From 7ae9442f3d4cdb2a98ae680979d6fcb33350cc02 Mon Sep 17 00:00:00 2001 From: Christoph Wurst Date: Tue, 13 Dec 2016 10:30:08 +0100 Subject: [PATCH] Publish, parse and filter 2FA activities Signed-off-by: Christoph Wurst --- apps/twofactor_backupcodes/appinfo/info.xml | 12 ++ .../lib/Activity/GenericFilter.php | 66 +++++++++++ .../lib/Activity/GenericProvider.php | 78 +++++++++++++ .../lib/Activity/GenericSetting.php | 65 +++++++++++ .../tests/Unit/Activity/GenericFilterTest.php | 84 ++++++++++++++ .../tests/Unit/Activity/ProviderTest.php | 106 ++++++++++++++++++ .../tests/Unit/Activity/SettingTest.php | 73 ++++++++++++ .../Authentication/TwoFactorAuth/Manager.php | 32 +++++- lib/private/Server.php | 2 +- 9 files changed, 516 insertions(+), 2 deletions(-) create mode 100644 apps/twofactor_backupcodes/lib/Activity/GenericFilter.php create mode 100644 apps/twofactor_backupcodes/lib/Activity/GenericProvider.php create mode 100644 apps/twofactor_backupcodes/lib/Activity/GenericSetting.php create mode 100644 apps/twofactor_backupcodes/tests/Unit/Activity/GenericFilterTest.php create mode 100644 apps/twofactor_backupcodes/tests/Unit/Activity/ProviderTest.php create mode 100644 apps/twofactor_backupcodes/tests/Unit/Activity/SettingTest.php diff --git a/apps/twofactor_backupcodes/appinfo/info.xml b/apps/twofactor_backupcodes/appinfo/info.xml index 5f956c6a86..72e5e96736 100644 --- a/apps/twofactor_backupcodes/appinfo/info.xml +++ b/apps/twofactor_backupcodes/appinfo/info.xml @@ -16,4 +16,16 @@ + + + + OCA\TwoFactorBackupCodes\Activity\GenericFilter + + + OCA\TwoFactorBackupCodes\Activity\GenericSetting + + + OCA\TwoFactorBackupCodes\Activity\GenericProvider + + diff --git a/apps/twofactor_backupcodes/lib/Activity/GenericFilter.php b/apps/twofactor_backupcodes/lib/Activity/GenericFilter.php new file mode 100644 index 0000000000..f2b0ef6f23 --- /dev/null +++ b/apps/twofactor_backupcodes/lib/Activity/GenericFilter.php @@ -0,0 +1,66 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\TwoFactorBackupCodes\Activity; + +use OCP\Activity\IFilter; +use OCP\IL10N; +use OCP\IURLGenerator; + +class GenericFilter implements IFilter { + + /** @var IURLGenerator */ + private $urlGenerator; + + /** @var IL10N */ + private $l10n; + + public function __construct(IURLGenerator $urlGenerator, IL10N $l10n) { + $this->urlGenerator = $urlGenerator; + $this->l10n = $l10n; + } + + public function allowedApps() { + return null; + } + + public function filterTypes(array $types) { + return array_intersect(['twofactor'], $types); + } + + public function getIcon() { + return $this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg')); + } + + public function getIdentifier() { + return 'twofactor'; + } + + public function getName() { + return $this->l10n->t('Two-factor authentication'); + } + + public function getPriority() { + return 30; + } + +} diff --git a/apps/twofactor_backupcodes/lib/Activity/GenericProvider.php b/apps/twofactor_backupcodes/lib/Activity/GenericProvider.php new file mode 100644 index 0000000000..e7eebb1283 --- /dev/null +++ b/apps/twofactor_backupcodes/lib/Activity/GenericProvider.php @@ -0,0 +1,78 @@ + + * @copyright Copyright (c) 2016 Christoph Wurst + * + * Two-factor backup codes + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + +namespace OCA\TwoFactorBackupCodes\Activity; + +use InvalidArgumentException; +use OCP\Activity\IEvent; +use OCP\Activity\IProvider; +use OCP\ILogger; +use OCP\IURLGenerator; +use OCP\L10N\IFactory as L10nFactory; + +class GenericProvider implements IProvider { + + /** @var L10nFactory */ + private $l10n; + + /** @var IURLGenerator */ + private $urlGenerator; + + /** @var ILogger */ + private $logger; + + public function __construct(L10nFactory $l10n, IURLGenerator $urlGenerator, ILogger $logger) { + $this->logger = $logger; + $this->urlGenerator = $urlGenerator; + $this->l10n = $l10n; + } + + public function parse($language, IEvent $event, IEvent $previousEvent = null) { + if ($event->getType() !