Commit graph

16 commits

Author SHA1 Message Date
Roeland Jago Douma
579162d7b9
Allow 2FA to be setup on first login
Once 2FA is enforced for a user and they have no 2FA setup yet this will
now prompt them with a setup screen. Given that providers are enabled
that allow setup then.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-05-17 10:11:53 +02:00
Christoph Wurst
ae2cd50427 Improve 2FA login screens
* Show icon if no provider is available
* Reduce shown text if no provider available
* Fix login button icons
* Make backup codes button primary if the only options to log in

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-03 22:16:54 +02:00
Christoph Wurst
335a461250 Fix design of 2FA login screens
* Fix rending of empty selection screen (ul missing)
* Fix rendering of backup codes inputs

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-03 15:31:23 +02:00
Christoph Wurst
feb5842a7d Restructure and redesign two-factor auth provider selection
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-01 23:58:54 +02:00
Christoph Wurst
26a4291d0d Add hint for locked accounts where 2FA is enforced but not configured
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-01 10:59:32 +02:00
Christoph Wurst
13d93f5b25
Make 2FA providers stateful
This adds persistence to the Nextcloud server 2FA logic so that the server
knows which 2FA providers are enabled for a specific user at any time, even
when the provider is not available.

The `IStatefulProvider` interface was added as tagging interface for providers
that are compatible with this new API.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-06-20 08:30:26 +02:00
Lukas Reschke
a04feff9a7
Properly allow \OCP\Authentication\IApacheBackend to specify logout URL
Any `\OCP\Authentication\IApacheBackend` previously had to implement `getLogoutAttribute` which returns a string.
This string is directly injected into the logout `<a>` tag, so returning something like `href="foo"` would result
in `<a href="foo">`.

This is rather error prone and also in Nextcloud 12 broken as the logout entry has been moved with
054e161eb5 inside the navigation manager where one cannot simply inject attributes.

Thus this feature is broken in Nextcloud 12 which effectively leads to the bug described at nextcloud/user_saml#112,
people cannot logout anymore when using SAML using SLO. Basically in case of SAML you have a SLO url which redirects
you to the IdP and properly logs you out there as well.

Instead of monkey patching the Navigation manager I decided to instead change `\OCP\Authentication\IApacheBackend` to
use `\OCP\Authentication\IApacheBackend::getLogoutUrl` instead where it can return a string with the appropriate logout
URL. Since this functionality is only prominently used in the SAML plugin. Any custom app would need a small change but
I'm not aware of any and there's simply no way to fix this properly otherwise.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-18 12:22:44 +02:00
Christoph Wurst
b15c11b93b
Use button instead of simple links
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-03-06 11:00:58 +01:00
Christoph Wurst
511df0ec99
Move log out and back codes link into 2fa box for better readability
Fixes https://github.com/nextcloud/server/issues/2538

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-03-06 10:48:26 +01:00
Christoph Wurst
8acb734854
add 2fa backup codes app
* add backup codes app unit tests
* add integration tests for the backup codes app
2016-09-05 08:51:13 +02:00
Christoph Wurst
78bb02d27a
list 2FA providers as buttons 2016-08-27 12:27:05 +02:00
Christoph Wurst
4a91673154
use centered h2 for 2FA page headers 2016-08-27 11:33:15 +02:00
Christoph Wurst
c93c5d142e
fix 2fa challenge page wording 2016-08-27 11:12:12 +02:00
Joas Schilling
3e3b326c85
Allow to cancel 2FA after login 2016-06-07 18:17:29 +02:00
Christoph Wurst
5e71d23ded
remember redirect_url when solving the 2FA challenge 2016-06-01 14:43:47 +02:00
Christoph Wurst
dfb4d426c2
Add two factor auth to core 2016-05-23 11:21:10 +02:00