Hide 2FA backup codes if no other 2FA providers are enabled
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
This commit is contained in:
Christoph Wurst
parent
94c2f12226
commit
d8b3fe460e
3 changed files with 112 additions and 9 deletions
|
|
@ -22,6 +22,7 @@
|
||||||
|
|
||||||
namespace OCA\TwoFactorBackupCodes\Provider;
|
namespace OCA\TwoFactorBackupCodes\Provider;
|
||||||
|
|
||||||
|
use OC\App\AppManager;
|
||||||
use OCA\TwoFactorBackupCodes\Service\BackupCodeStorage;
|
use OCA\TwoFactorBackupCodes\Service\BackupCodeStorage;
|
||||||
use OCP\Authentication\TwoFactorAuth\IProvider;
|
use OCP\Authentication\TwoFactorAuth\IProvider;
|
||||||
use OCP\IL10N;
|
use OCP\IL10N;
|
||||||
|
|
@ -30,15 +31,29 @@ use OCP\Template;
|
||||||
|
|
||||||
class BackupCodesProvider implements IProvider {
|
class BackupCodesProvider implements IProvider {
|
||||||
|
|
||||||
|
/** @var string */
|
||||||
|
private $appName;
|
||||||
|
|
||||||
/** @var BackupCodeStorage */
|
/** @var BackupCodeStorage */
|
||||||
private $storage;
|
private $storage;
|
||||||
|
|
||||||
/** @var IL10N */
|
/** @var IL10N */
|
||||||
private $l10n;
|
private $l10n;
|
||||||
|
|
||||||
public function __construct(BackupCodeStorage $storage, IL10N $l10n) {
|
/** @var AppManager */
|
||||||
|
private $appManager;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param string $appName
|
||||||
|
* @param BackupCodeStorage $storage
|
||||||
|
* @param IL10N $l10n
|
||||||
|
* @param AppManager $appManager
|
||||||
|
*/
|
||||||
|
public function __construct($appName, BackupCodeStorage $storage, IL10N $l10n, AppManager $appManager) {
|
||||||
|
$this->appName = $appName;
|
||||||
$this->l10n = $l10n;
|
$this->l10n = $l10n;
|
||||||
$this->storage = $storage;
|
$this->storage = $storage;
|
||||||
|
$this->appManager = $appManager;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -99,4 +114,28 @@ class BackupCodesProvider implements IProvider {
|
||||||
return $this->storage->hasBackupCodes($user);
|
return $this->storage->hasBackupCodes($user);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether backup codes should be active or not
|
||||||
|
*
|
||||||
|
* Backup codes only make sense if at least one 2FA provider is active,
|
||||||
|
* hence this method checks all enabled apps on whether they provide 2FA
|
||||||
|
* functionality or not. If there's at least one app, backup codes are
|
||||||
|
* enabled on the personal settings page.
|
||||||
|
*
|
||||||
|
* @param IUser $user
|
||||||
|
* @return boolean
|
||||||
|
*/
|
||||||
|
public function isActive(IUser $user) {
|
||||||
|
$appIds = array_filter($this->appManager->getEnabledAppsForUser($user), function($appId) {
|
||||||
|
return $appId !== $this->appName;
|
||||||
|
});
|
||||||
|
foreach ($appIds as $appId) {
|
||||||
|
$info = $this->appManager->getAppInfo($appId);
|
||||||
|
if (isset($info['two-factor-providers']) && count($info['two-factor-providers']) > 0) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,19 @@
|
||||||
<?php
|
<?php
|
||||||
// @codeCoverageIgnoreStart
|
|
||||||
$tmpl = new \OCP\Template('twofactor_backupcodes', 'personal');
|
|
||||||
|
|
||||||
return $tmpl->fetchPage();
|
use OCA\TwoFactorBackupCodes\Provider\BackupCodesProvider;
|
||||||
|
use OCP\Template;
|
||||||
|
|
||||||
|
// @codeCoverageIgnoreStart
|
||||||
|
|
||||||
|
/* @var $provider BackupCodesProvider */
|
||||||
|
$provider = OC::$server->query(BackupCodesProvider::class);
|
||||||
|
$user = OC::$server->getUserSession()->getUser();
|
||||||
|
|
||||||
|
if ($provider->isActive($user)) {
|
||||||
|
$tmpl = new Template('twofactor_backupcodes', 'personal');
|
||||||
|
return $tmpl->fetchPage();
|
||||||
|
} else {
|
||||||
|
return "";
|
||||||
|
}
|
||||||
|
|
||||||
// @codeCoverageIgnoreEnd
|
// @codeCoverageIgnoreEnd
|
||||||
|
|
|
||||||
|
|
@ -22,32 +22,41 @@
|
||||||
|
|
||||||
namespace OCA\TwoFactorBackupCodes\Tests\Unit\Provider;
