Mirrors
/
nextcloud-server
mirror of https://github.com/nextcloud/server
3
0
Fork 0
Code Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
61957 Commits
597 Branches
1156 Tags
4.1 GiB
Tree: c1215f573a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c1215f573a'
${ noResults }
nextcloud-server/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php

711 lines
20 KiB
Raw Normal View History

Add two factor auth to core
10 years ago
add 2fa backup codes app * add backup codes app unit tests * add integration tests for the backup codes app
9 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Add two factor auth to core
10 years ago
Add mandatory 2FA service/class Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
fix 2fa activities tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
9 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Allow 2FA to be setup on first login Once 2FA is enforced for a user and they have no 2FA setup yet this will now prompt them with a setup screen. Given that providers are enabled that allow setup then. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
add 2fa backup codes app * add backup codes app unit tests * add integration tests for the backup codes app
9 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
Add real events for enabled 2fa providers for users * Shiny new events * Listener to still emit the old event Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
5 years ago
add 2fa backup codes app * add backup codes app unit tests * add integration tests for the backup codes app
9 years ago
Make it possible to enforce mandatory 2FA for groups Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Use PSR logger in authentication Signed-off-by: Joas Schilling <coding@schilljs.com>
5 years ago
Allow 2FA to be setup on first login Once 2FA is enforced for a user and they have no 2FA setup yet this will now prompt them with a setup screen. Given that providers are enabled that allow setup then. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
add 2fa backup codes app * add backup codes app unit tests * add integration tests for the backup codes app
9 years ago
Add two factor auth to core
10 years ago
Make it possible to enforce mandatory 2FA for groups Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Add two factor auth to core
10 years ago
Make it possible to enforce mandatory 2FA for groups Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
Make it possible to enforce mandatory 2FA for groups Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
Add two factor auth to core
10 years ago
Make it possible to enforce mandatory 2FA for groups Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Add mandatory 2FA service/class Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Make it possible to enforce mandatory 2FA for groups Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Add two factor auth to core
10 years ago
Make it possible to enforce mandatory 2FA for groups Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Add two factor auth to core
10 years ago
Make it possible to enforce mandatory 2FA for groups Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
fix 2fa activities tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
9 years ago
Use PSR logger in authentication Signed-off-by: Joas Schilling <coding@schilljs.com>
5 years ago
fix 2fa activities tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
9 years ago
Make it possible to enforce mandatory 2FA for groups Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Add two factor auth to core
10 years ago
Make it possible to enforce mandatory 2FA for groups Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
add 2fa backup codes app * add backup codes app unit tests * add integration tests for the backup codes app
9 years ago
Make it possible to enforce mandatory 2FA for groups Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Make it possible to enforce mandatory 2FA for groups Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Add real events for enabled 2fa providers for users * Shiny new events * Listener to still emit the old event Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
5 years ago
Make it possible to enforce mandatory 2FA for groups Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Make phpunit8 compatible Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
6 years ago
Add two factor auth to core
10 years ago
Fix getMock Authentication
9 years ago
Make it possible to enforce mandatory 2FA for groups Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
Add mandatory 2FA service/class Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Fix getMock Authentication
9 years ago
fix 2fa activities tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
9 years ago
Use PSR logger in authentication Signed-off-by: Joas Schilling <coding@schilljs.com>
5 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Add real events for enabled 2fa providers for users * Shiny new events * Listener to still emit the old event Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
5 years ago
Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
Add mandatory 2FA service/class Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
Add real events for enabled 2fa providers for users * Shiny new events * Listener to still emit the old event Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
5 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
Add two factor auth to core
10 years ago
Fix getMock Authentication
9 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
add 2fa backup codes app * add backup codes app unit tests * add integration tests for the backup codes app
9 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
Add two factor auth to core
10 years ago
prevent infinite redirect loops if the there is no 2fa provider to pass This fixes infinite loops that are caused whenever a user is about to solve a 2FA challenge, but the provider app is disabled at the same time. Since the session value usually indicates that the challenge needs to be solved before we grant access we have to remove that value instead in this special case.
9 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
prevent infinite redirect loops if the there is no 2fa provider to pass This fixes infinite loops that are caused whenever a user is about to solve a 2FA challenge, but the provider app is disabled at the same time. Since the session value usually indicates that the challenge needs to be solved before we grant access we have to remove that value instead in this special case.
9 years ago
Use the shorter phpunit syntax for mocked return values Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
prevent infinite redirect loops if the there is no 2fa provider to pass This fixes infinite loops that are caused whenever a user is about to solve a 2FA challenge, but the provider app is disabled at the same time. Since the session value usually indicates that the challenge needs to be solved before we grant access we have to remove that value instead in this special case.
