aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/Wallabag/UserBundle
diff options
context:
space:
mode:
authorKevin Decherf <kevin@kdecherf.com>2019-01-30 01:02:27 +0100
committerGitHub <noreply@github.com>2019-01-30 01:02:27 +0100
commit2e5b3fa361098498a9e42a65396a27e1eb487fba (patch)
treef20677c3d68c1ea756f0835ff179a0d7d3431a67 /src/Wallabag/UserBundle
parentc6024246b744e411175318065f7c396bbb5a213e (diff)
parent4654a83b6438b88e3b7062a21d18999d9df2fb8e (diff)
downloadwallabag-2e5b3fa361098498a9e42a65396a27e1eb487fba.tar.gz
wallabag-2e5b3fa361098498a9e42a65396a27e1eb487fba.tar.zst
wallabag-2e5b3fa361098498a9e42a65396a27e1eb487fba.zip
Merge pull request #3798 from wallabag/update-two-factor-bundle
Enable OTP 2FA
Diffstat (limited to 'src/Wallabag/UserBundle')
-rw-r--r--src/Wallabag/UserBundle/Controller/ManageController.php33
-rw-r--r--src/Wallabag/UserBundle/Entity/User.php148
-rw-r--r--src/Wallabag/UserBundle/Form/UserType.php9
-rw-r--r--src/Wallabag/UserBundle/Mailer/AuthCodeMailer.php4
-rw-r--r--src/Wallabag/UserBundle/Resources/views/Authentication/form.html.twig14
-rw-r--r--src/Wallabag/UserBundle/Resources/views/Manage/edit.html.twig11
6 files changed, 172 insertions, 47 deletions
diff --git a/src/Wallabag/UserBundle/Controller/ManageController.php b/src/Wallabag/UserBundle/Controller/ManageController.php
index a9746fb4..63a06206 100644
--- a/src/Wallabag/UserBundle/Controller/ManageController.php
+++ b/src/Wallabag/UserBundle/Controller/ManageController.php
@@ -62,14 +62,29 @@ class ManageController extends Controller
62 */ 62 */
63 public function editAction(Request $request, User $user) 63 public function editAction(Request $request, User $user)
64 { 64 {
65 $userManager = $this->container->get('fos_user.user_manager');
66
65 $deleteForm = $this->createDeleteForm($user); 67 $deleteForm = $this->createDeleteForm($user);
66 $editForm = $this->createForm('Wallabag\UserBundle\Form\UserType', $user); 68 $form = $this->createForm('Wallabag\UserBundle\Form\UserType', $user);
67 $editForm->handleRequest($request); 69 $form->handleRequest($request);
68 70
69 if ($editForm->isSubmitted() && $editForm->isValid()) { 71 // `googleTwoFactor` isn't a field within the User entity, we need to define it's value in a different way
70 $em = $this->getDoctrine()->getManager(); 72 if ($this->getParameter('twofactor_auth') && true === $user->isGoogleAuthenticatorEnabled() && false === $form->isSubmitted()) {
71 $em->persist($user); 73 $form->get('googleTwoFactor')->setData(true);
72 $em->flush(); 74 }
75
76 if ($form->isSubmitted() && $form->isValid()) {
77 // handle creation / reset of the OTP secret if checkbox changed from the previous state
78 if ($this->getParameter('twofactor_auth')) {
79 if (true === $form->get('googleTwoFactor')->getData() && false === $user->isGoogleAuthenticatorEnabled()) {
80 $user->setGoogleAuthenticatorSecret($this->get('scheb_two_factor.security.google_authenticator')->generateSecret());
81 $user->setEmailTwoFactor(false);
82 } elseif (false === $form->get('googleTwoFactor')->getData() && true === $user->isGoogleAuthenticatorEnabled()) {
83 $user->setGoogleAuthenticatorSecret(null);
84 }
85 }
86
87 $userManager->updateUser($user);
73 88
74 $this->get('session')->getFlashBag()->add( 89 $this->get('session')->getFlashBag()->add(
75 'notice', 90 'notice',
@@ -81,7 +96,7 @@ class ManageController extends Controller
81 96
82 return $this->render('WallabagUserBundle:Manage:edit.html.twig', [ 97 return $this->render('WallabagUserBundle:Manage:edit.html.twig', [
83 'user' => $user, 98 'user' => $user,
84 'edit_form' => $editForm->createView(), 99 'edit_form' => $form->createView(),
