Hide 2FA backup codes if no other 2FA providers are enabled
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
This commit is contained in:
parent
94c2f12226
commit
d8b3fe460e
3 changed files with 112 additions and 9 deletions
|
@ -22,6 +22,7 @@
|
|||
|
||||
namespace OCA\TwoFactorBackupCodes\Provider;
|
||||
|
||||
use OC\App\AppManager;
|
||||
use OCA\TwoFactorBackupCodes\Service\BackupCodeStorage;
|
||||
use OCP\Authentication\TwoFactorAuth\IProvider;
|
||||
use OCP\IL10N;
|
||||
|
@ -30,15 +31,29 @@ use OCP\Template;
|
|||
|
||||
class BackupCodesProvider implements IProvider {
|
||||
|
||||
/** @var string */
|
||||
private $appName;
|
||||
|
||||
/** @var BackupCodeStorage */
|
||||
private $storage;
|
||||
|
||||
/** @var IL10N */
|
||||
private $l10n;
|
||||
|
||||
public function __construct(BackupCodeStorage $storage, IL10N $l10n) {
|
||||
/** @var AppManager */
|
||||
private $appManager;
|
||||
|
||||
/**
|
||||
* @param string $appName
|
||||
* @param BackupCodeStorage $storage
|
||||
* @param IL10N $l10n
|
||||
* @param AppManager $appManager
|
||||
*/
|
||||
public function __construct($appName, BackupCodeStorage $storage, IL10N $l10n, AppManager $appManager) {
|
||||
$this->appName = $appName;
|
||||
$this->l10n = $l10n;
|
||||
$this->storage = $storage;
|
||||
$this->appManager = $appManager;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -99,4 +114,28 @@ class BackupCodesProvider implements IProvider {
|
|||
return $this->storage->hasBackupCodes($user);
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether backup codes should be active or not
|
||||
*
|
||||
* Backup codes only make sense if at least one 2FA provider is active,
|
||||
* hence this method checks all enabled apps on whether they provide 2FA
|
||||
* functionality or not. If there's at least one app, backup codes are
|
||||
* enabled on the personal settings page.
|
||||
*
|
||||
* @param IUser $user
|
||||
* @return boolean
|
||||
*/
|
||||
public function isActive(IUser $user) {
|
||||
$appIds = array_filter($this->appManager->getEnabledAppsForUser($user), function($appId) {
|
||||
return $appId !== $this->appName;
|
||||
});
|
||||
foreach ($appIds as $appId) {
|
||||
$info = $this->appManager->getAppInfo($appId);
|
||||
if (isset($info['two-factor-providers']) && count($info['two-factor-providers']) > 0) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -1,6 +1,19 @@
|
|||
<?php
|
||||
// @codeCoverageIgnoreStart
|
||||
$tmpl = new \OCP\Template('twofactor_backupcodes', 'personal');
|
||||
|
||||
return $tmpl->fetchPage();
|
||||
use OCA\TwoFactorBackupCodes\Provider\BackupCodesProvider;
|
||||
use OCP\Template;
|
||||
|
||||
// @codeCoverageIgnoreStart
|
||||
|
||||
/* @var $provider BackupCodesProvider */
|
||||
$provider = OC::$server->query(BackupCodesProvider::class);
|
||||
$user = OC::$server->getUserSession()->getUser();
|
||||
|
||||
if ($provider->isActive($user)) {
|
||||
$tmpl = new Template('twofactor_backupcodes', 'personal');
|
||||
return $tmpl->fetchPage();
|
||||
} else {
|
||||
return "";
|
||||
}
|
||||
|
||||
// @codeCoverageIgnoreEnd
|
||||
|
|
|
@ -22,32 +22,41 @@
|
|||
|
||||
namespace OCA\TwoFactorBackupCodes\Tests\Unit\Provider;
|
||||
|
||||
use OC\App\AppManager;
|
||||
use OCA\TwoFactorBackupCodes\Provider\BackupCodesProvider;
|
||||
use OCA\TwoFactorBackupCodes\Service\BackupCodeStorage;
|
||||
use OCP\IL10N;
|
||||
use OCP\IUser;
|
||||
use OCP\Template;
|
||||
use PHPUnit_Framework_MockObject_MockObject;
|
||||
use Test\TestCase;
|
||||
|
||||
class BackupCodesProviderTest extends TestCase {
|
||||
|
||||
/** @var string */
|
||||
private $appName;
|
||||
|
||||
/** @var BackupCodeStorage|PHPUnit_Framework_MockObject_MockObject */
|
||||
private $storage;
|
||||
|
||||
/** @var IL10N|PHPUnit_Framework_MockObject_MockObject */
|
||||
private $l10n;
|
||||
|
||||
/** @var AppManager|PHPUnit_Framework_MockObject_MockObject */
|
||||
private $appManager;
|
||||
|
||||
/** @var BackupCodesProvider */
|
||||
private $provider;
|
||||
|
||||
protected function setUp() {
|
||||
parent::setUp();
|
||||
|
||||
$this->storage = $this->getMockBuilder(BackupCodeStorage::class)
|
||||
->disableOriginalConstructor()
|
||||
->getMock();
|
||||
$this->l10n = $this->getMockBuilder(IL10N::class)->getMock();
|
||||
$this->provider = new BackupCodesProvider($this->storage, $this->l10n);
|
||||
$this->appName = "twofactor_backupcodes";
|
||||
$this->storage = $this->createMock(BackupCodeStorage::class);
|
||||
$this->l10n = $this->createMock(IL10N::class);
|
||||
$this->appManager = $this->createMock(AppManager::class);
|
||||
|
||||
$this->provider = new BackupCodesProvider($this->appName, $this->storage, $this->l10n, $this->appManager);
|
||||
}
|
||||
|
||||
public function testGetId() {
|
||||
|
@ -100,4 +109,46 @@ class BackupCodesProviderTest extends TestCase {
|
|||
$this->assertTrue($this->provider->isTwoFactorAuthEnabledForUser($user));
|
||||
}
|
||||
|
||||
public function testIsActiveNoProviders() {
|
||||
$user = $this->getMockBuilder(IUser::class)->getMock();
|
||||
|
||||
$this->appManager->expects($this->once())
|
||||
->method('getEnabledAppsForUser')
|
||||
->with($user)
|
||||
->willReturn([
|
||||
'twofactor_backupcodes',
|
||||
'mail',
|
||||
]);
|
||||
$this->appManager->expects($this->once())
|
||||
->method('getAppInfo')
|
||||
->with('mail')
|
||||
->willReturn([
|
||||
'two-factor-providers' => [],
|
||||
]);
|
||||
|
||||
$this->assertFalse($this->provider->isActive($user));
|
||||
}
|
||||
|
||||
public function testIsActiveWithProviders() {
|
||||
$user = $this->getMockBuilder(IUser::class)->getMock();
|
||||
|
||||
$this->appManager->expects($this->once())
|
||||
->method('getEnabledAppsForUser')
|
||||
->with($user)
|
||||
->willReturn([
|
||||
'twofactor_backupcodes',
|
||||
'twofactor_u2f',
|
||||
]);
|
||||
$this->appManager->expects($this->once())
|
||||
->method('getAppInfo')
|
||||
->with('twofactor_u2f')
|
||||
->willReturn([
|
||||
'two-factor-providers' => [
|
||||
'OCA\TwoFactorU2F\Provider\U2FProvider',
|
||||
],
|
||||
]);
|
||||
|
||||
$this->assertTrue($this->provider->isActive($user));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue