aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/Wallabag/CoreBundle/Controller
diff options
context:
space:
mode:
authorJeremy Benoist <jeremy.benoist@gmail.com>2019-01-18 22:46:44 +0100
committerJeremy Benoist <jeremy.benoist@gmail.com>2019-01-23 13:28:24 +0100
commita0c5eb003f1cbeef10d5620e98870c7556e17c75 (patch)
tree52660ffe507ac294db3db387842eed43fad1c75a /src/Wallabag/CoreBundle/Controller
parent4c0e747940ac39630f1d2a6a14c628ba6729ecfd (diff)
downloadwallabag-a0c5eb003f1cbeef10d5620e98870c7556e17c75.tar.gz
wallabag-a0c5eb003f1cbeef10d5620e98870c7556e17c75.tar.zst
wallabag-a0c5eb003f1cbeef10d5620e98870c7556e17c75.zip
Change the way to enable 2FA
And add a step to validate a generated code from the OTP app
Diffstat (limited to 'src/Wallabag/CoreBundle/Controller')
-rw-r--r--src/Wallabag/CoreBundle/Controller/ConfigController.php132
1 files changed, 109 insertions, 23 deletions
diff --git a/src/Wallabag/CoreBundle/Controller/ConfigController.php b/src/Wallabag/CoreBundle/Controller/ConfigController.php
index c9fc5702..2643eed0 100644
--- a/src/Wallabag/CoreBundle/Controller/ConfigController.php
+++ b/src/Wallabag/CoreBundle/Controller/ConfigController.php
@@ -81,28 +81,7 @@ class ConfigController extends Controller
81 ]); 81 ]);
82 $userForm->handleRequest($request); 82 $userForm->handleRequest($request);
83 83
84 // `googleTwoFactor` isn't a field within the User entity, we need to define it's value in a different way
85 if ($this->getParameter('twofactor_auth') && true === $user->isGoogleAuthenticatorEnabled() && false === $userForm->isSubmitted()) {
86 $userForm->get('googleTwoFactor')->setData(true);
87 }
88
89 if ($userForm->isSubmitted() && $userForm->isValid()) { 84 if ($userForm->isSubmitted() && $userForm->isValid()) {
90 // handle creation / reset of the OTP secret if checkbox changed from the previous state
91 if ($this->getParameter('twofactor_auth')) {
92 if (true === $userForm->get('googleTwoFactor')->getData() && false === $user->isGoogleAuthenticatorEnabled()) {
93 $secret = $this->get('scheb_two_factor.security.google_authenticator')->generateSecret();
94
95 $user->setGoogleAuthenticatorSecret($secret);
96 $user->setEmailTwoFactor(false);
97 $user->setBackupCodes((new BackupCodes())->toArray());
98
99 $this->addFlash('OtpQrCode', $this->get('scheb_two_factor.security.google_authenticator')->getQRContent($user));
100 } elseif (false === $userForm->get('googleTwoFactor')->getData() && true === $user->isGoogleAuthenticatorEnabled()) {
101 $user->setGoogleAuthenticatorSecret(null);
102 $user->setBackupCodes(null);
103 }
104 }
105
106 $userManager->updateUser($user, true); 85 $userManager->updateUser($user, true);
107 86
108 $this->addFlash( 87 $this->addFlash(
@@ -175,12 +154,119 @@ class ConfigController extends Controller
175 ], 154 ],
176 'twofactor_auth' => $this->getParameter('twofactor_auth'), 155 'twofactor_auth' => $this->getParameter('twofactor_auth'),
177 'wallabag_url' => $this->getParameter('domain_name'), 156 'wallabag_url' => $this->getParameter('domain_name'),
178 'enabled_users' => $this->get('wallabag_user.user_repository') 157 'enabled_users' => $this->get('wallabag_user.user_repository')->getSumEnabledUsers(),
179 ->getSumEnabledUsers(),
180 ]); 158 ]);
181 } 159 }
182 160
183 /** 161 /**
162 * Enable 2FA using email.
163 *
164 * @param Request $request
165 *
166 * @Route("/config/otp/email", name="config_otp_email")
167 */
168 public function otpEmailAction(Request $request)
169 {
170 if (!$this->getParameter('twofactor_auth')) {
171 return $this->createNotFoundException('two_factor not enabled');
172 }
173
174 $user = $this->getUser();
175
176 $user->setGoogleAuthenticatorSecret(null);
177 $user->setBackupCodes(null);
178 $user->setEmailTwoFactor(true);
179
180 $this->container->get('fos_user.user_manager')->updateUser($user, true);
181
182 $this->addFlash(
183 'notice',
184 'flashes.config.notice.otp_enabled'
185 );
186
187 return $this->redirect($this->generateUrl('config') . '#set3');
188 }
189
190 /**
191 * Enable 2FA using OTP app, user will need to confirm the generated code from the app.
192 *
193 * @Route("/config/otp/app", name="config_otp_app")
194 */
195 public function otpAppAction()
196 {
197 if (!$this->getParameter('twofactor_auth')) {
198 return $this->createNotFoundException('two_factor not enabled');
199 }
200
201 $user = $this->getUser();
202
203 if (!$user->isGoogleTwoFactor()) {
204 $secret = $this->get('scheb_two_factor.security.google_authenticator')->generateSecret();
205
206 $user->setGoogleAuthenticatorSecret($secret);
207 $user->setEmailTwoFactor(false);
208 $user->setBackupCodes((new BackupCodes())->toArray());
209
210 $this->container->get('fos_user.user_manager')->updateUser($user, true);
211 }
212
213 return $this->render('WallabagCoreBundle:Config:otp_app.html.twig', [
214 'qr_code' => $this->get('scheb_two_factor.security.google_authenticator')->getQRContent($user),
215 ]);
216 }
217
218 /**
219 * Cancelling 2FA using OTP app.
220 *
221 * @Route("/config/otp/app/cancel", name="config_otp_app_cancel")
222 */
223 public function otpAppCancelAction()
224 {
225 if (!$this->getParameter('twofactor_auth')) {
226 return $this->createNotFoundException('two_factor not enabled');
227 }
228
229 $user = $this->getUser();
230 $user->setGoogleAuthenticatorSecret(null);
231 $user->setBackupCodes(null);
232
233 $this->container->get('fos_user.user_manager')->updateUser($user, true);
234
235 return $this->redirect($this->generateUrl('config') . '#set3');
236 }
237
238 /**
239 * Validate OTP code.
240 *
241 * @param Request $request
242 *
243 * @Route("/config/otp/app/check", name="config_otp_app_check")
244 */
245 public function otpAppCheckAction(Request $request)
246 {
247 $isValid = $this->get('scheb_two_factor.security.google_authenticator')->checkCode(
248 $this->getUser(),
249 $request->get('_auth_code')
250 );
251
252 if (true === $isValid) {
253 $this->addFlash(
254 'notice',
255 'flashes.config.notice.otp_enabled'
256 );
257
258 return $this->redirect($this->generateUrl('config') . '#set3');
259 }
260
261 $this->addFlash(
262 'two_factor',
263 'scheb_two_factor.code_invalid'
264 );
265
266 return $this->redirect($this->generateUrl('config_otp_app'));
267 }
268
269 /**
184 * @param Request $request 270 * @param Request $request
185 * 271 *
186 * @Route("/generate-token", name="generate_token") 272 * @Route("/generate-token", name="generate_token")