feat: Two Factor API

Signed-off-by: SebastianKrupinski <[email protected]>
nextcloud · Nov 23, 2024 · 36674f5 · 36674f5
1 parent 4740c18
commit 36674f5
Show file tree

Hide file tree

Showing 3 changed files with 111 additions and 0 deletions.
diff --git a/core/Controller/TwoFactorApiController.php b/core/Controller/TwoFactorApiController.php
@@ -0,0 +1,109 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OC\Core\Controller;
+
+use OC\Authentication\TwoFactorAuth\ProviderManager;
+use OCP\Authentication\TwoFactorAuth\IRegistry;
+use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\PublicPage;
+use OCP\AppFramework\Http\DataResponse;
+use OCP\IRequest;
+use OCP\IUserManager;
+
+class TwoFactorApiController extends \OCP\AppFramework\OCSController {
+	public function __construct(
+		string $appName,
+		IRequest $request,
+		private ProviderManager $tfManager,
+		private IRegistry $tfRegistry,
+		private IUserManager $userManager,
+	) {
+		parent::__construct($appName, $request);
+	}
+
+	/**
+	 * Get two factor provider states
+	 *
+	 * @param array<string> $users collection of system user ids
+	 * 
+	 * @return DataResponse<Http::STATUS_OK, array{userId: array{providerId: bool}}>
+	 *
+	 * 200: user/provider states
+	 */
+	#[PublicPage]
+	#[ApiRoute(verb: 'POST', url: '/state', root: '/twofactor')]
+	public function state(array $users = []): DataResponse {
+		$states = [];
+		foreach ($users as $userId) {
+			$userObject = $this->userManager->get($userId);
+			if ($userObject !== null) {
+				$states[$userId] = $this->tfRegistry->getProviderStates($userObject);
+			}
+		}
+
+		return new DataResponse($states);
+	}
+
+	/**
+	 * Enable two factor providers
+	 *
+	 * @param array<string:array<string>> $users collection of system user ids and provider ids
+	 * 
+	 * @return DataResponse<Http::STATUS_OK, array{userId: array{providerId: bool}}>
+	 *
+	 * 200: user/provider states
+	 */
+	#[PublicPage]
+	#[ApiRoute(verb: 'POST', url: '/enable', root: '/twofactor')]
+	public function enable(array $users = []): DataResponse {
+		$states = [];
+		foreach ($users as $userId => $providers) {
+			$userObject = $this->userManager->get($userId);
+			if ($userObject !== null) {
+				if (is_array($providers)) {
+					foreach ($providers as $providerId) {
+						$this->tfManager->tryEnableProviderFor($providerId, $userObject);
+					}
+				}
+				$states[$userId] = $this->tfRegistry->getProviderStates($userObject);
+			}
+		}
+
+		return new DataResponse($states);
+	}
+
+	/**
+	 * Disable two factor providers
+	 *
+	 * @param array<string:array<string>> $users collection of system user ids and provider ids
+	 * 
+	 * @return DataResponse<Http::STATUS_OK, array{userId: array{providerId: bool}}>
+	 *
+	 * 200: user/provider states
+	 */
+	#[PublicPage]
+	#[ApiRoute(verb: 'POST', url: '/disable', root: '/twofactor')]
+	public function disable(array $users = []): DataResponse {
+		$states = [];
+		foreach ($users as $userId => $providers) {
+			$userObject = $this->userManager->get($userId);
+			if ($userObject !== null) {
+				if (is_array($providers)) {
+					foreach ($providers as $providerId) {
+						$this->tfManager->tryDisableProviderFor($providerId, $userObject);
+					}
+				}
+				$states[$userId] = $this->tfRegistry->getProviderStates($userObject);
+			}
+		}
+
+		return new DataResponse($states);
+	}
+
+}
diff --git a/lib/composer/composer/autoload_classmap.php b/lib/composer/composer/autoload_classmap.php
@@ -1295,6 +1295,7 @@
     'OC\\Core\\Controller\\TextProcessingApiController' => $baseDir . '/core/Controller/TextProcessingApiController.php',
     'OC\\Core\\Controller\\TextToImageApiController' => $baseDir . '/core/Controller/TextToImageApiController.php',
     'OC\\Core\\Controller\\TranslationApiController' => $baseDir . '/core/Controller/TranslationApiController.php',
+    'OC\\Core\\Controller\\TwoFactorApiController' => $baseDir . '/core/Controller/TwoFactorApiController.php',
     'OC\\Core\\Controller\\TwoFactorChallengeController' => $baseDir . '/core/Controller/TwoFactorChallengeController.php',
     'OC\\Core\\Controller\\UnifiedSearchController' => $baseDir . '/core/Controller/UnifiedSearchController.php',
     'OC\\Core\\Controller\\UnsupportedBrowserController' => $baseDir . '/core/Controller/UnsupportedBrowserController.php',

diff --git a/lib/composer/composer/autoload_static.php b/lib/composer/composer/autoload_static.php
@@ -1336,6 +1336,7 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2
         'OC\\Core\\Controller\\TextProcessingApiController' => __DIR__ . '/../../..' . '/core/Controller/TextProcessingApiController.php',
         'OC\\Core\\Controller\\TextToImageApiController' => __DIR__ . '/../../..' . '/core/Controller/TextToImageApiController.php',
         'OC\\Core\\Controller\\TranslationApiController' => __DIR__ . '/../../..' . '/core/Controller/TranslationApiController.php',
+        'OC\\Core\\Controller\\TwoFactorApiController' => __DIR__ . '/../../..' . '/core/Controller/TwoFactorApiController.php',
         'OC\\Core\\Controller\\TwoFactorChallengeController' => __DIR__ . '/../../..' . '/core/Controller/TwoFactorChallengeController.php',
         'OC\\Core\\Controller\\UnifiedSearchController' => __DIR__ . '/../../..' . '/core/Controller/UnifiedSearchController.php',
         'OC\\Core\\Controller\\UnsupportedBrowserController' => __DIR__ . '/../../..' . '/core/Controller/UnsupportedBrowserController.php',