== 'twofactor') { + throw new InvalidArgumentException(); + } + + $l = $this->l10n->get('core', $language); + + switch ($event->getSubject()) { + case 'twofactor_success': + $params = $event->getSubjectParameters(); + error_log(json_encode($params['provider'])); + $event->setParsedSubject($l->t('You successfully logged in using two-factor authentication (%1$s)', [ + $params['provider'], + ])); + $event->setIcon($this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg'))); + break; + case 'twofactor_failed': + $params = $event->getSubjectParameters(); + $event->setParsedSubject($l->t('A login attempt using two-factor authenticatoin failed (%1$s)', [ + $params['provider'], + ])); + $event->setIcon($this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg'))); + break; + default: + throw new InvalidArgumentException(); + } + return $event; + } + +} diff --git a/apps/twofactor_backupcodes/lib/Activity/GenericSetting.php b/apps/twofactor_backupcodes/lib/Activity/GenericSetting.php new file mode 100644 index 0000000000..abd1c60f1d --- /dev/null +++ b/apps/twofactor_backupcodes/lib/Activity/GenericSetting.php @@ -0,0 +1,65 @@ + + * @copyright Copyright (c) 2016 Christoph Wurst + * + * Two-factor backup codes + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + +namespace OCA\TwoFactorBackupCodes\Activity; + +use OCP\Activity\ISetting; +use OCP\IL10N; + +class GenericSetting implements ISetting { + + /** @var IL10N */ + private $l10n; + + public function __construct(IL10N $l10n) { + $this->l10n = $l10n; + } + + public function canChangeMail() { + return false; + } + + public function canChangeStream() { + return false; + } + + public function getIdentifier() { + return 'twofactor'; + } + + public function getName() { + return $this->l10n->t('Two-factor authentication'); + } + + public function getPriority() { + return 30; + } + + public function isDefaultEnabledMail() { + return true; + } + + public function isDefaultEnabledStream() { + return true; + } + +} diff --git a/apps/twofactor_backupcodes/tests/Unit/Activity/GenericFilterTest.php b/apps/twofactor_backupcodes/tests/Unit/Activity/GenericFilterTest.php new file mode 100644 index 0000000000..a367a18fe9 --- /dev/null +++ b/apps/twofactor_backupcodes/tests/Unit/Activity/GenericFilterTest.php @@ -0,0 +1,84 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OCA\TwoFactorBackupCodes\Test\Unit\Activity; + +use OCA\TwoFactorBackupCodes\Activity\GenericFilter; +use OCP\IL10N; +use OCP\IURLGenerator; +use Test\TestCase; +use function returnValue; + +class GenericFilterTest extends TestCase { + + private $urlGenerator; + private $l10n; + + /** @var GenericFilter */ + private $filter; + + protected function setUp() { + parent::setUp(); + + $this->urlGenerator = $this->createMock(IURLGenerator::class); + $this->l10n = $this->createMock(IL10N::class); + + $this->filter = new GenericFilter($this->urlGenerator, $this->l10n); + } + + public function testAllowedApps() { + $this->assertEquals(0, $this->filter->allowedApps()); + } + + public function testFilterTypes() { + $this->assertEquals(['twofactor'], $this->filter->filterTypes(['comments', 'twofactor'])); + } + + public