add GUI and other small enhancements

4 files changed, 100 insertions, 32 deletions

diff --git a/lib/Controller/SettingsController.php b/lib/Controller/SettingsController.php
new file mode 100644
index 0000000..466a53b
--- /dev/null
+++ b/lib/Controller/SettingsController.php
@@ -0,0 +1,78 @@
+<?php
+
+/**
+ * @author Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * ownCloud - Two-factor TOTP
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\TwoFactorTotp\Controller;
+
+use OCA\TwoFactorTotp\Service\ITotp;
+use OCA\TwoFactorTotp\Service\Totp;
+use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\JSONResponse;
+use OCP\IRequest;
+use OCP\IUserSession;
+
+class SettingsController extends Controller {
+
+    /** @var ITotp */
+    private $totp;
+
+    /** @var IUserSession */
+    private $userSession;
+
+    public function __construct($appName, IRequest $request, IUserSession $userSession, Totp $totp) {
+        parent::__construct($appName, $request);
+        $this->userSession = $userSession;
+        $this->totp = $totp;
+    }
+
+    /**
+     * @NoAdminRequired
+     * @return JSONResponse
+     */
+    public function state() {
+        $user = $this->userSession->getUser();
+        return [
+            'enabled' => $this->totp->hasSecret($user),
+        ];
+    }
+
+    /**
+     * @NoAdminRequired
+     * @param bool $state
+     * @return JSONResponse
+     */
+    public function enable($state) {
+        $user = $this->userSession->getUser();
+        if ($state) {
+            $qr = $this->totp->createSecret($user);
+            return [
+                'enabled' => true,
+                'qr' => $qr,
+            ];
+        }
+
+        $this->totp->deleteSecret($user);
+        return [
+            'enabled' => false,
+            'qr' => null,
+        ];
+    }
+
+}
diff --git a/lib/Provider/TotpProvider.php b/lib/Provider/TotpProvider.php
index 4cb8eec..ae910df 100644
--- a/lib/Provider/TotpProvider.php
+++ b/lib/Provider/TotpProvider.php
@@ -39,8 +39,6 @@ class TotpProvider implements IProvider {
     /**
      * Get unique identifier of this 2FA provider
      *
-     * @since 9.1.0
-     *
      * @return string
      */
     public function getId() {
@@ -50,10 +48,6 @@ class TotpProvider implements IProvider {
     /**
      * Get the display name for selecting the 2FA provider
      *
-     * Example: "Email"
-     *
-     * @since 9.1.0
-     *
      * @return string
      */
     public function getDisplayName() {
@@ -63,10 +57,6 @@ class TotpProvider implements IProvider {
     /**
      * Get the description for selecting the 2FA provider
      *
-     * Example: "Get a token via e-mail"
-     *
-     * @since 9.1.0
-     *
      * @return string
      */
     public function getDescription() {
@@ -76,18 +66,10 @@ class TotpProvider implements IProvider {
     /**
      * Get the template for rending the 2FA provider view
      *
-     * @since 9.1.0
-     *
      * @param IUser $user
      * @return Template
      */
     public function getTemplate(IUser $user) {
-        try {
-            $this->totp->getSecret($user);
-        } catch (NoTotpSecretFoundException $ex) {
-            $qr = $this->totp->createSecret($user);
-        }
-
         $tmpl = new Template('twofactor_totp', 'challenge');
         $tmpl->assign('qr', $qr);
         return $tmpl;
@@ -96,8 +78,6 @@ class TotpProvider implements IProvider {
     /**
      * Verify the given challenge
      *
-     * @since 9.1.0
-     *
      * @param IUser $user
      * @param string $challenge
      */
@@ -108,13 +88,11 @@ class TotpProvider implements IProvider {
     /**
      * Decides whether 2FA is enabled for the given user
      *
-     * @since 9.1.0
-     *
      * @param IUser $user
      * @return boolean
      */
     public function isTwoFactorAuthEnabledForUser(IUser $user) {
-        return true;
+        return $this->totp->hasSecret($user);
     }
 
 }
diff --git a/lib/Service/ITotp.php b/lib/Service/ITotp.php
index 601a2d4..a389151 100644
--- a/lib/Service/ITotp.php
+++ b/lib/Service/ITotp.php
@@ -29,18 +29,22 @@ interface ITotp {
     /**
      * @param IUser $user
      */
-    public function getSecret(IUser $user);
+    public function hasSecret(IUser $user);
 
     /**
      * @param IUser $user
      * @throws TotpSecretAlreadySet
      */
     public function createSecret(IUser $user);
-    
+
+    /**
+     * @param IUser $user
+     */
+    public function deleteSecret(IUser $user);
+
     /**
      * @param IUser $user
      * @param string $key
      */
     public function validateSecret(IUser $user, $key);
-    
 }
diff --git a/lib/Service/Totp.php b/lib/Service/Totp.php
index 4d94365..d838ad0 100644
--- a/lib/Service/Totp.php
+++ b/lib/Service/Totp.php
@@ -44,15 +44,13 @@ class Totp implements ITotp {
         $this->crypto = $crypto;
     }
 
-    public function getSecret(IUser $user) {
+    public function hasSecret(IUser $user) {
         try {
-            $secret = $this->secretMapper->getSecret($user);
+            $this->secretMapper->getSecret($user);
         } catch (DoesNotExistException $ex) {
-            throw new NoTotpSecretFoundException();
+            return false;
         }
-
-        $encryptedSecret = $secret->getSecret();
-        return $this->crypto->decrypt($encryptedSecret);
+        return true;
     }
 
     /**
@@ -72,6 +70,16 @@ class Totp implements ITotp {
         return GoogleAuthenticator::getQrCodeUrl('totp', 'ownCloud TOTP', $secret);
     }
 
+    public function deleteSecret(IUser $user) {
+        try {
+            // TODO: execute DELETE sql in mapper instead
+            $dbSecret = $this->secretMapper->getSecret($user);
+            $this->secretMapper->delete($dbSecret);
+        } catch (DoesNotExistException $ex) {
+            
+        }
+    }
+
     public function validateSecret(IUser $user, $key) {
         try {
             $dbSecret = $this->secretMapper->getSecret($user);