From 3e2659bd0b1bc8f16cf2317e3733188429425982 Mon Sep 17 00:00:00 2001 From: SebastianKrupinski Date: Fri, 22 Nov 2024 19:05:47 -0500 Subject: [PATCH] feat: Two Factor API Signed-off-by: SebastianKrupinski --- core/Controller/TwoFactorApiController.php | 99 ++++++ core/openapi-full.json | 332 ++++++++++++++++++++ lib/composer/composer/autoload_classmap.php | 1 + lib/composer/composer/autoload_static.php | 1 + 4 files changed, 433 insertions(+) create mode 100644 core/Controller/TwoFactorApiController.php diff --git a/core/Controller/TwoFactorApiController.php b/core/Controller/TwoFactorApiController.php new file mode 100644 index 0000000000000..e6dbb17b2ee2f --- /dev/null +++ b/core/Controller/TwoFactorApiController.php @@ -0,0 +1,99 @@ + $users collection of system user ids + * + * @return DataResponse>, array{}> + * + * 200: user/provider states + */ + #[ApiRoute(verb: 'POST', url: '/state', root: '/twofactor')] + public function state(array $users = []): DataResponse { + $states = []; + foreach ($users as $userId) { + $userObject = $this->userManager->get($userId); + if ($userObject !== null) { + $states[$userId] = $this->tfRegistry->getProviderStates($userObject); + } + } + return new DataResponse($states); + } + + /** + * Enable two factor authentication providers for specific user + * + * @param string $user system user identifier + * @param list $providers collection of TFA provider ids + * + * @return DataResponse, array{}>|DataResponse + * + * 200: provider states + * 404: user not found + */ + #[ApiRoute(verb: 'POST', url: '/enable', root: '/twofactor')] + public function enable(string $user, array $providers = []): DataResponse { + $userObject = $this->userManager->get($user); + if ($userObject !== null) { + foreach ($providers as $providerId) { + $this->tfManager->tryEnableProviderFor($providerId, $userObject); + } + $state = $this->tfRegistry->getProviderStates($userObject); + return new DataResponse($state); + } + return new DataResponse(null, Http::STATUS_NOT_FOUND); + } + + /** + * Disable two factor authentication providers for specific user + * + * @param string $user system user identifier + * @param list $providers collection of TFA provider ids + * + * @return DataResponse, array{}>|DataResponse + * + * 200: provider states + * 404: user not found + */ + #[ApiRoute(verb: 'POST', url: '/disable', root: '/twofactor')] + public function disable(string $user, array $providers = []): DataResponse { + $userObject = $this->userManager->get($user); + if ($userObject !== null) { + foreach ($providers as $providerId) { + $this->tfManager->tryDisableProviderFor($providerId, $userObject); + } + $state = $this->tfRegistry->getProviderStates($userObject); + return new DataResponse($state); + } + return new DataResponse(null, Http::STATUS_NOT_FOUND); + } + +} diff --git a/core/openapi-full.json b/core/openapi-full.json index d6f9837b1c602..94a8fbb684656 100644 --- a/core/openapi-full.json +++ b/core/openapi-full.json @@ -9514,6 +9514,338 @@ } } } + }, + "/ocs/v2.php/twofactor/state": { + "post": { + "operationId": "two_factor_api-state", + "summary": "Get two factor authentication provider states", + "description": "This endpoint requires admin access", + "tags": [ + "two_factor_api" + ], + "security": [ + { + "bearer_auth": [] + }, + { + "basic_auth": [] + } + ], + "requestBody": { + "required": false, + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "users": { + "type": "array", + "default": [], + "description": "collection of system user ids", + "items": { + "type": "string" + } + } + } + } + } + } + }, + "parameters": [ + { + "name": "OCS-APIRequest", + "in": "header", + "description": "Required to be true for the API request to pass", + "required": true, + "schema": { + "type": "boolean", + "default": true + } + } + ], + "responses": { + "200": { + "description": "user/provider states", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "ocs" + ], + "properties": { + "ocs": { + "type": "object", + "required": [ + "meta", + "data" + ], + "properties": { + "meta": { + "$ref": "#/components/schemas/OCSMeta" + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "object", + "additionalProperties": { + "type": "boolean" + } + } + } + } + } + } + } + } + } + } + } + } + }, + "/ocs/v2.php/twofactor/enable": { + "post": { + "operationId": "two_factor_api-enable", + "summary": "Enable two factor authentication providers for specific user", + "description": "This endpoint requires admin access", + "tags": [ + "two_factor_api" + ], + "security": [ + { + "bearer_auth": [] + }, + { + "basic_auth": [] + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "user" + ], + "properties": { + "user": { + "type": "string", + "description": "system user identifier" + }, + "providers": { + "type": "array", + "default": [], + "description": "collection of TFA provider ids", + "items": { + "type": "string" + } + } + } + } + } + } + }, + "parameters": [ + { + "name": "OCS-APIRequest", + "in": "header", + "description": "Required to be true for the API request to pass", + "required": true, + "schema": { + "type": "boolean", + "default": true + } + } + ], + "responses": { + "200": { + "description": "provider states", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "ocs" + ], + "properties": { + "ocs": { + "type": "object", + "required": [ + "meta", + "data" + ], + "properties": { + "meta": { + "$ref": "#/components/schemas/OCSMeta" + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "boolean" + } + } + } + } + } + } + } + } + }, + "404": { + "description": "user not found", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "ocs" + ], + "properties": { + "ocs": { + "type": "object", + "required": [ + "meta", + "data" + ], + "properties": { + "meta": { + "$ref": "#/components/schemas/OCSMeta" + }, + "data": { + "nullable": true + } + } + } + } + } + } + } + } + } + } + }, + "/ocs/v2.php/twofactor/disable": { + "post": { + "operationId": "two_factor_api-disable", + "summary": "Disable two factor authentication providers for specific user", + "description": "This endpoint requires admin access", + "tags": [ + "two_factor_api" + ], + "security": [ + { + "bearer_auth": [] + }, + { + "basic_auth": [] + } + ], + "requestBody": { + "required": true, + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "user" + ], + "properties": { + "user": { + "type": "string", + "description": "system user identifier" + }, + "providers": { + "type": "array", + "default": [], + "description": "collection of TFA provider ids", + "items": { + "type": "string" + } + } + } + } + } + } + }, + "parameters": [ + { + "name": "OCS-APIRequest", + "in": "header", + "description": "Required to be true for the API request to pass", + "required": true, + "schema": { + "type": "boolean", + "default": true + } + } + ], + "responses": { + "200": { + "description": "provider states", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "ocs" + ], + "properties": { + "ocs": { + "type": "object", + "required": [ + "meta", + "data" + ], + "properties": { + "meta": { + "$ref": "#/components/schemas/OCSMeta" + }, + "data": { + "type": "object", + "additionalProperties": { + "type": "boolean" + } + } + } + } + } + } + } + } + }, + "404": { + "description": "user not found", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "ocs" + ], + "properties": { + "ocs": { + "type": "object", + "required": [ + "meta", + "data" + ], + "properties": { + "meta": { + "$ref": "#/components/schemas/OCSMeta" + }, + "data": { + "nullable": true + } + } + } + } + } + } + } + } + } + } } }, "tags": [ diff --git a/lib/composer/composer/autoload_classmap.php b/lib/composer/composer/autoload_classmap.php index fd5d9e62ba63e..3a490c224b54c 100644 --- a/lib/composer/composer/autoload_classmap.php +++ b/lib/composer/composer/autoload_classmap.php @@ -1326,6 +1326,7 @@ 'OC\\Core\\Controller\\TextProcessingApiController' => $baseDir . '/core/Controller/TextProcessingApiController.php', 'OC\\Core\\Controller\\TextToImageApiController' => $baseDir . '/core/Controller/TextToImageApiController.php', 'OC\\Core\\Controller\\TranslationApiController' => $baseDir . '/core/Controller/TranslationApiController.php', + 'OC\\Core\\Controller\\TwoFactorApiController' => $baseDir . '/core/Controller/TwoFactorApiController.php', 'OC\\Core\\Controller\\TwoFactorChallengeController' => $baseDir . '/core/Controller/TwoFactorChallengeController.php', 'OC\\Core\\Controller\\UnifiedSearchController' => $baseDir . '/core/Controller/UnifiedSearchController.php', 'OC\\Core\\Controller\\UnsupportedBrowserController' => $baseDir . '/core/Controller/UnsupportedBrowserController.php', diff --git a/lib/composer/composer/autoload_static.php b/lib/composer/composer/autoload_static.php index d9af7846bd882..a86e88bc26d39 100644 --- a/lib/composer/composer/autoload_static.php +++ b/lib/composer/composer/autoload_static.php @@ -1375,6 +1375,7 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2 'OC\\Core\\Controller\\TextProcessingApiController' => __DIR__ . '/../../..' . '/core/Controller/TextProcessingApiController.php', 'OC\\Core\\Controller\\TextToImageApiController' => __DIR__ . '/../../..' . '/core/Controller/TextToImageApiController.php', 'OC\\Core\\Controller\\TranslationApiController' => __DIR__ . '/../../..' . '/core/Controller/TranslationApiController.php', + 'OC\\Core\\Controller\\TwoFactorApiController' => __DIR__ . '/../../..' . '/core/Controller/TwoFactorApiController.php', 'OC\\Core\\Controller\\TwoFactorChallengeController' => __DIR__ . '/../../..' . '/core/Controller/TwoFactorChallengeController.php', 'OC\\Core\\Controller\\UnifiedSearchController' => __DIR__ . '/../../..' . '/core/Controller/UnifiedSearchController.php', 'OC\\Core\\Controller\\UnsupportedBrowserController' => __DIR__ . '/../../..' . '/core/Controller/UnsupportedBrowserController.php',