|
namespace OCA\TwoFactorBackupCodes\Tests\Unit\Provider;
|
||||||
|
|
||||||
|
use OC\App\AppManager;
|
||||||
use OCA\TwoFactorBackupCodes\Provider\BackupCodesProvider;
|
use OCA\TwoFactorBackupCodes\Provider\BackupCodesProvider;
|
||||||
use OCA\TwoFactorBackupCodes\Service\BackupCodeStorage;
|
use OCA\TwoFactorBackupCodes\Service\BackupCodeStorage;
|
||||||
use OCP\IL10N;
|
use OCP\IL10N;
|
||||||
use OCP\IUser;
|
use OCP\IUser;
|
||||||
use OCP\Template;
|
use OCP\Template;
|
||||||
|
use PHPUnit_Framework_MockObject_MockObject;
|
||||||
use Test\TestCase;
|
use Test\TestCase;
|
||||||
|
|
||||||
class BackupCodesProviderTest extends TestCase {
|
class BackupCodesProviderTest extends TestCase {
|
||||||
|
|
||||||
|
/** @var string */
|
||||||
|
private $appName;
|
||||||
|
|
||||||
/** @var BackupCodeStorage|PHPUnit_Framework_MockObject_MockObject */
|
/** @var BackupCodeStorage|PHPUnit_Framework_MockObject_MockObject */
|
||||||
private $storage;
|
private $storage;
|
||||||
|
|
||||||
/** @var IL10N|PHPUnit_Framework_MockObject_MockObject */
|
/** @var IL10N|PHPUnit_Framework_MockObject_MockObject */
|
||||||
private $l10n;
|
private $l10n;
|
||||||
|
|
||||||
|
/** @var AppManager|PHPUnit_Framework_MockObject_MockObject */
|
||||||
|
private $appManager;
|
||||||
|
|
||||||
/** @var BackupCodesProvider */
|
/** @var BackupCodesProvider */
|
||||||
private $provider;
|
private $provider;
|
||||||
|
|
||||||
protected function setUp() {
|
protected function setUp() {
|
||||||
parent::setUp();
|
parent::setUp();
|
||||||
|
|
||||||
$this->storage = $this->getMockBuilder(BackupCodeStorage::class)
|
$this->appName = "twofactor_backupcodes";
|
||||||
->disableOriginalConstructor()
|
$this->storage = $this->createMock(BackupCodeStorage::class);
|
||||||
->getMock();
|
$this->l10n = $this->createMock(IL10N::class);
|
||||||
$this->l10n = $this->getMockBuilder(IL10N::class)->getMock();
|
$this->appManager = $this->createMock(AppManager::class);
|
||||||
$this->provider = new BackupCodesProvider($this->storage, $this->l10n);
|
|
||||||
|
$this->provider = new BackupCodesProvider($this->appName, $this->storage, $this->l10n, $this->appManager);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetId() {
|
public function testGetId() {
|
||||||
|
|
@ -100,4 +109,46 @@ class BackupCodesProviderTest extends TestCase {
|
||||||
$this->assertTrue($this->provider->isTwoFactorAuthEnabledForUser($user));
|
$this->assertTrue($this->provider->isTwoFactorAuthEnabledForUser($user));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testIsActiveNoProviders() {
|
||||||
|
$user = $this->getMockBuilder(IUser::class)->getMock();
|
||||||
|
|
||||||
|
$this->appManager->expects($this->once())
|
||||||
|
->method('getEnabledAppsForUser')
|
||||||
|
->with($user)
|
||||||
|
->willReturn([
|
||||||
|
'twofactor_backupcodes',
|
||||||
|
'mail',
|
||||||
|
]);
|
||||||
|
$this->appManager->expects($this->once())
|
||||||
|
->method('getAppInfo')
|
||||||
|
->with('mail')
|
||||||
|
->willReturn([
|
||||||
|
'two-factor-providers' => [],
|
||||||
|
]);
|
||||||
|
|
||||||
|
$this->assertFalse($this->provider->isActive($user));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testIsActiveWithProviders() {
|
||||||
|
$user = $this->getMockBuilder(IUser::class)->getMock();
|
||||||
|
|
||||||
|
$this->appManager->expects($this->once())
|
||||||
|
->method('getEnabledAppsForUser')
|
||||||
|
->with($user)
|
||||||
|
->willReturn([
|
||||||
|
'twofactor_backupcodes',
|
||||||
|
'twofactor_u2f',
|
||||||
|
]);
|
||||||
|
$this->appManager->expects($this->once())
|
||||||
|
->method('getAppInfo')
|
||||||
|
->with('twofactor_u2f')
|
||||||
|
->willReturn([
|
||||||
|
'two-factor-providers' => [
|
||||||
|
'OCA\TwoFactorU2F\Provider\U2FProvider',
|
||||||
|
],
|
||||||
|
]);
|
||||||
|
|
||||||
|
$this->assertTrue($this->provider->isActive($user));
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue