get mfa status from the session.

SUNET · Nov 29, 2024 · 7419da6 · 7419da6
1 parent 63c828b
commit 7419da6
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 7 deletions.
diff --git a/Makefile b/Makefile
@@ -1,12 +1,13 @@
 app_name=stepupauth
 
+get_version = $(shell  grep /version appinfo/info.xml | sed 's/.*\([0-9]\.[0-9]\.[0-9]\).*/\1/')
 cert_dir=$(HOME)/.nextcloud/certificates
 project_dir=$(CURDIR)/../$(app_name)
 build_dir=$(CURDIR)/build/artifacts
 source_dir=$(build_dir)/source
 sign_dir=$(build_dir)/sign
 package_name=$(app_name)
-version+=0.2.0
+version := $(call get_version)
 
 all: appstore
 

diff --git a/appinfo/info.xml b/appinfo/info.xml
@@ -5,7 +5,7 @@
   <name>Step Up Auth</name>
   <summary>Trigger Two Factor Auth</summary>
   <description>The Step Auth App allows SSO accounts to validate a second factor.</description>
-  <version>0.2.0</version>
+  <version>0.2.1</version>
   <licence>agpl</licence>
   <author>Micke Nordin</author>
   <category>security</category>

diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php
@@ -26,7 +26,7 @@
 
 namespace OCA\StepUpAuth\AppInfo;
 
-use OCA\StepUpAuth\Listeners\UserLoggingIn;
+use OCA\StepUpAuth\Listeners\UserLoggedIn;
 use OCP\AppFramework\App;
 use OCP\AppFramework\Bootstrap\IBootContext;
 use OCP\AppFramework\Bootstrap\IBootstrap;
@@ -53,7 +53,7 @@ public function __construct()
    */
   public function register(IRegistrationContext $context): void
   {
-    $context->registerEventListener(UserLoggedInEvent::class, UserLoggingIn::class);
+    $context->registerEventListener(UserLoggedInEvent::class, UserLoggedIn::class);
   }
   /**
    * @param IBootContext $context

diff --git a/lib/Listeners/UserLoggingIn.php → lib/Listeners/UserLoggedIn.php b/lib/Listeners/UserLoggingIn.php → lib/Listeners/UserLoggedIn.php
@@ -3,7 +3,7 @@
 declare(strict_types=1);
 
 /**
- * @copyright Copyright (c) 2023 Micke Nordin <[email protected]>
+ * @copyright Copyright (c) 2023-2024 Micke Nordin <[email protected]>
  *
  * @license GNU AGPL version 3 or any later version
  * @author Micke Nordin <[email protected]>
@@ -28,6 +28,7 @@
 
 use OCP\EventDispatcher\Event;
 use OCP\EventDispatcher\IEventListener;
+use OCP\IAppConfig;
 use OCP\IUser;
 use OCP\ISession;
 use OCP\User\Events\UserLoggedInEvent;
@@ -39,11 +40,12 @@
  *
  * @package OCA\StepUpAuth\Events
  */
-class UserLoggingIn implements IEventListener
+class UserLoggedIn implements IEventListener
 {
   public function __construct(
     private ISession $session,
-    private LoggerInterface $logger
+    private LoggerInterface $logger,
+    private IAppConfig $config
   ) {
   }
 
@@ -60,6 +62,15 @@ public function handle(Event $event): void
      * @var IUser $user
      */
     $user = $event->getUser();
+    $mfaVerified = '0';
+    $mfa_key = 'urn:oid:2.5.4.2'; // TODO: get from config
+    $attr = $this->session->get('user_saml.samlUserData');
+    if (isset($mfa_key) && isset($attr[$mfa_key])) {
+      $mfaVerified = $attr[$mfa_key][0];
+    }
+    if ($mfaVerified == '1') {
+      return;
+    }
     $this->logger->debug('StepUpAuth running', ['app' => 'stepupauth']);
     $this->session->set('two_factor_auth_uid', $user->getUID());
     $this->session->set('two_factor_remember_login', true);