function testGetIcon() { + $this->urlGenerator->expects($this->once()) + ->method('imagePath') + ->with('core', 'actions/password.svg') + ->will($this->returnValue('path/to/icon.svg')); + $this->urlGenerator->expects($this->once()) + ->method('getAbsoluteURL') + ->with('path/to/icon.svg') + ->will($this->returnValue('abs/path/to/icon.svg')); + $this->assertEquals('abs/path/to/icon.svg', $this->filter->getIcon()); + } + + public function testGetIdentifier() { + $this->assertEquals('twofactor', $this->filter->getIdentifier()); + } + + public function testGetName() { + $this->l10n->expects($this->once()) + ->method('t') + ->with('Two-factor authentication') + ->will($this->returnValue('translated')); + $this->assertEquals('translated', $this->filter->getName()); + } + + public function testGetPriority() { + $this->assertEquals(30, $this->filter->getPriority()); + } + +} diff --git a/apps/twofactor_backupcodes/tests/Unit/Activity/ProviderTest.php b/apps/twofactor_backupcodes/tests/Unit/Activity/ProviderTest.php new file mode 100644 index 0000000000..36e85ec187 --- /dev/null +++ b/apps/twofactor_backupcodes/tests/Unit/Activity/ProviderTest.php @@ -0,0 +1,106 @@ + + * @copyright Copyright (c) 2016 Christoph Wurst + * + * Two-factor backup codes + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + +namespace OCA\TwoFactorBackupCodes\Test\Unit\Activity; + +use InvalidArgumentException; +use OCA\TwoFactorBackupCodes\Activity\GenericProvider; +use OCP\Activity\IEvent; +use OCP\IL10N; +use OCP\ILogger; +use OCP\IURLGenerator; +use OCP\L10N\IFactory; +use Test\TestCase; + +class ProviderTest extends TestCase { + + private $l10n; + private $urlGenerator; + private $logger; + + /** @var GenericProvider */ + private $provider; + + protected function setUp() { + parent::setUp(); + + $this->l10n = $this->createMock(IFactory::class); + $this->urlGenerator = $this->createMock(IURLGenerator::class); + $this->logger = $this->createMock(ILogger::class); + + $this->provider = new GenericProvider($this->l10n, $this->urlGenerator, $this->logger); + } + + public function testParseUnrelated() { + $lang = 'ru'; + $event = $this->createMock(IEvent::class); + $event->expects($this->once()) + ->method('getType') + ->will($this->returnValue('comments')); + $this->setExpectedException(InvalidArgumentException::class); + + $this->provider->parse($lang, $event); + } + + public function subjectData() { + return [ + ['twofactor_success'], + ['twofactor_failed'], + ]; + } + + /** + * @dataProvider subjectData + */ + public function testParse($subject) { + $lang = 'ru'; + $event = $this->createMock(IEvent::class); + $l = $this->createMock(IL10N::class); + + $event->expects($this->once()) + ->method('getType') + ->will($this->returnValue('twofactor')); + $this->l10n->expects($this->once()) + ->method('get') + ->with('core', $lang) + ->will($this->returnValue($l)); + $this->urlGenerator->expects($this->once()) + ->method('imagePath') + ->with('core', 'actions/password.svg') + ->will($this->returnValue('path/to/image')); + $this->urlGenerator->expects($this->once()) + ->method('getAbsoluteURL') + ->with('path/to/image') + ->will($this->returnValue('absolute/path/to/image')); + $event->expects($this->once()) + ->method('setIcon') + ->with('absolute/path/to/image'); + $event->expects($this->once()) + ->method('getSubject') + ->will($this->returnValue($subject)); + $event->expects($this->once()) + ->method('setParsedSubject'); + + $this->provider->parse($lang, $event); + } + +} diff --git a/apps/twofactor_backupcodes/tests/Unit/Activity/SettingTest.php