Commit Graph

25 Commits

Author SHA1 Message Date
Roeland Jago Douma 579162d7b9
Allow 2FA to be setup on first login
Once 2FA is enforced for a user and they have no 2FA setup yet this will
now prompt them with a setup screen. Given that providers are enabled
that allow setup then.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-05-17 10:11:53 +02:00
Christoph Wurst cfa524030b
Fix activatable/deactivatable 2fa provider interface typos
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-12-03 10:32:53 +01:00
Christoph Wurst 79a0ee4f4a
Consolidate personal two-factor provider settings
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-02 22:56:33 +02:00
Christoph Wurst 45cf2eef56 Let 2FA providers provide their custom icons (dark/light)
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-01 21:02:49 +02:00
Roeland Jago Douma a95154642d
Emit event on enablign or disabling of 2FA provider
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-01 15:35:24 +02:00
Christoph Wurst 7586b19e52
Only allow 2FA state changs if providers support the operation
Ref https://github.com/nextcloud/server/issues/11019.

Add `twofactorauth:cleanup` command

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-09-25 09:54:20 +02:00
Christoph Wurst 30c6130893
Add public interfaces for activable/deactivable 2FA providers
Fixes https://github.com/nextcloud/server/issues/11018.
Required for https://github.com/nextcloud/server/issues/11019.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-09-10 16:47:47 +02:00
Christoph Wurst 13d93f5b25
Make 2FA providers stateful
This adds persistence to the Nextcloud server 2FA logic so that the server
knows which 2FA providers are enabled for a specific user at any time, even
when the provider is not available.

The `IStatefulProvider` interface was added as tagging interface for providers
that are compatible with this new API.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-06-20 08:30:26 +02:00
Roeland Jago Douma 24b12385d0
Strict 2FA
* make OCP\Authentication\TwoFactorAuth strict
* scalar types
* return types

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-26 11:31:02 +02:00
Roeland Jago Douma eddd135f14
Dispatch event on twofactor failure and success
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-25 13:25:09 +01:00
Morris Jobke 0eebff152a
Update license headers
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
Morris Jobke 0b652648cc Merge pull request #6177 from nextcloud/properly-add-slo-url
Properly allow \OCP\Authentication\IApacheBackend to specify logout URL
2017-08-26 18:50:52 +02:00
Christoph Wurst 6676232a56
Allow 2FA providers to specify their custom CSP
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-08-26 13:48:08 +02:00
Lukas Reschke a04feff9a7
Properly allow \OCP\Authentication\IApacheBackend to specify logout URL
Any `\OCP\Authentication\IApacheBackend` previously had to implement `getLogoutAttribute` which returns a string.
This string is directly injected into the logout `<a>` tag, so returning something like `href="foo"` would result
in `<a href="foo">`.

This is rather error prone and also in Nextcloud 12 broken as the logout entry has been moved with
054e161eb5 inside the navigation manager where one cannot simply inject attributes.

Thus this feature is broken in Nextcloud 12 which effectively leads to the bug described at nextcloud/user_saml#112,
people cannot logout anymore when using SAML using SLO. Basically in case of SAML you have a SLO url which redirects
you to the IdP and properly logs you out there as well.

Instead of monkey patching the Navigation manager I decided to instead change `\OCP\Authentication\IApacheBackend` to
use `\OCP\Authentication\IApacheBackend::getLogoutUrl` instead where it can return a string with the appropriate logout
URL. Since this functionality is only prominently used in the SAML plugin. Any custom app would need a small change but
I'm not aware of any and there's simply no way to fix this properly otherwise.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-18 12:22:44 +02:00
Morris Jobke 6bc2be991e Thows exception if password not available
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-05-12 12:53:29 -05:00
Christoph Wurst 3316a9d294
fix @since annotations (9.1->12)
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-01-11 19:20:11 +01:00
Christoph Wurst 730442cd8f
add @since annotations and document methods
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-01-11 19:20:10 +01:00
Christoph Wurst a6dca9e7a0
add login credential store
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-01-11 19:20:09 +01:00
Christoph Wurst 243c9c0941
fix coding style and increase code coverage
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-01-11 11:01:54 +01:00
Cornelius Kölbel ee8c617a6d
Update TwoFactorException.php
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-01-11 11:01:54 +01:00
Cornelius Kölbel e077e01bf2
Add a TwoFactorException
A Two Factor third party App may throw a TwoFactorException()
with a more detailed error message in case the authentication fails.
The 2FA Controller will then display the message of this Exception
to the user.

Working on #26593

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-01-11 11:01:52 +01:00
Joas Schilling ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Christoph Wurst dfb4d426c2
Add two factor auth to core 2016-05-23 11:21:10 +02:00
Roeland Douma 499f0e487d Move \OCP\Authentication to PSR-4 (#24632) 2016-05-17 10:29:23 +02:00