-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add two factor auth to core and add a dummy provider app for demonstr…
…ation
- Loading branch information
1 parent
7dbdf2f
commit 6f85fe9
Showing
29 changed files
with
1,368 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
<?xml version="1.0"?> | ||
<info> | ||
<id>twofactor_email</id> | ||
<name>Two Factor Email Provider</name> | ||
<description>An Two-Factor-Auth Provider for ownCloud 9.1+</description> | ||
<licence>AGPL</licence> | ||
<author>Christoph Wurst</author> | ||
<version>0.0.1</version> | ||
<namespace>TwoFactor_Email</namespace> | ||
<category>other</category> | ||
<types> | ||
<prelogin/> | ||
<authentication/> | ||
</types> | ||
|
||
<two-factor-providers> | ||
<provider>OCA\TwoFactor_Email\Provider\TwoFactorEmailProvider</provider> | ||
</two-factor-providers> | ||
|
||
<dependencies> | ||
<owncloud min-version="9.1" max-version="9.1" /> | ||
</dependencies> | ||
</info> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
(function() { | ||
'use strict'; | ||
|
||
console.log('if you can see this, 2FA providers can add JS files'); | ||
})(); |
94 changes: 94 additions & 0 deletions
94
apps/twofactor_email/lib/Provider/TwoFactorEmailProvider.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
<?php | ||
|
||
/** | ||
* @author Christoph Wurst <[email protected]> | ||
* | ||
* @copyright Copyright (c) 2016, ownCloud, Inc. | ||
* @license AGPL-3.0 | ||
* | ||
* This code is free software: you can redistribute it and/or modify | ||
* it under the terms of the GNU Affero General Public License, version 3, | ||
* as published by the Free Software Foundation. | ||
* | ||
* This program is distributed in the hope that it will be useful, | ||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
* GNU Affero General Public License for more details. | ||
* | ||
* You should have received a copy of the GNU Affero General Public License, version 3, | ||
* along with this program. If not, see <http://www.gnu.org/licenses/> | ||
* | ||
*/ | ||
|
||
namespace OCA\TwoFactor_Email\Provider; | ||
|
||
use OCP\Authentication\TwoFactorAuth\IProvider; | ||
use OCP\IUser; | ||
use OCP\Template; | ||
|
||
class TwoFactorEmailProvider implements IProvider { | ||
|
||
/** | ||
* Get unique identifier of this 2FA provider | ||
* | ||
* @since 9.1.0 | ||
* | ||
* @return string | ||
*/ | ||
public function getId() { | ||
return 'email'; | ||
} | ||
|
||
/** | ||
* Get the display name for selecting the 2FA provider | ||
* | ||
* @since 9.1.0 | ||
* | ||
* @return string | ||
*/ | ||
public function getDisplayName() { | ||
// TODO: L10N | ||
return 'Email'; | ||
} | ||
|
||
/** | ||
* Get the template for rending the 2FA provider view | ||
* | ||
* @since 9.1.0 | ||
* | ||
* @param IUser $user | ||
* @return Template | ||
*/ | ||
public function getTemplate(IUser $user) { | ||
return new Template('twofactor_email', 'challenge'); | ||
} | ||
|
||
/** | ||
* Verify the given challenge | ||
* | ||
* @since 9.1.0 | ||
* | ||
* @param IUser $user | ||
* @param string $challenge | ||
*/ | ||
public function verifyChallenge(IUser $user, $challenge) { | ||
if ($challenge === 'passme') { | ||
return true; | ||
} | ||
return false; | ||
} | ||
|
||
/** | ||
* Decides whether 2FA is enforced for the given user | ||
* | ||
* @since 9.1.0 | ||
* | ||
* @param IUser $user | ||
* @return boolean | ||
*/ | ||
public function isTwoFactorAuthEnforcedForUser(IUser $user) { | ||
// 2FA is enforced for all users | ||
return true; | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
<?php | ||
|
||
// Script is added for demonstration purposes only | ||
script('twofactor_email', 'challenge'); | ||
|
||
?> | ||
|
||
<form method="POST"> | ||
<input type="text" name="challenge"> | ||
<input type="submit" class="button" value="Verify"> | ||
</form> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
<?php | ||
/** | ||
* ownCloud - twofactoremail | ||
* | ||
* This file is licensed under the Affero General Public License version 3 or | ||
* later. See the COPYING file. | ||
* | ||
* @author Christoph Wurst <[email protected]> | ||
* @copyright Christoph Wurst 2016 | ||
*/ | ||
|
||
require_once __DIR__ . '/../../../tests/bootstrap.php'; | ||
