diff --git a/lib/Command/Migrate2FASecrets.php b/lib/Command/Migrate2FASecrets.php index 6968376874ed9f2db6b75beeb5e72b2e13e5e037..bbe344a18c590fc46459ed88b29feb0a05109b74 100644 --- a/lib/Command/Migrate2FASecrets.php +++ b/lib/Command/Migrate2FASecrets.php @@ -4,6 +4,7 @@ declare(strict_types=1); namespace OCA\EcloudAccounts\Command; +use OCA\EcloudAccounts\AppInfo\Application; use OCA\EcloudAccounts\Db\TwoFactorMapper; use OCA\EcloudAccounts\Service\SSOService; use Symfony\Component\Console\Command\Command; @@ -24,7 +25,7 @@ class Migrate2FASecrets extends Command { protected function configure(): void { $this - ->setName('ecloud-accounts:migrate-2fa-secrets') + ->setName(Application::APP_ID . ':migrate-2fa-secrets') ->setDescription('Migrates 2FA secrets to SSO database') ->addOption( 'users', @@ -57,12 +58,13 @@ class Migrate2FASecrets extends Command { * @return void */ private function migrateUsers(array $usernames = []) : void { - $entries = $this->twoFactorMapper->getEntries($usernames); + $entries = $this->twoFactorMapper->getEnabledUsers($usernames); foreach ($entries as $entry) { try { + $this->commandOutput->writeln('Migrating 2FA credential for user: ' . $entry['username']); $this->ssoService->migrateCredential($entry['username'], $entry['secret']); } catch (\Exception $e) { - $this->commandOutput->writeln('Error inserting entry for user ' . $entry['username'] . ' message: ' . $e->getMessage()); + $this->commandOutput->writeln('Error migrating 2FA credential for user ' . $entry['username'] . ' message: ' . $e->getMessage()); continue; } } diff --git a/lib/Db/TwoFactorMapper.php b/lib/Db/TwoFactorMapper.php index 5b9739abf46135e44b5d6ff5ce32844ec2a3df07..1503de294e5ccde97c69e4d5d9191b8964bd67e4 100644 --- a/lib/Db/TwoFactorMapper.php +++ b/lib/Db/TwoFactorMapper.php @@ -2,6 +2,8 @@ namespace OCA\EcloudAccounts\Db; +use OCA\TwoFactorTOTP\Service\ITotp; +use OCP\DB\QueryBuilder\IQueryBuilder; use OCP\IDBConnection; class TwoFactorMapper { @@ -13,21 +15,28 @@ class TwoFactorMapper { $this->conn = $conn; } - public function getEntries(array $usernames = []) : array { + public function getEnabledUsers(array $usernames = []) : array { $entries = []; $qb = $this->conn->getQueryBuilder(); $qb->select('user_id', 'secret') - ->from(self::TOTP_SECRET_TABLE); + ->from(self::TOTP_SECRET_TABLE) + ->where( + $qb->expr()->eq( + 'state', $qb->createNamedParameter(ITotp::STATE_ENABLED) + ) + ); if (!empty($usernames)) { - $qb->where('user_id IN (:usernames)') - ->setParameter('usernames', implode(',', $usernames)); + $qb->andWhere('user_id IN (:usernames)') + ->setParameter('usernames', $usernames, IQueryBuilder::PARAM_STR_ARRAY); } $result = $qb->execute(); while ($row = $result->fetch()) { + $username = (string) $row['user_id']; + $entry = [ - 'username' => (string) $row['user_id'], + 'username' => $username, 'secret' => (string) $row['secret'] ]; $entries[] = $entry; diff --git a/lib/Service/SSOService.php b/lib/Service/SSOService.php index 61882dc23270f1a612481532f5a9a43e6cb9edd0..31263245c0878ac70ca7f6d204c5bd17228b371f 100644 --- a/lib/Service/SSOService.php +++ b/lib/Service/SSOService.php @@ -124,8 +124,8 @@ class SSOService { return false; } $credentialData = json_decode($credential['credentialData'], true); - if (!isset($credentialData['subType']) || !isset($credentialData['subType']) - || $credentialData['subType'] !== 'totp' || $credentialData['secretEncoding'] !== 'BASE32') { + if (!isset($credentialData['subType']) || $credentialData['subType'] !== 'totp' + || $credentialData['secretEncoding'] !== 'BASE32') { return false; } return true;