            return $c->query('ServerContainer')->getCertificateManager(null);
+        }, false);
+        $container->registerService(IProvider::class, function (IContainer $c) {
+            return $c->query('ServerContainer')->query(IProvider::class);
+        });
+        $container->registerService(IManager::class, function (IContainer $c) {
+            return $c->query('ServerContainer')->getSettingsManager();
+        });
 
-		$container->registerService(NewUserMailHelper::class, function (IContainer $c) {
-			/** @var Server $server */
-			$server = $c->query('ServerContainer');
-			/** @var Defaults $defaults */
-			$defaults = $server->query(Defaults::class);
+        $container->registerService(NewUserMailHelper::class, function (IContainer $c) {
+            /** @var Server $server */
+            $server = $c->query('ServerContainer');
+            /** @var Defaults $defaults */
+            $defaults = $server->query(Defaults::class);
 
-			return new NewUserMailHelper(
-				$defaults,
-				$server->getURLGenerator(),
-				$server->getL10N('settings'),
-				$server->getMailer(),
-				$server->getSecureRandom(),
-				new TimeFactory(),
-				$server->getConfig(),
-				$server->getCrypto(),
-				Util::getDefaultEmailAddress('no-reply')
-			);
-		});
-	}
+            return new NewUserMailHelper(
+                $defaults,
+                $server->getURLGenerator(),
+                $server->getL10N('settings'),
+                $server->getMailer(),
+                $server->getSecureRandom(),
+                new TimeFactory(),
+                $server->getConfig(),
+                $server->getCrypto(),
+                Util::getDefaultEmailAddress('no-reply')
+            );
+        });
+    }
 
-	public function register() {
-		$activityManager = $this->getContainer()->getServer()->getActivityManager();
-		$activityManager->registerSetting(Setting::class); // FIXME move to info.xml
-		$activityManager->registerProvider(Provider::class); // FIXME move to info.xml
-		$activityManager->registerFilter(SecurityFilter::class); // FIXME move to info.xml
-		$activityManager->registerSetting(SecuritySetting::class); // FIXME move to info.xml
-		$activityManager->registerProvider(SecurityProvider::class); // FIXME move to info.xml
+    public function register() {
+        $activityManager = $this->getContainer()->getServer()->getActivityManager();
+        $activityManager->registerSetting(Setting::class); // FIXME move to info.xml
+        $activityManager->registerProvider(Provider::class); // FIXME move to info.xml
+        $activityManager->registerFilter(SecurityFilter::class); // FIXME move to info.xml
+        $activityManager->registerSetting(SecuritySetting::class); // FIXME move to info.xml
+        $activityManager->registerProvider(SecurityProvider::class); // FIXME move to info.xml
 
-		Util::connectHook('OC_User', 'post_setPassword', $this, 'onChangePassword');
-		Util::connectHook('OC_User', 'changeUser', $this, 'onChangeInfo');
-	}
+        Util::connectHook('OC_User', 'post_setPassword', $this, 'onChangePassword');
+        Util::connectHook('OC_User', 'changeUser', $this, 'onChangeInfo');
+    }
 
-	/**
-	 * @param array $parameters
-	 * @throws \InvalidArgumentException
-	 * @throws \BadMethodCallException
-	 * @throws \Exception
-	 * @throws \OCP\AppFramework\QueryException
-	 */
-	public function onChangePassword(array $parameters) {
-		/** @var Hooks $hooks */
-		$hooks = $this->getContainer()->query(Hooks::class);
-		$hooks->onChangePassword($parameters['uid']);
-	}
+    /**
+     * @param array $parameters
+     * @throws \InvalidArgumentException
+     * @throws \BadMethodCallException
+     * @throws \Exception
+     * @throws \OCP\AppFramework\QueryException
+     */
+    public function onChangePassword(array $parameters) {
+        /** @var Hooks $hooks */
+        $hooks = $this->getContainer()->query(Hooks::class);
+        $hooks->onChangePassword($parameters['uid']);
+    }
 
-	/**
-	 * @param array $parameters
-	 * @throws \InvalidArgumentException
-	 * @throws \BadMethodCallException
-	 * @throws \Exception
-	 * @throws \OCP\AppFramework\QueryException
-	 */
-	public function onChangeInfo(array $parameters) {
-		if ($parameters['feature'] !== 'eMailAddress') {
-			return;
-		}
+    /**
+     * @param array $parameters
+     * @throws \InvalidArgumentException
+     * @throws \BadMethodCallException
+     * @throws \Exception
+     * @throws \OCP\AppFramework\QueryException
+     */
+    public function onChangeInfo(array $parameters) {
+        if ($parameters['feature'] !== 'eMailAddress') {
+            return;
+        }
 
-		/** @var Hooks $hooks */
-		$hooks = $this->getContainer()->query(Hooks::class);
-		$hooks->onChangeEmail($parameters['user'], $parameters['old_value']);
-	}
+        /** @var Hooks $hooks */
+        $hooks = $this->getContainer()->query(Hooks::class);
+        $hooks->onChangeEmail($parameters['user'], $parameters['old_value']);
+    }
 }

Please login to merge, or discard this patch.

settings/Activity/SecurityFilter.php 1 patch

Indentation +26 added lines, -26 removed lines patch added patch discarded remove patch

@@ -28,39 +28,39 @@
 block discarded – undo
 
 class SecurityFilter implements IFilter {
 
-	/** @var IURLGenerator */
-	private $urlGenerator;
+    /** @var IURLGenerator */
+    private $urlGenerator;
 
-	/** @var IL10N */
-	private $l10n;
+    /** @var IL10N */
+    private $l10n;
 
-	public function __construct(IURLGenerator $urlGenerator, IL10N $l10n) {
-		$this->urlGenerator = $urlGenerator;
-		$this->l10n = $l10n;
-	}
+    public function __construct(IURLGenerator $urlGenerator, IL10N $l10n) {
+        $this->urlGenerator = $urlGenerator;
+        $this->l10n = $l10n;
+    }
 
-	public function allowedApps() {
-		return [];
-	}
+    public function allowedApps() {
+        return [];
+    }
 
-	public function filterTypes(array $types) {
-		return array_intersect(['security'], $types);
-	}
+    public function filterTypes(array $types) {
+        return array_intersect(['security'], $types);
+    }
 
-	public function getIcon() {
-		return $this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg'));
-	}
+    public function getIcon() {
+        return $this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg'));
+    }
 
-	public function getIdentifier() {
-		return 'security';
-	}
+    public function getIdentifier() {
+        return 'security';
+    }
 
-	public function getName() {
-		return $this->l10n->t('Security');
-	}
+    public function getName() {
+        return $this->l10n->t('Security');
+    }
 
-	public function getPriority() {
-		return 30;
-	}
+    public function getPriority() {
+        return 30;
+    }
 
 }

Please login to merge, or discard this patch.

settings/Activity/SecurityProvider.php 1 patch

Indentation +36 added lines, -36 removed lines patch added patch discarded remove patch

@@ -31,47 +31,47 @@
 block discarded – undo
 
 class SecurityProvider implements IProvider {
 
-	/** @var L10nFactory */
-	private $l10n;
+    /** @var L10nFactory */
+    private $l10n;
 
-	/** @var IURLGenerator */
-	private $urlGenerator;
+    /** @var IURLGenerator */
+    private $urlGenerator;
 
-	/** @var ILogger */
-	private $logger;
+    /** @var ILogger */
+    private $logger;
 
