mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Publish, parse and filter 2FA activities 

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
This commit is contained in:
Christoph Wurst 2016-12-13 10:30:08 +01:00
parent 9b71ee27ff
commit 7ae9442f3d
No known key found for this signature in database
GPG Key ID: CC42AC2A7F0E56D8
9 changed files with 516 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
apps/twofactor_backupcodes/appinfo/info.xml
View File

@ -16,4 +16,16 @@
<dependencies> <dependencies>
<nextcloud min-version="12" max-version="12" /> <nextcloud min-version="12" max-version="12" />
</dependencies> </dependencies>
<activity>
<filters>
<filter>OCA\TwoFactorBackupCodes\Activity\GenericFilter</filter>
</filters>
<settings>
<setting>OCA\TwoFactorBackupCodes\Activity\GenericSetting</setting>
</settings>
<providers>
<provider>OCA\TwoFactorBackupCodes\Activity\GenericProvider</provider>
</providers>
</activity>
</info> </info>

66
apps/twofactor_backupcodes/lib/Activity/GenericFilter.php Normal file
View File

@ -0,0 +1,66 @@
<?php
/**
* @author Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\TwoFactorBackupCodes\Activity;
use OCP\Activity\IFilter;
use OCP\IL10N;
use OCP\IURLGenerator;
class GenericFilter implements IFilter {
/** @var IURLGenerator */
private $urlGenerator;
/** @var IL10N */
private $l10n;
public function __construct(IURLGenerator $urlGenerator, IL10N $l10n) {
$this->urlGenerator = $urlGenerator;
$this->l10n = $l10n;
}
public function allowedApps() {
return null;
}
public function filterTypes(array $types) {
return array_intersect(['twofactor'], $types);
}
public function getIcon() {
return $this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg'));
}
public function getIdentifier() {
return 'twofactor';
}
public function getName() {
return $this->l10n->t('Two-factor authentication');
}
public function getPriority() {
return 30;
}
}

78
apps/twofactor_backupcodes/lib/Activity/GenericProvider.php Normal file
View File

@ -0,0 +1,78 @@
<?php
/**
* @author Christoph Wurst <christoph@winzerhof-wurst.at>
* @copyright Copyright (c) 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* Two-factor backup codes
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OCA\TwoFactorBackupCodes\Activity;
use InvalidArgumentException;
use OCP\Activity\IEvent;
use OCP\Activity\IProvider;
use OCP\ILogger;
use OCP\IURLGenerator;
use OCP\L10N\IFactory as L10nFactory;
class GenericProvider implements IProvider {
/** @var L10nFactory */
private $l10n;
/** @var IURLGenerator */
private $urlGenerator;
/** @var ILogger */
private $logger;
public function __construct(L10nFactory $l10n, IURLGenerator $urlGenerator, ILogger $logger) {
$this->logger = $logger;
$this->urlGenerator = $urlGenerator;
$this->l10n = $l10n;
}
public function parse($language, IEvent $event, IEvent $previousEvent = null) {
if ($event->getType() !== 'twofactor') {
throw new InvalidArgumentException();
}
$l = $this->l10n->get('core', $language);
switch ($event->getSubject()) {
case 'twofactor_success':
$params = $event->getSubjectParameters();
error_log(json_encode($params['provider']));
$event->setParsedSubject($l->t('You successfully logged in using two-factor authentication (%1$s)', [
$params['provider'],
]));
$event->setIcon($this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg')));
break;
case 'twofactor_failed':
$params = $event->getSubjectParameters();
$event->setParsedSubject($l->t('A login attempt using two-factor authenticatoin failed (%1$s)', [
$params['provider'],
]));
$event->setIcon($this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'actions/password.svg')));
break;
default:
throw new InvalidArgumentException();
}
return $event;
}
}

65
apps/twofactor_backupcodes/lib/Activity/GenericSetting.php Normal file
View File

@ -0,0 +1,65 @@
<?php
/**
* @author Christoph Wurst <christoph@winzerhof-wurst.at>
* @copyright Copyright (c) 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* Two-factor backup codes
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OCA\TwoFactorBackupCodes\Activity;
use OCP\Activity\ISetting;
use OCP\IL10N;
class GenericSetting implements ISetting {
/** @var IL10N */
private $l10n;
public function __construct(IL10N $l10n) {
$this->l10n = $l10n;
}
public function canChangeMail() {
return false;
}
public function canChangeStream() {
return false;
}
public function getIdentifier() {
return 'twofactor';
}
public function getName() {
return $this->l10n->t('Two-factor authentication');
}
public function getPriority() {
return 30;
}
public function isDefaultEnabledMail() {
return true;
}
public function isDefaultEnabledStream() {
return true;
}
}

