Mirrors
/
nextcloud-server
mirror of https://github.com/nextcloud/server
3
0
Fork 0
Code Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
33347 Commits
572 Branches
1160 Tags
4.0 GiB
Tree: 77d2338bd2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '77d2338bd2'
${ noResults }
nextcloud-server/core/Controller/TwoFactorChallengeControlle...

154 lines
4.5 KiB
Raw Normal View History

Add two factor auth to core
10 years ago
Allow to cancel 2FA after login
10 years ago
Add two factor auth to core
10 years ago
when generating browser/device token, save the login name for later password checks
10 years ago
Add two factor auth to core
10 years ago
remember redirect_url when solving the 2FA challenge
10 years ago
Add two factor auth to core
10 years ago
remember redirect_url when solving the 2FA challenge
10 years ago
Add two factor auth to core
10 years ago
remember redirect_url when solving the 2FA challenge
10 years ago
Allow to cancel 2FA after login
10 years ago
Add two factor auth to core
10 years ago
when generating browser/device token, save the login name for later password checks
10 years ago
Add two factor auth to core
10 years ago
remember redirect_url when solving the 2FA challenge
10 years ago
Add two factor auth to core
10 years ago
remember redirect_url when solving the 2FA challenge
10 years ago
Add two factor auth to core
10 years ago
remember redirect_url when solving the 2FA challenge
10 years ago
Add two factor auth to core
10 years ago
Allow to cancel 2FA after login
10 years ago
remember redirect_url when solving the 2FA challenge
10 years ago
Add two factor auth to core
10 years ago
when generating browser/device token, save the login name for later password checks
10 years ago
Add two factor auth to core
10 years ago
remember redirect_url when solving the 2FA challenge
10 years ago
Add two factor auth to core
10 years ago
remember redirect_url when solving the 2FA challenge
10 years ago
Add two factor auth to core
10 years ago
remember redirect_url when solving the 2FA challenge
10 years ago
Add two factor auth to core
10 years ago
remember redirect_url when solving the 2FA challenge
10 years ago
Add two factor auth to core
10 years ago
  1. <?php
  2. /**
  3. * @author Christoph Wurst <christoph@owncloud.com>
  4. *
  5. * @copyright Copyright (c) 2016, ownCloud, Inc.
  6. * @license AGPL-3.0
  7. *
  8. * This code is free software: you can redistribute it and/or modify
  9. * it under the terms of the GNU Affero General Public License, version 3,
  10. * as published by the Free Software Foundation.
  11. *
  12. * This program is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU Affero General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU Affero General Public License, version 3,
  18. * along with this program. If not, see <http://www.gnu.org/licenses/>
  19. *
  20. */
  22. namespace OC\Core\Controller;
  24. use OC\Authentication\TwoFactorAuth\Manager;
  25. use OCP\AppFramework\Controller;
  26. use OCP\AppFramework\Http\RedirectResponse;
  27. use OCP\AppFramework\Http\TemplateResponse;
  28. use OCP\IRequest;
  29. use OCP\ISession;
  30. use OCP\IURLGenerator;
  31. use OCP\IUserSession;
  33. class TwoFactorChallengeController extends Controller {
  35. /** @var Manager */
  36. private $twoFactorManager;
  38. /** @var IUserSession */
  39. private $userSession;
  41. /** @var ISession */
  42. private $session;
  44. /** @var IURLGenerator */
  45. private $urlGenerator;
  47. /**
  48. * @param string $appName
  49. * @param IRequest $request
  50. * @param Manager $twoFactorManager
  51. * @param IUserSession $userSession
  52. * @param ISession $session
  53. * @param IURLGenerator $urlGenerator
  54. */
  55. public function __construct($appName, IRequest $request, Manager $twoFactorManager, IUserSession $userSession,
  56. ISession $session, IURLGenerator $urlGenerator) {
  57. parent::__construct($appName, $request);
  58. $this->twoFactorManager = $twoFactorManager;
  59. $this->userSession = $userSession;
  60. $this->session = $session;
  61. $this->urlGenerator = $urlGenerator;
  62. }
  64. /**
  65. * @return string
  66. */
  67. protected function getLogoutAttribute() {
  68. return \OC_User::getLogoutAttribute();
  69. }
  71. /**
  72. * @NoAdminRequired
  73. * @NoCSRFRequired
  74. *
  75. * @param string $redirect_url
  76. * @return TemplateResponse
  77. */
  78. public function selectChallenge($redirect_url) {
  79. $user = $this->userSession->getUser();
  80. $providers = $this->twoFactorManager->getProviders($user);
  82. $data = [
  83. 'providers' => $providers,
  84. 'redirect_url' => $redirect_url,
  85. 'logout_attribute' => $this->getLogoutAttribute(),
  86. ];
  87. return new TemplateResponse($this->appName, 'twofactorselectchallenge', $data, 'guest');
  88. }
  90. /**
  91. * @NoAdminRequired
  92. * @NoCSRFRequired
  93. * @UseSession
  94. *
  95. * @param string $challengeProviderId
  96. * @param string $redirect_url
  97. * @return TemplateResponse
  98. */
  99. public function showChallenge($challengeProviderId, $redirect_url) {
  100. $user = $this->userSession->getUser();
  101. $provider = $this->twoFactorManager->getProvider($user, $challengeProviderId);
  102. if (is_null($provider)) {
  103. return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
  104. }
  106. if ($this->session->exists('two_factor_auth_error')) {
  107. $this->session->remove('two_factor_auth_error');
  108. $error = true;
  109. } else {
  110. $error = false;
  111. }
  112. $tmpl = $provider->getTemplate($user);
  113. $tmpl->assign('redirect_url', $redirect_url);
  114. $data = [
  115. 'error' => $error,
  116. 'provider' => $provider,
  117. 'logout_attribute' => $this->getLogoutAttribute(),
  118. 'template' => $tmpl->fetchPage(),
  119. ];
  120. return new TemplateResponse($this->appName, 'twofactorshowchallenge', $data, 'guest');
  121. }
  123. /**
  124. * @NoAdminRequired
  125. * @NoCSRFRequired
  126. * @UseSession
  127. *
  128. * @param string $challengeProviderId
  129. * @param string $challenge
  130. * @param string $redirect_url
  131. * @return RedirectResponse
  132. */
  133. public function solveChallenge($challengeProviderId, $challenge, $redirect_url = null) {
  134. $user = $this->userSession->getUser();
  135. $provider = $this->twoFactorManager->getProvider($user, $challengeProviderId);
  136. if (is_null($provider)) {
  137. return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
  138. }
  140. if ($this->twoFactorManager->verifyChallenge($challengeProviderId, $user, $challenge)) {
  141. if (!is_null($redirect_url)) {
  142. return new RedirectResponse($this->urlGenerator->getAbsoluteURL(urldecode($redirect_url)));
  143. }
  144. return new RedirectResponse($this->urlGenerator->linkToRoute('files.view.index'));
  145. }
  147. $this->session->set('two_factor_auth_error', true);
  148. return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.showChallenge', [
  149. 'challengeProviderId' => $provider->getId(),
  150. 'redirect_url' => $redirect_url,
  151. ]));
  152. }
  154. }