diff options
| author | Jeremy Benoist <jeremy.benoist@gmail.com> | 2019-01-18 22:46:44 +0100 |
|---|---|---|
| committer | Jeremy Benoist <jeremy.benoist@gmail.com> | 2019-01-23 13:28:24 +0100 |
| commit | a0c5eb003f1cbeef10d5620e98870c7556e17c75 (patch) | |
| tree | 52660ffe507ac294db3db387842eed43fad1c75a /src/Wallabag/CoreBundle/Controller | |
| parent | 4c0e747940ac39630f1d2a6a14c628ba6729ecfd (diff) | |
| download | wallabag-a0c5eb003f1cbeef10d5620e98870c7556e17c75.tar.gz wallabag-a0c5eb003f1cbeef10d5620e98870c7556e17c75.tar.zst wallabag-a0c5eb003f1cbeef10d5620e98870c7556e17c75.zip | |
Change the way to enable 2FA
And add a step to validate a generated code from the OTP app
Diffstat (limited to 'src/Wallabag/CoreBundle/Controller')
| -rw-r--r-- | src/Wallabag/CoreBundle/Controller/ConfigController.php | 132 |
1 files changed, 109 insertions, 23 deletions
diff --git a/src/Wallabag/CoreBundle/Controller/ConfigController.php b/src/Wallabag/CoreBundle/Controller/ConfigController.php index c9fc5702..2643eed0 100644 --- a/src/Wallabag/CoreBundle/Controller/ConfigController.php +++ b/src/Wallabag/CoreBundle/Controller/ConfigController.php | |||
| @@ -81,28 +81,7 @@ class ConfigController extends Controller | |||
| 81 | ]); | 81 | ]); |
| 82 | $userForm->handleRequest($request); | 82 | $userForm->handleRequest($request); |
| 83 | 83 | ||
| 84 | // `googleTwoFactor` isn't a field within the User entity, we need to define it's value in a different way | ||
| 85 | if ($this->getParameter('twofactor_auth') && true === $user->isGoogleAuthenticatorEnabled() && false === $userForm->isSubmitted()) { | ||
| 86 | $userForm->get('googleTwoFactor')->setData(true); | ||
| 87 | } | ||
| 88 | |||
| 89 | if ($userForm->isSubmitted() && $userForm->isValid()) { | 84 | if ($userForm->isSubmitted() && $userForm->isValid()) { |
| 90 | // handle creation / reset of the OTP secret if checkbox changed from the previous state | ||
| 91 | if ($this->getParameter('twofactor_auth')) { | ||
| 92 | if (true === $userForm->get('googleTwoFactor')->getData() && false === $user->isGoogleAuthenticatorEnabled()) { | ||
| 93 | $secret = $this->get('scheb_two_factor.security.google_authenticator')->generateSecret(); | ||
| 94 | |||
| 95 | $user->setGoogleAuthenticatorSecret($secret); | ||
| 96 | $user->setEmailTwoFactor(false); | ||
| 97 | $user->setBackupCodes((new BackupCodes())->toArray()); | ||
| 98 | |||
| 99 | $this->addFlash('OtpQrCode', $this->get('scheb_two_factor.security.google_authenticator')->getQRContent($user)); | ||
| 100 | } elseif (false === $userForm->get('googleTwoFactor')->getData() && true === $user->isGoogleAuthenticatorEnabled()) { | ||
| 101 | $user->setGoogleAuthenticatorSecret(null); | ||
| 102 | $user->setBackupCodes(null); | ||
| 103 | } | ||
| 104 | } | ||
| 105 | |||
| 106 | $userManager->updateUser($user, true); | 85 | $userManager->updateUser($user, true); |
| 107 | 86 | ||
| 108 | $this->addFlash( | 87 | $this->addFlash( |
| @@ -175,12 +154,119 @@ class ConfigController extends Controller | |||
| 175 | ], | 154 | ], |
| 176 | 'twofactor_auth' => $this->getParameter('twofactor_auth'), | 155 | 'twofactor_auth' => $this->getParameter('twofactor_auth'), |
| 177 | 'wallabag_url' => $this->getParameter('domain_name'), | 156 | 'wallabag_url' => $this->getParameter('domain_name'), |
| 178 | 'enabled_users' => $this->get('wallabag_user.user_repository') | 157 | 'enabled_users' => $this->get('wallabag_user.user_repository')->getSumEnabledUsers(), |
| 179 | ->getSumEnabledUsers(), | ||
| 180 | ]); | 158 | ]); |
| 181 | } | 159 | } |
| 182 | 160 | ||
| 183 | /** | 161 | /** |
| 162 | * Enable 2FA using email. | ||
| 163 | * | ||
| 164 | * @param Request $request | ||
| 165 | * | ||
| 166 | * @Route("/config/otp/email", name="config_otp_email") | ||
| 167 | */ | ||
| 168 | public function otpEmailAction(Request $request) | ||