b/apps/twofactor_backupcodes/tests/Unit/Activity/SettingTest.php new file mode 100644 index 0000000000..2f6aed040f --- /dev/null +++ b/apps/twofactor_backupcodes/tests/Unit/Activity/SettingTest.php @@ -0,0 +1,73 @@ + + * @copyright Copyright (c) 2016 Christoph Wurst + * + * Two-factor backup codes + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + +namespace OCA\TwoFactorBackupCodes\Test\Unit\Activity; + +use OCA\TwoFactorBackupCodes\Activity\GenericSetting; +use OCP\IL10N; +use Test\TestCase; + +class SettingTest extends TestCase { + + private $l10n; + + /** @var GenericSetting */ + private $setting; + + protected function setUp() { + parent::setUp(); + + $this->l10n = $this->createMock(IL10N::class); + + $this->setting = new GenericSetting($this->l10n); + } + + public function testCanChangeMail() { + $this->assertFalse($this->setting->canChangeMail()); + } + + public function testCanChangeStream() { + $this->assertFalse($this->setting->canChangeStream()); + } + + public function testGetIdentifier() { + $this->assertEquals('twofactor', $this->setting->getIdentifier()); + } + + public function testGetName() { + $this->l10n->expects($this->once()) + ->method('t') + ->with('Two-factor authentication') + ->will($this->returnValue('Zwei-Faktor-Authentifizierung')); + $this->assertEquals('Zwei-Faktor-Authentifizierung', $this->setting->getName()); + } + + public function testGetPriority() { + $this->assertEquals(30, $this->setting->getPriority()); + } + + public function testIsDefaultEnabled() { + $this->assertTrue($this->setting->isDefaultEnabledMail()); + $this->assertTrue($this->setting->isDefaultEnabledStream()); + } + +} diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php index 48792aa685..297e69fac9 100644 --- a/lib/private/Authentication/TwoFactorAuth/Manager.php +++ b/lib/private/Authentication/TwoFactorAuth/Manager.php @@ -1,4 +1,5 @@ appManager = $appManager; $this->session = $session; $this->config = $config; + $this->activityManager = $activityManager; } /** @@ -184,10 +190,34 @@ class Manager { } $this->session->remove(self::SESSION_UID_KEY); $this->session->remove(self::REMEMBER_LOGIN); + + $this->publishEvent($user, 'twofactor_success', [ + 'provider' => $provider->getDisplayName(), + ]); + } else { + $this->publishEvent($user, 'twofactor_failed', [ + 'provider' => $provider->getDisplayName(), + ]); } return $passed; } + /** + * Push a 2fa event the user's activity stream + * + * @param IUser $user + * @param string $event + */ + private function publishEvent(IUser $user, $event, array $params) { + $activity = $this->activityManager->generateEvent(); + $activity->setApp('twofactor_generic') + ->setType('twofactor_generic') + ->setAuthor($user->getUID()) + ->setAffectedUser($user->getUID()); + $activity->setSubject($event, $params); + $this->activityManager->publish($activity); + } + /** * Check if the currently logged in user needs to pass 2FA * diff --git a/lib/private/Server.php b/lib/private/Server.php index 969e5a25b9..d51ae7d865 100644 --- a/lib/private/Server.php +++ b/lib/private/Server.php @@ -312,7 +312,7 @@ class Server extends ServerContainer implements IServerContainer { }); $this->registerService(\OC\Authentication\TwoFactorAuth\Manager::class, function (Server $c) { - return new \OC\Authentication\TwoFactorAuth\Manager($c->getAppManager(), $c->getSession(), $c->getConfig()); + return new \OC\Authentication\TwoFactorAuth\Manager($c->getAppManager(), $c->getSession(), $c->getConfig(), $c->getActivityManager()); }); $this->registerService('NavigationManager', function ($c) {