Merge pull request #3798 from wallabag/update-two-factor-bundle

Enable OTP 2FA
author: Kevin Decherf <kevin@kdecherf.com> 2019-01-30 01:02:27 +0100
committer: GitHub <noreply@github.com> 2019-01-30 01:02:27 +0100
commit: 2e5b3fa361098498a9e42a65396a27e1eb487fba (patch)
tree: f20677c3d68c1ea756f0835ff179a0d7d3431a67 /src/Wallabag/UserBundle/Entity
parent: c6024246b744e411175318065f7c396bbb5a213e (diff)
parent: 4654a83b6438b88e3b7062a21d18999d9df2fb8e (diff)
download: wallabag-2e5b3fa361098498a9e42a65396a27e1eb487fba.tar.gz
wallabag-2e5b3fa361098498a9e42a65396a27e1eb487fba.tar.zst
wallabag-2e5b3fa361098498a9e42a65396a27e1eb487fba.zip
1 files changed, 122 insertions, 26 deletions
diff --git a/src/Wallabag/UserBundle/Entity/User.php b/src/Wallabag/UserBundle/Entity/User.php
index 48446e3c..43fa6a80 100644
--- a/src/Wallabag/UserBundle/Entity/User.php
+++ b/src/Wallabag/UserBundle/Entity/User.php
@@ -8,8 +8,9 @@ use FOS\UserBundle\Model\User as BaseUser;
 use JMS\Serializer\Annotation\Accessor;
 use JMS\Serializer\Annotation\Groups;
 use JMS\Serializer\Annotation\XmlRoot;
-use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface;
+use Scheb\TwoFactorBundle\Model\BackupCodeInterface;
-use Scheb\TwoFactorBundle\Model\TrustedComputerInterface;
+use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface as EmailTwoFactorInterface;
+use Scheb\TwoFactorBundle\Model\Google\TwoFactorInterface as GoogleTwoFactorInterface;
 use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Wallabag\ApiBundle\Entity\Client;
@@ -28,7 +29,7 @@ use Wallabag\CoreBundle\Helper\EntityTimestampsTrait;
 * @UniqueEntity("email")
 * @UniqueEntity("username")
 */
-class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterface
+class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorInterface, BackupCodeInterface
 {
    use EntityTimestampsTrait;
@@ -123,16 +124,21 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
    private $authCode;
    /**
-     * @var bool
+     * @ORM\Column(name="googleAuthenticatorSecret", type="string", nullable=true)
-     *
-     * @ORM\Column(type="boolean")
     */
-    private $twoFactorAuthentication = false;
+    private $googleAuthenticatorSecret;
    /**
     * @ORM\Column(type="json_array", nullable=true)
     */
-    private $trusted;
+    private $backupCodes;
+    /**
+     * @var bool
+     *
+     * @ORM\Column(type="boolean")
+     */
+    private $emailTwoFactor = false;
    public function __construct()
    {
@@ -233,49 +239,119 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
    /**
     * @return bool
     */
-    public function isTwoFactorAuthentication()
+    public function isEmailTwoFactor()
    {
-        return $this->twoFactorAuthentication;
+        return $this->emailTwoFactor;
    }
    /**
-     * @param bool $twoFactorAuthentication
+     * @param bool $emailTwoFactor
     */
-    public function setTwoFactorAuthentication($twoFactorAuthentication)
+    public function setEmailTwoFactor($emailTwoFactor)
    {
-        $this->twoFactorAuthentication = $twoFactorAuthentication;
+        $this->emailTwoFactor = $emailTwoFactor;
    }
-    public function isEmailAuthEnabled()
+    /**
+     * Used in the user config form to be "like" the email option.
+     */
+    public function isGoogleTwoFactor()
+    {
+        return $this->isGoogleAuthenticatorEnabled();
+    }
+    /**
+     * {@inheritdoc}
+     */
+    public function isEmailAuthEnabled(): bool
    {
-        return $this->twoFactorAuthentication;
+        return $this->emailTwoFactor;
    }
-    public function getEmailAuthCode()
+    /**
+     * {@inheritdoc}
+     */
+    public function getEmailAuthCode(): string
    {
        return $this->authCode;
    }
-    public function setEmailAuthCode($authCode)
+    /**
+     * {@inheritdoc}
+     */
+    public function setEmailAuthCode(string $authCode): void
    {
        $this->authCode = $authCode;
    }
-    public function addTrustedComputer($token, \DateTime $validUntil)
+    /**
+     * {@inheritdoc}
+     */
+    public function getEmailAuthRecipient(): string
    {
-        $this->trusted[$token] = $validUntil->format('r');
+        return $this->email;
    }
-    public function isTrustedComputer($token)
+    /**
+     * {@inheritdoc}
+     */
+    public function isGoogleAuthenticatorEnabled(): bool
    {
-        if (isset($this->trusted[$token])) {
+        return $this->googleAuthenticatorSecret ? true : false;
-            $now = new \DateTime();
+    }
-            $validUntil = new \DateTime($this->trusted[$token]);
-            return $now < $validUntil;
+    /**
-        }
+     * {@inheritdoc}
+     */
+    public function getGoogleAuthenticatorUsername(): string
+    {
+        return $this->username;
+    }
-        return false;
+    /**
+     * {@inheritdoc}
+     */
+    public function getGoogleAuthenticatorSecret(): string
+    {
+        return $this->googleAuthenticatorSecret;
+    }
+    /**
+     * {@inheritdoc}
+     */
+    public function setGoogleAuthenticatorSecret(?string $googleAuthenticatorSecret): void
+    {
+        $this->googleAuthenticatorSecret = $googleAuthenticatorSecret;
+    }
+    public function setBackupCodes(array $codes = null)
+    {
+        $this->backupCodes = $codes;
+    }
+    public function getBackupCodes()
+    {
+        return $this->backupCodes;
+    }
+    /**
+     * {@inheritdoc}
+     */
+    public function isBackupCode(string $code): bool
+    {
+        return false === $this->findBackupCode($code) ? false : true;
+    }
+    /**
+     * {@inheritdoc}
+     */
+    public function invalidateBackupCode(string $code): void
+    {
+        $key = $this->findBackupCode($code);
+        if (false !== $key) {
+            unset($this->backupCodes[$key]);
+        }
    }
    /**
@@ -309,4 +385,24 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
            return $this->clients->first();
        }
    }
+    /**
+     * Try to find a backup code from the list of backup codes of the current user.
