X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=src%2FWallabag%2FCoreBundle%2FController%2FConfigController.php;h=3b281d488ececf68fd0362f1d9ab3a98862cf71f;hb=92a66835624acf6fd14f5adc5f8aab399658592e;hp=c9fc570268c7fc09c21e4413cc046b5525396b3d;hpb=dfd0a7bc5feb4fd7b77d7e2f3a25c5c3febc1eba;p=github%2Fwallabag%2Fwallabag.git diff --git a/src/Wallabag/CoreBundle/Controller/ConfigController.php b/src/Wallabag/CoreBundle/Controller/ConfigController.php index c9fc5702..3b281d48 100644 --- a/src/Wallabag/CoreBundle/Controller/ConfigController.php +++ b/src/Wallabag/CoreBundle/Controller/ConfigController.php @@ -14,7 +14,7 @@ use Wallabag\CoreBundle\Entity\Config; use Wallabag\CoreBundle\Entity\TaggingRule; use Wallabag\CoreBundle\Form\Type\ChangePasswordType; use Wallabag\CoreBundle\Form\Type\ConfigType; -use Wallabag\CoreBundle\Form\Type\RssType; +use Wallabag\CoreBundle\Form\Type\FeedType; use Wallabag\CoreBundle\Form\Type\TaggingRuleType; use Wallabag\CoreBundle\Form\Type\UserInformationType; use Wallabag\CoreBundle\Tools\Utils; @@ -81,28 +81,7 @@ class ConfigController extends Controller ]); $userForm->handleRequest($request); - // `googleTwoFactor` isn't a field within the User entity, we need to define it's value in a different way - if ($this->getParameter('twofactor_auth') && true === $user->isGoogleAuthenticatorEnabled() && false === $userForm->isSubmitted()) { - $userForm->get('googleTwoFactor')->setData(true); - } - if ($userForm->isSubmitted() && $userForm->isValid()) { - // handle creation / reset of the OTP secret if checkbox changed from the previous state - if ($this->getParameter('twofactor_auth')) { - if (true === $userForm->get('googleTwoFactor')->getData() && false === $user->isGoogleAuthenticatorEnabled()) { - $secret = $this->get('scheb_two_factor.security.google_authenticator')->generateSecret(); - - $user->setGoogleAuthenticatorSecret($secret); - $user->setEmailTwoFactor(false); - $user->setBackupCodes((new BackupCodes())->toArray()); - - $this->addFlash('OtpQrCode', $this->get('scheb_two_factor.security.google_authenticator')->getQRContent($user)); - } elseif (false === $userForm->get('googleTwoFactor')->getData() && true === $user->isGoogleAuthenticatorEnabled()) { - $user->setGoogleAuthenticatorSecret(null); - $user->setBackupCodes(null); - } - } - $userManager->updateUser($user, true); $this->addFlash( @@ -113,17 +92,17 @@ class ConfigController extends Controller return $this->redirect($this->generateUrl('config') . '#set3'); } - // handle rss information - $rssForm = $this->createForm(RssType::class, $config, ['action' => $this->generateUrl('config') . '#set2']); - $rssForm->handleRequest($request); + // handle feed information + $feedForm = $this->createForm(FeedType::class, $config, ['action' => $this->generateUrl('config') . '#set2']); + $feedForm->handleRequest($request); - if ($rssForm->isSubmitted() && $rssForm->isValid()) { + if ($feedForm->isSubmitted() && $feedForm->isValid()) { $em->persist($config); $em->flush(); $this->addFlash( 'notice', - 'flashes.config.notice.rss_updated' + 'flashes.config.notice.feed_updated' ); return $this->redirect($this->generateUrl('config') . '#set2'); @@ -164,22 +143,134 @@ class ConfigController extends Controller return $this->render('WallabagCoreBundle:Config:index.html.twig', [ 'form' => [ 'config' => $configForm->createView(), - 'rss' => $rssForm->createView(), + 'feed' => $feedForm->createView(), 'pwd' => $pwdForm->createView(), 'user' => $userForm->createView(), 'new_tagging_rule' => $newTaggingRule->createView(), ], - 'rss' => [ + 'feed' => [ 'username' => $user->getUsername(), - 'token' => $config->getRssToken(), + 'token' => $config->getFeedToken(), ], 'twofactor_auth' => $this->getParameter('twofactor_auth'), 'wallabag_url' => $this->getParameter('domain_name'), - 'enabled_users' => $this->get('wallabag_user.user_repository') - ->getSumEnabledUsers(), + 'enabled_users' => $this->get('wallabag_user.user_repository')->getSumEnabledUsers(), + ]); + } + + /** + * Enable 2FA using email. + * + * @Route("/config/otp/email", name="config_otp_email") + */ + public function otpEmailAction() + { + if (!