Skip to content

Distinguish 'done' from 'configuring' in 2FA #39411

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mrvahedi68 wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Distinguish 'done' from 'configuring' in 2FA #39411

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9988e59
add two factor auth configuring
mrvahedi68 Jun 26, 2023
d7cb86a
Remove 'two_factor_auth_configuring' after verify success
michielbdejong Nov 22, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion lib/private/Authentication/TwoFactorAuth/Manager.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@
class Manager {
public const SESSION_UID_KEY = 'two_factor_auth_uid';
public const SESSION_UID_DONE = 'two_factor_auth_passed';
public const SESSION_UID_CONFIGURING = 'two_factor_auth_configuring';
public const REMEMBER_LOGIN = 'two_factor_remember_login';
public const BACKUP_CODES_PROVIDER_ID = 'backup_codes';

Expand Down Expand Up @@ -262,6 +263,7 @@ public function verifyChallenge(string $providerId, IUser $user, string $challen
$this->session->remove(self::SESSION_UID_KEY);
$this->session->remove(self::REMEMBER_LOGIN);
$this->session->set(self::SESSION_UID_DONE, $user->getUID());
$this->session->remove(self::SESSION_UID_CONFIGURING);

// Clear token from db
$sessionId = $this->session->getId();
Expand Down Expand Up @@ -342,7 +344,7 @@ public function needsSecondFactor(IUser $user = null): bool {
$tokensNeeding2FA = $this->config->getUserKeys($user->getUID(), 'login_token_2fa');

if (!\in_array((string) $tokenId, $tokensNeeding2FA, true)) {
$this->session->set(self::SESSION_UID_DONE, $user->getUID());
$this->session->set(self::SESSION_UID_CONFIGURING, $user->getUID());
return false;
}
} catch (InvalidTokenException|SessionNotAvailableException $e) {
Expand Down
11 changes: 7 additions & 4 deletions tests/lib/Authentication/TwoFactorAuth/ManagerTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -369,11 +369,12 @@ public function testVerifyChallenge() {
->method('get')
->with('two_factor_remember_login')
->willReturn(false);
$this->session->expects($this->exactly(2))
$this->session->expects($this->exactly(3))
->method('remove')
->withConsecutive(
['two_factor_auth_uid'],
['two_factor_remember_login']
['two_factor_remember_login'],
['two_factor_auth_configuring']
);
$this->session->expects($this->once())
->method('set')
Expand Down Expand Up @@ -640,7 +641,7 @@ public function testNeedsSecondFactorSessionAuth() {
$this->assertFalse($this->manager->needsSecondFactor($user));
}

public function testNeedsSecondFactorSessionAuthFailDBPass() {
public function testNeedsSecondFactorWhileConfiguring() {
$user = $this->createMock(IUser::class);
$user->method('getUID')
->willReturn('user');
Expand All @@ -664,10 +665,12 @@ public function testNeedsSecondFactorSessionAuthFailDBPass() {
'42', '43', '44'
]);

// the user is still configuring 2FA with token 40
$this->session->expects($this->once())
->method('set')
->with(Manager::SESSION_UID_DONE, 'user');
->with(Manager::SESSION_UID_CONFIGURING, 'user');

// 2FA should not be required if configuration is not complete
$this->assertFalse($this->manager->needsSecondFactor($user));
}

Expand Down