+     *
+     * @param string $code Given code from the user
+     *
+     * @return string|false
+     */
+    private function findBackupCode(string $code)
+    {
+        foreach ($this->backupCodes as $key => $backupCode) {
+            // backup code are hashed using `password_hash`
+            // see ConfigController->otpAppAction
+            if (password_verify($code, $backupCode)) {
+                return $key;
+            }
+        }
+        return false;
+    }
 }
author	Kevin Decherf <kevin@kdecherf.com>	2019-01-30 01:02:27 +0100
committer	GitHub <noreply@github.com>	2019-01-30 01:02:27 +0100
commit	2e5b3fa361098498a9e42a65396a27e1eb487fba (patch)
tree	f20677c3d68c1ea756f0835ff179a0d7d3431a67 /src/Wallabag/UserBundle/Entity
parent	c6024246b744e411175318065f7c396bbb5a213e (diff)
parent	4654a83b6438b88e3b7062a21d18999d9df2fb8e (diff)
download	wallabag-2e5b3fa361098498a9e42a65396a27e1eb487fba.tar.gz wallabag-2e5b3fa361098498a9e42a65396a27e1eb487fba.tar.zst wallabag-2e5b3fa361098498a9e42a65396a27e1eb487fba.zip

diff --git a/src/Wallabag/UserBundle/Entity/User.php b/src/Wallabag/UserBundle/Entity/User.php index 48446e3c..43fa6a80 100644 --- a/src/Wallabag/UserBundle/Entity/User.php +++ b/src/Wallabag/UserBundle/Entity/User.php
@@ -8,8 +8,9 @@ use FOS\UserBundle\Model\User as BaseUser;
8	use JMS\Serializer\Annotation\Accessor;	8	use JMS\Serializer\Annotation\Accessor;
9	use JMS\Serializer\Annotation\Groups;	9	use JMS\Serializer\Annotation\Groups;
10	use JMS\Serializer\Annotation\XmlRoot;	10	use JMS\Serializer\Annotation\XmlRoot;
11	use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface;	11	use Scheb\TwoFactorBundle\Model\BackupCodeInterface;
12	use Scheb\TwoFactorBundle\Model\TrustedComputerInterface;	12	use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface as EmailTwoFactorInterface;
		13	use Scheb\TwoFactorBundle\Model\Google\TwoFactorInterface as GoogleTwoFactorInterface;
13	use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;	14	use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
14	use Symfony\Component\Security\Core\User\UserInterface;	15	use Symfony\Component\Security\Core\User\UserInterface;
15	use Wallabag\ApiBundle\Entity\Client;	16	use Wallabag\ApiBundle\Entity\Client;
@@ -28,7 +29,7 @@ use Wallabag\CoreBundle\Helper\EntityTimestampsTrait;
28	* @UniqueEntity("email")	29	* @UniqueEntity("email")
29	* @UniqueEntity("username")	30	* @UniqueEntity("username")
30	*/	31	*/
31	class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterface	32	class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorInterface, BackupCodeInterface
32	{	33	{
33	use EntityTimestampsTrait;	34	use EntityTimestampsTrait;
34		35
@@ -123,16 +124,21 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
123	private $authCode;	124	private $authCode;
124		125
125	/**	126	/**
126	* @var bool	127	* @ORM\Column(name="googleAuthenticatorSecret", type="string", nullable=true)
127	*
128	* @ORM\Column(type="boolean")
129	*/	128	*/
130	private $twoFactorAuthentication = false;	129	private $googleAuthenticatorSecret;
131		130
132	/**	131	/**
133	* @ORM\Column(type="json_array", nullable=true)	132	* @ORM\Column(type="json_array", nullable=true)
134	*/	133	*/
135	private $trusted;	134	private $backupCodes;
		135
		136	/**
		137	* @var bool
		138	*
		139	* @ORM\Column(type="boolean")
		140	*/
		141	private $emailTwoFactor = false;
136		142
137	public function __construct()	143	public function __construct()
138	{	144	{
@@ -233,49 +239,119 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
233	/**	239	/**
234	* @return bool	240	* @return bool
235	*/	241	*/
236	public function isTwoFactorAuthentication()	242	public function isEmailTwoFactor()
237	{	243	{
238	return $this->twoFactorAuthentication;	244	return $this->emailTwoFactor;
239	}	245	}
240		246
241	/**	247	/**
242	* @param bool $twoFactorAuthentication	248	* @param bool $emailTwoFactor
243	*/	249	*/
244	public function setTwoFactorAuthentication($twoFactorAuthentication)	250	public function setEmailTwoFactor($emailTwoFactor)
245	{	251	{
246	$this->twoFactorAuthentication = $twoFactorAuthentication;	252	$this->emailTwoFactor = $emailTwoFactor;
247	}	253	}
248		254
249	public function isEmailAuthEnabled()	255	/**
		256	* Used in the user config form to be "like" the email option.
