|
| 1 | +<?php |
| 2 | + |
| 3 | +declare(strict_types=1); |
| 4 | +/** |
| 5 | + * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors |
| 6 | + * SPDX-License-Identifier: AGPL-3.0-or-later |
| 7 | + */ |
| 8 | + |
| 9 | +namespace OC\Core\Controller; |
| 10 | + |
| 11 | +use OC\Authentication\TwoFactorAuth\ProviderManager; |
| 12 | +use OCP\AppFramework\Http; |
| 13 | +use OCP\AppFramework\Http\Attribute\ApiRoute; |
| 14 | +use OCP\AppFramework\Http\DataResponse; |
| 15 | +use OCP\AppFramework\OCSController; |
| 16 | +use OCP\Authentication\TwoFactorAuth\IRegistry; |
| 17 | +use OCP\IRequest; |
| 18 | +use OCP\IUserManager; |
| 19 | + |
| 20 | +class TwoFactorApiController extends OCSController { |
| 21 | + public function __construct( |
| 22 | + string $appName, |
| 23 | + IRequest $request, |
| 24 | + private ProviderManager $tfManager, |
| 25 | + private IRegistry $tfRegistry, |
| 26 | + private IUserManager $userManager, |
| 27 | + ) { |
| 28 | + parent::__construct($appName, $request); |
| 29 | + } |
| 30 | + |
| 31 | + /** |
| 32 | + * Get two factor authentication provider states |
| 33 | + * |
| 34 | + * @param string $user system user id |
| 35 | + * |
| 36 | + * @return DataResponse<Http::STATUS_OK, array<string, bool>, array{}>|DataResponse<Http::STATUS_NOT_FOUND, null, array{}> |
| 37 | + * |
| 38 | + * 200: provider states |
| 39 | + * 404: user not found |
| 40 | + */ |
| 41 | + #[ApiRoute(verb: 'GET', url: '/state', root: '/twofactor')] |
| 42 | + public function state(string $user): DataResponse { |
| 43 | + $userObject = $this->userManager->get($user); |
| 44 | + if ($userObject !== null) { |
| 45 | + $state = $this->tfRegistry->getProviderStates($userObject); |
| 46 | + return new DataResponse($state); |
| 47 | + } |
| 48 | + return new DataResponse(null, Http::STATUS_NOT_FOUND); |
| 49 | + } |
| 50 | + |
| 51 | + /** |
| 52 | + * Enable two factor authentication providers for specific user |
| 53 | + * |
| 54 | + * @param string $user system user identifier |
| 55 | + * @param list<string> $providers collection of TFA provider ids |
| 56 | + * |
| 57 | + * @return DataResponse<Http::STATUS_OK, array<string, bool>, array{}>|DataResponse<Http::STATUS_NOT_FOUND, null, array{}> |
| 58 | + * |
| 59 | + * 200: provider states |
| 60 | + * 404: user not found |
| 61 | + */ |
| 62 | + #[ApiRoute(verb: 'POST', url: '/enable', root: '/twofactor')] |
| 63 | + public function enable(string $user, array $providers = []): DataResponse { |
| 64 | + $userObject = $this->userManager->get($user); |
| 65 | + if ($userObject !== null) { |
| 66 | + foreach ($providers as $providerId) { |
| 67 | + $this->tfManager->tryEnableProviderFor($providerId, $userObject); |
| 68 | + } |
| 69 | + $state = $this->tfRegistry->getProviderStates($userObject); |
| 70 | + return new DataResponse($state); |
| 71 | + } |
| 72 | + return new DataResponse(null, Http::STATUS_NOT_FOUND); |
| 73 | + } |
| 74 | + |
| 75 | + /** |
| 76 | + * Disable two factor authentication providers for specific user |
| 77 | + * |
| 78 | + * @param string $user system user identifier |
| 79 | + * @param list<string> $providers collection of TFA provider ids |
| 80 | + * |
| 81 | + * @return DataResponse<Http::STATUS_OK, array<string, bool>, array{}>|DataResponse<Http::STATUS_NOT_FOUND, null, array{}> |
| 82 | + * |
| 83 | + * 200: provider states |
| 84 | + * 404: user not found |
| 85 | + */ |
| 86 | + #[ApiRoute(verb: 'POST', url: '/disable', root: '/twofactor')] |
| 87 | + public function disable(string $user, array $providers = []): DataResponse { |
| 88 | + $userObject = $this->userManager->get($user); |
| 89 | + if ($userObject !== null) { |
| 90 | + foreach ($providers as $providerId) { |
| 91 | + $this->tfManager->tryDisableProviderFor($providerId, $userObject); |
| 92 | + } |
| 93 | + $state = $this->tfRegistry->getProviderStates($userObject); |
| 94 | + return new DataResponse($state); |
| 95 | + } |
| 96 | + return new DataResponse(null, Http::STATUS_NOT_FOUND); |
| 97 | + } |
| 98 | + |
| 99 | +} |
0 commit comments