-	public function __construct(L10nFactory $l10n, IURLGenerator $urlGenerator, ILogger $logger) {
-		$this->logger = $logger;
-		$this->urlGenerator = $urlGenerator;
-		$this->l10n = $l10n;
-	}
+    public function __construct(L10nFactory $l10n, IURLGenerator $urlGenerator, ILogger $logger) {
+        $this->logger = $logger;
+        $this->urlGenerator = $urlGenerator;
+        $this->l10n = $l10n;
+    }
 
-	public function parse($language, IEvent $event, IEvent $previousEvent = null) {
-		if ($event->getType() !== 'security') {
-			throw new InvalidArgumentException();
-		}
+    public function parse($language, IEvent $event, IEvent $previousEvent = null) {
+        if ($event->getType() !== 'security') {
+            throw new InvalidArgumentException();
+        }
 
-		$l = $this->l10n->get('core', $language);
+        $l = $this->l10n->get('core', $language);
 
-		switch ($event->getSubject()) {
-			case 'twofactor_success':
-				$params = $event->getSubjectParameters();
-				$event->setParsedSubject($l->t('You successfully logged in using two-factor authentication (%1$s)', [
-							$params['provider'],
-					]));
-				$event->setIcon($this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg')));
-				break;
-			case 'twofactor_failed':
-				$params = $event->getSubjectParameters();
-				$event->setParsedSubject($l->t('A login attempt using two-factor authentication failed (%1$s)', [
-							$params['provider'],
-					]));
-				$event->setIcon($this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg')));
-				break;
-			default:
-				throw new InvalidArgumentException();
-		}
-		return $event;
-	}
+        switch ($event->getSubject()) {
+            case 'twofactor_success':
+                $params = $event->getSubjectParameters();
+                $event->setParsedSubject($l->t('You successfully logged in using two-factor authentication (%1$s)', [
+                            $params['provider'],
+                    ]));
+                $event->setIcon($this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg')));
+                break;
+            case 'twofactor_failed':
+                $params = $event->getSubjectParameters();
+                $event->setParsedSubject($l->t('A login attempt using two-factor authentication failed (%1$s)', [
+                            $params['provider'],
+                    ]));
+                $event->setIcon($this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg')));
+                break;
+            default:
+                throw new InvalidArgumentException();
+        }
+        return $event;
+    }
 
 }

Please login to merge, or discard this patch.

settings/Activity/SecuritySetting.php 1 patch

Indentation +26 added lines, -26 removed lines patch added patch discarded remove patch

@@ -27,39 +27,39 @@
 block discarded – undo
 
 class SecuritySetting implements ISetting {
 
-	/** @var IL10N */
-	private $l10n;
+    /** @var IL10N */
+    private $l10n;
 
-	public function __construct(IL10N $l10n) {
-		$this->l10n = $l10n;
-	}
+    public function __construct(IL10N $l10n) {
+        $this->l10n = $l10n;
+    }
 
-	public function canChangeMail() {
-		return false;
-	}
+    public function canChangeMail() {
+        return false;
+    }
 
-	public function canChangeStream() {
-		return false;
-	}
+    public function canChangeStream() {
+        return false;
+    }
 
-	public function getIdentifier() {
-		return 'security';
-	}
+    public function getIdentifier() {
+        return 'security';
+    }
 
-	public function getName() {
-		return $this->l10n->t('Security');
-	}
+    public function getName() {
+        return $this->l10n->t('Security');
+    }
 
-	public function getPriority() {
-		return 30;
-	}
+    public function getPriority() {
+        return 30;
+    }
 
-	public function isDefaultEnabledMail() {
-		return true;
-	}
+    public function isDefaultEnabledMail() {
+        return true;
+    }
 
-	public function isDefaultEnabledStream() {
-		return true;
-	}
+    public function isDefaultEnabledStream() {
+        return true;
+    }
 
 }

Please login to merge, or discard this patch.

apps/twofactor_backupcodes/lib/Service/BackupCodeStorage.php 1 patch

Indentation +128 added lines, -128 removed lines patch added patch discarded remove patch

