Skip to content

Commit

Permalink
Merge pull request #21344 from nextcloud/fix/twofactor-cleanup-event
Browse files Browse the repository at this point in the history
Emit an event for every disabled 2FA provider during cleanup
  • Loading branch information
MorrisJobke authored Aug 13, 2020
2 parents 3a39f2a + 68794eb commit 725fece
Show file tree
Hide file tree
Showing 7 changed files with 118 additions and 16 deletions.
1 change: 1 addition & 0 deletions lib/composer/composer/autoload_classmap.php
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@
'OCP\\Authentication\\TwoFactorAuth\\IRegistry' => $baseDir . '/lib/public/Authentication/TwoFactorAuth/IRegistry.php',
'OCP\\Authentication\\TwoFactorAuth\\RegistryEvent' => $baseDir . '/lib/public/Authentication/TwoFactorAuth/RegistryEvent.php',
'OCP\\Authentication\\TwoFactorAuth\\TwoFactorException' => $baseDir . '/lib/public/Authentication/TwoFactorAuth/TwoFactorException.php',
'OCP\\Authentication\\TwoFactorAuth\\TwoFactorProviderDisabled' => $baseDir . '/lib/public/Authentication/TwoFactorAuth/TwoFactorProviderDisabled.php',
'OCP\\AutoloadNotAllowedException' => $baseDir . '/lib/public/AutoloadNotAllowedException.php',
'OCP\\BackgroundJob' => $baseDir . '/lib/public/BackgroundJob.php',
'OCP\\BackgroundJob\\IJob' => $baseDir . '/lib/public/BackgroundJob/IJob.php',
Expand Down
1 change: 1 addition & 0 deletions lib/composer/composer/autoload_static.php
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,7 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
'OCP\\Authentication\\TwoFactorAuth\\IRegistry' => __DIR__ . '/../../..' . '/lib/public/Authentication/TwoFactorAuth/IRegistry.php',
'OCP\\Authentication\\TwoFactorAuth\\RegistryEvent' => __DIR__ . '/../../..' . '/lib/public/Authentication/TwoFactorAuth/RegistryEvent.php',
'OCP\\Authentication\\TwoFactorAuth\\TwoFactorException' => __DIR__ . '/../../..' . '/lib/public/Authentication/TwoFactorAuth/TwoFactorException.php',
'OCP\\Authentication\\TwoFactorAuth\\TwoFactorProviderDisabled' => __DIR__ . '/../../..' . '/lib/public/Authentication/TwoFactorAuth/TwoFactorProviderDisabled.php',
'OCP\\AutoloadNotAllowedException' => __DIR__ . '/../../..' . '/lib/public/AutoloadNotAllowedException.php',
'OCP\\BackgroundJob' => __DIR__ . '/../../..' . '/lib/public/BackgroundJob.php',
'OCP\\BackgroundJob\\IJob' => __DIR__ . '/../../..' . '/lib/public/BackgroundJob/IJob.php',
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
use Doctrine\DBAL\Exception\UniqueConstraintViolationException;
use OCP\DB\QueryBuilder\IQueryBuilder;
use OCP\IDBConnection;
use function array_map;

/**
* Data access object to query and assign (provider_id, uid, enabled) tuples of
Expand Down Expand Up @@ -91,13 +92,35 @@ public function persist(string $providerId, string $uid, int $enabled) {
}
}

public function deleteByUser(string $uid) {
$qb = $this->conn->getQueryBuilder();

$deleteQuery = $qb->delete(self::TABLE_NAME)
->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid)));

/**
* Delete all provider states of a user and return the provider IDs
*
* @param string $uid
*
* @return int[]
*/
public function deleteByUser(string $uid): array {
$qb1 = $this->conn->getQueryBuilder();
$selectQuery = $qb1->select('*')
->from(self::TABLE_NAME)
->where($qb1->expr()->eq('uid', $qb1->createNamedParameter($uid)));
$selectResult = $selectQuery->execute();
$rows = $selectResult->fetchAll();
$selectResult->closeCursor();