9 years ago
Add two factor auth to core
10 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
Add two factor auth to core
10 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
add 2fa backup codes app * add backup codes app unit tests * add integration tests for the backup codes app
9 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
add 2fa backup codes app * add backup codes app unit tests * add integration tests for the backup codes app
9 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
fail hard if 2fa provider can not be loaded (#25061)
10 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
fail hard if 2fa provider can not be loaded (#25061)
10 years ago
Add mandatory 2FA service/class Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Make it possible to enforce mandatory 2FA for groups Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Add mandatory 2FA service/class Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Fix 2FA provider registry population on login If the 2FA provider registry has not been populated yet, we have to make sure all available providers are loaded and queried on login. Otherwise previously active 2FA providers aren't detected as enabled. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Add mandatory 2FA service/class Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Make it possible to enforce mandatory 2FA for groups Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Add mandatory 2FA service/class Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Fix 2FA provider registry population on login If the 2FA provider registry has not been populated yet, we have to make sure all available providers are loaded and queried on login. Otherwise previously active 2FA providers aren't detected as enabled. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Fix 2FA being enforced if only backup codes provider is active Fixes https://github.com/nextcloud/server/issues/10634. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Add mandatory 2FA service/class Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Make it possible to enforce mandatory 2FA for groups Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Add mandatory 2FA service/class Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Fix 2FA being enforced if only backup codes provider is active Fixes https://github.com/nextcloud/server/issues/10634. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Fix 2FA provider registry population on login If the 2FA provider registry has not been populated yet, we have to make sure all available providers are loaded and queried on login. Otherwise previously active 2FA providers aren't detected as enabled. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Add mandatory 2FA service/class Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Make it possible to enforce mandatory 2FA for groups Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Add mandatory 2FA service/class Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
Fix 2FA provider registry population on login If the 2FA provider registry has not been populated yet, we have to make sure all available providers are loaded and queried on login. Otherwise previously active 2FA providers aren't detected as enabled. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Add two factor auth to core
10 years ago
Fix 2FA provider registry population on login If the 2FA provider registry has not been populated yet, we have to make sure all available providers are loaded and queried on login. Otherwise previously active 2FA providers aren't detected as enabled. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
fail hard if 2fa provider can not be loaded (#25061)
10 years ago
Add two factor auth to core
10 years ago
Fix 2FA provider registry population on login If the 2FA provider registry has not been populated yet, we have to make sure all available providers are loaded and queried on login. Otherwise previously active 2FA providers aren't detected as enabled. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Add two factor auth to core
10 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
Add two factor auth to core
10 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
add 2fa backup codes app * add backup codes app unit tests * add integration tests for the backup codes app
9 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
add 2fa backup codes app * add backup codes app unit tests * add integration tests for the backup codes app
9 years ago
Add two factor auth to core
10 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
Add two factor auth to core
10 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
Add two factor auth to core
10 years ago
Allow 2FA to be setup on first login Once 2FA is enforced for a user and they have no 2FA setup yet this will now prompt them with a setup screen. Given that providers are enabled that allow setup then. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Add two factor auth to core
10 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
Add two factor auth to core
10 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
Add two factor auth to core
10 years ago
fix 2fa activities tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
9 years ago
Add two factor auth to core
10 years ago
Use the shorter phpunit syntax for mocked return values Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
Add two factor auth to core
10 years ago
bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
9 years ago
Use the shorter phpunit syntax for mocked return values Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Add two factor auth to core
10 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
fix 2fa activities tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
9 years ago
Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
9 years ago
fix 2fa activities tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
9 years ago
Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
9 years ago
fix 2fa activities tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
9 years ago
Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
fix 2fa activities tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
9 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Convert 2FA token type to string The IConfig service is documented to handle its data as strings, hence this changes the code a bit to ensure we store keys as string and convert them back when reading. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
5 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
Add two factor auth to core
10 years ago
prevent infinite redirect loops if the there is no 2fa provider to pass This fixes infinite loops that are caused whenever a user is about to solve a 2FA challenge, but the provider app is disabled at the same time. Since the session value usually indicates that the challenge needs to be solved before we grant access we have to remove that value instead in this special case.
9 years ago
Add two factor auth to core
10 years ago
fix 2fa activities tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
9 years ago
Add two factor auth to core
10 years ago
Use the shorter phpunit syntax for mocked return values Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
Add two factor auth to core
10 years ago
fix 2fa activities tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
9 years ago
Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
9 years ago
fix 2fa activities tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
9 years ago
Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
9 years ago
fix 2fa activities tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
9 years ago
Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
fix 2fa activities tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
9 years ago
Add two factor auth to core
10 years ago
prevent infinite redirect loops if the there is no 2fa provider to pass This fixes infinite loops that are caused whenever a user is about to solve a 2FA challenge, but the provider app is disabled at the same time. Since the session value usually indicates that the challenge needs to be solved before we grant access we have to remove that value instead in this special case.