85 'delete_form' => $deleteForm->createView(), 100 'delete_form' => $deleteForm->createView(),
86 'twofactor_auth' => $this->getParameter('twofactor_auth'), 101 'twofactor_auth' => $this->getParameter('twofactor_auth'),
87 ]); 102 ]);
@@ -131,8 +146,6 @@ class ManageController extends Controller
131 $form->handleRequest($request); 146 $form->handleRequest($request);
132 147
133 if ($form->isSubmitted() && $form->isValid()) { 148 if ($form->isSubmitted() && $form->isValid()) {
134 $this->get('logger')->info('searching users');
135
136 $searchTerm = (isset($request->get('search_user')['term']) ? $request->get('search_user')['term'] : ''); 149 $searchTerm = (isset($request->get('search_user')['term']) ? $request->get('search_user')['term'] : '');
137 150
138 $qb = $em->getRepository('WallabagUserBundle:User')->getQueryBuilderForSearch($searchTerm); 151 $qb = $em->getRepository('WallabagUserBundle:User')->getQueryBuilderForSearch($searchTerm);
@@ -157,7 +170,7 @@ class ManageController extends Controller
157 } 170 }
158 171
159 /** 172 /**
160 * Creates a form to delete a User entity. 173 * Create a form to delete a User entity.
161 * 174 *
162 * @param User $user The User entity 175 * @param User $user The User entity
163 * 176 *
diff --git a/src/Wallabag/UserBundle/Entity/User.php b/src/Wallabag/UserBundle/Entity/User.php
index 48446e3c..43fa6a80 100644
--- a/src/Wallabag/UserBundle/Entity/User.php
+++ b/src/Wallabag/UserBundle/Entity/User.php
@@ -8,8 +8,9 @@ use FOS\UserBundle\Model\User as BaseUser;
8use JMS\Serializer\Annotation\Accessor; 8use JMS\Serializer\Annotation\Accessor;
9use JMS\Serializer\Annotation\Groups; 9use JMS\Serializer\Annotation\Groups;
10use JMS\Serializer\Annotation\XmlRoot; 10use JMS\Serializer\Annotation\XmlRoot;
11use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface; 11use Scheb\TwoFactorBundle\Model\BackupCodeInterface;
12use Scheb\TwoFactorBundle\Model\TrustedComputerInterface; 12use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface as EmailTwoFactorInterface;
13use Scheb\TwoFactorBundle\Model\Google\TwoFactorInterface as GoogleTwoFactorInterface;
13use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity; 14use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
14use Symfony\Component\Security\Core\User\UserInterface; 15use Symfony\Component\Security\Core\User\UserInterface;
15use Wallabag\ApiBundle\Entity\Client; 16use Wallabag\ApiBundle\Entity\Client;
@@ -28,7 +29,7 @@ use Wallabag\CoreBundle\Helper\EntityTimestampsTrait;
28 * @UniqueEntity("email") 29 * @UniqueEntity("email")
29 * @UniqueEntity("username") 30 * @UniqueEntity("username")
30 */ 31 */
31class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterface 32class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorInterface, BackupCodeInterface
32{ 33{
33 use EntityTimestampsTrait; 34 use EntityTimestampsTrait;
34 35
@@ -123,16 +124,21 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
123 private $authCode; 124 private $authCode;
124 125
125 /** 126 /**
126 * @var bool 127 * @ORM\Column(name="googleAuthenticatorSecret", type="string", nullable=true)
127 *
128 * @ORM\Column(type="boolean")
129 */ 128 */
130 private $twoFactorAuthentication = false; 129 private $googleAuthenticatorSecret;
131 130
132 /** 131 /**
133 * @ORM\Column(type="json_array", nullable=true) 132 * @ORM\Column(type="json_array", nullable=true)
134 */ 133 */
135 private $trusted; 134 private $backupCodes;
135
136 /**
137 * @var bool
138 *
139 * @ORM\Column(type="boolean")
140 */
141 private $emailTwoFactor = false;
136 142
137 public function __construct() 143 public function __construct()
