Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 59cf0b5a authored by Akhil's avatar Akhil 🙂
Browse files

Merge branch 'dev/fix-totp-migration' into 'main' 

Only migrate TOTP secret to SSO if a secret is actually enabled

See merge request !195
parents b382410b 1c210da0

lib/Command/Migrate2FASecrets.php

+5 −3
Original line number Diff line number Diff line
@@ -4,6 +4,7 @@ declare(strict_types=1); 


namespace OCA\EcloudAccounts\Command;



use OCA\EcloudAccounts\AppInfo\Application;

use OCA\EcloudAccounts\Db\TwoFactorMapper;

use OCA\EcloudAccounts\Service\SSOService;

use Symfony\Component\Console\Command\Command;
@@ -24,7 +25,7 @@ class Migrate2FASecrets extends Command { 


	protected function configure(): void {

		$this

			->setName('ecloud-accounts:migrate-2fa-secrets')

			->setName(Application::APP_ID . ':migrate-2fa-secrets')

			->setDescription('Migrates 2FA secrets to SSO database')

			->addOption(

				'users',
@@ -57,12 +58,13 @@ class Migrate2FASecrets extends Command { 
	 * @return void

	 */

	private function migrateUsers(array $usernames = []) : void {

		$entries = $this->twoFactorMapper->getEntries($usernames);

		$entries = $this->twoFactorMapper->getEnabledUsers($usernames);

		foreach ($entries as $entry) {

			try {

				$this->commandOutput->writeln('Migrating 2FA credential for user: ' . $entry['username']);

				$this->ssoService->migrateCredential($entry['username'], $entry['secret']);

			} catch (\Exception $e) {

				$this->commandOutput->writeln('Error inserting entry for user ' . $entry['username'] . ' message: ' . $e->getMessage());

				$this->commandOutput->writeln('Error migrating 2FA credential for user ' . $entry['username'] . ' message: ' . $e->getMessage());

				continue;

			}

		}

lib/Db/TwoFactorMapper.php

+14 −5
Original line number Diff line number Diff line
@@ -2,6 +2,8 @@ 


namespace OCA\EcloudAccounts\Db;



use OCA\TwoFactorTOTP\Service\ITotp;

use OCP\DB\QueryBuilder\IQueryBuilder;

use OCP\IDBConnection;



class TwoFactorMapper {
@@ -13,21 +15,28 @@ class TwoFactorMapper { 
		$this->conn = $conn;

	}



	public function getEntries(array $usernames = []) : array {

	public function getEnabledUsers(array $usernames = []) : array {

		$entries = [];

		$qb = $this->conn->getQueryBuilder();

		$qb->select('user_id', 'secret')

			->from(self::TOTP_SECRET_TABLE);

			->from(self::TOTP_SECRET_TABLE)

			->where(

				$qb->expr()->eq(

					'state', $qb->createNamedParameter(ITotp::STATE_ENABLED)

				)

			);



		if (!empty($usernames)) {

			$qb->where('user_id IN (:usernames)')

				->setParameter('usernames', implode(',', $usernames));

			$qb->andWhere('user_id IN (:usernames)')

				->setParameter('usernames', $usernames, IQueryBuilder::PARAM_STR_ARRAY);

		}



		$result = $qb->execute();

		while ($row = $result->fetch()) {

			$username = (string) $row['user_id'];



			$entry = [

				'username' => (string) $row['user_id'],

				'username' => $username,

				'secret' => (string) $row['secret']

			];

			$entries[] = $entry;

lib/Service/SSOService.php

+2 −2
Original line number Diff line number Diff line
@@ -124,8 +124,8 @@ class SSOService { 
				return false;

			}

			$credentialData = json_decode($credential['credentialData'], true);

			if (!isset($credentialData['subType']) || !isset($credentialData['subType'])

				|| $credentialData['subType'] !== 'totp' || $credentialData['secretEncoding'] !== 'BASE32') {

			if (!isset($credentialData['subType']) || $credentialData['subType'] !== 'totp'

				|| $credentialData['secretEncoding'] !== 'BASE32') {

				return false;

			}

			return true;