$this->getParameter('twofactor_auth')) { + return $this->createNotFoundException('two_factor not enabled'); + } + + $user = $this->getUser(); + + $user->setGoogleAuthenticatorSecret(null); + $user->setBackupCodes(null); + $user->setEmailTwoFactor(true); + + $this->container->get('fos_user.user_manager')->updateUser($user, true); + + $this->addFlash( + 'notice', + 'flashes.config.notice.otp_enabled' + ); + + return $this->redirect($this->generateUrl('config') . '#set3'); + } + + /** + * Enable 2FA using OTP app, user will need to confirm the generated code from the app. + * + * @Route("/config/otp/app", name="config_otp_app") + */ + public function otpAppAction() + { + if (!$this->getParameter('twofactor_auth')) { + return $this->createNotFoundException('two_factor not enabled'); + } + + $user = $this->getUser(); + $secret = $this->get('scheb_two_factor.security.google_authenticator')->generateSecret(); + + $user->setGoogleAuthenticatorSecret($secret); + $user->setEmailTwoFactor(false); + + $backupCodes = (new BackupCodes())->toArray(); + $backupCodesHashed = array_map( + function ($backupCode) { + return password_hash($backupCode, PASSWORD_DEFAULT); + }, + $backupCodes + ); + + $user->setBackupCodes($backupCodesHashed); + + $this->container->get('fos_user.user_manager')->updateUser($user, true); + + return $this->render('WallabagCoreBundle:Config:otp_app.html.twig', [ + 'backupCodes' => $backupCodes, + 'qr_code' => $this->get('scheb_two_factor.security.google_authenticator')->getQRContent($user), ]); } + /** + * Cancelling 2FA using OTP app. + * + * @Route("/config/otp/app/cancel", name="config_otp_app_cancel") + */ + public function otpAppCancelAction() + { + if (!$this->getParameter('twofactor_auth')) { + return $this->createNotFoundException('two_factor not enabled'); + } + + $user = $this->getUser(); + $user->setGoogleAuthenticatorSecret(null); + $user->setBackupCodes(null); + + $this->container->get('fos_user.user_manager')->updateUser($user, true); + + return $this->redirect($this->generateUrl('config') . '#set3'); + } + + /** + * Validate OTP code. + * + * @param Request $request + * + * @Route("/config/otp/app/check", name="config_otp_app_check") + */ + public function otpAppCheckAction(Request $request) + { + $isValid = $this->get('scheb_two_factor.security.google_authenticator')->checkCode( + $this->getUser(), + $request->get('_auth_code') + ); + + if (true === $isValid) { + $this->addFlash( + 'notice', + 'flashes.config.notice.otp_enabled' + ); + + return $this->redirect($this->generateUrl('config') . '#set3'); + } + + $this->addFlash( + 'two_factor', + 'scheb_two_factor.code_invalid' + ); + + return $this->redirect($this->generateUrl('config_otp_app')); + } + /** * @param Request $request * @@ -190,19 +281,19 @@ class ConfigController extends Controller public function generateTokenAction(Request $request) { $config = $this->getConfig(); - $config->setRssToken(Utils::generateToken()); + $config->setFeedToken(Utils::generateToken()); $em = $this->getDoctrine()->getManager(); $em->persist($config); $em->flush(); if ($request->isXmlHttpRequest()) { - return new JsonResponse(['token' => $config->getRssToken()]); + return new JsonResponse(['token' => $config->getFeedToken()]); } $this->addFlash( 'notice', - 'flashes.config.notice.rss_token_updated' + 'flashes.config.notice.feed_token_updated' ); return $this->redirect($this->generateUrl('config') . '#set2');