@@ -33,133 +33,133 @@
 block discarded – undo
 
 class BackupCodeStorage {
 
-	private static $CODE_LENGTH = 16;
-
-	/** @var BackupCodeMapper */
-	private $mapper;
-
-	/** @var IHasher */
-	private $hasher;
-
-	/** @var ISecureRandom */
-	private $random;
-
-	/** @var IManager */
-	private $activityManager;
-
-	/** @var ILogger */
-	private $logger;
-
-	/**
-	 * @param BackupCodeMapper $mapper
-	 * @param ISecureRandom $random
-	 * @param IHasher $hasher
-	 * @param IManager $activityManager
-	 * @param ILogger $logger
-	 */
-	public function __construct(BackupCodeMapper $mapper, ISecureRandom $random, IHasher $hasher,
-		IManager $activityManager, ILogger $logger) {
-		$this->mapper = $mapper;
-		$this->hasher = $hasher;
-		$this->random = $random;
-		$this->activityManager = $activityManager;
-		$this->logger = $logger;
-	}
-
-	/**
-	 * @param IUser $user
-	 * @return string[]
-	 */
-	public function createCodes(IUser $user, $number = 10) {
-		$result = [];
-
-		// Delete existing ones
-		$this->mapper->deleteCodes($user);
-
-		$uid = $user->getUID();
-		foreach (range(1, min([$number, 20])) as $i) {
-			$code = $this->random->generate(self::$CODE_LENGTH, ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_DIGITS);
-
-			$dbCode = new BackupCode();
-			$dbCode->setUserId($uid);
-			$dbCode->setCode($this->hasher->hash($code));
-			$dbCode->setUsed(0);
-			$this->mapper->insert($dbCode);
-
-			array_push($result, $code);
-		}
-
-		$this->publishEvent($user, 'codes_generated');
-
-		return $result;
-	}
-
-	/**
-	 * Push an event the user's activity stream
-	 *
-	 * @param IUser $user
-	 * @param string $event
-	 */
-	private function publishEvent(IUser $user, $event) {
-		$activity = $this->activityManager->generateEvent();
-		$activity->setApp('twofactor_backupcodes')
-			->setType('security')
-			->setAuthor($user->getUID())
-			->setAffectedUser($user->getUID())
-			->setSubject($event);
-		try {
-			$this->activityManager->publish($activity);
-		} catch (BadMethodCallException $e) {
-			$this->logger->warning('could not publish backup code creation activity', ['app' => 'twofactor_backupcodes']);
-			$this->logger->logException($e, ['app' => 'twofactor_backupcodes']);
-		}
-	}
-
-	/**
-	 * @param IUser $user
-	 * @return bool
-	 */
-	public function hasBackupCodes(IUser $user) {
-		$codes = $this->mapper->getBackupCodes($user);
-		return count($codes) > 0;
-	}
-
-	/**
-	 * @param IUser $user
-	 * @return array
-	 */
-	public function getBackupCodesState(IUser $user) {
-		$codes = $this->mapper->getBackupCodes($user);
-		$total = count($codes);
-		$used = 0;
-		array_walk($codes, function (BackupCode $code) use (&$used) {
-			if (1 === (int) $code->getUsed()) {
-				$used++;
-			}
-		});
-		return [
-			'enabled' => $total > 0,
-			'total' => $total,
-			'used' => $used,
-		];
-	}
-
-	/**
-	 * @param IUser $user
-	 * @param string $code
-	 * @return bool
-	 */
-	public function validateCode(IUser $user, $code) {
-		$dbCodes = $this->mapper->getBackupCodes($user);
-
-		foreach ($dbCodes as $dbCode) {
-			if (0 === (int) $dbCode->getUsed() && $this->hasher->verify($code, $dbCode->getCode())) {
-				$dbCode->setUsed(1);
-				$this->mapper->update($dbCode);
-				return true;
-			}
-		}
-		return false;
-	}
+    private static $CODE_LENGTH = 16;
+
+    /** @var BackupCodeMapper */
+    private $mapper;
+
+    /** @var IHasher */
+    private $hasher;
+
+    /** @var ISecureRandom */
+    private $random;
+
+    /** @var IManager */
+    private $activityManager;
+
+    /** @var ILogger */
+    private $logger;
+
+    /**
+     * @param BackupCodeMapper $mapper
+     * @param ISecureRandom $random
+     * @param IHasher $hasher
+     * @param IManager $activityManager
+     * @param ILogger $logger
+     */
+    public function __construct(BackupCodeMapper $mapper, ISecureRandom $random, IHasher $hasher,
+        IManager $activityManager, ILogger $logger) {
+        $this->mapper = $mapper;
+        $this->hasher = $hasher;
+        $this->random = $random;
+        $this->activityManager = $activityManager;
+        $this->logger = $logger;
+    }
+
+    /**
+     * @param IUser $user
+     * @return string[]
+     */
+    public function createCodes(IUser $user, $number = 10) {
+        $result = [];
+
+        // Delete existing ones
+        $this->mapper->deleteCodes($user);
+
+        $uid = $user->getUID();
+        foreach (range(1, min([$number, 20])) as $i) {
+            $code = $this->random->generate(self::$CODE_LENGTH, ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_DIGITS);
+
+            $dbCode = new BackupCode();
+            $dbCode->setUserId($uid);
+            $dbCode->setCode($this->hasher->hash($code));
+            $dbCode->setUsed(0);
+            $this->mapper->insert($dbCode);
+
+            array_push($result, $code);
+        }
+
+        $this->publishEvent($user, 'codes_generated');
+
+        return $result;
+    }
+
+    /**
+     * Push an event the user's activity stream
+     *
+     * @param IUser $user
+     * @param string $event
+     */
+    private function publishEvent(IUser $user, $event) {
+        $activity = $this->activityManager->generateEvent();
+        $activity->setApp('twofactor_backupcodes')
+            ->setType('security')
+            ->setAuthor($user->getUID())
+            ->setAffectedUser($user->getUID())
+            ->setSubject($event);
+        try {
+            $this->activityManager->publish($activity);
+        } catch (BadMethodCallException $e) {
+            $this->logger->warning('could not publish backup code creation activity', ['app' => 'twofactor_backupcodes']);
+            $this->logger->logException($e, ['app' => 'twofactor_backupcodes']);
+        }
+    }
+
+    /**
+     * @param IUser $user
+     * @return bool
+     */
+    public function hasBackupCodes(IUser $user) {
+        $codes = $this->mapper->getBackupCodes($user);
+        return count($codes) > 0;
+    }
+
+    /**
+     * @param IUser $user
+     * @return array
+     */
+    public function getBackupCodesState(IUser $user) {
+        $codes = $this->mapper->getBackupCodes($user);
+        $total = count($codes);
+        $used = 0;
+        array_walk($codes, function (BackupCode $code) use (&$used) {
+            if (1 === (int) $code->getUsed()) {
+                $used++;
+            }
+        });
+        return [
+            'enabled' => $total > 0,
+            'total' => $total,
+            'used' => $used,
+        ];
+    }
+
+    /**
+     * @param IUser $user
+     * @param string $code
+     * @return bool
+     */
+    public function validateCode(IUser $user, $code) {
+        $dbCodes = $this->mapper->getBackupCodes($user);
+
+        foreach ($dbCodes as $dbCode) {
+            if (0 === (int) $dbCode->getUsed() && $this->hasher->verify($code, $dbCode->getCode())) {
+                $dbCode->setUsed(1);
+                $this->mapper->update($dbCode);
+                return true;
+            }
+        }
+        return false;
+    }
 
 }

Please login to merge, or discard this patch.

