blob: c9e8b9bb38d4f597a9369d2be010af236289ab74 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
<?php
declare(strict_types=1);
/**
* Nextcloud - U2F 2FA
*
* This file is licensed under the Affero General Public License version 3 or
* later. See the COPYING file.
*
* @author Christoph Wurst <christoph@winzerhof-wurst.at>
* @copyright Christoph Wurst 2018
*/
namespace OCA\TwoFactorU2F\Provider;
use OCA\TwoFactorU2F\Service\U2FManager;
use OCA\TwoFactorU2F\Settings\Personal;
use OCP\AppFramework\IAppContainer;
use OCP\Authentication\TwoFactorAuth\IActivatableAtLogin;
use OCP\Authentication\TwoFactorAuth\IDeactivatableByAdmin;
use OCP\Authentication\TwoFactorAuth\ILoginSetupProvider;
use OCP\Authentication\TwoFactorAuth\IPersonalProviderSettings;
use OCP\Authentication\TwoFactorAuth\IProvidesIcons;
use OCP\Authentication\TwoFactorAuth\IProvidesPersonalSettings;
use OCP\IL10N;
use OCP\IUser;
use OCP\Template;
class U2FProvider implements IActivatableAtLogin, IProvidesIcons, IProvidesPersonalSettings, IDeactivatableByAdmin {
/** @var IL10N */
private $l10n;
/** @var U2FManager */
private $manager;
/** @var IAppContainer */
private $container;
public function __construct(IL10N $l10n,
U2FManager $manager,
IAppContainer $container) {
$this->l10n = $l10n;
$this->manager = $manager;
$this->container = $container;
}
/**
* Get unique identifier of this 2FA provider
*/
public function getId(): string {
return 'u2f';
}
/**
* Get the display name for selecting the 2FA provider
*/
public function getDisplayName(): string {
return $this->l10n->t('U2F device');
}
/**
* Get the description for selecting the 2FA provider
*/
public function getDescription(): string {
return $this->l10n->t('Authenticate with an U2F device');
}
/**
* Get the template for rending the 2FA provider view
*/
public function getTemplate(IUser $user): Template {
$reqs = $this->manager->startAuthenticate($user);
$tmpl = new Template('twofactor_u2f', 'challenge');
$tmpl->assign('reqs', $reqs);
return $tmpl;
}
/**
* Verify the given challenge
*/
public function verifyChallenge(IUser $user, string $challenge): bool {
return $this->manager->finishAuthenticate($user, $challenge);
}
/**
* Decides whether 2FA is enabled for the given user
*/
public function isTwoFactorAuthEnabledForUser(IUser $user): bool {
return count($this->manager->getDevices($user)) > 0;
}
public function getPersonalSettings(IUser $user): IPersonalProviderSettings {
return new Personal($this->manager->getDevices($user));
}
public function getLightIcon(): String {
return image_path('twofactor_u2f', 'app.svg');
}
public function getDarkIcon(): String {
return image_path('twofactor_u2f', 'app-dark.svg');;
}
/**
* Disable this provider for the given user.
*
* @param IUser $user the user to deactivate this provider for
*/
public function disableFor(IUser $user) {
$this->manager->removeAllDevices($user);
}
/**
* @param IUser $user
*
* @return ILoginSetupProvider
*/
public function getLoginSetup(IUser $user): ILoginSetupProvider {
return $this->container->query(U2FLoginProvider::class);
}
}
|
