diff --git a/Makefile b/Makefile index 440d325..31372cb 100644 --- a/Makefile +++ b/Makefile @@ -73,11 +73,13 @@ docker: selfsignedcert docker_kill package docker exec -u www-data nextcloud /bin/bash -c "/var/www/html/occ app:install files_accesscontrol" docker exec -u www-data nextcloud /bin/bash -c "/var/www/html/occ app:install files_automatedtagging" docker exec -u www-data nextcloud /bin/bash -c "/var/www/html/occ app:install twofactor_webauthn" + docker exec -u www-data nextcloud /bin/bash -c "/var/www/html/occ app:enable mfazones" docker exec -u www-data nextcloud /bin/bash -c "/var/www/html/occ group:add mfa" docker exec -u www-data nextcloud /bin/bash -c "/var/www/html/occ twofactorauth:enforce --on --group mfa" docker exec -u www-data nextcloud /bin/bash -c "/var/www/html/occ group:adduser mfa admin" docker exec -u www-data nextcloud /bin/bash -c "env OC_PASS=mfauserpassword /var/www/html/occ user:add --password-from-env --display-name='MFA User' --group='mfa' mfauser" docker exec -u www-data nextcloud /bin/bash -c "env OC_PASS=nomfauserpassword /var/www/html/occ user:add --password-from-env --display-name='Ordinary User' nomfauser" + docker exec -u www-data nextcloud /bin/bash -c "/var/www/html/occ app:disable firstrunwizard" firefox -new-tab https://localhost:8443/ sign: package docker_kill diff --git a/mfazones/lib/AppInfo/Application.php b/mfazones/lib/AppInfo/Application.php index 167eff1..a5c5972 100755 --- a/mfazones/lib/AppInfo/Application.php +++ b/mfazones/lib/AppInfo/Application.php @@ -9,7 +9,6 @@ use OCA\Files\Event\LoadAdditionalScriptsEvent; use OCA\mfazones\Listeners\AppDisableEventListener; -use OCA\mfazones\Listeners\AppEnableEventListener; use OCA\mfazones\Listeners\LoadAdditionalScriptsListener; use OCA\mfazones\Listeners\RegisterChecksListener; use OCA\mfazones\Listeners\RegisterOperationsListener; @@ -20,7 +19,6 @@ use OCP\AppFramework\Bootstrap\IBootstrap; use OCP\AppFramework\Bootstrap\IRegistrationContext; use OCP\App\Events\AppDisableEvent; -use OCP\App\Events\AppEnableEvent; use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengePassed; use OCP\SystemTag\ISystemTagManager; use OCP\SystemTag\ISystemTagObjectMapper; @@ -47,10 +45,9 @@ public function __construct() */ public function register(IRegistrationContext $context): void { - $context->registerEventListener(AppEnableEvent::class, AppEnableEventListener::class); + $context->registerEventListener(RegisterChecksEvent::class, RegisterChecksListener::class); $context->registerEventListener(TwoFactorProviderChallengePassed::class, TwoFactorProviderChallengePassedListener::class); $context->registerEventListener(LoadAdditionalScriptsEvent::class, LoadAdditionalScriptsListener::class); - $context->registerEventListener(RegisterChecksEvent::class, RegisterChecksListener::class); $context->registerEventListener(RegisterOperationsEvent::class, RegisterOperationsListener::class); $context->registerEventListener(AppDisableEvent::class, AppDisableEventListener::class); $context->registerService( diff --git a/mfazones/lib/Controller/MfazonesController.php b/mfazones/lib/Controller/MfazonesController.php index 23ff550..b1a7f31 100755 --- a/mfazones/lib/Controller/MfazonesController.php +++ b/mfazones/lib/Controller/MfazonesController.php @@ -16,23 +16,37 @@ use OCP\Files\IRootFolder; use OCP\IGroupManager; use OCP\IRequest; -use OCP\ISession; use OCP\SystemTag\ISystemTagObjectMapper; use Psr\Log\LoggerInterface; class MfazonesController extends Controller { + private IGroupManager $groupManager; + private IRootFolder $rootFolder; + private ISystemTagObjectMapper $tagMapper; + private LoggerInterface $logger; + private MfaVerified $mfaVerified; + private Utils $utils; + private string $userId; public function __construct( - private IRequest $request, - private IRootFolder $rootFolder, - private IGroupManager $groupManager, - private string $userId, - private ISession $session, - private Utils $utils, - private ISystemTagObjectMapper $tagMapper, - private MfaVerified $mfaVerified, - private LoggerInterface $logger + IRequest $request, + IRootFolder $rootFolder, + IGroupManager $groupManager, + string $userId, + Utils $utils, + ISystemTagObjectMapper $tagMapper, + MfaVerified $mfaVerified, + LoggerInterface $logger ) { + // NOTE: The request is only passed to the parent class + // and is not instantiated by us here. + $this->groupManager = $groupManager; + $this->logger = $logger; + $this->mfaVerified = $mfaVerified; + $this->rootFolder = $rootFolder; + $this->tagMapper = $tagMapper; + $this->userId = $userId; + $this->utils = $utils; parent::__construct(Application::APP_ID, $request); } diff --git a/mfazones/lib/Listeners/AppEnableEventListener.php b/mfazones/lib/Listeners/AppEnableEventListener.php deleted file mode 100644 index 710f4fb..0000000 --- a/mfazones/lib/Listeners/AppEnableEventListener.php +++ /dev/null @@ -1,92 +0,0 @@ - - * - * @author Micke Nordin - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - * - */ - -namespace OCA\mfazones\Listeners; - -use OCA\WorkflowEngine\Helper\ScopeContext; -use OCA\WorkflowEngine\Manager; -use OCA\mfazones\Utils; -use OCP\App\Events\AppEnableEvent; -use OCP\EventDispatcher\Event; -use OCP\EventDispatcher\IEventListener; -use OCP\WorkflowEngine\IManager; -use Psr\Log\LoggerInterface; - -/** - * Class AppEnableEventListener - * - * @package OCA\mfazones\Listeners - */ -class AppEnableEventListener implements IEventListener -{ - public function __construct( - private Manager $manager, - private Utils $utils, - private LoggerInterface $logger - ) { - } - - /** - * @param Event $event - */ - public function handle(Event $event): void - { - if (!$event instanceof AppEnableEvent) { - $this->logger->debug("MFA: AppEnableEventListener early return"); - return; - } - if ($event->getAppId() !== 'mfazones') { - $this->logger->debug("MFA: AppEnableEventListener not mfazones, early return"); - return; - } - - $this->logger->debug("MFA: setting up flow."); - - - $tagId = $this->utils->getTagId(); // will create the tag if necessary - - $context = new ScopeContext(IManager::SCOPE_ADMIN); - $class = "OCA\\FilesAccessControl\\Operation"; - $name = ""; - $checks = [ - [ - "class" => "OCA\mfazones\Check\MfaVerified", - "operator" => "!is", - "value" => "" - ], - [ - "class" => "OCA\WorkflowEngine\Check\FileSystemTags", - "operator" => "is", - "value" => $tagId - ] - ]; - $operation = "deny"; - $entity = "OCA\\WorkflowEngine\\Entity\\File"; - $events = []; - - $this->manager->addOperation($class, $name, $checks, $operation, $context, $entity, $events); - } -} diff --git a/mfazones/lib/Listeners/RegisterChecksListener.php b/mfazones/lib/Listeners/RegisterChecksListener.php index ac79b59..570a0cd 100644 --- a/mfazones/lib/Listeners/RegisterChecksListener.php +++ b/mfazones/lib/Listeners/RegisterChecksListener.php @@ -26,14 +26,18 @@ namespace OCA\mfazones\Listeners; +use OCA\WorkflowEngine\Helper\ScopeContext; +use OCA\WorkflowEngine\Manager; use OCA\mfazones\AppInfo\Application; use OCA\mfazones\Check\MfaVerified; +use OCA\mfazones\Utils; use OCP\EventDispatcher\Event; use OCP\EventDispatcher\IEventListener; use OCP\IL10N; use OCP\ISession; use OCP\Util; use OCP\WorkflowEngine\Events\RegisterChecksEvent; +use OCP\WorkflowEngine\IManager; use Psr\Log\LoggerInterface; class RegisterChecksListener implements IEventListener @@ -41,11 +45,18 @@ class RegisterChecksListener implements IEventListener private MfaVerified $mfaVerifiedCheck; private ISession $session; private LoggerInterface $logger; + private string $tagId; + private Manager $manager; private IL10N $l; - public function __construct() + public function __construct(Utils $utils, IL10N $l, ISession $session, LoggerInterface $logger, Manager $manager) { + $this->l = $l; + $this->session = $session; + $this->logger = $logger; + $this->manager = $manager; $this->mfaVerifiedCheck = new MfaVerified($this->l, $this->session, $this->logger); + $this->tagId = $utils->getTagId(); // will create the tag if necessary } public function handle(Event $event): void @@ -53,7 +64,26 @@ public function handle(Event $event): void if (!$event instanceof RegisterChecksEvent) { return; } - $event->registerCheck($this->mfaVerifiedCheck); Util::addScript(Application::APP_ID, 'mfazones-main'); + $event->registerCheck($this->mfaVerifiedCheck); + $context = new ScopeContext(IManager::SCOPE_ADMIN); + $class = "OCA\\FilesAccessControl\\Operation"; + $name = ""; + $checks = [ + [ + "class" => "OCA\mfazones\Check\MfaVerified", + "operator" => "!is", + "value" => "" + ], + [ + "class" => "OCA\WorkflowEngine\Check\FileSystemTags", + "operator" => "is", + "value" => $this->tagId + ] + ]; + $operation = "deny"; + $entity = "OCA\\WorkflowEngine\\Entity\\File"; + $events = []; + $this->manager->addOperation($class, $name, $checks, $operation, $context, $entity, $events); } } diff --git a/mfazones/lib/Utils.php b/mfazones/lib/Utils.php index 25e9b56..347af4d 100644 --- a/mfazones/lib/Utils.php +++ b/mfazones/lib/Utils.php @@ -21,7 +21,7 @@ public function __construct( public function getTagId() { try { - $tags = $$this->systemTagManager->getAllTags(); + $tags = $this->systemTagManager->getAllTags(); foreach ($tags as $tag) { if ($tag->getName() === self::TAG_NAME) { return (string) $tag->getId();