BackupCodesProvider.php 3.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors
  5. * SPDX-License-Identifier: AGPL-3.0-or-later
  6. */
  7. namespace OCA\TwoFactorBackupCodes\Provider;
  8. use OC\App\AppManager;
  9. use OCA\TwoFactorBackupCodes\Service\BackupCodeStorage;
  10. use OCA\TwoFactorBackupCodes\Settings\Personal;
  11. use OCP\Authentication\TwoFactorAuth\IDeactivatableByAdmin;
  12. use OCP\Authentication\TwoFactorAuth\IPersonalProviderSettings;
  13. use OCP\Authentication\TwoFactorAuth\IProvidesPersonalSettings;
  14. use OCP\IInitialStateService;
  15. use OCP\IL10N;
  16. use OCP\IUser;
  17. use OCP\Template;
  18. class BackupCodesProvider implements IDeactivatableByAdmin, IProvidesPersonalSettings {
  19. /** @var string */
  20. private $appName;
  21. /** @var BackupCodeStorage */
  22. private $storage;
  23. /** @var IL10N */
  24. private $l10n;
  25. /** @var AppManager */
  26. private $appManager;
  27. /** @var IInitialStateService */
  28. private $initialStateService;
  29. /**
  30. * @param string $appName
  31. * @param BackupCodeStorage $storage
  32. * @param IL10N $l10n
  33. * @param AppManager $appManager
  34. */
  35. public function __construct(string $appName,
  36. BackupCodeStorage $storage,
  37. IL10N $l10n,
  38. AppManager $appManager,
  39. IInitialStateService $initialStateService) {
  40. $this->appName = $appName;
  41. $this->l10n = $l10n;
  42. $this->storage = $storage;
  43. $this->appManager = $appManager;
  44. $this->initialStateService = $initialStateService;
  45. }
  46. /**
  47. * Get unique identifier of this 2FA provider
  48. *
  49. * @return string
  50. */
  51. public function getId(): string {
  52. return 'backup_codes';
  53. }
  54. /**
  55. * Get the display name for selecting the 2FA provider
  56. *
  57. * @return string
  58. */
  59. public function getDisplayName(): string {
  60. return $this->l10n->t('Backup code');
  61. }
  62. /**
  63. * Get the description for selecting the 2FA provider
  64. *
  65. * @return string
  66. */
  67. public function getDescription(): string {
  68. return $this->l10n->t('Use backup code');
  69. }
  70. /**
  71. * Get the template for rending the 2FA provider view
  72. *
  73. * @param IUser $user
  74. * @return Template
  75. */
  76. public function getTemplate(IUser $user): Template {
  77. return new Template('twofactor_backupcodes', 'challenge');
  78. }
  79. /**
  80. * Verify the given challenge
  81. *
  82. * @param IUser $user
  83. * @param string $challenge
  84. * @return bool
  85. */
  86. public function verifyChallenge(IUser $user, string $challenge): bool {
  87. return $this->storage->validateCode($user, $challenge);
  88. }
  89. /**
  90. * Decides whether 2FA is enabled for the given user
  91. *
  92. * @param IUser $user
  93. * @return boolean
  94. */
  95. public function isTwoFactorAuthEnabledForUser(IUser $user): bool {
  96. return $this->storage->hasBackupCodes($user);
  97. }
  98. /**
  99. * Determine whether backup codes should be active or not
  100. *
  101. * Backup codes only make sense if at least one 2FA provider is active,
  102. * hence this method checks all enabled apps on whether they provide 2FA
  103. * functionality or not. If there's at least one app, backup codes are
  104. * enabled on the personal settings page.
  105. *
  106. * @param IUser $user
  107. * @return boolean
  108. */
  109. public function isActive(IUser $user): bool {
  110. $appIds = array_filter($this->appManager->getEnabledAppsForUser($user), function ($appId) {
  111. return $appId !== $this->appName;
  112. });
  113. foreach ($appIds as $appId) {
  114. $info = $this->appManager->getAppInfo($appId);
  115. if (isset($info['two-factor-providers']) && count($info['two-factor-providers']) > 0) {
  116. return true;
  117. }
  118. }
  119. return false;
  120. }
  121. /**
  122. * @param IUser $user
  123. *
  124. * @return IPersonalProviderSettings
  125. */
  126. public function getPersonalSettings(IUser $user): IPersonalProviderSettings {
  127. $state = $this->storage->getBackupCodesState($user);
  128. $this->initialStateService->provideInitialState($this->appName, 'state', $state);
  129. return new Personal();
  130. }
  131. public function disableFor(IUser $user) {
  132. $this->storage->deleteCodes($user);
  133. }
  134. }