Open nursoda opened 1 year ago
I would also like to see this feature for the email 2FA app. Essential is via occ and via the web interface would also be nice.
Here are some scripts I use for managing MFA settings.
Assumptions:
#!/bin/bash
if [[ -z "$2" ]]
then
printf "Syntax:\n\n"
printf "$0 [uid] [\"email\"|\"totp\"|\"check\"] "'[0|1] [-f]'"\n\n"
printf "[uid]: select uid to alter\n"
printf "[email|totp|check]: select MFA mechanism to set, or check existing status\n"
printf "[0|1]: disable(0) or enable(1) the selected MFA mechanism\n"
printf "[-f]: force update of a uid that does not match SPECIFIED DOMAINS\n\n"
exit
fi
if ( [ "$2" != "email" ] && [ "$2" != "totp" ])
then
if ( [ "$2" == "check" ])
then
printf "\n"
sudo -u postgres psql \
-d nextcloud \
-c "select provider_id, uid, enabled \
from oc_twofactor_providers \
where uid = '$1';"
sudo -u www-data php /var/www/nextcloud/occ \
user:setting $1 settings \
|sed 's/^[ -]*settings:/uid: '$1'/'
sudo -u www-data php /var/www/nextcloud/occ \
user:lastseen $1 \
|sed 's/^.*last login/ - last login/'
exit
fi
fi
if ( [ "$3" != "0" ] && [ "$3" != "1" ])
then
exit
fi
# SPECIFIED DOMAINS
if ! ( [[ "$1" == *"@gmail.com" ]] || [[ "$1" == *"@hotmail.com" ]] [[ "${4,,}" == "-f" ]])
then
sudo -u www-data php /var/www/nextcloud/occ \
user:info $1 \
|egrep 'user_id|email|last_seen' \
|sed -e 's/user_id/uid/' -e 's/^[ -]*//' \
|tr "\n" "\t"
printf "\n\nYou must specify \"-f\" to force the update for non-SPECIFIED domains\n\n"
exit
fi
# do the actual update
echo "insert into oc_twofactor_providers (provider_id, uid, enabled) values ('$2','$1',$3) on conflict (provider_id,uid) do update set enabled = $3;" |(sudo -u postgres psql -d nextcloud -f -)
#!/usr/bin/bash
sudo -u postgres psql \
-d nextcloud \
-c "select left(split_part(o.uid,'@',2),15) as domain, o.uid, \
sum(case when o.provider_id='email' then o.enabled else 0 end) as \"email\", \
sum(case when o.provider_id='totp' then o.enabled else 0 end) as \"totp\", \
sum(case when o.provider_id='backup_codes' then o.enabled else 0 end) as \"codes\", \
sum(case when o.provider_id='twofactor_nextcloud_notification' then o.enabled else 0 end) as \"nc app\", \
sum(case when o.provider_id='webauthn' then o.enabled else 0 end) as \"webauthn\" \
from (select u.uid, m.provider_id, m.enabled from oc_users u \
left join oc_twofactor_providers m on u.uid = m.uid) o \
group by o.uid order by domain, o.uid;"
At least via OCC (in the twofactorauth and/or twofactor_email namespace), ideally also via web interface.
Currently, there's only this occ command: