TwoFactor.php 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright Copyright (c) 2019, Roeland Jago Douma <roeland@famdouma.nl>
  5. *
  6. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  7. * @author Roeland Jago Douma <roeland@famdouma.nl>
  8. *
  9. * @license GNU AGPL version 3 or any later version
  10. *
  11. * This program is free software: you can redistribute it and/or modify
  12. * it under the terms of the GNU Affero General Public License as
  13. * published by the Free Software Foundation, either version 3 of the
  14. * License, or (at your option) any later version.
  15. *
  16. * This program is distributed in the hope that it will be useful,
  17. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  19. * GNU Affero General Public License for more details.
  20. *
  21. * You should have received a copy of the GNU Affero General Public License
  22. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  23. *
  24. */
  25. namespace OCA\Settings\Settings\Personal\Security;
  26. use Exception;
  27. use OC\Authentication\TwoFactorAuth\MandatoryTwoFactor;
  28. use OCA\TwoFactorBackupCodes\Provider\BackupCodesProvider;
  29. use function array_filter;
  30. use function array_map;
  31. use function is_null;
  32. use OC\Authentication\TwoFactorAuth\ProviderLoader;
  33. use OCP\AppFramework\Http\TemplateResponse;
  34. use OCP\Authentication\TwoFactorAuth\IProvider;
  35. use OCP\Authentication\TwoFactorAuth\IProvidesPersonalSettings;
  36. use OCP\IConfig;
  37. use OCP\IUserSession;
  38. use OCP\Settings\ISettings;
  39. class TwoFactor implements ISettings {
  40. /** @var ProviderLoader */
  41. private $providerLoader;
  42. /** @var MandatoryTwoFactor */
  43. private $mandatoryTwoFactor;
  44. /** @var IUserSession */
  45. private $userSession;
  46. /** @var string|null */
  47. private $uid;
  48. /** @var IConfig */
  49. private $config;
  50. public function __construct(ProviderLoader $providerLoader,
  51. MandatoryTwoFactor $mandatoryTwoFactor,
  52. IUserSession $userSession,
  53. IConfig $config,
  54. ?string $UserId) {
  55. $this->providerLoader = $providerLoader;
  56. $this->mandatoryTwoFactor = $mandatoryTwoFactor;
  57. $this->userSession = $userSession;
  58. $this->uid = $UserId;
  59. $this->config = $config;
  60. }
  61. public function getForm(): TemplateResponse {
  62. return new TemplateResponse('settings', 'settings/personal/security/twofactor', [
  63. 'twoFactorProviderData' => $this->getTwoFactorProviderData(),
  64. ]);
  65. }
  66. public function getSection(): ?string {
  67. if (!$this->shouldShow()) {
  68. return null;
  69. }
  70. return 'security';
  71. }
  72. public function getPriority(): int {
  73. return 15;
  74. }
  75. private function shouldShow(): bool {
  76. $user = $this->userSession->getUser();
  77. if (is_null($user)) {
  78. // Actually impossible, but still …
  79. return false;
  80. }
  81. // Anyone who's supposed to use 2FA should see 2FA settings
  82. if ($this->mandatoryTwoFactor->isEnforcedFor($user)) {
  83. return true;
  84. }
  85. // If there is at least one provider with personal settings but it's not
  86. // the backup codes provider, then these settings should show.
  87. try {
  88. $providers = $this->providerLoader->getProviders($user);
  89. } catch (Exception $e) {
  90. // Let's hope for the best
  91. return true;
  92. }
  93. foreach ($providers as $provider) {
  94. if ($provider instanceof IProvidesPersonalSettings
  95. && !($provider instanceof BackupCodesProvider)) {
  96. return true;
  97. }
  98. }
  99. return false;
  100. }
  101. private function getTwoFactorProviderData(): array {
  102. $user = $this->userSession->getUser();
  103. if (is_null($user)) {
  104. // Actually impossible, but still …
  105. return [];
  106. }
  107. return [
  108. 'providers' => array_map(function (IProvidesPersonalSettings $provider) use ($user) {
  109. return [
  110. 'provider' => $provider,
  111. 'settings' => $provider->getPersonalSettings($user)
  112. ];
  113. }, array_filter($this->providerLoader->getProviders($user), function (IProvider $provider) {
  114. return $provider instanceof IProvidesPersonalSettings;
  115. }))
  116. ];
  117. }
  118. }