2018-09-29 19:57:00 +03:00
|
|
|
<?php
|
|
|
|
|
|
|
|
declare(strict_types=1);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @copyright 2018 Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
|
|
*
|
2019-12-03 21:57:53 +03:00
|
|
|
* @author Christoph Wurst <christoph@winzerhof-wurst.at>
|
2018-09-29 19:57:00 +03:00
|
|
|
*
|
|
|
|
* @license GNU AGPL version 3 or any later version
|
|
|
|
*
|
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU Affero General Public License as
|
|
|
|
* published by the Free Software Foundation, either version 3 of the
|
|
|
|
* License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Affero General Public License
|
2019-12-03 21:57:53 +03:00
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
2018-09-29 19:57:00 +03:00
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
namespace OC\Core\Command\TwoFactorAuth;
|
|
|
|
|
2018-10-11 13:20:18 +03:00
|
|
|
use function implode;
|
|
|
|
use OC\Authentication\TwoFactorAuth\EnforcementState;
|
2018-09-29 19:57:00 +03:00
|
|
|
use OC\Authentication\TwoFactorAuth\MandatoryTwoFactor;
|
|
|
|
use Symfony\Component\Console\Command\Command;
|
|
|
|
use Symfony\Component\Console\Input\InputInterface;
|
|
|
|
use Symfony\Component\Console\Input\InputOption;
|
|
|
|
use Symfony\Component\Console\Output\OutputInterface;
|
|
|
|
|
|
|
|
class Enforce extends Command {
|
|
|
|
|
|
|
|
/** @var MandatoryTwoFactor */
|
|
|
|
private $mandatoryTwoFactor;
|
|
|
|
|
|
|
|
public function __construct(MandatoryTwoFactor $mandatoryTwoFactor) {
|
|
|
|
parent::__construct();
|
|
|
|
|
|
|
|
$this->mandatoryTwoFactor = $mandatoryTwoFactor;
|
|
|
|
}
|
|
|
|
|
|
|
|
protected function configure() {
|
|
|
|
$this->setName('twofactorauth:enforce');
|
|
|
|
$this->setDescription('Enabled/disable enforced two-factor authentication');
|
|
|
|
$this->addOption(
|
|
|
|
'on',
|
|
|
|
null,
|
|
|
|
InputOption::VALUE_NONE,
|
|
|
|
'enforce two-factor authentication'
|
|
|
|
);
|
|
|
|
$this->addOption(
|
|
|
|
'off',
|
|
|
|
null,
|
|
|
|
InputOption::VALUE_NONE,
|
|
|
|
'don\'t enforce two-factor authenticaton'
|
|
|
|
);
|
2018-10-11 13:20:18 +03:00
|
|
|
$this->addOption(
|
|
|
|
'group',
|
|
|
|
null,
|
|
|
|
InputOption::VALUE_OPTIONAL | InputOption::VALUE_IS_ARRAY,
|
|
|
|
'enforce only for the given group(s)'
|
|
|
|
);
|
|
|
|
$this->addOption(
|
|
|
|
'exclude',
|
|
|
|
null,
|
|
|
|
InputOption::VALUE_OPTIONAL | InputOption::VALUE_IS_ARRAY,
|
|
|
|
'exclude mandatory two-factor auth for the given group(s)'
|
|
|
|
);
|
2018-09-29 19:57:00 +03:00
|
|
|
}
|
|
|
|
|
2020-06-26 15:54:51 +03:00
|
|
|
protected function execute(InputInterface $input, OutputInterface $output): int {
|
2018-09-29 19:57:00 +03:00
|
|
|
if ($input->getOption('on')) {
|
2018-10-11 13:20:18 +03:00
|
|
|
$enforcedGroups = $input->getOption('group');
|
|
|
|
$excludedGroups = $input->getOption('exclude');
|
|
|
|
$this->mandatoryTwoFactor->setState(new EnforcementState(true, $enforcedGroups, $excludedGroups));
|
2018-09-29 19:57:00 +03:00
|
|
|
} elseif ($input->getOption('off')) {
|
2018-10-11 13:20:18 +03:00
|
|
|
$this->mandatoryTwoFactor->setState(new EnforcementState(false));
|
2018-09-29 19:57:00 +03:00
|
|
|
}
|
|
|
|
|
2018-10-11 13:20:18 +03:00
|
|
|
$state = $this->mandatoryTwoFactor->getState();
|
|
|
|
if ($state->isEnforced()) {
|
|
|
|
$this->writeEnforced($output, $state);
|
2018-09-29 19:57:00 +03:00
|
|
|
} else {
|
|
|
|
$this->writeNotEnforced($output);
|
|
|
|
}
|
2020-06-26 15:54:51 +03:00
|
|
|
return 0;
|
2018-09-29 19:57:00 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @param OutputInterface $output
|
|
|
|
*/
|
2018-10-11 13:20:18 +03:00
|
|
|
protected function writeEnforced(OutputInterface $output, EnforcementState $state) {
|
|
|
|
if (empty($state->getEnforcedGroups())) {
|
|
|
|
$message = 'Two-factor authentication is enforced for all users';
|
|
|
|
} else {
|
|
|
|
$message = 'Two-factor authentication is enforced for members of the group(s) ' . implode(', ', $state->getEnforcedGroups());
|
|
|
|
}
|
|
|
|
if (!empty($state->getExcludedGroups())) {
|
|
|
|
$message .= ', except members of ' . implode(', ', $state->getExcludedGroups());
|
|
|
|
}
|
|
|
|
$output->writeln($message);
|
2018-09-29 19:57:00 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @param OutputInterface $output
|
|
|
|
*/
|
|
|
|
protected function writeNotEnforced(OutputInterface $output) {
|
|
|
|
$output->writeln('Two-factor authentication is not enforced');
|
|
|
|
}
|
|
|
|
}
|