		@@ -38,232 +38,232 @@
		block discarded – undo
38	38
39	39	class Manager {
40	40
41		- const SESSION_UID_KEY = 'two_factor_auth_uid';
42		- const BACKUP_CODES_APP_ID = 'twofactor_backupcodes';
43		- const BACKUP_CODES_PROVIDER_ID = 'backup_codes';
44		- const REMEMBER_LOGIN = 'two_factor_remember_login';
	41	+ const SESSION_UID_KEY = 'two_factor_auth_uid';
	42	+ const BACKUP_CODES_APP_ID = 'twofactor_backupcodes';
	43	+ const BACKUP_CODES_PROVIDER_ID = 'backup_codes';
	44	+ const REMEMBER_LOGIN = 'two_factor_remember_login';
45	45
46		- /** @var AppManager */
47		- private $appManager;
	46	+ /** @var AppManager */
	47	+ private $appManager;
48	48
49		- /** @var ISession */
50		- private $session;
	49	+ /** @var ISession */
	50	+ private $session;
51	51
52		- /** @var IConfig */
53		- private $config;
	52	+ /** @var IConfig */
	53	+ private $config;
54	54
55		- /** @var IManager */
56		- private $activityManager;
	55	+ /** @var IManager */
	56	+ private $activityManager;
57	57
58		- /** @var ILogger */
59		- private $logger;
	58	+ /** @var ILogger */
	59	+ private $logger;
60	60
61		- /**
62		- * @param AppManager $appManager
63		- * @param ISession $session
64		- * @param IConfig $config
65		- * @param IManager $activityManager
66		- * @param ILogger $logger
67		- */
68		- public function __construct(AppManager $appManager, ISession $session, IConfig $config, IManager $activityManager,
69		- ILogger $logger) {
70		- $this->appManager = $appManager;
71		- $this->session = $session;
72		- $this->config = $config;
73		- $this->activityManager = $activityManager;
74		- $this->logger = $logger;
75		- }
	61	+ /**
	62	+ * @param AppManager $appManager
	63	+ * @param ISession $session
	64	+ * @param IConfig $config
	65	+ * @param IManager $activityManager
	66	+ * @param ILogger $logger
	67	+ */
	68	+ public function __construct(AppManager $appManager, ISession $session, IConfig $config, IManager $activityManager,
	69	+ ILogger $logger) {
	70	+ $this->appManager = $appManager;
	71	+ $this->session = $session;
	72	+ $this->config = $config;
	73	+ $this->activityManager = $activityManager;
	74	+ $this->logger = $logger;
	75	+ }
76	76
77		- /**
78		- * Determine whether the user must provide a second factor challenge
79		- *
80		- * @param IUser $user
81		- * @return boolean
82		- */
83		- public function isTwoFactorAuthenticated(IUser $user) {
84		- $twoFactorEnabled = ((int) $this->config->getUserValue($user->getUID(), 'core', 'two_factor_auth_disabled', 0)) === 0;
85		- return $twoFactorEnabled && count($this->getProviders($user)) > 0;
86		- }
	77	+ /**
	78	+ * Determine whether the user must provide a second factor challenge
	79	+ *
	80	+ * @param IUser $user
	81	+ * @return boolean
	82	+ */
	83	+ public function isTwoFactorAuthenticated(IUser $user) {
	84	+ $twoFactorEnabled = ((int) $this->config->getUserValue($user->getUID(), 'core', 'two_factor_auth_disabled', 0)) === 0;
	85	+ return $twoFactorEnabled && count($this->getProviders($user)) > 0;
	86	+ }
87	87
88		- /**
89		- * Disable 2FA checks for the given user
90		- *
91		- * @param IUser $user
92		- */
93		- public function disableTwoFactorAuthentication(IUser $user) {
94		- $this->config->setUserValue($user->getUID(), 'core', 'two_factor_auth_disabled', 1);
95		- }
	88	+ /**
	89	+ * Disable 2FA checks for the given user
	90	+ *
	91	+ * @param IUser $user
	92	+ */
	93	+ public function disableTwoFactorAuthentication(IUser $user) {
	94	+ $this->config->setUserValue($user->getUID(), 'core', 'two_factor_auth_disabled', 1);
	95	+ }
96	96
97		- /**
98		- * Enable all 2FA checks for the given user
99		- *
100		- * @param IUser $user
101		- */
102		- public function enableTwoFactorAuthentication(IUser $user) {
103		- $this->config->deleteUserValue($user->getUID(), 'core', 'two_factor_auth_disabled');
104		- }
	97	+ /**
	98	+ * Enable all 2FA checks for the given user
	99	+ *
	100	+ * @param IUser $user
	101	+ */
	102	+ public function enableTwoFactorAuthentication(IUser $user) {
	103	+ $this->config->deleteUserValue($user->getUID(), 'core', 'two_factor_auth_disabled');
	104	+ }
105	105
106		- /**
107		- * Get a 2FA provider by its ID
108		- *
109		- * @param IUser $user
110		- * @param string $challengeProviderId
111		- * @return IProvider\|null
112		- */
113		- public function getProvider(IUser $user, $challengeProviderId) {
114		- $providers = $this->getProviders($user, true);
115		- return isset($providers[$challengeProviderId]) ? $providers[$challengeProviderId] : null;
116		- }
	106	+ /**
	107	+ * Get a 2FA provider by its ID
	108	+ *
	109	+ * @param IUser $user
	110	+ * @param string $challengeProviderId
	111	+ * @return IProvider\|null
	112	+ */
	113	+ public function getProvider(IUser $user, $challengeProviderId) {
	114	+ $providers = $this->getProviders($user, true);
	115	+ return isset($providers[$challengeProviderId]) ? $providers[$challengeProviderId] : null;
	116	+ }
117	117
118		- /**
119		- * @param IUser $user
120		- * @return IProvider\|null the backup provider, if enabled for the given user
121		- */
122		- public function getBackupProvider(IUser $user) {
123		- $providers = $this->getProviders($user, true);
124		- if (!isset($providers[self::BACKUP_CODES_PROVIDER_ID])) {
125		- return null;
126		- }
127		- return $providers[self::BACKUP_CODES_PROVIDER_ID];
128		- }
	118	+ /**
	119	+ * @param IUser $user
	120	+ * @return IProvider\|null the backup provider, if enabled for the given user
	121	+ */
	122	+ public function getBackupProvider(IUser $user) {
	123	+ $providers = $this->getProviders($user, true);
	124	+ if (!isset($providers[self::BACKUP_CODES_PROVIDER_ID])) {
	125	+ return null;
	126	+ }
	127	+ return $providers[self::BACKUP_CODES_PROVIDER_ID];
	128	+ }
129	129
130		- /**
131		- * Get the list of 2FA providers for the given user
132		- *
133		- * @param IUser $user
134		- * @param bool $includeBackupApp
135		- * @return IProvider[]
136		- * @throws Exception
137		- */
138		- public function getProviders(IUser $user, $includeBackupApp = false) {
139		- $allApps = $this->appManager->getEnabledAppsForUser($user);
140		- $providers = [];
	130	+ /**
	131	+ * Get the list of 2FA providers for the given user
	132	+ *
	133	+ * @param IUser $user
	134	+ * @param bool $includeBackupApp
	135	+ * @return IProvider[]
	136	+ * @throws Exception
	137	+ */
	138	+ public function getProviders(IUser $user, $includeBackupApp = false) {
	139	+ $allApps = $this->appManager->getEnabledAppsForUser($user);
	140	+ $providers = [];
141	141
142		- foreach ($allApps as $appId) {
143		- if (!$includeBackupApp && $appId === self::BACKUP_CODES_APP_ID) {
144		- continue;
145		- }
	142	+ foreach ($allApps as $appId) {
	143	+ if (!$includeBackupApp && $appId === self::BACKUP_CODES_APP_ID) {
	144	+ continue;
	145	+ }
146	146
147		- $info = $this->appManager->getAppInfo($appId);
148		- if (isset($info['two-factor-providers'])) {
149		- $providerClasses = $info['two-factor-providers'];
150		- foreach ($providerClasses as $class) {
151		- try {
152		- $this->loadTwoFactorApp($appId);
153		- $provider = OC::$server->query($class);
154		- $providers[$provider->getId()] = $provider;
155		- } catch (QueryException $exc) {
156		- // Provider class can not be resolved
157		- throw new Exception("Could not load two-factor auth provider $class");
158		- }
159		- }
160		- }
161		- }
	147	+ $info = $this->appManager->getAppInfo($appId);
	148	+ if (isset($info['two-factor-providers'])) {
	149	+ $providerClasses = $info['two-factor-providers'];
	150	+ foreach ($providerClasses as $class) {
	151	+ try {
	152	+ $this->loadTwoFactorApp($appId);
	153	+ $provider = OC::$server->query($class);
	154	+ $providers[$provider->getId()] = $provider;
	155	+ } catch (QueryException $exc) {
	156	+ // Provider class can not be resolved
	157	+ throw new Exception("Could not load two-factor auth provider $class");
	158	+ }
	159	+ }
	160	+ }
	161	+ }
162	162
163		- return array_filter($providers, function ($provider) use ($user) {
164		- /* @var $provider IProvider */
165		- return $provider->isTwoFactorAuthEnabledForUser($user);
166		- });
167		- }
	163	+ return array_filter($providers, function ($provider) use ($user) {
	164	+ /* @var $provider IProvider */
	165	+ return $provider->isTwoFactorAuthEnabledForUser($user);
	166	+ });
	167	+ }
168	168
169		- /**
170		- * Load an app by ID if it has not been loaded yet
171		- *
172		- * @param string $appId
173		- */
174		- protected function loadTwoFactorApp($appId) {
175		- if (!OC_App::isAppLoaded($appId)) {
176		- OC_App::loadApp($appId);
177		- }
178		- }
	169	+ /**
	170	+ * Load an app by ID if it has not been loaded yet
	171	+ *
	172	+ * @param string $appId
	173	+ */
	174	+ protected function loadTwoFactorApp($appId) {
	175	+ if (!OC_App::isAppLoaded($appId)) {
	176	+ OC_App::loadApp($appId);
	177	+ }
	178	+ }
179	179
180		- /**
181		- * Verify the given challenge
182		- *
183		- * @param string $providerId
184		- * @param IUser $user
185		- * @param string $challenge
186		- * @return boolean
187		- */
188		- public function verifyChallenge($providerId, IUser $user, $challenge) {
189		- $provider = $this->getProvider($user, $providerId);
190		- if (is_null($provider)) {
191		- return false;
192		- }
	180	+ /**
	181	+ * Verify the given challenge
	182	+ *
	183	+ * @param string $providerId
	184	+ * @param IUser $user
	185	+ * @param string $challenge
	186	+ * @return boolean
	187	+ */
	188	+ public function verifyChallenge($providerId, IUser $user, $challenge) {
	189	+ $provider = $this->getProvider($user, $providerId);
	190	+ if (is_null($provider)) {
	191	+ return false;
	192	+ }
193	193
194		- $passed = $provider->verifyChallenge($user, $challenge);
195		- if ($passed) {
196		- if ($this->session->get(self::REMEMBER_LOGIN) === true) {
197		- // TODO: resolve cyclic dependency and use DI
198		- \OC::$server->getUserSession()->createRememberMeToken($user);
199		- }
200		- $this->session->remove(self::SESSION_UID_KEY);
201		- $this->session->remove(self::REMEMBER_LOGIN);
	194	+ $passed = $provider->verifyChallenge($user, $challenge);
	195	+ if ($passed) {
	196	+ if ($this->session->get(self::REMEMBER_LOGIN) === true) {
	197	+ // TODO: resolve cyclic dependency and use DI
	198	+ \OC::$server->getUserSession()->createRememberMeToken($user);
	199	+ }
	200	+ $this->session->remove(self::SESSION_UID_KEY);
	201	+ $this->session->remove(self::REMEMBER_LOGIN);
202	202
203		- $this->publishEvent($user, 'twofactor_success', [
204		- 'provider' => $provider->getDisplayName(),
205		- ]);
206		- } else {
207		- $this->publishEvent($user, 'twofactor_failed', [
208		- 'provider' => $provider->getDisplayName(),
209		- ]);
210		- }
211		- return $passed;
212		- }
	203	+ $this->publishEvent($user, 'twofactor_success', [
	204	+ 'provider' => $provider->getDisplayName(),
	205	+ ]);
	206	+ } else {
	207	+ $this->publishEvent($user, 'twofactor_failed', [
	208	+ 'provider' => $provider->getDisplayName(),
	209	+ ]);
	210	+ }
	211	+ return $passed;
	212	+ }
213	213
214		- /**
215		- * Push a 2fa event the user's activity stream
216		- *
217		- * @param IUser $user
218		- * @param string $event
219		- */
220		- private function publishEvent(IUser $user, $event, array $params) {
221		- $activity = $this->activityManager->generateEvent();
222		- $activity->setApp('core')
223		- ->setType('security')
224		- ->setAuthor($user->getUID())
225		- ->setAffectedUser($user->getUID())
226		- ->setSubject($event, $params);
227		- try {
228		- $this->activityManager->publish($activity);
229		- } catch (BadMethodCallException $e) {
230		- $this->logger->warning('could not publish backup code creation activity', ['app' => 'core']);
231		- $this->logger->logException($e, ['app' => 'core']);
232		- }
233		- }
	214	+ /**
	215	+ * Push a 2fa event the user's activity stream
	216	+ *
	217	+ * @param IUser $user
	218	+ * @param string $event
	219	+ */
	220	+ private function publishEvent(IUser $user, $event, array $params) {
	221	+ $activity = $this->activityManager->generateEvent();
	222	+ $activity->setApp('core')
	223	+ ->setType('security')
	224	+ ->setAuthor($user->getUID())
	225	+ ->setAffectedUser($user->getUID())
	226	+ ->setSubject($event, $params);
	227	+ try {
	228	+ $this->activityManager->publish($activity);
	229	+ } catch (BadMethodCallException $e) {
	230	+ $this->logger->warning('could not publish backup code creation activity', ['app' => 'core']);
	231	+ $this->logger->logException($e, ['app' => 'core']);
	232	+ }
	233	+ }
234	234
235		- /**
236		- * Check if the currently logged in user needs to pass 2FA
237		- *
238		- * @param IUser $user the currently logged in user
239		- * @return boolean
240		- */
241		- public function needsSecondFactor(IUser $user = null) {
242		- if (is_null($user) \|\| !$this->session->exists(self::SESSION_UID_KEY)) {
243		- return false;
244		- }
	235	+ /**
	236	+ * Check if the currently logged in user needs to pass 2FA
	237	+ *
	238	+ * @param IUser $user the currently logged in user
	239	+ * @return boolean
	240	+ */
	241	+ public function needsSecondFactor(IUser $user = null) {
	242	+ if (is_null($user) \|\| !$this->session->exists(self::SESSION_UID_KEY)) {
	243	+ return false;
	244	+ }
245	245
246		- if (!$this->isTwoFactorAuthenticated($user)) {
247		- // There is no second factor any more -> let the user pass
248		- // This prevents infinite redirect loops when a user is about
249		- // to solve the 2FA challenge, and the provider app is
250		- // disabled the same time
251		- $this->session->remove(self::SESSION_UID_KEY);
252		- return false;
253		- }
	246	+ if (!$this->isTwoFactorAuthenticated($user)) {
	247	+ // There is no second factor any more -> let the user pass
	248	+ // This prevents infinite redirect loops when a user is about
	249	+ // to solve the 2FA challenge, and the provider app is
	250	+ // disabled the same time
	251	+ $this->session->remove(self::SESSION_UID_KEY);
	252	+ return false;
	253	+ }
254	254
255		- return true;
256		- }
	255	+ return true;
	256	+ }
257	257
258		- /**
259		- * Prepare the 2FA login
260		- *
261		- * @param IUser $user
262		- * @param boolean $rememberMe
263		- */
264		- public function prepareTwoFactorLogin(IUser $user, $rememberMe) {
265		- $this->session->set(self::SESSION_UID_KEY, $user->getUID());
266		- $this->session->set(self::REMEMBER_LOGIN, $rememberMe);
267		- }
	258	+ /**
	259	+ * Prepare the 2FA login
	260	+ *
	261	+ * @param IUser $user
	262	+ * @param boolean $rememberMe
	263	+ */
	264	+ public function prepareTwoFactorLogin(IUser $user, $rememberMe) {
	265	+ $this->session->set(self::SESSION_UID_KEY, $user->getUID());
	266	+ $this->session->set(self::REMEMBER_LOGIN, $rememberMe);
	267	+ }
268	268
269	269	}

