Commit Graph

33 Commits

Author SHA1 Message Date
Roeland Jago Douma 3c5cf825b3 Add real events for enabled 2fa providers for users
* Shiny new events
* Listener to still emit the old event

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-03-22 20:57:10 +01:00
Christoph Wurst 99d525eb36
Convert 2FA token type to string
The IConfig service is documented to handle its data as strings, hence
this changes the code a bit to ensure we store keys as string and
convert them back when reading.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2021-01-22 14:09:37 +01:00
Joas Schilling 49ff48fcd3
Use PSR logger in authentication
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-10-12 22:07:04 +02:00
Christoph Wurst 14c996d982
Use elseif instead of else if
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 10:35:09 +02:00
Christoph Wurst 463b388589
Merge pull request #20170 from nextcloud/techdebt/remove-unused-imports
Remove unused imports
2020-03-27 17:14:08 +01:00
Christoph Wurst 2ee65f177e
Use the shorter phpunit syntax for mocked return values
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-25 22:21:27 +01:00
Christoph Wurst 74936c49ea
Remove unused imports
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-25 22:08:08 +01:00
Roeland Jago Douma c007ca624f
Make phpunit8 compatible
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-27 13:34:41 +01:00
Roeland Jago Douma 579162d7b9
Allow 2FA to be setup on first login
Once 2FA is enforced for a user and they have no 2FA setup yet this will
now prompt them with a setup screen. Given that providers are enabled
that allow setup then.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-05-17 10:11:53 +02:00
Christoph Wurst 83e994c11f
Make it possible to enforce mandatory 2FA for groups
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-15 08:22:52 +02:00
Christoph Wurst 259c0ce11d
Add mandatory 2FA service/class
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-09-30 11:47:29 +02:00
Christoph Wurst 7586b19e52
Only allow 2FA state changs if providers support the operation
Ref https://github.com/nextcloud/server/issues/11019.

Add `twofactorauth:cleanup` command

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-09-25 09:54:20 +02:00
Christoph Wurst 5c70aa2a22
Remove unused import
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-08-10 09:30:17 +02:00
Christoph Wurst 1124b87bc0
Fix 2FA being enforced if only backup codes provider is active
Fixes https://github.com/nextcloud/server/issues/10634.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-08-10 09:26:40 +02:00
Christoph Wurst d248a0bd1e
Fix 2FA provider registry population on login
If the 2FA provider registry has not been populated yet, we have to make
sure all available providers are loaded and queried on login. Otherwise
previously active 2FA providers aren't detected as enabled.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-08-08 06:57:52 +02:00
Christoph Wurst 13d93f5b25
Make 2FA providers stateful
This adds persistence to the Nextcloud server 2FA logic so that the server
knows which 2FA providers are enabled for a specific user at any time, even
when the provider is not available.

The `IStatefulProvider` interface was added as tagging interface for providers
that are compatible with this new API.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-06-20 08:30:26 +02:00
Julius Härtl 372e06d742
Add all parameters to returnValueMap
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-01-31 14:15:12 +01:00
Roeland Jago Douma c92eff919e
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-25 13:25:09 +01:00
Roeland Jago Douma 9163cf9241
Fix AppPassword 2FA auth
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-12 22:28:43 +02:00
Roeland Jago Douma b96485b6bd
Fix login with basic auth
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-05 12:24:41 +02:00
Roeland Jago Douma 84b7022118
Improve 2FA
* Store the auth state in the session so we don't have to query it every
time.
* Added some tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-29 20:27:36 +02:00
Roeland Jago Douma e43649e67e
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-05-18 22:10:57 +02:00
Joas Schilling 5695a4ec92
Don't do a recursive search
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-22 10:44:13 +01:00
Christoph Wurst 88b7d033df fix 2fa activities tests
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-12-20 15:23:36 +01:00
Christoph Wurst d907666232
bring back remember-me
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-02 13:39:16 +01:00
Christoph Wurst f27b7fa8d1
Do not use underscores in PSR4 namespaces of the backup codes app
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-10-03 21:47:33 +02:00
Roeland Jago Douma 4d3b92e687
Fix getMock Authentication 2016-09-06 09:29:27 +02:00
Christoph Wurst 8acb734854
add 2fa backup codes app
* add backup codes app unit tests
* add integration tests for the backup codes app
2016-09-05 08:51:13 +02:00
Christoph Wurst 6af2efb679
prevent infinite redirect loops if the there is no 2fa provider to pass
This fixes infinite loops that are caused whenever a user is about to solve a 2FA
challenge, but the provider app is disabled at the same time. Since the session
value usually indicates that the challenge needs to be solved before we grant access
we have to remove that value instead in this special case.
2016-08-24 10:49:23 +02:00
Christoph Wurst 3521f974db
assert app is loaded in unit tests 2016-06-16 11:08:43 +02:00
Christoph Wurst a40d64ff7f
load 2FA provider apps before querying classes 2016-06-16 10:12:16 +02:00
Christoph Wurst 5daa9a5417 fail hard if 2fa provider can not be loaded (#25061) 2016-06-13 12:46:45 +02:00
Joas Schilling 4b1e8a1184 One more PSR-4 fix (#24852) 2016-05-26 16:31:26 +02:00