diff --git a/apps/settings/composer/composer/autoload_classmap.php b/apps/settings/composer/composer/autoload_classmap.php index ba9b5354e78dc..f856bd7aa8c42 100644 --- a/apps/settings/composer/composer/autoload_classmap.php +++ b/apps/settings/composer/composer/autoload_classmap.php @@ -138,6 +138,7 @@ 'OCA\\Settings\\SetupChecks\\TaskProcessingSuccessRate' => $baseDir . '/../lib/SetupChecks/TaskProcessingSuccessRate.php', 'OCA\\Settings\\SetupChecks\\TempSpaceAvailable' => $baseDir . '/../lib/SetupChecks/TempSpaceAvailable.php', 'OCA\\Settings\\SetupChecks\\TransactionIsolation' => $baseDir . '/../lib/SetupChecks/TransactionIsolation.php', + 'OCA\\Settings\\SetupChecks\\TwoFactorConfiguration' => $baseDir . '/../lib/SetupChecks/TwoFactorConfiguration.php', 'OCA\\Settings\\SetupChecks\\WellKnownUrls' => $baseDir . '/../lib/SetupChecks/WellKnownUrls.php', 'OCA\\Settings\\SetupChecks\\Woff2Loading' => $baseDir . '/../lib/SetupChecks/Woff2Loading.php', 'OCA\\Settings\\UserMigration\\AccountMigrator' => $baseDir . '/../lib/UserMigration/AccountMigrator.php', diff --git a/apps/settings/composer/composer/autoload_static.php b/apps/settings/composer/composer/autoload_static.php index 0e13fd42f216d..d1c8d9b9eae77 100644 --- a/apps/settings/composer/composer/autoload_static.php +++ b/apps/settings/composer/composer/autoload_static.php @@ -153,6 +153,7 @@ class ComposerStaticInitSettings 'OCA\\Settings\\SetupChecks\\TaskProcessingSuccessRate' => __DIR__ . '/..' . '/../lib/SetupChecks/TaskProcessingSuccessRate.php', 'OCA\\Settings\\SetupChecks\\TempSpaceAvailable' => __DIR__ . '/..' . '/../lib/SetupChecks/TempSpaceAvailable.php', 'OCA\\Settings\\SetupChecks\\TransactionIsolation' => __DIR__ . '/..' . '/../lib/SetupChecks/TransactionIsolation.php', + 'OCA\\Settings\\SetupChecks\\TwoFactorConfiguration' => __DIR__ . '/..' . '/../lib/SetupChecks/TwoFactorConfiguration.php', 'OCA\\Settings\\SetupChecks\\WellKnownUrls' => __DIR__ . '/..' . '/../lib/SetupChecks/WellKnownUrls.php', 'OCA\\Settings\\SetupChecks\\Woff2Loading' => __DIR__ . '/..' . '/../lib/SetupChecks/Woff2Loading.php', 'OCA\\Settings\\UserMigration\\AccountMigrator' => __DIR__ . '/..' . '/../lib/UserMigration/AccountMigrator.php', diff --git a/apps/settings/lib/AppInfo/Application.php b/apps/settings/lib/AppInfo/Application.php index de007a6978fe5..7f837bfd0ae1a 100644 --- a/apps/settings/lib/AppInfo/Application.php +++ b/apps/settings/lib/AppInfo/Application.php @@ -74,6 +74,7 @@ use OCA\Settings\SetupChecks\TaskProcessingPickupSpeed; use OCA\Settings\SetupChecks\TempSpaceAvailable; use OCA\Settings\SetupChecks\TransactionIsolation; +use OCA\Settings\SetupChecks\TwoFactorConfiguration; use OCA\Settings\SetupChecks\WellKnownUrls; use OCA\Settings\SetupChecks\Woff2Loading; use OCA\Settings\UserMigration\AccountMigrator; @@ -213,6 +214,7 @@ public function register(IRegistrationContext $context): void { $context->registerSetupCheck(TaskProcessingPickupSpeed::class); $context->registerSetupCheck(TempSpaceAvailable::class); $context->registerSetupCheck(TransactionIsolation::class); + $context->registerSetupCheck(TwoFactorConfiguration::class); $context->registerSetupCheck(PushService::class); $context->registerSetupCheck(WellKnownUrls::class); $context->registerSetupCheck(Woff2Loading::class); diff --git a/apps/settings/lib/SetupChecks/TwoFactorConfiguration.php b/apps/settings/lib/SetupChecks/TwoFactorConfiguration.php new file mode 100644 index 0000000000000..584191401cafa --- /dev/null +++ b/apps/settings/lib/SetupChecks/TwoFactorConfiguration.php @@ -0,0 +1,65 @@ +l10n->t('Second factor configuration'); + } + + public function getCategory(): string { + return 'security'; + } + + public function run(): SetupResult { + $providers = $this->providerLoader->getProviders(); + $providerSet = new ProviderSet($providers, false); + $primaryProviders = $providerSet->getPrimaryProviders(); + if (count($primaryProviders) === 0) { + return SetupResult::warning($this->l10n->t('This instance has no second factor provider available.')); + } + + $state = $this->mandatoryTwoFactor->getState(); + + if (!$state->isEnforced()) { + return SetupResult::info( + $this->l10n->t( + 'Second factor providers are available but two-factor authentication is not enforced.' + ) + ); + } else { + return SetupResult::success( + $this->l10n->t( + 'Second factor providers are available and enforced: %s.', + [ + implode(', ', array_map( + fn ($p) => '"' . $p->getDisplayName() . '"', + $primaryProviders) + ) + ] + ) + ); + } + } +} diff --git a/lib/private/Authentication/TwoFactorAuth/ProviderLoader.php b/lib/private/Authentication/TwoFactorAuth/ProviderLoader.php index 7e674a01dd860..d3ba27088b23d 100644 --- a/lib/private/Authentication/TwoFactorAuth/ProviderLoader.php +++ b/lib/private/Authentication/TwoFactorAuth/ProviderLoader.php @@ -30,8 +30,12 @@ public function __construct( * @return IProvider[] * @throws Exception */ - public function getProviders(IUser $user): array { - $allApps = $this->appManager->getEnabledAppsForUser($user); + public function getProviders(?IUser $user = null): array { + if ($user === null) { + $allApps = $this->appManager->getEnabledApps(); + } else { + $allApps = $this->appManager->getEnabledAppsForUser($user); + } $providers = []; foreach ($allApps as $appId) {