102f700d96
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
180 lines
5 KiB
PHP
180 lines
5 KiB
PHP
<?php
|
|
/**
|
|
* @copyright Copyright (c) 2017 Arthur Schiwon <blizzz@arthur-schiwon.de>
|
|
*
|
|
* @author Arthur Schiwon <blizzz@arthur-schiwon.de>
|
|
*
|
|
* @license GNU AGPL version 3 or any later version
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License as
|
|
* published by the Free Software Foundation, either version 3 of the
|
|
* License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*
|
|
*/
|
|
|
|
namespace OC\Settings\Personal;
|
|
|
|
|
|
use function array_filter;
|
|
use function array_map;
|
|
use function is_null;
|
|
use OC\Authentication\Exceptions\InvalidTokenException;
|
|
use OC\Authentication\Token\INamedToken;
|
|
use OC\Authentication\Token\IProvider as IAuthTokenProvider;
|
|
use OC\Authentication\Token\IToken;
|
|
use OC\Authentication\TwoFactorAuth\Manager as TwoFactorManager;
|
|
use OC\Authentication\TwoFactorAuth\ProviderLoader;
|
|
use OCP\AppFramework\Http\TemplateResponse;
|
|
use OCP\Authentication\TwoFactorAuth\IProvider;
|
|
use OCP\Authentication\TwoFactorAuth\IProvidesPersonalSettings;
|
|
use OCP\IInitialStateService;
|
|
use OCP\ISession;
|
|
use OCP\IUserManager;
|
|
use OCP\IUserSession;
|
|
use OCP\Session\Exceptions\SessionNotAvailableException;
|
|
use OCP\Settings\ISettings;
|
|
|
|
class Security implements ISettings {
|
|
|
|
/** @var IUserManager */
|
|
private $userManager;
|
|
|
|
/** @var TwoFactorManager */
|
|
private $twoFactorManager;
|
|
|
|
/** @var IAuthTokenProvider */
|
|
private $tokenProvider;
|
|
|
|
/** @var ProviderLoader */
|
|
private $providerLoader;
|
|
|
|
/** @var IUserSession */
|
|
private $userSession;
|
|
|
|
/** @var ISession */
|
|
private $session;
|
|
|
|
/** @var IInitialStateService */
|
|
private $initialStateService;
|
|
/**
|
|
* @var string|null
|
|
*/
|
|
private $uid;
|
|
|
|
public function __construct(IUserManager $userManager,
|
|
TwoFactorManager $providerManager,
|
|
IAuthTokenProvider $tokenProvider,
|
|
ProviderLoader $providerLoader,
|
|
IUserSession $userSession,
|
|
ISession $session,
|
|
IInitialStateService $initialStateService,
|
|
?string $UserId) {
|
|
$this->userManager = $userManager;
|
|
$this->twoFactorManager = $providerManager;
|
|
$this->tokenProvider = $tokenProvider;
|
|
$this->providerLoader = $providerLoader;
|
|
$this->userSession = $userSession;
|
|
$this->session = $session;
|
|
$this->initialStateService = $initialStateService;
|
|
$this->uid = $UserId;
|
|
}
|
|
|
|
/**
|
|
* @return TemplateResponse returns the instance with all parameters set, ready to be rendered
|
|
* @since 9.1
|
|
*/
|
|
public function getForm() {
|
|
$user = $this->userManager->get($this->uid);
|
|
$passwordChangeSupported = false;
|
|
if ($user !== null) {
|
|
$passwordChangeSupported = $user->canChangePassword();
|
|
}
|
|
|
|
$this->initialStateService->provideInitialState(
|
|
'settings',
|
|
'app_tokens',
|
|
$this->getAppTokens()
|
|
);
|
|
|
|
return new TemplateResponse('settings', 'settings/personal/security', [
|
|
'passwordChangeSupported' => $passwordChangeSupported,
|
|
'twoFactorProviderData' => $this->getTwoFactorProviderData(),
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* @return string the section ID, e.g. 'sharing'
|
|
* @since 9.1
|
|
*/
|
|
public function getSection() {
|
|
return 'security';
|
|
}
|
|
|
|
/**
|
|
* @return int whether the form should be rather on the top or bottom of
|
|
* the admin section. The forms are arranged in ascending order of the
|
|
* priority values. It is required to return a value between 0 and 100.
|
|
*
|
|
* E.g.: 70
|
|
* @since 9.1
|
|
*/
|
|
public function getPriority() {
|
|
return 10;
|
|
}
|
|
|
|
private function getTwoFactorProviderData(): array {
|
|
$user = $this->userSession->getUser();
|
|
if (is_null($user)) {
|
|
// Actually impossible, but still …
|
|
return [];
|
|
}
|
|
|
|
return [
|
|
'providers' => array_map(function (IProvidesPersonalSettings $provider) use ($user) {
|
|
return [
|
|
'provider' => $provider,
|
|
'settings' => $provider->getPersonalSettings($user)
|
|
];
|
|
}, array_filter($this->providerLoader->getProviders($user), function (IProvider $provider) {
|
|
return $provider instanceof IProvidesPersonalSettings;
|
|
}))
|
|
];
|
|
}
|
|
|
|
private function getAppTokens(): array {
|
|
$tokens = $this->tokenProvider->getTokenByUser($this->uid);
|
|
|
|
try {
|
|
$sessionId = $this->session->getId();
|
|
} catch (SessionNotAvailableException $ex) {
|
|
return [];
|
|
}
|
|
try {
|
|
$sessionToken = $this->tokenProvider->getToken($sessionId);
|
|
} catch (InvalidTokenException $ex) {
|
|
return [];
|
|
}
|
|
|
|
return array_map(function (IToken $token) use ($sessionToken) {
|
|
$data = $token->jsonSerialize();
|
|
$data['canDelete'] = true;
|
|
$data['canRename'] = $token instanceof INamedToken;
|
|
if ($sessionToken->getId() === $token->getId()) {
|
|
$data['canDelete'] = false;
|
|
$data['canRename'] = false;
|
|
$data['current'] = true;
|
|
}
|
|
return $data;
|
|
}, $tokens);
|
|
}
|
|
|
|
}
|