84
apps/twofactor_backupcodes/tests/Unit/Activity/GenericFilterTest.php Normal file
View File

@ -0,0 +1,84 @@
<?php
/**
* @author Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\TwoFactorBackupCodes\Test\Unit\Activity;
use OCA\TwoFactorBackupCodes\Activity\GenericFilter;
use OCP\IL10N;
use OCP\IURLGenerator;
use Test\TestCase;
use function returnValue;
class GenericFilterTest extends TestCase {
private $urlGenerator;
private $l10n;
/** @var GenericFilter */
private $filter;
protected function setUp() {
parent::setUp();
$this->urlGenerator = $this->createMock(IURLGenerator::class);
$this->l10n = $this->createMock(IL10N::class);
$this->filter = new GenericFilter($this->urlGenerator, $this->l10n);
}
public function testAllowedApps() {
$this->assertEquals(0, $this->filter->allowedApps());
}
public function testFilterTypes() {
$this->assertEquals(['twofactor'], $this->filter->filterTypes(['comments', 'twofactor']));
}
public function testGetIcon() {
$this->urlGenerator->expects($this->once())
->method('imagePath')
->with('core', 'actions/password.svg')
->will($this->returnValue('path/to/icon.svg'));
$this->urlGenerator->expects($this->once())
->method('getAbsoluteURL')
->with('path/to/icon.svg')
->will($this->returnValue('abs/path/to/icon.svg'));
$this->assertEquals('abs/path/to/icon.svg', $this->filter->getIcon());
}
public function testGetIdentifier() {
$this->assertEquals('twofactor', $this->filter->getIdentifier());
}
public function testGetName() {
$this->l10n->expects($this->once())
->method('t')
->with('Two-factor authentication')
->will($this->returnValue('translated'));
$this->assertEquals('translated', $this->filter->getName());
}
public function testGetPriority() {
$this->assertEquals(30, $this->filter->getPriority());
}
}

106
apps/twofactor_backupcodes/tests/Unit/Activity/ProviderTest.php Normal file
View File

@ -0,0 +1,106 @@
<?php
/**
* @author Christoph Wurst <christoph@winzerhof-wurst.at>
* @copyright Copyright (c) 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* Two-factor backup codes
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OCA\TwoFactorBackupCodes\Test\Unit\Activity;
use InvalidArgumentException;
use OCA\TwoFactorBackupCodes\Activity\GenericProvider;
use OCP\Activity\IEvent;
use OCP\IL10N;
use OCP\ILogger;
use OCP\IURLGenerator;
use OCP\L10N\IFactory;
use Test\TestCase;
class ProviderTest extends TestCase {
private $l10n;
private $urlGenerator;
private $logger;
/** @var GenericProvider */
private $provider;
protected function setUp() {
parent::setUp();
$this->l10n = $this->createMock(IFactory::class);
$this->urlGenerator = $this->createMock(IURLGenerator::class);
$this->logger = $this->createMock(ILogger::class);
$this->provider = new GenericProvider($this->l10n, $this->urlGenerator, $this->logger);
}
public function testParseUnrelated() {
$lang = 'ru';
$event = $this->createMock(IEvent::class);
$event->expects($this->once())
->method('getType')
->will($this->returnValue('comments'));
$this->setExpectedException(InvalidArgumentException::class);
$this->provider->parse($lang, $event);
}
public function subjectData() {
return [
['twofactor_success'],
['twofactor_failed'],
];
}
/**
* @dataProvider subjectData
*/
public function testParse($subject) {
$lang = 'ru';
$event = $this->createMock(IEvent::class);
$l = $this->createMock(IL10N::class);
$event->expects($this->once())
->method('getType')
->will($this->returnValue('twofactor'));
$this->l10n->expects($this->once())
->method('get')
->with('core', $lang)
->will($this->returnValue($l));
$this->urlGenerator->expects($this->once())
->method('imagePath')
->with('core', 'actions/password.svg')
->will($this->returnValue('path/to/image'));
$this->urlGenerator->expects($this->once())
->method('getAbsoluteURL')
->with('path/to/image')
->will($this->returnValue('absolute/path/to/image'));
$event->expects($this->once())
->method('setIcon')
->with('absolute/path/to/image');
$event->expects($this->once())
->method('getSubject')
->will($this->returnValue($subject));
$event->expects($this->once())
->method('setParsedSubject');
$this->provider->parse($lang, $event);
}
}

73
apps/twofactor_backupcodes/tests/Unit/Activity/SettingTest.php Normal file
View File