9 years ago
Add two factor auth to core
10 years ago
Fix getMock Authentication
9 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Add two factor auth to core
10 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Convert 2FA token type to string The IConfig service is documented to handle its data as strings, hence this changes the code a bit to ensure we store keys as string and convert them back when reading. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
5 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
Add mandatory 2FA service/class Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Add real events for enabled 2fa providers for users * Shiny new events * Listener to still emit the old event Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
5 years ago
Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
8 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Add two factor auth to core
10 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
prevent infinite redirect loops if the there is no 2fa provider to pass This fixes infinite loops that are caused whenever a user is about to solve a 2FA challenge, but the provider app is disabled at the same time. Since the session value usually indicates that the challenge needs to be solved before we grant access we have to remove that value instead in this special case.
9 years ago
Use the shorter phpunit syntax for mocked return values Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
prevent infinite redirect loops if the there is no 2fa provider to pass This fixes infinite loops that are caused whenever a user is about to solve a 2FA challenge, but the provider app is disabled at the same time. Since the session value usually indicates that the challenge needs to be solved before we grant access we have to remove that value instead in this special case.
9 years ago
Add two factor auth to core
10 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Use the shorter phpunit syntax for mocked return values Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
Add two factor auth to core
10 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
9 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
9 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Convert 2FA token type to string The IConfig service is documented to handle its data as strings, hence this changes the code a bit to ensure we store keys as string and convert them back when reading. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
5 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
9 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Use the shorter phpunit syntax for mocked return values Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
9 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
9 years ago
Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Add two factor auth to core
10 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Convert 2FA token type to string The IConfig service is documented to handle its data as strings, hence this changes the code a bit to ensure we store keys as string and convert them back when reading. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
5 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
9 years ago
Add two factor auth to core
10 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Use the shorter phpunit syntax for mocked return values Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Use elseif instead of else if Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
Fix AppPassword 2FA auth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Use the shorter phpunit syntax for mocked return values Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Convert 2FA token type to string The IConfig service is documented to handle its data as strings, hence this changes the code a bit to ensure we store keys as string and convert them back when reading. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
5 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Fix login with basic auth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Fix login with basic auth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Fix AppPassword 2FA auth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Add two factor auth to core
10 years ago
  1. <?php
  3. /**
  4. * @author Christoph Wurst <christoph@owncloud.com>
  5. *
  6. * @copyright Copyright (c) 2016, ownCloud, Inc.
  7. * @license AGPL-3.0
  8. *
  9. * This code is free software: you can redistribute it and/or modify
  10. * it under the terms of the GNU Affero General Public License, version 3,
  11. * as published by the Free Software Foundation.
  12. *
  13. * This program is distributed in the hope that it will be useful,
  14. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16. * GNU Affero General Public License for more details.
  17. *
  18. * You should have received a copy of the GNU Affero General Public License, version 3,
  19. * along with this program. If not, see <http://www.gnu.org/licenses/>
  20. *
  21. */
  23. namespace Test\Authentication\TwoFactorAuth;
  25. use OC;
  26. use OC\Authentication\Token\IProvider as TokenProvider;
  27. use OC\Authentication\TwoFactorAuth\Manager;
  28. use OC\Authentication\TwoFactorAuth\MandatoryTwoFactor;
  29. use OC\Authentication\TwoFactorAuth\ProviderLoader;
  30. use OCP\Activity\IEvent;
  31. use OCP\Activity\IManager;
  32. use OCP\AppFramework\Utility\ITimeFactory;
  33. use OCP\Authentication\TwoFactorAuth\IActivatableAtLogin;
  34. use OCP\Authentication\TwoFactorAuth\IProvider;
  35. use OCP\Authentication\TwoFactorAuth\IRegistry;
  36. use OCP\EventDispatcher\IEventDispatcher;
  37. use OCP\IConfig;
  38. use OCP\ISession;
  39. use OCP\IUser;
  40. use PHPUnit\Framework\MockObject\MockObject;
  41. use Psr\Log\LoggerInterface;
  42. use function reset;
  43. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  44. use Test\TestCase;
  46. class ManagerTest extends TestCase {
  48. /** @var IUser|MockObject */
  49. private $user;
  51. /** @var ProviderLoader|MockObject */
  52. private $providerLoader;
  54. /** @var IRegistry|MockObject */
  55. private $providerRegistry;
  57. /** @var MandatoryTwoFactor|MockObject */
  58. private $mandatoryTwoFactor;
  60. /** @var ISession|MockObject */
  61. private $session;
  63. /** @var Manager */
  64. private $manager;
  66. /** @var IConfig|MockObject */
  67. private $config;
  69. /** @var IManager|MockObject */
  70. private $activityManager;
  72. /** @var LoggerInterface|MockObject */
  73. private $logger;
  75. /** @var IProvider|MockObject */
  76. private $fakeProvider;
  78. /** @var IProvider|MockObject */
  79. private $backupProvider;
  81. /** @var TokenProvider|MockObject */
  82. private $tokenProvider;
  84. /** @var ITimeFactory|MockObject */
  85. private $timeFactory;
  87. /** @var IEventDispatcher|MockObject */
  88. private $newDispatcher;
  90. /** @var EventDispatcherInterface|MockObject */
  91. private $eventDispatcher;
  93. protected function setUp(): void {
  94. parent::setUp();
  96. $this->user = $this->createMock(IUser::class);
  97. $this->providerLoader = $this->createMock(ProviderLoader::class);
  98. $this->providerRegistry = $this->createMock(IRegistry::class);
  99. $this->mandatoryTwoFactor = $this->createMock(MandatoryTwoFactor::class);
  100. $this->session = $this->createMock(ISession::class);
  101. $this->config = $this->createMock(IConfig::class);
  102. $this->activityManager = $this->createMock(IManager::class);
  103. $this->logger = $this->createMock(LoggerInterface::class);
  104. $this->tokenProvider = $this->createMock(TokenProvider::class);
  105. $this->timeFactory = $this->createMock(ITimeFactory::class);
  106. $this->newDispatcher = $this->createMock(IEventDispatcher::class);
  107. $this->eventDispatcher = $this->createMock(EventDispatcherInterface::class);
  109. $this->manager = new Manager(
  110. $this->providerLoader,
  111. $this->providerRegistry,
  112. $this->mandatoryTwoFactor,
  113. $this->session,
  114. $this->config,
  115. $this->activityManager,
  116. $this->logger,
  117. $this->tokenProvider,
  118. $this->timeFactory,
  119. $this->newDispatcher,
  120. $this->eventDispatcher
  121. );
  123. $this->fakeProvider = $this->createMock(IProvider::class);
  124. $this->fakeProvider->method('getId')->willReturn('email');
  126. $this->backupProvider = $this->getMockBuilder('\OCP\Authentication\TwoFactorAuth\IProvider')->getMock();
  127. $this->backupProvider->method('getId')->willReturn('backup_codes');
  128. $this->backupProvider->method('isTwoFactorAuthEnabledForUser')->willReturn(true);
  129. }
  131. private function prepareNoProviders() {
  132. $this->providerLoader->method('getProviders')
  133. ->with($this->user)
  134. ->willReturn([]);
  135. }
  137. private function prepareProviders() {
  138. $this->providerRegistry->expects($this->once())
  139. ->method('getProviderStates')
  140. ->with($this->user)
