Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not show 2FA settings if the user has no providers available #25273

Merged
merged 1 commit into from
Jan 22, 2021
Merged

Do not show 2FA settings if the user has no providers available #25273

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 41 additions & 1 deletion apps/settings/lib/Settings/Personal/Security/TwoFactor.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,9 @@

namespace OCA\Settings\Settings\Personal\Security;

use Exception;
use OC\Authentication\TwoFactorAuth\MandatoryTwoFactor;
use OCA\TwoFactorBackupCodes\Provider\BackupCodesProvider;
use function array_filter;
use function array_map;
use function is_null;
Expand All @@ -42,6 +45,9 @@ class TwoFactor implements ISettings {
/** @var ProviderLoader */
private $providerLoader;

/** @var MandatoryTwoFactor */
private $mandatoryTwoFactor;

/** @var IUserSession */
private $userSession;

Expand All @@ -52,10 +58,12 @@ class TwoFactor implements ISettings {
private $config;

public function __construct(ProviderLoader $providerLoader,
MandatoryTwoFactor $mandatoryTwoFactor,
IUserSession $userSession,
IConfig $config,
?string $UserId) {
$this->providerLoader = $providerLoader;
$this->mandatoryTwoFactor = $mandatoryTwoFactor;
$this->userSession = $userSession;
$this->uid = $UserId;
$this->config = $config;
Expand All @@ -68,14 +76,46 @@ public function getForm(): TemplateResponse {
]);
}

public function getSection(): string {
public function getSection(): ?string {
if (!$this->shouldShow()) {
return null;
}
return 'security';
}

public function getPriority(): int {
return 15;
}

private function shouldShow(): bool {
$user = $this->userSession->getUser();
if (is_null($user)) {
// Actually impossible, but still …
return false;
}

// Anyone who's supposed to use 2FA should see 2FA settings
if ($this->mandatoryTwoFactor->isEnforcedFor($user)) {
return true;
}

// If there is at least one provider with personal settings but it's not
// the backup codes provider, then these settings should show.
try {
$providers = $this->providerLoader->getProviders($user);
} catch (Exception $e) {
// Let's hope for the best
return true;
}
foreach ($providers as $provider) {
if ($provider instanceof IProvidesPersonalSettings
&& !($provider instanceof BackupCodesProvider)) {
return true;
}
}
return false;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about if the backupprovider is the onyl provider but it is still enabled?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried to explain this on L97-98. If the backup codes provider is the only one, then we don't show the settings neither.

But now that I think about it maybe we should only hide this if there is no provide other than the backup provider and 2FA is not enforced.

Users who have it enforced should see the backup code provider settings.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

}

private function getTwoFactorProviderData(): array {
$user = $this->userSession->getUser();
if (is_null($user)) {
Expand Down
2 changes: 1 addition & 1 deletion lib/public/Settings/ISettings.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ interface ISettings {
public function getForm();

/**
* @return string the section ID, e.g. 'sharing'
* @return string|null the section ID, e.g. 'sharing' or null to not show the setting
* @since 9.1
*/
public function getSection();
Expand Down