@ -0,0 +1,73 @@
<?php
/**
* @author Christoph Wurst <christoph@winzerhof-wurst.at>
* @copyright Copyright (c) 2016 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* Two-factor backup codes
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OCA\TwoFactorBackupCodes\Test\Unit\Activity;
use OCA\TwoFactorBackupCodes\Activity\GenericSetting;
use OCP\IL10N;
use Test\TestCase;
class SettingTest extends TestCase {
private $l10n;
/** @var GenericSetting */
private $setting;
protected function setUp() {
parent::setUp();
$this->l10n = $this->createMock(IL10N::class);
$this->setting = new GenericSetting($this->l10n);
}
public function testCanChangeMail() {
$this->assertFalse($this->setting->canChangeMail());
}
public function testCanChangeStream() {
$this->assertFalse($this->setting->canChangeStream());
}
public function testGetIdentifier() {
$this->assertEquals('twofactor', $this->setting->getIdentifier());
}
public function testGetName() {
$this->l10n->expects($this->once())
->method('t')
->with('Two-factor authentication')
->will($this->returnValue('Zwei-Faktor-Authentifizierung'));
$this->assertEquals('Zwei-Faktor-Authentifizierung', $this->setting->getName());
}
public function testGetPriority() {
$this->assertEquals(30, $this->setting->getPriority());
}
public function testIsDefaultEnabled() {
$this->assertTrue($this->setting->isDefaultEnabledMail());
$this->assertTrue($this->setting->isDefaultEnabledStream());
}
}

32
lib/private/Authentication/TwoFactorAuth/Manager.php
View File

@ -1,4 +1,5 @@
<?php <?php
/** /**
* @copyright Copyright (c) 2016, ownCloud, Inc. * @copyright Copyright (c) 2016, ownCloud, Inc.
* *
@ -26,6 +27,7 @@ use Exception;
use OC; use OC;
use OC\App\AppManager; use OC\App\AppManager;
use OC_App; use OC_App;
use OCP\Activity\IManager;
use OCP\AppFramework\QueryException; use OCP\AppFramework\QueryException;
use OCP\Authentication\TwoFactorAuth\IProvider; use OCP\Authentication\TwoFactorAuth\IProvider;
use OCP\IConfig; use OCP\IConfig;
@ -48,15 +50,19 @@ class Manager {
/** @var IConfig */ /** @var IConfig */
private $config; private $config;
/** @var IManager */
private $activityManager;
/** /**
* @param AppManager $appManager * @param AppManager $appManager
* @param ISession $session * @param ISession $session
* @param IConfig $config * @param IConfig $config
*/ */
public function __construct(AppManager $appManager, ISession $session, IConfig $config) { public function __construct(AppManager $appManager, ISession $session, IConfig $config, IManager $activityManager) {
$this->appManager = $appManager; $this->appManager = $appManager;
$this->session = $session; $this->session = $session;
$this->config = $config; $this->config = $config;
$this->activityManager = $activityManager;
} }
/** /**
@ -184,10 +190,34 @@ class Manager {
} }
$this->session->remove(self::SESSION_UID_KEY); $this->session->remove(self::SESSION_UID_KEY);
$this->session->remove(self::REMEMBER_LOGIN); $this->session->remove(self::REMEMBER_LOGIN);
$this->publishEvent($user, 'twofactor_success', [
'provider' => $provider->getDisplayName(),
]);
} else {
$this->publishEvent($user, 'twofactor_failed', [
'provider' => $provider->getDisplayName(),
]);
} }
return $passed; return $passed;
} }
/**
* Push a 2fa event the user's activity stream
*
* @param IUser $user
* @param string $event
*/
private function publishEvent(IUser $user, $event, array $params) {
$activity = $this->activityManager->generateEvent();
$activity->setApp('twofactor_generic')
->setType('twofactor_generic')
->setAuthor($user->getUID())
->setAffectedUser($user->getUID());
$activity->setSubject($event, $params);
$this->activityManager->publish($activity);
}
/** /**
* Check if the currently logged in user needs to pass 2FA * Check if the currently logged in user needs to pass 2FA
* *

2
lib/private/Server.php
View File

@ -312,7 +312,7 @@ class Server extends ServerContainer implements IServerContainer {
}); });
$this->registerService(\OC\Authentication\TwoFactorAuth\Manager::class, function (Server $c) { $this->registerService(\OC\Authentication\TwoFactorAuth\Manager::class, function (Server $c) {
return new \OC\Authentication\TwoFactorAuth\Manager($c->getAppManager(), $c->getSession(), $c->getConfig()); return new \OC\Authentication\TwoFactorAuth\Manager($c->getAppManager(), $c->getSession(), $c->getConfig(), $c->getActivityManager());
}); });
$this->registerService('NavigationManager', function ($c) { $this->registerService('NavigationManager', function ($c) {