  141. ->willReturn([
  142. $this->fakeProvider->getId() => true,
  143. ]);
  144. $this->providerLoader->expects($this->once())
  145. ->method('getProviders')
  146. ->with($this->user)
  147. ->willReturn([$this->fakeProvider]);
  148. }
  150. private function prepareProvidersWitBackupProvider() {
  151. $this->providerLoader->method('getProviders')
  152. ->with($this->user)
  153. ->willReturn([
  154. $this->fakeProvider,
  155. $this->backupProvider,
  156. ]);
  157. }
  159. public function testIsTwoFactorAuthenticatedEnforced() {
  160. $this->mandatoryTwoFactor->expects($this->once())
  161. ->method('isEnforcedFor')
  162. ->with($this->user)
  163. ->willReturn(true);
  165. $enabled = $this->manager->isTwoFactorAuthenticated($this->user);
  167. $this->assertTrue($enabled);
  168. }
  170. public function testIsTwoFactorAuthenticatedNoProviders() {
  171. $this->mandatoryTwoFactor->expects($this->once())
  172. ->method('isEnforcedFor')
  173. ->with($this->user)
  174. ->willReturn(false);
  175. $this->providerRegistry->expects($this->once())
  176. ->method('getProviderStates')
  177. ->willReturn([]); // No providers registered
  178. $this->providerLoader->expects($this->once())
  179. ->method('getProviders')
  180. ->willReturn([]); // No providers loadable
  182. $this->assertFalse($this->manager->isTwoFactorAuthenticated($this->user));
  183. }
  185. public function testIsTwoFactorAuthenticatedOnlyBackupCodes() {
  186. $this->mandatoryTwoFactor->expects($this->once())
  187. ->method('isEnforcedFor')
  188. ->with($this->user)
  189. ->willReturn(false);
  190. $this->providerRegistry->expects($this->once())
  191. ->method('getProviderStates')
  192. ->willReturn([
  193. 'backup_codes' => true,
  194. ]);
  195. $backupCodesProvider = $this->createMock(IProvider::class);
  196. $backupCodesProvider
  197. ->method('getId')
  198. ->willReturn('backup_codes');
  199. $this->providerLoader->expects($this->once())
  200. ->method('getProviders')
  201. ->willReturn([
  202. $backupCodesProvider,
  203. ]);
  205. $this->assertFalse($this->manager->isTwoFactorAuthenticated($this->user));
  206. }
  208. public function testIsTwoFactorAuthenticatedFailingProviders() {
  209. $this->mandatoryTwoFactor->expects($this->once())
  210. ->method('isEnforcedFor')
  211. ->with($this->user)
  212. ->willReturn(false);
  213. $this->providerRegistry->expects($this->once())
  214. ->method('getProviderStates')
  215. ->willReturn([
  216. 'twofactor_totp' => true,
  217. 'twofactor_u2f' => false,
  218. ]); // Two providers registered, but …
  219. $this->providerLoader->expects($this->once())
  220. ->method('getProviders')
  221. ->willReturn([]); // … none of them is able to load, however …
  223. // … 2FA is still enforced
  224. $this->assertTrue($this->manager->isTwoFactorAuthenticated($this->user));
  225. }
  227. public function providerStatesFixData(): array {
  228. return [
  229. [false, false],
  230. [true, true],
  231. ];
  232. }
  234. /**
  235. * If the 2FA registry has not been populated when a user logs in,
  236. * the 2FA manager has to first fix the state before it checks for
  237. * enabled providers.
  238. *
  239. * If any of these providers is active, 2FA is enabled
  240. *
  241. * @dataProvider providerStatesFixData
  242. */
  243. public function testIsTwoFactorAuthenticatedFixesProviderStates(bool $providerEnabled, bool $expected) {
  244. $this->providerRegistry->expects($this->once())
  245. ->method('getProviderStates')
  246. ->willReturn([]); // Nothing registered yet
  247. $this->providerLoader->expects($this->once())
  248. ->method('getProviders')
  249. ->willReturn([
  250. $this->fakeProvider
  251. ]);
  252. $this->fakeProvider->expects($this->once())
  253. ->method('isTwoFactorAuthEnabledForUser')
  254. ->with($this->user)
  255. ->willReturn($providerEnabled);
  256. if ($providerEnabled) {
  257. $this->providerRegistry->expects($this->once())
  258. ->method('enableProviderFor')
  259. ->with(
  260. $this->fakeProvider,
  261. $this->user
  262. );
  263. } else {
  264. $this->providerRegistry->expects($this->once())
  265. ->method('disableProviderFor')
  266. ->with(
  267. $this->fakeProvider,
  268. $this->user
  269. );
  270. }
  272. $this->assertEquals($expected, $this->manager->isTwoFactorAuthenticated($this->user));
  273. }
  275. public function testGetProvider() {
  276. $this->providerRegistry->expects($this->once())
  277. ->method('getProviderStates')