$qb2 = $this->conn->getQueryBuilder();
$deleteQuery = $qb2
->delete(self::TABLE_NAME)
->where($qb2->expr()->eq('uid', $qb2->createNamedParameter($uid)));
$deleteQuery->execute();

return array_map(function (array $row) {
return [
'provider_id' => $row['provider_id'],
'uid' => $row['uid'],
'enabled' => 1 === (int) $row['enabled'],
];
}, $rows);
}

public function deleteAll(string $providerId) {
Expand Down
9 changes: 5 additions & 4 deletions lib/private/Authentication/TwoFactorAuth/Registry.php
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
use OCP\Authentication\TwoFactorAuth\IProvider;
use OCP\Authentication\TwoFactorAuth\IRegistry;
use OCP\Authentication\TwoFactorAuth\RegistryEvent;
use OCP\Authentication\TwoFactorAuth\TwoFactorProviderDisabled;
use OCP\EventDispatcher\IEventDispatcher;
use OCP\IUser;

Expand Down Expand Up @@ -66,11 +67,11 @@ public function disableProviderFor(IProvider $provider, IUser $user) {
$this->dispatcher->dispatch(self::EVENT_PROVIDER_DISABLED, $event);
}

/**
* @todo evaluate if we should emit RegistryEvents for each of the deleted rows -> needs documentation
*/
public function deleteUserData(IUser $user): void {
$this->assignmentDao->deleteByUser($user->getUID());
foreach ($this->assignmentDao->deleteByUser($user->getUID()) as $provider) {
$event = new TwoFactorProviderDisabled($provider['provider_id']);
$this->dispatcher->dispatchTyped($event);
}
}

public function cleanUp(string $providerId) {
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
<?php

declare(strict_types=1);

/**
* @copyright 2020 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @author 2020 Christoph Wurst <christoph@winzerhof-wurst.at>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/

namespace OCP\Authentication\TwoFactorAuth;

use OCP\EventDispatcher\Event;

/**
* @since 20.0.0
*/
final class TwoFactorProviderDisabled extends Event {

/** @var string */
private $providerId;

/**
* @since 20.0.0
*/
public function __construct(string $providerId) {
parent::__construct();
$this->providerId = $providerId;
}

/**
* @since 20.0.0
*/
public function getProviderId(): string {
return $this->providerId;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -136,14 +136,29 @@ public function testDeleteByUser() {
$this->dao->persist('twofactor_fail', 'user1', 1);
$this->dao->persist('twofactor_u2f', 'user1', 1);
$this->dao->persist('twofactor_fail', 'user2', 0);
$this->dao->persist('twofactor_u2f', 'user1', 0);

$this->dao->deleteByUser('user1');

$this->dao->persist('twofactor_u2f', 'user2', 0);

$deleted = $this->dao->deleteByUser('user1');

$this->assertEquals(
[
[
'uid' => 'user1',
'provider_id' => 'twofactor_fail',
'enabled' => true,
],
[
'uid' => 'user1',
'provider_id' => 'twofactor_u2f',
'enabled' => true,
],
],
$deleted
);
$statesUser1 = $this->dao->getState('user1');
$statesUser2 = $this->dao->getState('user2');
$this->assertCount(0, $statesUser1);
$this->assertCount(1, $statesUser2);
$this->assertCount(2, $statesUser2);
}

public function testDeleteAll() {
Expand Down
11 changes: 10 additions & 1 deletion tests/lib/Authentication/TwoFactorAuth/RegistryTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
use OCP\Authentication\TwoFactorAuth\IProvider;
use OCP\Authentication\TwoFactorAuth\IRegistry;
use OCP\Authentication\TwoFactorAuth\RegistryEvent;
use OCP\Authentication\TwoFactorAuth\TwoFactorProviderDisabled;
use OCP\EventDispatcher\IEventDispatcher;
use OCP\IUser;
use PHPUnit\Framework\MockObject\MockObject;
Expand Down Expand Up @@ -115,7 +116,15 @@ public function testDeleteUserData() {
$user->expects($this->once())->method('getUID')->willReturn('user123');
$this->dao->expects($this->once())
->method('deleteByUser')
->with('user123');
->with('user123')
->willReturn([
[
'provider_id' => 'twofactor_u2f',
]
]);
$this->dispatcher->expects($this->once())
->method('dispatchTyped')
->with(new TwoFactorProviderDisabled('twofactor_u2f'));

$this->registry->deleteUserData($user);
}
Expand Down

0 comments on commit 725fece

Please sign in to comment.