Two-factor Providers¶
Two-factor auth providers apps are used to plug custom second factors into the Nextcloud core. The following code was taken from the two-factor test app.
Implementing a simple two-factor auth provider¶
Two-factor auth providers must implement the OCP\Authentication\TwoFactorAuth\IProvider
interface. The
example below shows a minimalistic example of such a provider.
<?php
namespace OCA\TwoFactor_Test\Provider;
use OCP\Authentication\TwoFactorAuth\IProvider;
use OCP\IUser;
use OCP\Template;
class TwoFactorTestProvider implements IProvider {
/**
* Get unique identifier of this 2FA provider
*
* @return string
*/
public function getId() {
return 'test';
}
/**
* Get the display name for selecting the 2FA provider
*
* @return string
*/
public function getDisplayName() {
return 'Test';
}
/**
* Get the description for selecting the 2FA provider
*
* @return string
*/
public function getDescription() {
return 'Use a test provider';
}
/**
* Get the template for rending the 2FA provider view
*
* @param IUser $user
* @return Template
*/
public function getTemplate(IUser $user) {
// If necessary, this is also the place where you might want
// to send out a code via e-mail or SMS.
// 'challenge' is the name of the template
return new Template('twofactor_test', 'challenge');
}
/**
* Verify the given challenge
*
* @param IUser $user
* @param string $challenge
*/
public function verifyChallenge(IUser $user, $challenge) {
if ($challenge === 'passme') {
return true;
}
return false;
}
/**
* Decides whether 2FA is enabled for the given user
*
* @param IUser $user
* @return boolean
*/
public function isTwoFactorAuthEnabledForUser(IUser $user) {
// 2FA is enforced for all users
return true;
}
}
Registering a two-factor auth provider¶
You need to inform the Nextcloud core that the app provides two-factor auth functionality. Two-factor
providers are registered via info.xml
.
<two-factor-providers>
<provider>OCA\TwoFactor_Test\Provider\TwoFactorTestProvider</provider>
</two-factor-providers>