		@@ -52,106 +52,106 @@
		block discarded – undo
52	52	class Application extends App {
53	53
54	54
55		- /**
56		- * @param array $urlParams
57		- */
58		- public function __construct(array $urlParams=[]){
59		- parent::__construct('settings', $urlParams);
	55	+ /**
	56	+ * @param array $urlParams
	57	+ */
	58	+ public function __construct(array $urlParams=[]){
	59	+ parent::__construct('settings', $urlParams);
60	60
61		- $container = $this->getContainer();
	61	+ $container = $this->getContainer();
62	62
63		- // Register Middleware
64		- $container->registerAlias('SubadminMiddleware', SubadminMiddleware::class);
65		- $container->registerMiddleWare('SubadminMiddleware');
	63	+ // Register Middleware
	64	+ $container->registerAlias('SubadminMiddleware', SubadminMiddleware::class);
	65	+ $container->registerMiddleWare('SubadminMiddleware');
66	66
67		- /**
68		- * Core class wrappers
69		- */
70		- /** FIXME: Remove once OC_User is non-static and mockable */
71		- $container->registerService('isAdmin', function() {
72		- return \OC_User::isAdminUser(\OC_User::getUser());
73		- });
74		- /** FIXME: Remove once OC_SubAdmin is non-static and mockable */
75		- $container->registerService('isSubAdmin', function(IContainer $c) {
76		- $userObject = \OC::$server->getUserSession()->getUser();
77		- $isSubAdmin = false;
78		- if($userObject !== null) {
79		- $isSubAdmin = \OC::$server->getGroupManager()->getSubAdmin()->isSubAdmin($userObject);
80		- }
81		- return $isSubAdmin;
82		- });
83		- $container->registerService('userCertificateManager', function(IContainer $c) {
84		- return $c->query('ServerContainer')->getCertificateManager();
85		- }, false);
86		- $container->registerService('systemCertificateManager', function (IContainer $c) {
87		- return $c->query('ServerContainer')->getCertificateManager(null);
88		- }, false);
89		- $container->registerService(IProvider::class, function (IContainer $c) {
90		- return $c->query('ServerContainer')->query(IProvider::class);
91		- });
92		- $container->registerService(IManager::class, function (IContainer $c) {
93		- return $c->query('ServerContainer')->getSettingsManager();
94		- });
	67	+ /**
	68	+ * Core class wrappers
	69	+ */
	70	+ /** FIXME: Remove once OC_User is non-static and mockable */
	71	+ $container->registerService('isAdmin', function() {
	72	+ return \OC_User::isAdminUser(\OC_User::getUser());
	73	+ });
	74	+ /** FIXME: Remove once OC_SubAdmin is non-static and mockable */
	75	+ $container->registerService('isSubAdmin', function(IContainer $c) {
	76	+ $userObject = \OC::$server->getUserSession()->getUser();
	77	+ $isSubAdmin = false;
	78	+ if($userObject !== null) {
	79	+ $isSubAdmin = \OC::$server->getGroupManager()->getSubAdmin()->isSubAdmin($userObject);
	80	+ }
	81	+ return $isSubAdmin;
	82	+ });
	83	+ $container->registerService('userCertificateManager', function(IContainer $c) {
	84	+ return $c->query('ServerContainer')->getCertificateManager();
	85	+ }, false);
	86	+ $container->registerService('systemCertificateManager', function (IContainer $c) {
	87	+ return $c->query('ServerContainer')->getCertificateManager(null);
	88	+ }, false);
	89	+ $container->registerService(IProvider::class, function (IContainer $c) {
	90	+ return $c->query('ServerContainer')->query(IProvider::class);
	91	+ });
	92	+ $container->registerService(IManager::class, function (IContainer $c) {
	93	+ return $c->query('ServerContainer')->getSettingsManager();
	94	+ });
95	95
96		- $container->registerService(NewUserMailHelper::class, function (IContainer $c) {
97		- /** @var Server $server */
98		- $server = $c->query('ServerContainer');
99		- /** @var Defaults $defaults */
100		- $defaults = $server->query(Defaults::class);
	96	+ $container->registerService(NewUserMailHelper::class, function (IContainer $c) {
	97	+ /** @var Server $server */
	98	+ $server = $c->query('ServerContainer');
	99	+ /** @var Defaults $defaults */
	100	+ $defaults = $server->query(Defaults::class);
101	101
102		- return new NewUserMailHelper(
103		- $defaults,
104		- $server->getURLGenerator(),
105		- $server->getL10N('settings'),
106		- $server->getMailer(),
107		- $server->getSecureRandom(),
108		- new TimeFactory(),
109		- $server->getConfig(),
110		- $server->getCrypto(),
111		- Util::getDefaultEmailAddress('no-reply')
112		- );
113		- });
114		- }
	102	+ return new NewUserMailHelper(
	103	+ $defaults,
	104	+ $server->getURLGenerator(),
	105	+ $server->getL10N('settings'),
	106	+ $server->getMailer(),
	107	+ $server->getSecureRandom(),
	108	+ new TimeFactory(),
	109	+ $server->getConfig(),
	110	+ $server->getCrypto(),
	111	+ Util::getDefaultEmailAddress('no-reply')
	112	+ );
	113	+ });
	114	+ }
115	115
116		- public function register() {
117		- $activityManager = $this->getContainer()->getServer()->getActivityManager();
118		- $activityManager->registerSetting(Setting::class); // FIXME move to info.xml
119		- $activityManager->registerProvider(Provider::class); // FIXME move to info.xml
120		- $activityManager->registerFilter(SecurityFilter::class); // FIXME move to info.xml
121		- $activityManager->registerSetting(SecuritySetting::class); // FIXME move to info.xml
122		- $activityManager->registerProvider(SecurityProvider::class); // FIXME move to info.xml
	116	+ public function register() {
	117	+ $activityManager = $this->getContainer()->getServer()->getActivityManager();
	118	+ $activityManager->registerSetting(Setting::class); // FIXME move to info.xml
	119	+ $activityManager->registerProvider(Provider::class); // FIXME move to info.xml
	120	+ $activityManager->registerFilter(SecurityFilter::class); // FIXME move to info.xml
	121	+ $activityManager->registerSetting(SecuritySetting::class); // FIXME move to info.xml
	122	+ $activityManager->registerProvider(SecurityProvider::class); // FIXME move to info.xml
123	123
124		- Util::connectHook('OC_User', 'post_setPassword', $this, 'onChangePassword');
125		- Util::connectHook('OC_User', 'changeUser', $this, 'onChangeInfo');
126		- }
	124	+ Util::connectHook('OC_User', 'post_setPassword', $this, 'onChangePassword');
	125	+ Util::connectHook('OC_User', 'changeUser', $this, 'onChangeInfo');
	126	+ }
127	127
128		- /**
129		- * @param array $parameters
130		- * @throws \InvalidArgumentException
131		- * @throws \BadMethodCallException
132		- * @throws \Exception
133		- * @throws \OCP\AppFramework\QueryException
134		- */
135		- public function onChangePassword(array $parameters) {
136		- /** @var Hooks $hooks */
137		- $hooks = $this->getContainer()->query(Hooks::class);
138		- $hooks->onChangePassword($parameters['uid']);
139		- }
	128	+ /**
	129	+ * @param array $parameters
	130	+ * @throws \InvalidArgumentException
	131	+ * @throws \BadMethodCallException
	132	+ * @throws \Exception
	133	+ * @throws \OCP\AppFramework\QueryException
	134	+ */
	135	+ public function onChangePassword(array $parameters) {
	136	+ /** @var Hooks $hooks */
	137	+ $hooks = $this->getContainer()->query(Hooks::class);
	138	+ $hooks->onChangePassword($parameters['uid']);
	139	+ }
140	140
141		- /**
142		- * @param array $parameters
143		- * @throws \InvalidArgumentException
144		- * @throws \BadMethodCallException
145		- * @throws \Exception
146		- * @throws \OCP\AppFramework\QueryException
147		- */
148		- public function onChangeInfo(array $parameters) {
149		- if ($parameters['feature'] !== 'eMailAddress') {
150		- return;
151		- }
	141	+ /**
	142	+ * @param array $parameters
	143	+ * @throws \InvalidArgumentException
	144	+ * @throws \BadMethodCallException
	145	+ * @throws \Exception
	146	+ * @throws \OCP\AppFramework\QueryException
	147	+ */
	148	+ public function onChangeInfo(array $parameters) {
	149	+ if ($parameters['feature'] !== 'eMailAddress') {
	150	+ return;
	151	+ }
152	152
153		- /** @var Hooks $hooks */
154		- $hooks = $this->getContainer()->query(Hooks::class);
155		- $hooks->onChangeEmail($parameters['user'], $parameters['old_value']);
156		- }
	153	+ /** @var Hooks $hooks */
	154	+ $hooks = $this->getContainer()->query(Hooks::class);
	155	+ $hooks->onChangeEmail($parameters['user'], $parameters['old_value']);
	156	+ }
157	157	}

		@@ -28,39 +28,39 @@
		block discarded – undo
28	28
29	29	class SecurityFilter implements IFilter {
30	30
31		- /** @var IURLGenerator */
32		- private $urlGenerator;
	31	+ /** @var IURLGenerator */
	32	+ private $urlGenerator;
33	33
34		- /** @var IL10N */
35		- private $l10n;
	34	+ /** @var IL10N */
	35	+ private $l10n;
36	36
37		- public function __construct(IURLGenerator $urlGenerator, IL10N $l10n) {
38		- $this->urlGenerator = $urlGenerator;
39		- $this->l10n = $l10n;
40		- }
	37	+ public function __construct(IURLGenerator $urlGenerator, IL10N $l10n) {
	38	+ $this->urlGenerator = $urlGenerator;
	39	+ $this->l10n = $l10n;
	40	+ }
41	41
42		- public function allowedApps() {
43		- return [];
44		- }
	42	+ public function allowedApps() {
	43	+ return [];
	44	+ }
45	45
46		- public function filterTypes(array $types) {
47		- return array_intersect(['security'], $types);
48		- }
	46	+ public function filterTypes(array $types) {
	47	+ return array_intersect(['security'], $types);
	48	+ }
49	49
50		- public function getIcon() {
51		- return $this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg'));
52		- }
	50	+ public function getIcon() {
	51	+ return $this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg'));
	52	+ }
53	53
54		- public function getIdentifier() {
55		- return 'security';
56		- }
	54	+ public function getIdentifier() {
	55	+ return 'security';
	56	+ }
57	57
58		- public function getName() {
59		- return $this->l10n->t('Security');
60		- }
	58	+ public function getName() {
	59	+ return $this->l10n->t('Security');
	60	+ }
61	61
62		- public function getPriority() {
63		- return 30;
64		- }
	62	+ public function getPriority() {
	63	+ return 30;
	64	+ }
65	65
66	66	}

