feat(admin_audit): add audit logging for enabling/disabling 2FA

apps/admin_audit/lib/AppInfo/Application.php

@@ -39,6 +39,8 @@
 use OCP\Authentication\Events\AnyLoginFailedEvent;
 use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengeFailed;
 use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengePassed;
+use OCP\Authentication\TwoFactorAuth\TwoFactorProviderForUserRegistered;
+use OCP\Authentication\TwoFactorAuth\TwoFactorProviderForUserUnregistered;
 use OCP\Console\ConsoleEvent;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\Files\Cache\CacheEntryInsertedEvent;
@@ -118,6 +120,8 @@ public function register(IRegistrationContext $context): void {
 		// Security events
 		$context->registerEventListener(TwoFactorProviderChallengePassed::class, SecurityEventListener::class);
 		$context->registerEventListener(TwoFactorProviderChallengeFailed::class, SecurityEventListener::class);
+		$context->registerEventListener(TwoFactorProviderForUserRegistered::class, SecurityEventListener::class);
+		$context->registerEventListener(TwoFactorProviderForUserUnregistered::class, SecurityEventListener::class);
 
 		// App management events
 		$context->registerEventListener(AppEnableEvent::class, AppManagementEventListener::class);

apps/admin_audit/lib/Listener/SecurityEventListener.php

@@ -12,18 +12,24 @@
 use OCA\AdminAudit\Actions\Action;
 use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengeFailed;
 use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengePassed;
+use OCP\Authentication\TwoFactorAuth\TwoFactorProviderForUserRegistered;
+use OCP\Authentication\TwoFactorAuth\TwoFactorProviderForUserUnregistered;
 use OCP\EventDispatcher\Event;
 use OCP\EventDispatcher\IEventListener;
 
 /**
- * @template-implements IEventListener<TwoFactorProviderChallengePassed|TwoFactorProviderChallengeFailed>
+ * @template-implements IEventListener<TwoFactorProviderChallengePassed|TwoFactorProviderChallengeFailed|TwoFactorProviderForUserRegistered|TwoFactorProviderForUserUnregistered>
  */
 class SecurityEventListener extends Action implements IEventListener {
 	public function handle(Event $event): void {
 		if ($event instanceof TwoFactorProviderChallengePassed) {
 			$this->twoFactorProviderChallengePassed($event);
 		} elseif ($event instanceof TwoFactorProviderChallengeFailed) {
 			$this->twoFactorProviderChallengeFailed($event);
+		} elseif ($event instanceof TwoFactorProviderForUserRegistered) {
+			$this->twoFactorProviderForUserRegistered($event);
+		} elseif ($event instanceof TwoFactorProviderForUserUnregistered) {
+			$this->twoFactorProviderForUserUnregistered($event);
 		}
 	}
 
@@ -58,4 +64,36 @@ private function twoFactorProviderChallengeFailed(TwoFactorProviderChallengeFail
 			]
 		);
 	}
+
+	private function twoFactorProviderForUserRegistered(TwoFactorProviderForUserRegistered $event): void {
+		$this->log(
+			'Two factor provider %s enabled for user %s (%s)',
+			[
+				'provider' => $event->getProvider()->getDisplayName(),
+				'uid' => $event->getUser()->getUID(),
+				'displayName' => $event->getUser()->getDisplayName()
+			],
+			[
+				'provider',
+				'uid',
+				'displayName',
+			]
+		);
+	}
+
+	private function twoFactorProviderForUserUnregistered(TwoFactorProviderForUserUnregistered $event): void {
+		$this->log(
+			'Two factor provider %s disabled for user %s (%s)',
+			[
+				'provider' => $event->getProvider()->getDisplayName(),
+				'uid' => $event->getUser()->getUID(),
+				'displayName' => $event->getUser()->getDisplayName()
+			],
+			[
+				'provider',
+				'uid',
+				'displayName',
+			]
+		);
+	}
 }

apps/admin_audit/tests/Listener/SecurityEventListenerTest.php

@@ -14,6 +14,8 @@
 use OCP\Authentication\TwoFactorAuth\IProvider;
 use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengeFailed;
 use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengePassed;
+use OCP\Authentication\TwoFactorAuth\TwoFactorProviderForUserRegistered;
+use OCP\Authentication\TwoFactorAuth\TwoFactorProviderForUserUnregistered;
 use OCP\IUser;
 use PHPUnit\Framework\MockObject\MockObject;
 use Test\TestCase;
@@ -62,4 +64,26 @@ public function testTwofactorSuccess(): void {
 
 		$this->security->handle(new TwoFactorProviderChallengePassed($this->user, $this->provider));
 	}
+
+	public function testTwofactorRegistered(): void {
+		$this->logger->expects($this->once())
+			->method('info')
+			->with(
+				$this->equalTo('Two factor provider myprovider enabled for user mydisplayname (myuid)'),
+				['app' => 'admin_audit']
+			);
+
+		$this->security->handle(new TwoFactorProviderForUserRegistered($this->user, $this->provider));
+	}
+
+	public function testTwofactorUnregistered(): void {
+		$this->logger->expects($this->once())
+			->method('info')
+			->with(
+				$this->equalTo('Two factor provider myprovider disabled for user mydisplayname (myuid)'),
+				['app' => 'admin_audit']
+			);
+
+		$this->security->handle(new TwoFactorProviderForUserUnregistered($this->user, $this->provider));
+	}
 }