  278. ->with($this->user)
  279. ->willReturn([
  280. $this->fakeProvider->getId() => true,
  281. ]);
  282. $this->providerLoader->expects($this->once())
  283. ->method('getProviders')
  284. ->with($this->user)
  285. ->willReturn([$this->fakeProvider]);
  287. $provider = $this->manager->getProvider($this->user, $this->fakeProvider->getId());
  289. $this->assertSame($this->fakeProvider, $provider);
  290. }
  292. public function testGetInvalidProvider() {
  293. $this->providerRegistry->expects($this->once())
  294. ->method('getProviderStates')
  295. ->with($this->user)
  296. ->willReturn([]);
  297. $this->providerLoader->expects($this->once())
  298. ->method('getProviders')
  299. ->with($this->user)
  300. ->willReturn([]);
  302. $provider = $this->manager->getProvider($this->user, 'nonexistent');
  304. $this->assertNull($provider);
  305. }
  307. public function testGetLoginSetupProviders() {
  308. $provider1 = $this->createMock(IProvider::class);
  309. $provider2 = $this->createMock(IActivatableAtLogin::class);
  310. $this->providerLoader->expects($this->once())
  311. ->method('getProviders')
  312. ->with($this->user)
  313. ->willReturn([
  314. $provider1,
  315. $provider2,
  316. ]);
  318. $providers = $this->manager->getLoginSetupProviders($this->user);
  320. $this->assertCount(1, $providers);
  321. $this->assertSame($provider2, reset($providers));
  322. }
  324. public function testGetProviders() {
  325. $this->providerRegistry->expects($this->once())
  326. ->method('getProviderStates')
  327. ->with($this->user)
  328. ->willReturn([
  329. $this->fakeProvider->getId() => true,
  330. ]);
  331. $this->providerLoader->expects($this->once())
  332. ->method('getProviders')
  333. ->with($this->user)
  334. ->willReturn([$this->fakeProvider]);
  335. $expectedProviders = [
  336. 'email' => $this->fakeProvider,
  337. ];
  339. $providerSet = $this->manager->getProviderSet($this->user);
  340. $providers = $providerSet->getProviders();
  342. $this->assertEquals($expectedProviders, $providers);
  343. $this->assertFalse($providerSet->isProviderMissing());
  344. }
  346. public function testGetProvidersOneMissing() {
  347. $this->providerRegistry->expects($this->once())
  348. ->method('getProviderStates')
  349. ->with($this->user)
  350. ->willReturn([
  351. $this->fakeProvider->getId() => true,
  352. ]);
  353. $this->providerLoader->expects($this->once())
  354. ->method('getProviders')
  355. ->with($this->user)
  356. ->willReturn([]);
  357. $expectedProviders = [
  358. 'email' => $this->fakeProvider,
  359. ];
  361. $providerSet = $this->manager->getProviderSet($this->user);
  363. $this->assertTrue($providerSet->isProviderMissing());
  364. }
  366. public function testVerifyChallenge() {
  367. $this->prepareProviders();
  369. $challenge = 'passme';
  370. $event = $this->createMock(IEvent::class);
  371. $this->fakeProvider->expects($this->once())
  372. ->method('verifyChallenge')
  373. ->with($this->user, $challenge)
  374. ->willReturn(true);
  375. $this->session->expects($this->once())
  376. ->method('get')
  377. ->with('two_factor_remember_login')
  378. ->willReturn(false);
  379. $this->session->expects($this->exactly(2))
  380. ->method('remove')
  381. ->withConsecutive(
  382. ['two_factor_auth_uid'],
  383. ['two_factor_remember_login']
  384. );
  385. $this->session->expects($this->once())
  386. ->method('set')
  387. ->with(Manager::SESSION_UID_DONE, 'jos');
  388. $this->session->method('getId')
  389. ->willReturn('mysessionid');
  390. $this->activityManager->expects($this->once())
  391. ->method('generateEvent')
  392. ->willReturn($event);
  393. $this->user->expects($this->any())
  394. ->method('getUID')
  395. ->willReturn('jos');
  396. $event->expects($this->once())
  397. ->method('setApp')
  398. ->with($this->equalTo('core'))
  399. ->willReturnSelf();
  400. $event->expects($this->once())
  401. ->method('setType')
  402. ->with($this->equalTo('security'))
  403. ->willReturnSelf();
  404. $event->expects($this->once())
  405. ->method('setAuthor')
  406. ->with($this->equalTo('jos'))
  407. ->willReturnSelf();
  408. $event->expects($this->once())
  409. ->method('setAffectedUser')
  410. ->with($this->equalTo('jos'))
  411. ->willReturnSelf();
  412. $this->fakeProvider
  413. ->method('getDisplayName')
  414. ->willReturn('Fake 2FA');
  415. $event->expects($this->once())
  416. ->method('setSubject')
  417. ->with($this->equalTo('twofactor_success'), $this->equalTo([