		@@ -31,47 +31,47 @@
		block discarded – undo
31	31
32	32	class SecurityProvider implements IProvider {
33	33
34		- /** @var L10nFactory */
35		- private $l10n;
	34	+ /** @var L10nFactory */
	35	+ private $l10n;
36	36
37		- /** @var IURLGenerator */
38		- private $urlGenerator;
	37	+ /** @var IURLGenerator */
	38	+ private $urlGenerator;
39	39
40		- /** @var ILogger */
41		- private $logger;
	40	+ /** @var ILogger */
	41	+ private $logger;
42	42
43		- public function __construct(L10nFactory $l10n, IURLGenerator $urlGenerator, ILogger $logger) {
44		- $this->logger = $logger;
45		- $this->urlGenerator = $urlGenerator;
46		- $this->l10n = $l10n;
47		- }
	43	+ public function __construct(L10nFactory $l10n, IURLGenerator $urlGenerator, ILogger $logger) {
	44	+ $this->logger = $logger;
	45	+ $this->urlGenerator = $urlGenerator;
	46	+ $this->l10n = $l10n;
	47	+ }
48	48
49		- public function parse($language, IEvent $event, IEvent $previousEvent = null) {
50		- if ($event->getType() !== 'security') {
51		- throw new InvalidArgumentException();
52		- }
	49	+ public function parse($language, IEvent $event, IEvent $previousEvent = null) {
	50	+ if ($event->getType() !== 'security') {
	51	+ throw new InvalidArgumentException();
	52	+ }
53	53
54		- $l = $this->l10n->get('core', $language);
	54	+ $l = $this->l10n->get('core', $language);
55	55
56		- switch ($event->getSubject()) {
57		- case 'twofactor_success':
58		- $params = $event->getSubjectParameters();
59		- $event->setParsedSubject($l->t('You successfully logged in using two-factor authentication (%1$s)', [
60		- $params['provider'],
61		- ]));
62		- $event->setIcon($this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg')));
63		- break;
64		- case 'twofactor_failed':
65		- $params = $event->getSubjectParameters();
66		- $event->setParsedSubject($l->t('A login attempt using two-factor authentication failed (%1$s)', [
67		- $params['provider'],
68		- ]));
69		- $event->setIcon($this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg')));
70		- break;
71		- default:
72		- throw new InvalidArgumentException();
73		- }
74		- return $event;
75		- }
	56	+ switch ($event->getSubject()) {
	57	+ case 'twofactor_success':
	58	+ $params = $event->getSubjectParameters();
	59	+ $event->setParsedSubject($l->t('You successfully logged in using two-factor authentication (%1$s)', [
	60	+ $params['provider'],
	61	+ ]));
	62	+ $event->setIcon($this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg')));
	63	+ break;
	64	+ case 'twofactor_failed':
	65	+ $params = $event->getSubjectParameters();
	66	+ $event->setParsedSubject($l->t('A login attempt using two-factor authentication failed (%1$s)', [
	67	+ $params['provider'],
	68	+ ]));
	69	+ $event->setIcon($this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg')));
	70	+ break;
	71	+ default:
	72	+ throw new InvalidArgumentException();
	73	+ }
	74	+ return $event;
	75	+ }
76	76
77	77	}

		@@ -27,39 +27,39 @@
		block discarded – undo
27	27
28	28	class SecuritySetting implements ISetting {
29	29
30		- /** @var IL10N */
31		- private $l10n;
	30	+ /** @var IL10N */
	31	+ private $l10n;
32	32
33		- public function __construct(IL10N $l10n) {
34		- $this->l10n = $l10n;
35		- }
	33	+ public function __construct(IL10N $l10n) {
	34	+ $this->l10n = $l10n;
	35	+ }
36	36
37		- public function canChangeMail() {
38		- return false;
39		- }
	37	+ public function canChangeMail() {
	38	+ return false;
	39	+ }
40	40
41		- public function canChangeStream() {
42		- return false;
43		- }
	41	+ public function canChangeStream() {
	42	+ return false;
	43	+ }
44	44
45		- public function getIdentifier() {
46		- return 'security';
47		- }
	45	+ public function getIdentifier() {
	46	+ return 'security';
	47	+ }
48	48
49		- public function getName() {
50		- return $this->l10n->t('Security');
51		- }
	49	+ public function getName() {
	50	+ return $this->l10n->t('Security');
	51	+ }
52	52
53		- public function getPriority() {
54		- return 30;
55		- }
	53	+ public function getPriority() {
	54	+ return 30;
	55	+ }
56	56
57		- public function isDefaultEnabledMail() {
58		- return true;
59		- }
	57	+ public function isDefaultEnabledMail() {
	58	+ return true;
	59	+ }
60	60
61		- public function isDefaultEnabledStream() {
62		- return true;
63		- }
	61	+ public function isDefaultEnabledStream() {
	62	+ return true;
	63	+ }
64	64
65	65	}