| 169 | { | ||
| 170 | if (!$this->getParameter('twofactor_auth')) { | ||
| 171 | return $this->createNotFoundException('two_factor not enabled'); | ||
| 172 | } | ||
| 173 | |||
| 174 | $user = $this->getUser(); | ||
| 175 | |||
| 176 | $user->setGoogleAuthenticatorSecret(null); | ||
| 177 | $user->setBackupCodes(null); | ||
| 178 | $user->setEmailTwoFactor(true); | ||
| 179 | |||
| 180 | $this->container->get('fos_user.user_manager')->updateUser($user, true); | ||
| 181 | |||
| 182 | $this->addFlash( | ||
| 183 | 'notice', | ||
| 184 | 'flashes.config.notice.otp_enabled' | ||
| 185 | ); | ||
| 186 | |||
| 187 | return $this->redirect($this->generateUrl('config') . '#set3'); | ||
| 188 | } | ||
| 189 | |||
| 190 | /** | ||
| 191 | * Enable 2FA using OTP app, user will need to confirm the generated code from the app. | ||
| 192 | * | ||
| 193 | * @Route("/config/otp/app", name="config_otp_app") | ||
| 194 | */ | ||
| 195 | public function otpAppAction() | ||
| 196 | { | ||
| 197 | if (!$this->getParameter('twofactor_auth')) { | ||
| 198 | return $this->createNotFoundException('two_factor not enabled'); | ||
| 199 | } | ||
| 200 | |||
| 201 | $user = $this->getUser(); | ||
| 202 | |||
| 203 | if (!$user->isGoogleTwoFactor()) { | ||
| 204 | $secret = $this->get('scheb_two_factor.security.google_authenticator')->generateSecret(); | ||
| 205 | |||
| 206 | $user->setGoogleAuthenticatorSecret($secret); | ||
| 207 | $user->setEmailTwoFactor(false); | ||
| 208 | $user->setBackupCodes((new BackupCodes())->toArray()); | ||
| 209 | |||
| 210 | $this->container->get('fos_user.user_manager')->updateUser($user, true); | ||
| 211 | } | ||
| 212 | |||
| 213 | return $this->render('WallabagCoreBundle:Config:otp_app.html.twig', [ | ||
| 214 | 'qr_code' => $this->get('scheb_two_factor.security.google_authenticator')->getQRContent($user), | ||
| 215 | ]); | ||
| 216 | } | ||
| 217 | |||
| 218 | /** | ||
| 219 | * Cancelling 2FA using OTP app. | ||
| 220 | * | ||
| 221 | * @Route("/config/otp/app/cancel", name="config_otp_app_cancel") | ||
| 222 | */ | ||
| 223 | public function otpAppCancelAction() | ||
| 224 | { | ||
| 225 | if (!$this->getParameter('twofactor_auth')) { | ||
| 226 | return $this->createNotFoundException('two_factor not enabled'); | ||
| 227 | } | ||
| 228 | |||
| 229 | $user = $this->getUser(); | ||
| 230 | $user->setGoogleAuthenticatorSecret(null); | ||
| 231 | $user->setBackupCodes(null); | ||
| 232 | |||
| 233 | $this->container->get('fos_user.user_manager')->updateUser($user, true); | ||
| 234 | |||
| 235 | return $this->redirect($this->generateUrl('config') . '#set3'); | ||
| 236 | } | ||
| 237 | |||
| 238 | /** | ||
| 239 | * Validate OTP code. | ||
| 240 | * | ||
| 241 | * @param Request $request | ||
| 242 | * | ||
| 243 | * @Route("/config/otp/app/check", name="config_otp_app_check") | ||
| 244 | */ | ||
| 245 | public function otpAppCheckAction(Request $request) | ||
| 246 | { | ||
| 247 | $isValid = $this->get('scheb_two_factor.security.google_authenticator')->checkCode( | ||
| 248 | $this->getUser(), | ||
| 249 | $request->get('_auth_code') | ||
| 250 | ); | ||
| 251 | |||
| 252 | if (true === $isValid) { | ||
| 253 | $this->addFlash( | ||
| 254 | 'notice', | ||
| 255 | 'flashes.config.notice.otp_enabled' | ||
| 256 | ); | ||
| 257 | |||
| 258 | return $this->redirect($this->generateUrl('config') . '#set3'); | ||
| 259 | } | ||
| 260 | |||
| 261 | $this->addFlash( | ||
| 262 | 'two_factor', | ||
| 263 | 'scheb_two_factor.code_invalid' | ||
| 264 | ); | ||
| 265 | |||
| 266 | return $this->redirect($this->generateUrl('config_otp_app')); | ||
| 267 | } | ||
| 268 | |||
| 269 | /** | ||
| 184 | * @param Request $request | 270 | * @param Request $request |
| 185 | * | 271 | * |
| 186 | * @Route("/generate-token", name="generate_token") | 272 | * @Route("/generate-token", name="generate_token") |