Merge pull request #4329 from wallabag/add-2fa-disable

Added a button to disable 2FA when enabled
author: Nicolas Lœuillet <nicolas@loeuillet.org> 2020-04-14 19:59:54 +0200
committer: GitHub <noreply@github.com> 2020-04-14 19:59:54 +0200
commit: 35359a23c1308ed7fd943de9f7018cabf83b21e4 (patch)
tree: 620914990d017b64bd2dda603b7af4a2be120c5f
parent: 2b21cc8869c9a6cbcc14a10aa6f39a10c3b8c4a0 (diff)
parent: e349c879faafdd3d8f61aebb257c4c89ccd3da7d (diff)
download: wallabag-35359a23c1308ed7fd943de9f7018cabf83b21e4.tar.gz
wallabag-35359a23c1308ed7fd943de9f7018cabf83b21e4.tar.zst
wallabag-35359a23c1308ed7fd943de9f7018cabf83b21e4.zip
20 files changed, 122 insertions, 4 deletions
diff --git a/src/Wallabag/CoreBundle/Controller/ConfigController.php b/src/Wallabag/CoreBundle/Controller/ConfigController.php
index 6655ef93..56efe82b 100644
--- a/src/Wallabag/CoreBundle/Controller/ConfigController.php
+++ b/src/Wallabag/CoreBundle/Controller/ConfigController.php
@@ -193,6 +193,30 @@ class ConfigController extends Controller
    }
    /**
+     * Disable 2FA using email.
+     *
+     * @Route("/config/otp/email/disable", name="disable_otp_email")
+     */
+    public function disableOtpEmailAction()
+    {
+        if (!$this->getParameter('twofactor_auth')) {
+            return $this->createNotFoundException('two_factor not enabled');
+        }
+        $user = $this->getUser();
+        $user->setEmailTwoFactor(false);
+        $this->container->get('fos_user.user_manager')->updateUser($user, true);
+        $this->addFlash(
+            'notice',
+            'flashes.config.notice.otp_disabled'
+        );
+        return $this->redirect($this->generateUrl('config') . '#set3');
+    }
+    /**
     * Enable 2FA using email.
     *
     * @Route("/config/otp/email", name="config_otp_email")
@@ -220,6 +244,32 @@ class ConfigController extends Controller
    }
    /**
+     * Disable 2FA using OTP app.
+     *
+     * @Route("/config/otp/app/disable", name="disable_otp_app")
+     */
+    public function disableOtpAppAction()
+    {
+        if (!$this->getParameter('twofactor_auth')) {
+            return $this->createNotFoundException('two_factor not enabled');
+        }
+        $user = $this->getUser();
+        $user->setGoogleAuthenticatorSecret('');
+        $user->setBackupCodes(null);
+        $this->container->get('fos_user.user_manager')->updateUser($user, true);
+        $this->addFlash(
+            'notice',
+            'flashes.config.notice.otp_disabled'
+        );
+        return $this->redirect($this->generateUrl('config') . '#set3');
+    }
+    /**
     * Enable 2FA using OTP app, user will need to confirm the generated code from the app.
     *
     * @Route("/config/otp/app", name="config_otp_app")
@@ -248,6 +298,11 @@ class ConfigController extends Controller
        $this->container->get('fos_user.user_manager')->updateUser($user, true);
+        $this->addFlash(
+            'notice',
+            'flashes.config.notice.otp_enabled'
+        );
        return $this->render('WallabagCoreBundle:Config:otp_app.html.twig', [
            'backupCodes' => $backupCodes,
            'qr_code' => $this->get('scheb_two_factor.security.google_authenticator')->getQRContent($user),
diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml
index 53b60c72..fc43e9fd 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml
@@ -613,6 +613,7 @@ flashes:
            # entries_reset: Entries reset
            # archived_reset: Archived entries deleted
            # otp_enabled: Two-factor authentication enabled
+            # otp_disabled: Two-factor authentication disabled
            # tagging_rules_imported: Tagging rules imported
            # tagging_rules_not_imported: Error while importing tagging rules
    entry:
diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml
index b9694be8..53c960b6 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml
@@ -613,6 +613,7 @@ flashes:
            entries_reset: Einträge zurücksetzen
            archived_reset: Archiverte Einträge zurücksetzen
            # otp_enabled: Two-factor authentication enabled
+            # otp_disabled: Two-factor authentication disabled
            # tagging_rules_imported: Tagging rules imported
            # tagging_rules_not_imported: Error while importing tagging rules
    entry:
diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml
index e8b1ea15..c6e3cd42 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml
@@ -613,6 +613,7 @@ flashes:
            entries_reset: Entries reset
            archived_reset: Archived entries deleted
            otp_enabled: Two-factor authentication enabled
+            otp_disabled: Two-factor authentication disabled
            tagging_rules_imported: Tagging rules imported
            tagging_rules_not_imported: Error while importing tagging rules
