Enable OTP 2FA

- Update SchebTwoFactorBundle to version 3 - Enable Google 2fa on the bundle - Disallow ability to use both email and google as 2fa - Update Ocramius Proxy Manager to handle typed function & attributes (from PHP 7) - use `$this->addFlash` shortcut instead of `$this->get('session')->getFlashBag()->add` - update admin to be able to create/reset the 2fa
author: Jeremy Benoist <jeremy.benoist@gmail.com> 2018-12-02 12:43:05 +0100
committer: Jeremy Benoist <jeremy.benoist@gmail.com> 2019-01-23 13:28:02 +0100
commit: a6b242a1fd6f8900d80354361449f1bf62506ef9 (patch)
tree: f69d87208d0ebbdb8517529582280b174af74a16 /src/Wallabag/UserBundle/Entity
parent: acd4412080dfb73ecaa7f9983728d1d55bc27ea4 (diff)
download: wallabag-a6b242a1fd6f8900d80354361449f1bf62506ef9.tar.gz
wallabag-a6b242a1fd6f8900d80354361449f1bf62506ef9.tar.zst
wallabag-a6b242a1fd6f8900d80354361449f1bf62506ef9.zip
1 files changed, 67 insertions, 27 deletions
diff --git a/src/Wallabag/UserBundle/Entity/User.php b/src/Wallabag/UserBundle/Entity/User.php
index 48446e3c..6e305719 100644
--- a/src/Wallabag/UserBundle/Entity/User.php
+++ b/src/Wallabag/UserBundle/Entity/User.php
@@ -8,8 +8,8 @@ use FOS\UserBundle\Model\User as BaseUser;
 use JMS\Serializer\Annotation\Accessor;
 use JMS\Serializer\Annotation\Groups;
 use JMS\Serializer\Annotation\XmlRoot;
-use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface;
+use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface as EmailTwoFactorInterface;
-use Scheb\TwoFactorBundle\Model\TrustedComputerInterface;
+use Scheb\TwoFactorBundle\Model\Google\TwoFactorInterface as GoogleTwoFactorInterface;
 use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Wallabag\ApiBundle\Entity\Client;
@@ -28,7 +28,7 @@ use Wallabag\CoreBundle\Helper\EntityTimestampsTrait;
 * @UniqueEntity("email")
 * @UniqueEntity("username")
 */
-class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterface
+class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorInterface
 {
    use EntityTimestampsTrait;
@@ -123,16 +123,16 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
    private $authCode;
    /**
-     * @var bool
+     * @ORM\Column(name="googleAuthenticatorSecret", type="string", nullable=true)
-     *
-     * @ORM\Column(type="boolean")
     */
-    private $twoFactorAuthentication = false;
+    private $googleAuthenticatorSecret;
    /**
-     * @ORM\Column(type="json_array", nullable=true)
+     * @var bool
+     *
+     * @ORM\Column(type="boolean")
     */
-    private $trusted;
+    private $emailTwoFactor = false;
    public function __construct()
    {
@@ -233,49 +233,89 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
    /**
     * @return bool
     */
-    public function isTwoFactorAuthentication()
+    public function isEmailTwoFactor()
+    {
+        return $this->emailTwoFactor;
+    }
+    /**
+     * @param bool $emailTwoFactor
+     */
+    public function setEmailTwoFactor($emailTwoFactor)
    {
-        return $this->twoFactorAuthentication;
+        $this->emailTwoFactor = $emailTwoFactor;
    }
    /**
-     * @param bool $twoFactorAuthentication
+     * Used in the user config form to be "like" the email option.
     */
-    public function setTwoFactorAuthentication($twoFactorAuthentication)
+    public function isGoogleTwoFactor()
    {
-        $this->twoFactorAuthentication = $twoFactorAuthentication;
+        return $this->isGoogleAuthenticatorEnabled();
    }
-    public function isEmailAuthEnabled()
+    /**
+     * {@inheritdoc}
+     */
+    public function isEmailAuthEnabled(): bool
    {
-        return $this->twoFactorAuthentication;
+        return $this->emailTwoFactor;
    }
-    public function getEmailAuthCode()
+    /**
+     * {@inheritdoc}
+     */
+    public function getEmailAuthCode(): string
    {
        return $this->authCode;
    }
-    public function setEmailAuthCode($authCode)
+    /**
+     * {@inheritdoc}
+     */
+    public function setEmailAuthCode(string $authCode): void
    {
        $this->authCode = $authCode;
    }
-    public function addTrustedComputer($token, \DateTime $validUntil)
+    /**
+     * {@inheritdoc}
+     */
+    public function getEmailAuthRecipient(): string
    {
-        $this->trusted[$token] = $validUntil->format('r');
+        return $this->email;
    }
-    public function isTrustedComputer($token)
+    /**
+     * {@inheritdoc}
+     */
+    public function isGoogleAuthenticatorEnabled(): bool
    {
-        if (isset($this->trusted[$token])) {
+        return $this->googleAuthenticatorSecret ? true : false;
-            $now = new \DateTime();
+    }
-            $validUntil = new \DateTime($this->trusted[$token]);
-            return $now < $validUntil;
+    /**
-        }
+     * {@inheritdoc}
+     */
+    public function getGoogleAuthenticatorUsername(): string
+    {
+        return $this->username;
+    }
-        return false;
+    /**
+     * {@inheritdoc}
+     */
+    public function getGoogleAuthenticatorSecret(): string
+    {
+        return $this->googleAuthenticatorSecret;
+    }
+    /**
+     * {@inheritdoc}
+     */
+    public function setGoogleAuthenticatorSecret(?string $googleAuthenticatorSecret): void
+    {
+        $this->googleAuthenticatorSecret = $googleAuthenticatorSecret;
    }
    /**
author	Jeremy Benoist <jeremy.benoist@gmail.com>	2018-12-02 12:43:05 +0100
committer	Jeremy Benoist <jeremy.benoist@gmail.com>	2019-01-23 13:28:02 +0100
commit	a6b242a1fd6f8900d80354361449f1bf62506ef9 (patch)
tree	f69d87208d0ebbdb8517529582280b174af74a16 /src/Wallabag/UserBundle/Entity
parent	acd4412080dfb73ecaa7f9983728d1d55bc27ea4 (diff)
download	wallabag-a6b242a1fd6f8900d80354361449f1bf62506ef9.tar.gz wallabag-a6b242a1fd6f8900d80354361449f1bf62506ef9.tar.zst wallabag-a6b242a1fd6f8900d80354361449f1bf62506ef9.zip