require_once __DIR__ . '/../appinfo/autoload.php'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,134 @@ | ||
<?php | ||
|
||
/** | ||
* @author Christoph Wurst <[email protected]> | ||
* | ||
* @copyright Copyright (c) 2016, ownCloud, Inc. | ||
* @license AGPL-3.0 | ||
* | ||
* This code is free software: you can redistribute it and/or modify | ||
* it under the terms of the GNU Affero General Public License, version 3, | ||
* as published by the Free Software Foundation. | ||
* | ||
* This program is distributed in the hope that it will be useful, | ||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
* GNU Affero General Public License for more details. | ||
* | ||
* You should have received a copy of the GNU Affero General Public License, version 3, | ||
* along with this program. If not, see <http://www.gnu.org/licenses/> | ||
* | ||
*/ | ||
|
||
namespace OC\Core\Controller; | ||
|
||
use OC\Authentication\TwoFactorAuth\Manager; | ||
use OCP\AppFramework\Controller; | ||
use OCP\AppFramework\Http\RedirectResponse; | ||
use OCP\AppFramework\Http\TemplateResponse; | ||
use OCP\IRequest; | ||
use OCP\ISession; | ||
use OCP\IURLGenerator; | ||
use OCP\IUserSession; | ||
|
||
class TwoFactorChallengeController extends Controller { | ||
|
||
/** @var Manager */ | ||
private $twoFactorManager; | ||
|
||
/** @var IUserSession */ | ||
private $userSession; | ||
|
||
/** @var ISession */ | ||
private $session; | ||
|
||
/** @var IURLGenerator */ | ||
private $urlGenerator; | ||
|
||
/** | ||
* @param string $appName | ||
* @param IRequest $request | ||
* @param Manager $twoFactorManager | ||
* @param IUserSession $userSession | ||
* @param ISession $session | ||
* @param IURLGenerator $urlGenerator | ||
*/ | ||
public function __construct($appName, IRequest $request, Manager $twoFactorManager, IUserSession $userSession, | ||
ISession $session, IURLGenerator $urlGenerator) { | ||
parent::__construct($appName, $request); | ||
$this->twoFactorManager = $twoFactorManager; | ||
$this->userSession = $userSession; | ||
$this->session = $session; | ||
$this->urlGenerator = $urlGenerator; | ||
} | ||
|
||
/** | ||
* @NoCSRFRequired | ||
* @PublicPage | ||
* | ||
* @return TemplateResponse | ||
*/ | ||
public function selectChallenge() { | ||
$user = $this->userSession->getUser(); | ||
$providers = $this->twoFactorManager->getProviders($user); | ||
|
||
$data = [ | ||
'providers' => $providers, | ||
]; | ||
return new TemplateResponse($this->appName, 'twofactorselectchallenge', $data, 'guest'); | ||
} | ||
|
||
/** | ||
* @NoCSRFRequired | ||
* @PublicPage | ||
* @UseSession | ||
* | ||
* @param string $challengeProviderId | ||
* @return TemplateResponse | ||
*/ | ||
public function showChallenge($challengeProviderId) { | ||
$user = $this->userSession->getUser(); | ||
$provider = $this->twoFactorManager->getProvider($user, $challengeProviderId); | ||
if (is_null($provider)) { | ||
return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge')); | ||
} | ||
|
||
if ($this->session->exists('two_factor_auth_error')) { | ||
$this->session->remove('two_factor_auth_error'); | ||
$error = true; | ||
} else { | ||
$error = false; | ||
} | ||
$data = [ | ||
'error' => $error, | ||
'provider' => $provider, | ||
'template' => $provider->getTemplate($user)->fetchPage(), | ||
]; | ||
return new TemplateResponse($this->appName, 'twofactorshowchallenge', $data, 'guest'); | ||
} | ||
|
||
/** | ||
* @NoCSRFRequired | ||
* @PublicPage | ||
* @UseSession | ||
* | ||
* @param int $challengeProviderId | ||
* @param string $challenge | ||
* @return RedirectResponse | ||
*/ | ||
public function solveChallenge($challengeProviderId, $challenge) { | ||
$user = $this->userSession->getUser(); | ||
$provider = $this->twoFactorManager->getProvider($user, $challengeProviderId); | ||
if (is_null($provider)) { | ||
return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge')); | ||
} | ||
|
||
if ($this->twoFactorManager->verifyChallenge($challengeProviderId, $user, $challenge)) { | ||
return new RedirectResponse($this->urlGenerator->linkToRoute('files.view.index')); | ||
} | ||
|
||
$this->session->set('two_factor_auth_error', true); | ||
return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.showChallenge', ['challengeProviderId' => $provider->getId()])); | ||
} | ||
|
||
} |
Oops, something went wrong.