    entry:
diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml
index 6fd44f8e..72e36449 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml
@@ -613,6 +613,7 @@ flashes:
            entries_reset: Artículos reiniciados
            archived_reset: Artículos archivados borrados
            otp_enabled: Autenticación de dos pasos activada
+            # otp_disabled: Two-factor authentication disabled
            tagging_rules_imported: Reglas de etiquetado importadas
            tagging_rules_not_imported: Un error se ha producico en la importación de las reglas de etiquetado
    entry:
diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml
index 627923b0..8da90018 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml
@@ -613,6 +613,7 @@ flashes:
            # entries_reset: Entries reset
            # archived_reset: Archived entries deleted
            # otp_enabled: Two-factor authentication enabled
+            # otp_disabled: Two-factor authentication disabled
            # tagging_rules_imported: Tagging rules imported
            # tagging_rules_not_imported: Error while importing tagging rules
    entry:
diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml
index 542dc25c..d5454781 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml
@@ -614,6 +614,7 @@ flashes:
            entries_reset: "Articles supprimés"
            archived_reset: "Articles archivés supprimés"
            otp_enabled: "Authentification à double-facteur activée"
+            otp_disabled: "Authentification à double-facteur désactivée"
            tagging_rules_imported: Règles bien importées
            tagging_rules_not_imported: Impossible d'importer les règles
    entry:
diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml
index 5d017a40..99a8dc2d 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml
@@ -613,6 +613,7 @@ flashes:
            entries_reset: Reset articoli
            # archived_reset: Archived entries deleted
            # otp_enabled: Two-factor authentication enabled
+            # otp_disabled: Two-factor authentication disabled
            # tagging_rules_imported: Tagging rules imported
            # tagging_rules_not_imported: Error while importing tagging rules
    entry:
diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.ja.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.ja.yml
index 9de8c571..a1eaa5dd 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/messages.ja.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/messages.ja.yml
@@ -613,6 +613,7 @@ flashes:
            entries_reset: 記事がリセットされました
            archived_reset: アーカイブ済みの記事がリセットされました
            otp_enabled: 2要素認証が有効化されました
+            # otp_disabled: Two-factor authentication disabled
            tagging_rules_imported: タグ付けルールがインポートされました
            tagging_rules_not_imported: タグ付けルールのインポート中にエラーが発生しました
    entry:
diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml
index e0fb1933..598243db 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml
@@ -613,6 +613,7 @@ flashes:
            entries_reset: Articles levats
            archived_reset: Articles archivat suprimits
            otp_enabled: Autentificacion en dos temps activada
+            # otp_disabled: Two-factor authentication disabled
            tagging_rules_imported: Règlas d’etiquetatge importadas
            tagging_rules_not_imported: Error en important las règlas d’etiquetatge
    entry:
diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml
index dfaf9e89..af8447fe 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml
@@ -613,6 +613,7 @@ flashes:
            entries_reset: Zresetuj wpisy
            archived_reset: Zarchiwizowane wpisy usunięte
            # otp_enabled: Two-factor authentication enabled
+            # otp_disabled: Two-factor authentication disabled
            # tagging_rules_imported: Tagging rules imported
            # tagging_rules_not_imported: Error while importing tagging rules
    entry:
diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml
index 8908c0cc..d993cb05 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml
@@ -613,6 +613,7 @@ flashes:
            entries_reset: Artigos reinicializados
            archived_reset: Artigos arquivados apagados
            otp_enabled: Autenticação de dois fatores ativada
+            # otp_disabled: Two-factor authentication disabled
            tagging_rules_imported: Regras de tags importadas
            tagging_rules_not_imported: Erro ao importar regras de tags
    entry:
diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml
index b269578a..bc8b72e0 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml
@@ -613,6 +613,7 @@ flashes:
            # entries_reset: Entries reset
            # archived_reset: Archived entries deleted