  418. 'provider' => 'Fake 2FA',
  419. ]))
  420. ->willReturnSelf();
  421. $token = $this->createMock(OC\Authentication\Token\IToken::class);
  422. $this->tokenProvider->method('getToken')
  423. ->with('mysessionid')
  424. ->willReturn($token);
  425. $token->method('getId')
  426. ->willReturn(42);
  427. $this->config->expects($this->once())
  428. ->method('deleteUserValue')
  429. ->with('jos', 'login_token_2fa', '42');
  431. $result = $this->manager->verifyChallenge('email', $this->user, $challenge);
  433. $this->assertTrue($result);
  434. }
  436. public function testVerifyChallengeInvalidProviderId() {
  437. $this->prepareProviders();
  439. $challenge = 'passme';
  440. $this->fakeProvider->expects($this->never())
  441. ->method('verifyChallenge')
  442. ->with($this->user, $challenge);
  443. $this->session->expects($this->never())
  444. ->method('remove');
  446. $this->assertFalse($this->manager->verifyChallenge('dontexist', $this->user, $challenge));
  447. }
  449. public function testVerifyInvalidChallenge() {
  450. $this->prepareProviders();
  452. $challenge = 'dontpassme';
  453. $event = $this->createMock(IEvent::class);
  454. $this->fakeProvider->expects($this->once())
  455. ->method('verifyChallenge')
  456. ->with($this->user, $challenge)
  457. ->willReturn(false);
  458. $this->session->expects($this->never())
  459. ->method('remove');
  460. $this->activityManager->expects($this->once())
  461. ->method('generateEvent')
  462. ->willReturn($event);
  463. $this->user->expects($this->any())
  464. ->method('getUID')
  465. ->willReturn('jos');
  466. $event->expects($this->once())
  467. ->method('setApp')
  468. ->with($this->equalTo('core'))
  469. ->willReturnSelf();
  470. $event->expects($this->once())
  471. ->method('setType')
  472. ->with($this->equalTo('security'))
  473. ->willReturnSelf();
  474. $event->expects($this->once())
  475. ->method('setAuthor')
  476. ->with($this->equalTo('jos'))
  477. ->willReturnSelf();
  478. $event->expects($this->once())
  479. ->method('setAffectedUser')
  480. ->with($this->equalTo('jos'))
  481. ->willReturnSelf();
  482. $this->fakeProvider
  483. ->method('getDisplayName')
  484. ->willReturn('Fake 2FA');
  485. $event->expects($this->once())
  486. ->method('setSubject')
  487. ->with($this->equalTo('twofactor_failed'), $this->equalTo([
  488. 'provider' => 'Fake 2FA',
  489. ]))
  490. ->willReturnSelf();
  492. $this->assertFalse($this->manager->verifyChallenge('email', $this->user, $challenge));
  493. }
  495. public function testNeedsSecondFactor() {
  496. $user = $this->createMock(IUser::class);
  497. $this->session->expects($this->exactly(3))
  498. ->method('exists')
  499. ->withConsecutive(
  500. ['app_password'],
  501. ['two_factor_auth_uid'],
  502. [Manager::SESSION_UID_DONE],
  503. )
  504. ->willReturn(false);
  506. $this->session->method('getId')
  507. ->willReturn('mysessionid');
  508. $token = $this->createMock(OC\Authentication\Token\IToken::class);
  509. $this->tokenProvider->method('getToken')
  510. ->with('mysessionid')
  511. ->willReturn($token);
  512. $token->method('getId')
  513. ->willReturn(42);
  515. $user->method('getUID')
  516. ->willReturn('user');
  517. $this->config->method('getUserKeys')
  518. ->with('user', 'login_token_2fa')
  519. ->willReturn([
  520. '42'
  521. ]);
  523. $manager = $this->getMockBuilder(Manager::class)
  524. ->setConstructorArgs([
  525. $this->providerLoader,
  526. $this->providerRegistry,
  527. $this->mandatoryTwoFactor,
  528. $this->session,
  529. $this->config,
  530. $this->activityManager,
  531. $this->logger,
  532. $this->tokenProvider,
  533. $this->timeFactory,
  534. $this->newDispatcher,
  535. $this->eventDispatcher
  536. ])
  537. ->setMethods(['loadTwoFactorApp', 'isTwoFactorAuthenticated'])// Do not actually load the apps
  538. ->getMock();
  540. $manager->method('isTwoFactorAuthenticated')
  541. ->with($user)
  542. ->willReturn(true);
  544. $this->assertTrue($manager->needsSecondFactor($user));
  545. }
  547. public function testNeedsSecondFactorUserIsNull() {
  548. $user = null;
  549. $this->session->expects($this->never())
  550. ->method('exists');
  552. $this->assertFalse($this->manager->needsSecondFactor($user));
  553. }
  555. public function testNeedsSecondFactorWithNoProviderAvailableAnymore() {
  556. $this->prepareNoProviders();
  558. $user = null;
  559. $this->session->expects($this->never())
  560. ->method('exists')