		257	*/
		258	public function isGoogleTwoFactor()
		259	{
		260	return $this->isGoogleAuthenticatorEnabled();
		261	}
		262
		263	/**
		264	* {@inheritdoc}
		265	*/
		266	public function isEmailAuthEnabled(): bool
250	{	267	{
251	return $this->twoFactorAuthentication;	268	return $this->emailTwoFactor;
252	}	269	}
253		270
254	public function getEmailAuthCode()	271	/**
		272	* {@inheritdoc}
		273	*/
		274	public function getEmailAuthCode(): string
255	{	275	{
256	return $this->authCode;	276	return $this->authCode;
257	}	277	}
258		278
259	public function setEmailAuthCode($authCode)	279	/**
		280	* {@inheritdoc}
		281	*/
		282	public function setEmailAuthCode(string $authCode): void
260	{	283	{
261	$this->authCode = $authCode;	284	$this->authCode = $authCode;
262	}	285	}
263		286
264	public function addTrustedComputer($token, \DateTime $validUntil)	287	/**
		288	* {@inheritdoc}
		289	*/
		290	public function getEmailAuthRecipient(): string
265	{	291	{
266	$this->trusted[$token] = $validUntil->format('r');	292	return $this->email;
267	}	293	}
268		294
269	public function isTrustedComputer($token)	295	/**
		296	* {@inheritdoc}
		297	*/
		298	public function isGoogleAuthenticatorEnabled(): bool
270	{	299	{
271	if (isset($this->trusted[$token])) {	300	return $this->googleAuthenticatorSecret ? true : false;
272	$now = new \DateTime();	301	}
273	$validUntil = new \DateTime($this->trusted[$token]);
274		302
275	return $now < $validUntil;	303	/**
276	}	304	* {@inheritdoc}
		305	*/
		306	public function getGoogleAuthenticatorUsername(): string
		307	{
		308	return $this->username;
		309	}
277		310
278	return false;	311	/**
		312	* {@inheritdoc}
		313	*/
		314	public function getGoogleAuthenticatorSecret(): string
		315	{
		316	return $this->googleAuthenticatorSecret;
		317	}
		318
		319	/**
		320	* {@inheritdoc}
		321	*/
		322	public function setGoogleAuthenticatorSecret(?string $googleAuthenticatorSecret): void
		323	{
		324	$this->googleAuthenticatorSecret = $googleAuthenticatorSecret;
		325	}
		326
		327	public function setBackupCodes(array $codes = null)
		328	{
		329	$this->backupCodes = $codes;
		330	}
		331
		332	public function getBackupCodes()
		333	{
		334	return $this->backupCodes;
		335	}
		336
		337	/**
		338	* {@inheritdoc}
		339	*/
		340	public function isBackupCode(string $code): bool
		341	{
		342	return false === $this->findBackupCode($code) ? false : true;
		343	}
		344
		345	/**
		346	* {@inheritdoc}
		347	*/
		348	public function invalidateBackupCode(string $code): void
		349	{
		350	$key = $this->findBackupCode($code);
		351
		352	if (false !== $key) {
		353	unset($this->backupCodes[$key]);
		354	}
279	}	355	}
280		356
281	/**	357	/**
@@ -309,4 +385,24 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
309	return $this->clients->first();	385	return $this->clients->first();
310	}	386	}
311	}	387	}
		388
		389	/**
		390	* Try to find a backup code from the list of backup codes of the current user.
		391	*
		392	* @param string $code Given code from the user
		393	*
		394	* @return string\|false
		395	*/
		396	private function findBackupCode(string $code)
		397	{
		398	foreach ($this->backupCodes as $key => $backupCode) {
		399	// backup code are hashed using `password_hash`
		400	// see ConfigController->otpAppAction
		401	if (password_verify($code, $backupCode)) {
		402	return $key;
		403	}
		404	}
		405
		406	return false;
		407	}
312	}	408	}