138 { 144 {
@@ -233,49 +239,119 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
233 /** 239 /**
234 * @return bool 240 * @return bool
235 */ 241 */
236 public function isTwoFactorAuthentication() 242 public function isEmailTwoFactor()
237 { 243 {
238 return $this->twoFactorAuthentication; 244 return $this->emailTwoFactor;
239 } 245 }
240 246
241 /** 247 /**
242 * @param bool $twoFactorAuthentication 248 * @param bool $emailTwoFactor
243 */ 249 */
244 public function setTwoFactorAuthentication($twoFactorAuthentication) 250 public function setEmailTwoFactor($emailTwoFactor)
245 { 251 {
246 $this->twoFactorAuthentication = $twoFactorAuthentication; 252 $this->emailTwoFactor = $emailTwoFactor;
247 } 253 }
248 254
249 public function isEmailAuthEnabled() 255 /**
256 * Used in the user config form to be "like" the email option.
257 */
258 public function isGoogleTwoFactor()
259 {
260 return $this->isGoogleAuthenticatorEnabled();
261 }
262
263 /**
264 * {@inheritdoc}
265 */
266 public function isEmailAuthEnabled(): bool
250 { 267 {
251 return $this->twoFactorAuthentication; 268 return $this->emailTwoFactor;
252 } 269 }
253 270
254 public function getEmailAuthCode() 271 /**
272 * {@inheritdoc}
273 */
274 public function getEmailAuthCode(): string
255 { 275 {
256 return $this->authCode; 276 return $this->authCode;
257 } 277 }
258 278
259 public function setEmailAuthCode($authCode) 279 /**
280 * {@inheritdoc}
281 */
282 public function setEmailAuthCode(string $authCode): void
260 { 283 {
261 $this->authCode = $authCode; 284 $this->authCode = $authCode;
262 } 285 }
263 286
264 public function addTrustedComputer($token, \DateTime $validUntil) 287 /**
288 * {@inheritdoc}
289 */
290 public function getEmailAuthRecipient(): string
265 { 291 {
266 $this->trusted[$token] = $validUntil->format('r'); 292 return $this->email;
267 } 293 }
268 294
269 public function isTrustedComputer($token) 295 /**
296 * {@inheritdoc}
297 */
298 public function isGoogleAuthenticatorEnabled(): bool
270 { 299 {
271 if (isset($this->trusted[$token])) { 300 return $this->googleAuthenticatorSecret ? true : false;
272 $now = new \DateTime(); 301 }
273 $validUntil = new \DateTime($this->trusted[$token]);
274 302
275 return $now < $validUntil; 303 /**
276 } 304 * {@inheritdoc}
305 */
306 public function getGoogleAuthenticatorUsername(): string
307 {
308 return $this->username;
309 }
277 310
278 return false; 311 /**
312 * {@inheritdoc}
313 */
314 public function getGoogleAuthenticatorSecret(): string
315 {
316 return $this->googleAuthenticatorSecret;
317 }
318
319 /**
320 * {@inheritdoc}
321 */
322 public function setGoogleAuthenticatorSecret(?string $googleAuthenticatorSecret): void
323 {
324 $this->googleAuthenticatorSecret = $googleAuthenticatorSecret;
325 }
326
327 public function setBackupCodes(array $codes = null)
328 {
329 $this->backupCodes = $codes;
330 }
331
332 public function getBackupCodes()
333 {
334 return $this->backupCodes;
335 }
336
337 /**
338 * {@inheritdoc}
339 */
340 public function isBackupCode(string $code): bool
341 {
342 return false === $this->findBackupCode($code) ? false : true;
343 }
344
345 /**
346 * {@inheritdoc}
347 */
348 public function invalidateBackupCode(string $code): void
349 {
350 $key = $this->findBackupCode($code);
351
352 if (false !== $key) {
353 unset($this->backupCodes[$key]);
354 }
279 } 355 }
280 356
281 /** 357 /**
@@ -309,4 +385,24 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
309 return $this->clients->first(); 385 return $this->clients->first();
310 } 386 }
311 } 387 }
388
389 /**
390 * Try to find a backup code from the list of backup codes of the current user.
391 *
392 * @param string $code Given code from the user
393 *
394 * @return string|false
395 */
396 private function findBackupCode(string $code)
397 {
398 foreach ($this->backupCodes as $key => $backupCode) {
399 // backup code are hashed using `password_hash`
400 // see ConfigController->otpAppAction
401 if (password_verify($code, $backupCode)) {
402 return $key;
403 }
404 }
405
406 return false;
407 }
312} 408}
diff --git a/src/Wallabag/UserBundle/Form/UserType.php b/src/Wallabag/UserBundle/Form/UserType.php
index 56fea640..026db9a2 100644
--- a/src/Wallabag/UserBundle/Form/UserType.php
+++ b/src/Wallabag/UserBundle/Form/UserType.php
@@ -35,9 +35,14 @@ class UserType extends AbstractType
35 'required' => false, 35 'required' => false,
36 'label' => 'user.form.enabled_label', 36 'label' => 'user.form.enabled_label',
37 ]) 37 ])
38 ->add('twoFactorAuthentication', CheckboxType::class, [ 38 ->add('emailTwoFactor', CheckboxType::class, [
39 'required' => false, 39 'required' => false,
40 'label' => 'user.form.twofactor_label', 40 'label' => 'user.form.twofactor_email_label',
41 ])
42 ->add('googleTwoFactor', CheckboxType::class, [
43 'required' => false,
44 'label' => 'user.form.twofactor_google_label',
45 'mapped' => false,
41 ]) 46 ])
42 ->add('save', SubmitType::class, [ 47 ->add('save', SubmitType::class, [
43 'label' => 'user.form.save', 48 'label' => 'user.form.save',
diff --git a/src/Wallabag/UserBundle/Mailer/AuthCodeMailer.php b/src/Wallabag/UserBundle/Mailer/AuthCodeMailer.php
index aed805c9..2797efde 100644
--- a/src/Wallabag/UserBundle/Mailer/AuthCodeMailer.php
+++ b/src/Wallabag/UserBundle/Mailer/AuthCodeMailer.php
@@ -78,7 +78,7 @@ class AuthCodeMailer implements AuthCodeMailerInterface
78 * 78 *
79 * @param TwoFactorInterface $user 79 * @param TwoFactorInterface $user
80 */ 80 */
81 public function sendAuthCode(TwoFactorInterface $user) 81 public function sendAuthCode(TwoFactorInterface $user): void
82 { 82 {
83 $template = $this->twig->loadTemplate('WallabagUserBundle:TwoFactor:email_auth_code.html.twig'); 83 $template = $this->twig->loadTemplate('WallabagUserBundle:TwoFactor:email_auth_code.html.twig');
84 84
@@ -97,7 +97,7 @@ class AuthCodeMailer implements AuthCodeMailerInterface
97 97
98 $message = new \Swift_Message(); 98 $message = new \Swift_Message();
99 $message 99 $message
100 ->setTo($user->getEmail()) 100 ->setTo($user->getEmailAuthRecipient())
101 ->setFrom($this->senderEmail, $this->senderName) 101 ->setFrom($this->senderEmail, $this->senderName)
102 ->setSubject($subject) 102 ->setSubject($subject)
103 ->setBody($bodyText, 'text/plain') 103 ->setBody($bodyText, 'text/plain')
diff --git a/src/Wallabag/UserBundle/Resources/views/Authentication/form.html.twig b/src/Wallabag/UserBundle/Resources/views/Authentication/form.html.twig
index c8471bdd..47a5cb78 100644
--- a/src/Wallabag/UserBundle/Resources/views/Authentication/form.html.twig
+++ b/src/Wallabag/UserBundle/Resources/views/Authentication/form.html.twig
@@ -1,7 +1,8 @@
1{# Override `vendor/scheb/two-factor-bundle/Resources/views/Authentication/form.html.twig` #}
1{% extends "WallabagUserBundle::layout.html.twig" %} 2{% extends "WallabagUserBundle::layout.html.twig" %}
2 3
3{% block fos_user_content %} 4{% block fos_user_content %}
4<form class="form" action="" method="post"> 5<form class="form" action="{{ path("2fa_login_check") }}" method="post">
5 <div class="card-content"> 6 <div class="card-content">
6 <div class="row"> 7 <div class="row">
7 8
@@ -9,14 +10,19 @@
9 <p class="error">{{ flashMessage|trans }}</p> 10 <p class="error">{{ flashMessage|trans }}</p>
10 {% endfor %} 11 {% endfor %}
11 12
13 {# Authentication errors #}
14 {% if authenticationError %}
15 <p class="error">{{ authenticationError|trans(authenticationErrorData) }}</p>
16 {% endif %}
17
12 <div class="input-field col s12"> 18 <div class="input-field col s12">
13 <label for="_auth_code">{{ "scheb_two_factor.auth_code"|trans }}</label> 19 <label for="_auth_code">{{ "scheb_two_factor.auth_code"|trans }}</label>
14 <input id="_auth_code" type="text" autocomplete="off" name="_auth_code" /> 20 <input id="_auth_code" type="text" autocomplete="off" name="{{ authCodeParameterName }}" />
15 </div> 21 </div>
16 22
17 {% if useTrustedOption %} 23 {% if displayTrustedOption %}
18 <div class="input-field col s12"> 24 <div class="input-field col s12">
19 <input id="_trusted" type="checkbox" name="_trusted" /> 25 <input id="_trusted" type="checkbox" name="{{ trustedParameterName }}" />
20 <label for="_trusted">{{ "scheb_two_factor.trusted"|trans }}</label> 26 <label for="_trusted">{{ "scheb_two_factor.trusted"|trans }}</label>
21 </div> 27 </div>
22 {% endif %} 28 {% endif %}
diff --git a/src/Wallabag/UserBundle/Resources/views/Manage/edit.html.twig b/src/Wallabag/UserBundle/Resources/views/Manage/edit.html.twig
index 3ffd15f5..2de8f3a5 100644
--- a/src/Wallabag/UserBundle/Resources/views/Manage/edit.html.twig
+++ b/src/Wallabag/UserBundle/Resources/views/Manage/edit.html.twig
@@ -50,9 +50,14 @@
50 {% if twofactor_auth %} 50 {% if twofactor_auth %}
51 <div class="row"> 51 <div class="row">
52 <div class="input-field col s12"> 52 <div class="input-field col s12">
53 {{ form_widget(edit_form.twoFactorAuthentication) }} 53 {{ form_widget(edit_form.emailTwoFactor) }}
54 {{ form_label(edit_form.twoFactorAuthentication) }} 54 {{ form_label(edit_form.emailTwoFactor) }}
55 {{ form_errors(edit_form.twoFactorAuthentication) }} 55 {{ form_errors(edit_form.emailTwoFactor) }}
56 </div>
57 <div class="input-field col s12">
58 {{ form_widget(edit_form.googleTwoFactor) }}
59 {{ form_label(edit_form.googleTwoFactor) }}
60 {{ form_errors(edit_form.googleTwoFactor) }}
56 </div> 61 </div>
57 </div> 62 </div>
58 {% endif %} 63 {% endif %}