Merge pull request #1484 from wallabag/v2-2factor-auth

2factor authentication via email

4 files changed, 85 insertions, 0 deletions

diff --git a/src/Wallabag/CoreBundle/Form/Type/UserInformationType.php b/src/Wallabag/CoreBundle/Form/Type/UserInformationType.php
index 84f02013..e06c937d 100644
--- a/src/Wallabag/CoreBundle/Form/Type/UserInformationType.php
+++ b/src/Wallabag/CoreBundle/Form/Type/UserInformationType.php
@@ -13,6 +13,7 @@ class UserInformationType extends AbstractType
         $builder
             ->add('name', 'text')
             ->add('email', 'email')
+            ->add('twoFactorAuthentication', 'checkbox', array('required' => false))
             ->add('save', 'submit')
             ->remove('username')
             ->remove('plainPassword')
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig
index 64305b16..abe5dc9e 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig
@@ -100,6 +100,16 @@
             </div>
         </fieldset>
 
+        {% if twofactor_auth %}
+        <fieldset class="w500p inline">
+            <div class="row">
+                {{ form_label(form.user.twoFactorAuthentication) }}
+                {{ form_errors(form.user.twoFactorAuthentication) }}
+                {{ form_widget(form.user.twoFactorAuthentication) }}
+            </div>
+        </fieldset>
+        {% endif %}
+
         {{ form_rest(form.user) }}
     </form>
 
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig
index 0d8e9f24..ab24d4ef 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig
@@ -132,6 +132,16 @@
                                 </div>
                             </div>
 
+                            {% if twofactor_auth %}
+                            <div class="row">
+                                <div class="input-field col s12">
+                                    {{ form_widget(form.user.twoFactorAuthentication) }}
+                                    {{ form_label(form.user.twoFactorAuthentication) }}
+                                    {{ form_errors(form.user.twoFactorAuthentication) }}
+                                </div>
+                            </div>
+                            {% endif %}
+
                             <div class="hidden">{{ form_rest(form.user) }}</div>
                             <button class="btn waves-effect waves-light" type="submit" name="action">
                                 {% trans %}Save{% endtrans %}
diff --git a/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php
new file mode 100644
index 00000000..b9f5d835
--- /dev/null
+++ b/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php
@@ -0,0 +1,64 @@
+<?php
+
+namespace Wallabag\CoreBundle\Tests\Controller;
+
+use Wallabag\CoreBundle\Tests\WallabagCoreTestCase;
+
+class SecurityControllerTest extends WallabagCoreTestCase
+{
+    public function testLoginWithout2Factor()
+    {
+        $this->logInAs('admin');
+        $client = $this->getClient();
+        $client->followRedirects();
+
+        $client->request('GET', '/config');
+        $this->assertContains('RSS', $client->getResponse()->getContent());
+    }
+
+    public function testLoginWith2Factor()
+    {
+        $client = $this->getClient();
+
+        if ($client->getContainer()->getParameter('twofactor_auth')) {
+            $client->followRedirects();
+
+            $em = $client->getContainer()->get('doctrine.orm.entity_manager');
+            $user = $em
+                ->getRepository('WallabagUserBundle:User')
+                ->findOneByUsername('admin');
+            $user->setTwoFactorAuthentication(true);
+            $em->persist($user);
+            $em->flush();
+
+            $this->logInAs('admin');
+            $client->request('GET', '/config');
+            $this->assertContains('trusted computer', $client->getResponse()->getContent());
+
+            // restore user
+            $user = $em
+                ->getRepository('WallabagUserBundle:User')
+                ->findOneByUsername('admin');
+            $user->setTwoFactorAuthentication(false);
+            $em->persist($user);
+            $em->flush();
+        }
+    }
+
+    public function testTrustedComputer()
+    {
+        $client = $this->getClient();
+
+        if ($client->getContainer()->getParameter('twofactor_auth')) {
+            $em = $client->getContainer()->get('doctrine.orm.entity_manager');
+            $user = $em
+                ->getRepository('WallabagUserBundle:User')
+                ->findOneByUsername('admin');
+
+            $date = new \DateTime();
+            $user->addTrustedComputer('ABCDEF', $date->add(new \DateInterval('P1M')));
+            $this->assertTrue($user->isTrustedComputer('ABCDEF'));
+            $this->assertFalse($user->isTrustedComputer('FEDCBA'));
+        }
+    }
+}