		@@ -33,133 +33,133 @@
		block discarded – undo
33	33
34	34	class BackupCodeStorage {
35	35
36		- private static $CODE_LENGTH = 16;
37		-
38		- /** @var BackupCodeMapper */
39		- private $mapper;
40		-
41		- /** @var IHasher */
42		- private $hasher;
43		-
44		- /** @var ISecureRandom */
45		- private $random;
46		-
47		- /** @var IManager */
48		- private $activityManager;
49		-
50		- /** @var ILogger */
51		- private $logger;
52		-
53		- /**
54		- * @param BackupCodeMapper $mapper
55		- * @param ISecureRandom $random
56		- * @param IHasher $hasher
57		- * @param IManager $activityManager
58		- * @param ILogger $logger
59		- */
60		- public function __construct(BackupCodeMapper $mapper, ISecureRandom $random, IHasher $hasher,
61		- IManager $activityManager, ILogger $logger) {
62		- $this->mapper = $mapper;
63		- $this->hasher = $hasher;
64		- $this->random = $random;
65		- $this->activityManager = $activityManager;
66		- $this->logger = $logger;
67		- }
68		-
69		- /**
70		- * @param IUser $user
71		- * @return string[]
72		- */
73		- public function createCodes(IUser $user, $number = 10) {
74		- $result = [];
75		-
76		- // Delete existing ones
77		- $this->mapper->deleteCodes($user);
78		-
79		- $uid = $user->getUID();
80		- foreach (range(1, min([$number, 20])) as $i) {
81		- $code = $this->random->generate(self::$CODE_LENGTH, ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_DIGITS);
82		-
83		- $dbCode = new BackupCode();
84		- $dbCode->setUserId($uid);
85		- $dbCode->setCode($this->hasher->hash($code));
86		- $dbCode->setUsed(0);
87		- $this->mapper->insert($dbCode);
88		-
89		- array_push($result, $code);
90		- }
91		-
92		- $this->publishEvent($user, 'codes_generated');
93		-
94		- return $result;
95		- }
96		-
97		- /**
98		- * Push an event the user's activity stream
99		- *
100		- * @param IUser $user
101		- * @param string $event
102		- */
103		- private function publishEvent(IUser $user, $event) {
104		- $activity = $this->activityManager->generateEvent();
105		- $activity->setApp('twofactor_backupcodes')
106		- ->setType('security')
107		- ->setAuthor($user->getUID())
108		- ->setAffectedUser($user->getUID())
109		- ->setSubject($event);
110		- try {
111		- $this->activityManager->publish($activity);
112		- } catch (BadMethodCallException $e) {
113		- $this->logger->warning('could not publish backup code creation activity', ['app' => 'twofactor_backupcodes']);
114		- $this->logger->logException($e, ['app' => 'twofactor_backupcodes']);
115		- }
116		- }
117		-
118		- /**
119		- * @param IUser $user
120		- * @return bool
121		- */
122		- public function hasBackupCodes(IUser $user) {
123		- $codes = $this->mapper->getBackupCodes($user);
124		- return count($codes) > 0;
125		- }
126		-
127		- /**
128		- * @param IUser $user
129		- * @return array
130		- */
131		- public function getBackupCodesState(IUser $user) {
132		- $codes = $this->mapper->getBackupCodes($user);
133		- $total = count($codes);
134		- $used = 0;
135		- array_walk($codes, function (BackupCode $code) use (&$used) {
136		- if (1 === (int) $code->getUsed()) {
137		- $used++;
138		- }
139		- });
140		- return [
141		- 'enabled' => $total > 0,
142		- 'total' => $total,
143		- 'used' => $used,
144		- ];
145		- }
146		-
147		- /**
148		- * @param IUser $user
149		- * @param string $code
150		- * @return bool
151		- */
152		- public function validateCode(IUser $user, $code) {
153		- $dbCodes = $this->mapper->getBackupCodes($user);
154		-
155		- foreach ($dbCodes as $dbCode) {
156		- if (0 === (int) $dbCode->getUsed() && $this->hasher->verify($code, $dbCode->getCode())) {
157		- $dbCode->setUsed(1);
158		- $this->mapper->update($dbCode);
159		- return true;
160		- }
161		- }
162		- return false;
163		- }
	36	+ private static $CODE_LENGTH = 16;
	37	+
	38	+ /** @var BackupCodeMapper */
	39	+ private $mapper;
	40	+
	41	+ /** @var IHasher */
	42	+ private $hasher;
	43	+
	44	+ /** @var ISecureRandom */
	45	+ private $random;
	46	+
	47	+ /** @var IManager */
	48	+ private $activityManager;
	49	+
	50	+ /** @var ILogger */
	51	+ private $logger;
	52	+
	53	+ /**
	54	+ * @param BackupCodeMapper $mapper
	55	+ * @param ISecureRandom $random
	56	+ * @param IHasher $hasher
	57	+ * @param IManager $activityManager
	58	+ * @param ILogger $logger
	59	+ */
	60	+ public function __construct(BackupCodeMapper $mapper, ISecureRandom $random, IHasher $hasher,
	61	+ IManager $activityManager, ILogger $logger) {
	62	+ $this->mapper = $mapper;
	63	+ $this->hasher = $hasher;
	64	+ $this->random = $random;
	65	+ $this->activityManager = $activityManager;
	66	+ $this->logger = $logger;
	67	+ }
	68	+
	69	+ /**
	70	+ * @param IUser $user
	71	+ * @return string[]
	72	+ */
	73	+ public function createCodes(IUser $user, $number = 10) {
	74	+ $result = [];
	75	+
	76	+ // Delete existing ones
	77	+ $this->mapper->deleteCodes($user);
	78	+
	79	+ $uid = $user->getUID();
	80	+ foreach (range(1, min([$number, 20])) as $i) {
	81	+ $code = $this->random->generate(self::$CODE_LENGTH, ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_DIGITS);
	82	+
	83	+ $dbCode = new BackupCode();
	84	+ $dbCode->setUserId($uid);
	85	+ $dbCode->setCode($this->hasher->hash($code));
	86	+ $dbCode->setUsed(0);
	87	+ $this->mapper->insert($dbCode);
	88	+
	89	+ array_push($result, $code);
	90	+ }
	91	+
	92	+ $this->publishEvent($user, 'codes_generated');
	93	+
	94	+ return $result;
	95	+ }
	96	+
	97	+ /**
	98	+ * Push an event the user's activity stream
	99	+ *
	100	+ * @param IUser $user
	101	+ * @param string $event
	102	+ */
	103	+ private function publishEvent(IUser $user, $event) {
	104	+ $activity = $this->activityManager->generateEvent();
	105	+ $activity->setApp('twofactor_backupcodes')
	106	+ ->setType('security')
	107	+ ->setAuthor($user->getUID())
	108	+ ->setAffectedUser($user->getUID())
	109	+ ->setSubject($event);
	110	+ try {
	111	+ $this->activityManager->publish($activity);
	112	+ } catch (BadMethodCallException $e) {
	113	+ $this->logger->warning('could not publish backup code creation activity', ['app' => 'twofactor_backupcodes']);
	114	+ $this->logger->logException($e, ['app' => 'twofactor_backupcodes']);
	115	+ }
	116	+ }
	117	+
	118	+ /**
	119	+ * @param IUser $user
	120	+ * @return bool
	121	+ */
	122	+ public function hasBackupCodes(IUser $user) {
	123	+ $codes = $this->mapper->getBackupCodes($user);
	124	+ return count($codes) > 0;
	125	+ }
	126	+
	127	+ /**
	128	+ * @param IUser $user
	129	+ * @return array
	130	+ */
	131	+ public function getBackupCodesState(IUser $user) {
	132	+ $codes = $this->mapper->getBackupCodes($user);
	133	+ $total = count($codes);
	134	+ $used = 0;
	135	+ array_walk($codes, function (BackupCode $code) use (&$used) {
	136	+ if (1 === (int) $code->getUsed()) {
	137	+ $used++;
	138	+ }
	139	+ });
	140	+ return [
	141	+ 'enabled' => $total > 0,
	142	+ 'total' => $total,
	143	+ 'used' => $used,
	144	+ ];
	145	+ }
	146	+
	147	+ /**
	148	+ * @param IUser $user
	149	+ * @param string $code
	150	+ * @return bool
	151	+ */
	152	+ public function validateCode(IUser $user, $code) {
	153	+ $dbCodes = $this->mapper->getBackupCodes($user);
	154	+
	155	+ foreach ($dbCodes as $dbCode) {
	156	+ if (0 === (int) $dbCode->getUsed() && $this->hasher->verify($code, $dbCode->getCode())) {
	157	+ $dbCode->setUsed(1);
	158	+ $this->mapper->update($dbCode);
	159	+ return true;
	160	+ }
	161	+ }
	162	+ return false;
	163	+ }
164	164
165	165	}

nextcloud / server

Pull Request — master (#4894)

Status

Category

Indentation +203 added lines, -203 removed lines patch added patch discarded remove patch

Indentation +92 added lines, -92 removed lines patch added patch discarded remove patch

Indentation +26 added lines, -26 removed lines patch added patch discarded remove patch

Indentation +36 added lines, -36 removed lines patch added patch discarded remove patch

Indentation +26 added lines, -26 removed lines patch added patch discarded remove patch

Indentation +128 added lines, -128 removed lines patch added patch discarded remove patch