  561. ->with('two_factor_auth_uid')
  562. ->willReturn(true);
  563. $this->session->expects($this->never())
  564. ->method('remove')
  565. ->with('two_factor_auth_uid');
  567. $this->assertFalse($this->manager->needsSecondFactor($user));
  568. }
  570. public function testPrepareTwoFactorLogin() {
  571. $this->user->method('getUID')
  572. ->willReturn('ferdinand');
  574. $this->session->expects($this->exactly(2))
  575. ->method('set')
  576. ->withConsecutive(
  577. ['two_factor_auth_uid', 'ferdinand'],
  578. ['two_factor_remember_login', true]
  579. );
  581. $this->session->method('getId')
  582. ->willReturn('mysessionid');
  583. $token = $this->createMock(OC\Authentication\Token\IToken::class);
  584. $this->tokenProvider->method('getToken')
  585. ->with('mysessionid')
  586. ->willReturn($token);
  587. $token->method('getId')
  588. ->willReturn(42);
  590. $this->timeFactory->method('getTime')
  591. ->willReturn(1337);
  593. $this->config->method('setUserValue')
  594. ->with('ferdinand', 'login_token_2fa', '42', '1337');
  597. $this->manager->prepareTwoFactorLogin($this->user, true);
  598. }
  600. public function testPrepareTwoFactorLoginDontRemember() {
  601. $this->user->method('getUID')
  602. ->willReturn('ferdinand');
  604. $this->session->expects($this->exactly(2))
  605. ->method('set')
  606. ->withConsecutive(
  607. ['two_factor_auth_uid', 'ferdinand'],
  608. ['two_factor_remember_login', false]
  609. );
  611. $this->session->method('getId')
  612. ->willReturn('mysessionid');
  613. $token = $this->createMock(OC\Authentication\Token\IToken::class);
  614. $this->tokenProvider->method('getToken')
  615. ->with('mysessionid')
  616. ->willReturn($token);
  617. $token->method('getId')
  618. ->willReturn(42);
  620. $this->timeFactory->method('getTime')
  621. ->willReturn(1337);
  623. $this->config->method('setUserValue')
  624. ->with('ferdinand', 'login_token_2fa', '42', '1337');
  626. $this->manager->prepareTwoFactorLogin($this->user, false);
  627. }
  629. public function testNeedsSecondFactorSessionAuth() {
  630. $user = $this->createMock(IUser::class);
  631. $user->method('getUID')
  632. ->willReturn('user');
  634. $this->session->method('exists')
  635. ->willReturnCallback(function ($var) {
  636. if ($var === Manager::SESSION_UID_KEY) {
  637. return false;
  638. } elseif ($var === 'app_password') {
  639. return false;
  640. }
  641. return true;
  642. });
  643. $this->session->expects($this->once())
  644. ->method('get')
  645. ->with(Manager::SESSION_UID_DONE)
  646. ->willReturn('user');
  648. $this->assertFalse($this->manager->needsSecondFactor($user));
  649. }
  651. public function testNeedsSecondFactorSessionAuthFailDBPass() {
  652. $user = $this->createMock(IUser::class);
  653. $user->method('getUID')
  654. ->willReturn('user');
  656. $this->session->method('exists')
  657. ->willReturn(false);
  658. $this->session->method('getId')
  659. ->willReturn('mysessionid');
  661. $token = $this->createMock(OC\Authentication\Token\IToken::class);
  662. $token->method('getId')
  663. ->willReturn(40);
  665. $this->tokenProvider->method('getToken')
  666. ->with('mysessionid')
  667. ->willReturn($token);
  669. $this->config->method('getUserKeys')
  670. ->with('user', 'login_token_2fa')
  671. ->willReturn([
  672. '42', '43', '44'
  673. ]);
  675. $this->session->expects($this->once())
  676. ->method('set')
  677. ->with(Manager::SESSION_UID_DONE, 'user');
  679. $this->assertFalse($this->manager->needsSecondFactor($user));
  680. }
  682. public function testNeedsSecondFactorInvalidToken() {
  683. $this->prepareNoProviders();
  685. $user = $this->createMock(IUser::class);
  686. $user->method('getUID')
  687. ->willReturn('user');
  689. $this->session->method('exists')
  690. ->willReturn(false);
  691. $this->session->method('getId')
  692. ->willReturn('mysessionid');
  694. $this->tokenProvider->method('getToken')
  695. ->with('mysessionid')
  696. ->willThrowException(new OC\Authentication\Exceptions\InvalidTokenException());
  698. $this->config->method('getUserKeys')->willReturn([]);
  700. $this->assertFalse($this->manager->needsSecondFactor($user));
  701. }
  703. public function testNeedsSecondFactorAppPassword() {
  704. $user = $this->createMock(IUser::class);
  705. $this->session->method('exists')
  706. ->with('app_password')
  707. ->willReturn(true);
  709. $this->assertFalse($this->manager->needsSecondFactor($user));
  710. }
  711. }