            # otp_enabled: Two-factor authentication enabled
+            # otp_disabled: Two-factor authentication disabled
            # tagging_rules_imported: Tagging rules imported
            # tagging_rules_not_imported: Error while importing tagging rules
    entry:
diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml
index 648bbc80..2f7f55e5 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml
@@ -613,6 +613,7 @@ flashes:
            entries_reset: "Записи сброшены"
            # archived_reset: Archived entries deleted
            # otp_enabled: Two-factor authentication enabled
+            # otp_disabled: Two-factor authentication disabled
            # tagging_rules_imported: Tagging rules imported
            # tagging_rules_not_imported: Error while importing tagging rules
    entry:
diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml
index 4de87adc..48e1c34a 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml
@@ -613,6 +613,7 @@ flashes:
            entries_reset: รีเซ็ตรายการ
            archived_reset: การลบเอกสารของรายการ
            # otp_enabled: Two-factor authentication enabled
+            # otp_disabled: Two-factor authentication disabled
            # tagging_rules_imported: Tagging rules imported
            # tagging_rules_not_imported: Error while importing tagging rules
    entry:
diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml
index 9afa648c..19029c0b 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml
@@ -613,6 +613,7 @@ flashes:
            # entries_reset: Entries reset
            # archived_reset: Archived entries deleted
            # otp_enabled: Two-factor authentication enabled
+            # otp_disabled: Two-factor authentication disabled
            # tagging_rules_imported: Tagging rules imported
            # tagging_rules_not_imported: Error while importing tagging rules
    entry:
diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.zh.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.zh.yml
index a34e3852..f48ce37a 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/messages.zh.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/messages.zh.yml
@@ -613,6 +613,7 @@ flashes:
            entries_reset: 项目列表已重置
            archived_reset: 所有存档项目已删除
            otp_enabled: 两步验证已启用
+            # otp_disabled: Two-factor authentication disabled
            tagging_rules_imported: 标签规则已导入
            tagging_rules_not_imported: 导入标签规则时发生了错误
    entry:
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig
index f719bea2..eb395eac 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig
@@ -195,12 +195,12 @@
                <tr>
                    <td>{{ 'config.form_user.two_factor.emailTwoFactor_label'|trans }}</td>
                    <td>{% if app.user.isEmailTwoFactor %}<b>{{ 'config.form_user.two_factor.state_enabled'|trans }}</b>{% else %}{{ 'config.form_user.two_factor.state_disabled'|trans }}{% endif %}</td>
-                    <td><a href="{{ path('config_otp_email') }}" class="waves-effect waves-light btn{% if app.user.isEmailTwoFactor %} disabled{% endif %}">{{ 'config.form_user.two_factor.action_email'|trans }}</a></td>
+                    <td><a href="{{ path('config_otp_email') }}" class="waves-effect waves-light btn{% if app.user.isEmailTwoFactor %} disabled{% endif %}">{{ 'config.form_user.two_factor.action_email'|trans }}</a>  {% if app.user.isEmailTwoFactor %}<a href="{{ path('disable_otp_email') }}" class="waves-effect waves-light btn">Disable</a>{% endif %}</td>
                </tr>
                <tr>
                    <td>{{ 'config.form_user.two_factor.googleTwoFactor_label'|trans }}</td>
                    <td>{% if app.user.isGoogleTwoFactor %}<b>{{ 'config.form_user.two_factor.state_enabled'|trans }}</b>{% else %}{{ 'config.form_user.two_factor.state_disabled'|trans }}{% endif %}</td>
-                    <td><a href="{{ path('config_otp_app') }}" class="waves-effect waves-light btn{% if app.user.isGoogleTwoFactor %} disabled{% endif %}">{{ 'config.form_user.two_factor.action_app'|trans }}</a></td>
+                    <td><a href="{{ path('config_otp_app') }}" class="waves-effect waves-light btn{% if app.user.isGoogleTwoFactor %} disabled{% endif %}">{{ 'config.form_user.two_factor.action_app'|trans }}</a> {% if app.user.isGoogleTwoFactor %}<a href="{{ path('disable_otp_app') }}" class="waves-effect waves-light btn">Disable</a>{% endif %}</td>
                </tr>
            </tbody>
        </table>
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig
index d8e9694d..c2e92ad1 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig
@@ -229,12 +229,12 @@
                                            <tr>
                                                <td>{{ 'config.form_user.two_factor.emailTwoFactor_label'|trans }}</td>
