TwoFactorChallengeController.php 5.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Christoph Wurst <christoph@owncloud.com>
  6. * @author Joas Schilling <coding@schilljs.com>
  7. *
  8. * @license AGPL-3.0
  9. *
  10. * This code is free software: you can redistribute it and/or modify
  11. * it under the terms of the GNU Affero General Public License, version 3,
  12. * as published by the Free Software Foundation.
  13. *
  14. * This program is distributed in the hope that it will be useful,
  15. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. * GNU Affero General Public License for more details.
  18. *
  19. * You should have received a copy of the GNU Affero General Public License, version 3,
  20. * along with this program. If not, see <http://www.gnu.org/licenses/>
  21. *
  22. */
  23. namespace OC\Core\Controller;
  24. use OC\Authentication\TwoFactorAuth\Manager;
  25. use OC_User;
  26. use OC_Util;
  27. use OCP\AppFramework\Controller;
  28. use OCP\AppFramework\Http\RedirectResponse;
  29. use OCP\AppFramework\Http\TemplateResponse;
  30. use OCP\Authentication\TwoFactorAuth\TwoFactorException;
  31. use OCP\IRequest;
  32. use OCP\ISession;
  33. use OCP\IURLGenerator;
  34. use OCP\IUserSession;
  35. class TwoFactorChallengeController extends Controller {
  36. /** @var Manager */
  37. private $twoFactorManager;
  38. /** @var IUserSession */
  39. private $userSession;
  40. /** @var ISession */
  41. private $session;
  42. /** @var IURLGenerator */
  43. private $urlGenerator;
  44. /**
  45. * @param string $appName
  46. * @param IRequest $request
  47. * @param Manager $twoFactorManager
  48. * @param IUserSession $userSession
  49. * @param ISession $session
  50. * @param IURLGenerator $urlGenerator
  51. */
  52. public function __construct($appName, IRequest $request, Manager $twoFactorManager, IUserSession $userSession,
  53. ISession $session, IURLGenerator $urlGenerator) {
  54. parent::__construct($appName, $request);
  55. $this->twoFactorManager = $twoFactorManager;
  56. $this->userSession = $userSession;
  57. $this->session = $session;
  58. $this->urlGenerator = $urlGenerator;
  59. }
  60. /**
  61. * @return string
  62. */
  63. protected function getLogoutUrl() {
  64. return OC_User::getLogoutUrl($this->urlGenerator);
  65. }
  66. /**
  67. * @NoAdminRequired
  68. * @NoCSRFRequired
  69. *
  70. * @param string $redirect_url
  71. * @return TemplateResponse
  72. */
  73. public function selectChallenge($redirect_url) {
  74. $user = $this->userSession->getUser();
  75. $providers = $this->twoFactorManager->getProviders($user);
  76. $backupProvider = $this->twoFactorManager->getBackupProvider($user);
  77. $data = [
  78. 'providers' => $providers,
  79. 'backupProvider' => $backupProvider,
  80. 'redirect_url' => $redirect_url,
  81. 'logout_url' => $this->getLogoutUrl(),
  82. ];
  83. return new TemplateResponse($this->appName, 'twofactorselectchallenge', $data, 'guest');
  84. }
  85. /**
  86. * @NoAdminRequired
  87. * @NoCSRFRequired
  88. * @UseSession
  89. *
  90. * @param string $challengeProviderId
  91. * @param string $redirect_url
  92. * @return TemplateResponse|RedirectResponse
  93. */
  94. public function showChallenge($challengeProviderId, $redirect_url) {
  95. $user = $this->userSession->getUser();
  96. $provider = $this->twoFactorManager->getProvider($user, $challengeProviderId);
  97. if (is_null($provider)) {
  98. return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
  99. }
  100. $backupProvider = $this->twoFactorManager->getBackupProvider($user);
  101. if (!is_null($backupProvider) && $backupProvider->getId() === $provider->getId()) {
  102. // Don't show the backup provider link if we're already showing that provider's challenge
  103. $backupProvider = null;
  104. }
  105. $errorMessage = '';
  106. $error = false;
  107. if ($this->session->exists('two_factor_auth_error')) {
  108. $this->session->remove('two_factor_auth_error');
  109. $error = true;
  110. $errorMessage = $this->session->get("two_factor_auth_error_message");
  111. $this->session->remove('two_factor_auth_error_message');
  112. }
  113. $tmpl = $provider->getTemplate($user);
  114. $tmpl->assign('redirect_url', $redirect_url);
  115. $data = [
  116. 'error' => $error,
  117. 'error_message' => $errorMessage,
  118. 'provider' => $provider,
  119. 'backupProvider' => $backupProvider,
  120. 'logout_url' => $this->getLogoutUrl(),
  121. 'redirect_url' => $redirect_url,
  122. 'template' => $tmpl->fetchPage(),
  123. ];
  124. return new TemplateResponse($this->appName, 'twofactorshowchallenge', $data, 'guest');
  125. }
  126. /**
  127. * @NoAdminRequired
  128. * @NoCSRFRequired
  129. * @UseSession
  130. *
  131. * @UserRateThrottle(limit=5, period=100)
  132. *
  133. * @param string $challengeProviderId
  134. * @param string $challenge
  135. * @param string $redirect_url
  136. * @return RedirectResponse
  137. */
  138. public function solveChallenge($challengeProviderId, $challenge, $redirect_url = null) {
  139. $user = $this->userSession->getUser();
  140. $provider = $this->twoFactorManager->getProvider($user, $challengeProviderId);
  141. if (is_null($provider)) {
  142. return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
  143. }
  144. try {
  145. if ($this->twoFactorManager->verifyChallenge($challengeProviderId, $user, $challenge)) {
  146. if (!is_null($redirect_url)) {
  147. return new RedirectResponse($this->urlGenerator->getAbsoluteURL(urldecode($redirect_url)));
  148. }
  149. return new RedirectResponse(OC_Util::getDefaultPageUrl());
  150. }
  151. } catch (TwoFactorException $e) {
  152. /*
  153. * The 2FA App threw an TwoFactorException. Now we display more
  154. * information to the user. The exception text is stored in the
  155. * session to be used in showChallenge()
  156. */
  157. $this->session->set('two_factor_auth_error_message', $e->getMessage());
  158. }
  159. $this->session->set('two_factor_auth_error', true);
  160. return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.showChallenge', [
  161. 'challengeProviderId' => $provider->getId(),
  162. 'redirect_url' => $redirect_url,
  163. ]));
  164. }
  165. }