Commit cd865123 authored by Cornelius Kölbel's avatar Cornelius Kölbel Committed by Vincent Petry
Browse files

Add a TwoFactorException (#26628)

* Add a TwoFactorException

A Two Factor third party App may throw a TwoFactorException()
with a more detailed error message in case the authentication fails.
The 2FA Controller will then display the message of this Exception
to the user.

Working on #26593

* Update TwoFactorException.php

* Copyright

* Fix tests
parent 17cff0b0
......@@ -23,6 +23,7 @@
namespace OC\Core\Controller;
use OC\Authentication\TwoFactorAuth\Manager;
use OCP\Authentication\TwoFactorAuth\TwoFactorException;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\RedirectResponse;
use OCP\AppFramework\Http\TemplateResponse;
......@@ -118,9 +119,12 @@ class TwoFactorChallengeController extends Controller {
return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
}
$error_message = "";
if ($this->session->exists('two_factor_auth_error')) {
$this->session->remove('two_factor_auth_error');
$error = true;
$error_message = $this->session->get("two_factor_auth_error_message");
$this->session->remove('two_factor_auth_error_message');
} else {
$error = false;
}
......@@ -128,6 +132,7 @@ class TwoFactorChallengeController extends Controller {
$tmpl->assign('redirect_url', $redirect_url);
$data = [
'error' => $error,
'error_message' => $error_message,
'provider' => $provider,
'logout_attribute' => $this->getLogoutAttribute(),
'template' => $tmpl->fetchPage(),
......@@ -159,11 +164,21 @@ class TwoFactorChallengeController extends Controller {
return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
}
if ($this->twoFactorManager->verifyChallenge($challengeProviderId, $user, $challenge)) {
if (!is_null($redirect_url)) {
return new RedirectResponse($this->urlGenerator->getAbsoluteURL(urldecode($redirect_url)));
try {
if ($this->twoFactorManager->verifyChallenge($challengeProviderId, $user, $challenge)) {
if (!is_null($redirect_url)) {
return new RedirectResponse($this->urlGenerator->getAbsoluteURL(urldecode($redirect_url)));
}
return new RedirectResponse($this->urlGenerator->linkToRoute('files.view.index'));
}
return new RedirectResponse($this->urlGenerator->linkToRoute('files.view.index'));
} catch (TwoFactorException $e) {
/*
* The 2FA App threw an TwoFactorException. Now we display more
* information to the user. The exception text is stored in the
* session to be used in showChallenge()
*/
$this->session->set('two_factor_auth_error_message',
$e->getMessage());
}
$this->session->set('two_factor_auth_error', true);
......
......@@ -3,6 +3,8 @@
/** @var $_ array */
/* @var $error boolean */
$error = $_['error'];
/* @var $error_message string */
$error_message = $_['error_message'];
/* @var $provider OCP\Authentication\TwoFactorAuth\IProvider */
$provider = $_['provider'];
/* @var $template string */
......@@ -14,7 +16,11 @@ $template = $_['template'];
<p><?php p($l->t('Please authenticate using the selected factor.')) ?></p>
</fieldset>
<?php if ($error): ?>
<span class="warning"><?php p($l->t('An error occured while verifying the token')); ?></span>
<?php if ($error_message){ ?>
<span class="warning"><?php p($l->t($error_message)); ?></span>
<?php } else {?>
<span class="warning"><?php p($l->t('An error occurred while verifying the token')); ?></span>
<?php }; ?>
<?php endif; ?>
<?php print_unescaped($template); ?>
<a class="two-factor-cancel" <?php print_unescaped($_['logout_attribute']); ?>><?php p($l->t('Cancel login')) ?></a>
<?php
/**
* @author Cornelius Kölbel <cornelius.koelbel@netknights.it>
* @copyright Copyright (c) 2016, ownCloud GmbH.
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
* User: cornelius
* Date: 14.11.16
*/
/*
* This is the public API of ownCloud. It defines an Exception a 2FA app can
* throw in case of an error. The 2FA Controller will catch this exception and
* display this error.
*/
// use OCP namespace for all classes that are considered public.
// This means that they should be used by apps instead of the internal ownCloud classes
namespace OCP\Authentication\TwoFactorAuth;
/**
* Two Factor Authentication failed
* @since 9.2.0
*/
class TwoFactorException extends \Exception {}
......@@ -151,9 +151,11 @@ class TwoFactorChallengeControllerTest extends TestCase {
->method('exists')
->with('two_factor_auth_error')
->will($this->returnValue(true));
$this->session->expects($this->once())
$this->session->expects($this->exactly(2))
->method('remove')
->with('two_factor_auth_error');
->with($this->logicalOr(
$this->equalTo('two_factor_auth_error'),
$this->equalTo('two_factor_auth_error_message')));
$provider->expects($this->once())
->method('getTemplate')
->with($user)
......@@ -167,6 +169,7 @@ class TwoFactorChallengeControllerTest extends TestCase {
'provider' => $provider,
'logout_attribute' => 'logoutAttribute',
'template' => '<html/>',
'error_message' => null,
], 'guest');
$this->assertEquals($expected, $this->controller->showChallenge('myprovider', '/re/dir/ect/url'));
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment