Add a TwoFactorException
A Two Factor third party App may throw a TwoFactorException() with a more detailed error message in case the authentication fails. The 2FA Controller will then display the message of this Exception to the user. Working on #26593 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This commit is contained in:
Cornelius Kölbel
Roeland Jago Douma
parent
c4e51fd055
commit
e077e01bf2
|
|
@ -26,6 +26,7 @@ namespace OC\Core\Controller;
|
|||
use OC\Authentication\TwoFactorAuth\Manager;
|
||||
use OC_User;
|
||||
use OC_Util;
|
||||
use OCP\Authentication\TwoFactorAuth\TwoFactorException;
|
||||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http\RedirectResponse;
|
||||
use OCP\AppFramework\Http\TemplateResponse;
|
||||
|
|
@ -115,9 +116,12 @@ class TwoFactorChallengeController extends Controller {
|
|||
$backupProvider = null;
|
||||
}
|
||||
|
||||
$error_message = "";
|
||||
if ($this->session->exists('two_factor_auth_error')) {
|
||||
$this->session->remove('two_factor_auth_error');
|
||||
$error = true;
|
||||
$error_message = $this->session->get("two_factor_auth_error_message");
|
||||
$this->session->remove('two_factor_auth_error_message');
|
||||
} else {
|
||||
$error = false;
|
||||
}
|
||||
|
|
@ -125,6 +129,7 @@ class TwoFactorChallengeController extends Controller {
|
|||
$tmpl->assign('redirect_url', $redirect_url);
|
||||
$data = [
|
||||
'error' => $error,
|
||||
'error_message' => $error_message,
|
||||
'provider' => $provider,
|
||||
'backupProvider' => $backupProvider,
|
||||
'logout_attribute' => $this->getLogoutAttribute(),
|
||||
|
|
@ -151,11 +156,21 @@ class TwoFactorChallengeController extends Controller {
|
|||
return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
|
||||
}
|
||||
|
||||
if ($this->twoFactorManager->verifyChallenge($challengeProviderId, $user, $challenge)) {
|
||||
if (!is_null($redirect_url)) {
|
||||
return new RedirectResponse($this->urlGenerator->getAbsoluteURL(urldecode($redirect_url)));
|
||||
try {
|
||||
if ($this->twoFactorManager->verifyChallenge($challengeProviderId, $user, $challenge)) {
|
||||
if (!is_null($redirect_url)) {
|
||||
return new RedirectResponse($this->urlGenerator->getAbsoluteURL(urldecode($redirect_url)));
|
||||
}
|
||||
return new RedirectResponse($this->urlGenerator->linkToRoute('files.view.index'));
|
||||
}
|
||||
return new RedirectResponse(OC_Util::getDefaultPageUrl());
|
||||
} catch (TwoFactorException $e) {
|
||||
/*
|
||||
* The 2FA App threw an TwoFactorException. Now we display more
|
||||
* information to the user. The exception text is stored in the
|
||||
* session to be used in showChallenge()
|
||||
*/
|
||||
$this->session->set('two_factor_auth_error_message',
|
||||
$e->getMessage());
|
||||
}
|
||||
|
||||
$this->session->set('two_factor_auth_error', true);
|
||||
|
|
|
|||
|
|
@ -3,6 +3,8 @@
|
|||
/** @var $_ array */
|
||||
/* @var $error boolean */
|
||||
$error = $_['error'];
|
||||
/* @var $error_message string */
|
||||
$error_message = $_['error_message'];
|
||||
/* @var $provider OCP\Authentication\TwoFactorAuth\IProvider */
|
||||
$provider = $_['provider'];
|
||||
/* @var $template string */
|
||||
|
|
@ -12,7 +14,11 @@ $template = $_['template'];
|
|||
<div class="warning">
|
||||
<h2 class="two-factor-header"><?php p($provider->getDisplayName()); ?></h2>
|
||||
<?php if ($error): ?>
|
||||
<p><strong><?php p($l->t('Error while validating your second factor')); ?></strong></p>
|
||||
<?php if($error_message): ?>
|
||||
<p><strong><?php p($error_message); ?></strong></p>
|
||||
<?php else: ?>
|
||||
<p><strong><?php p($l->t('Error while validating your second factor')); ?></strong></p>
|
||||
<?php endif; ?>
|
||||
<?php endif; ?>
|
||||
<?php print_unescaped($template); ?>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -0,0 +1,37 @@
|
|||
<?php
|
||||
/**
|
||||
* @author Cornelius Kölbel <cornelius.koelbel@netknights.it>
|
||||
*
|
||||
* @license AGPL-3.0
|
||||
*
|
||||
* This code is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License, version 3,
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
*
|
||||
* User: cornelius
|
||||
* Date: 14.11.16
|
||||
*/
|
||||
|
||||
/*
|
||||
* This is the public API of ownCloud. It defines an Exception a 2FA app can
|
||||
* throw in case of an error. The 2FA Controller will catch this exception and
|
||||
* display this error.
|
||||
*/
|
||||
|
||||
// use OCP namespace for all classes that are considered public.
|
||||
// This means that they should be used by apps instead of the internal ownCloud classes
|
||||
namespace OCP\Authentication\TwoFactorAuth;
|
||||
|
||||
/**
|
||||
* Two Factor Authentication failed
|
||||
* @since 9.2.0
|
||||
*/
|
||||
class TwoFactorException extends \Exception {}
|
||||
Loading…
Reference in New Issue