                                                <td>{% if app.user.isEmailTwoFactor %}<b>{{ 'config.form_user.two_factor.state_enabled'|trans }}</b>{% else %}{{ 'config.form_user.two_factor.state_disabled'|trans }}{% endif %}</td>
-                                                <td><a href="{{ path('config_otp_email') }}" class="waves-effect waves-light btn{% if app.user.isEmailTwoFactor %} disabled{% endif %}">{{ 'config.form_user.two_factor.action_email'|trans }}</a></td>
+                                                <td><a href="{{ path('config_otp_email') }}" class="waves-effect waves-light btn{% if app.user.isEmailTwoFactor %} disabled{% endif %}">{{ 'config.form_user.two_factor.action_email'|trans }}</a> {% if app.user.isEmailTwoFactor %}<a href="{{ path('disable_otp_email') }}" class="waves-effect waves-light btn red">Disable</a>{% endif %}</td>
                                            </tr>
                                            <tr>
                                                <td>{{ 'config.form_user.two_factor.googleTwoFactor_label'|trans }}</td>
                                                <td>{% if app.user.isGoogleTwoFactor %}<b>{{ 'config.form_user.two_factor.state_enabled'|trans }}</b>{% else %}{{ 'config.form_user.two_factor.state_disabled'|trans }}{% endif %}</td>
-                                                <td><a href="{{ path('config_otp_app') }}" class="waves-effect waves-light btn{% if app.user.isGoogleTwoFactor %} disabled{% endif %}">{{ 'config.form_user.two_factor.action_app'|trans }}</a></td>
+                                                <td><a href="{{ path('config_otp_app') }}" class="waves-effect waves-light btn{% if app.user.isGoogleTwoFactor %} disabled{% endif %}">{{ 'config.form_user.two_factor.action_app'|trans }}</a> {% if app.user.isGoogleTwoFactor %}<a href="{{ path('disable_otp_app') }}" class="waves-effect waves-light btn red">Disable</a>{% endif %}</td>
                                            </tr>
                                        </tbody>
                                    </table>
diff --git a/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php b/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php
index fa93c9c2..b3b3a19a 100644
--- a/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php
+++ b/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php
@@ -1045,6 +1045,29 @@ class ConfigControllerTest extends WallabagCoreTestCase
        $em->flush();
    }
+    public function testUserDisable2faEmail()
+    {
+        $this->logInAs('admin');
+        $client = $this->getClient();
+        $crawler = $client->request('GET', '/config/otp/email/disable');
+        $this->assertSame(302, $client->getResponse()->getStatusCode());
+        $crawler = $client->followRedirect();
+        $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text']));
+        $this->assertContains('flashes.config.notice.otp_disabled', $alert[0]);
+        // restore user
+        $em = $this->getEntityManager();
+        $user = $em
+            ->getRepository('WallabagUserBundle:User')
+            ->findOneByUsername('admin');
+        $this->assertFalse($user->isEmailTwoFactor());
+    }
    public function testUserEnable2faGoogle()
    {
        $this->logInAs('admin');
@@ -1099,6 +1122,30 @@ class ConfigControllerTest extends WallabagCoreTestCase
        $this->assertEmpty($user->getBackupCodes());
    }
+    public function testUserDisable2faGoogle()
+    {
+        $this->logInAs('admin');
+        $client = $this->getClient();
+        $crawler = $client->request('GET', '/config/otp/app/disable');
+        $this->assertSame(302, $client->getResponse()->getStatusCode());
+        $crawler = $client->followRedirect();
+        $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text']));
+        $this->assertContains('flashes.config.notice.otp_disabled', $alert[0]);
+        // restore user
+        $em = $this->getEntityManager();
+        $user = $em
+            ->getRepository('WallabagUserBundle:User')
+            ->findOneByUsername('admin');
+        $this->assertEmpty($user->getGoogleAuthenticatorSecret());
+        $this->assertEmpty($user->getBackupCodes());
+    }
    public function testExportTaggingRule()
    {
        $this->logInAs('admin');
author	Nicolas Lœuillet <nicolas@loeuillet.org>	2020-04-14 19:59:54 +0200
committer	GitHub <noreply@github.com>	2020-04-14 19:59:54 +0200
commit	35359a23c1308ed7fd943de9f7018cabf83b21e4 (patch)
tree	620914990d017b64bd2dda603b7af4a2be120c5f
parent	2b21cc8869c9a6cbcc14a10aa6f39a10c3b8c4a0 (diff)
parent	e349c879faafdd3d8f61aebb257c4c89ccd3da7d (diff)
download	wallabag-35359a23c1308ed7fd943de9f7018cabf83b21e4.tar.gz wallabag-35359a23c1308ed7fd943de9f7018cabf83b21e4.tar.zst wallabag-35359a23c1308ed7fd943de9f7018cabf83b21e4.zip