1 files changed, 122 insertions, 30 deletions
diff --git a/src/Wallabag/UserBundle/Entity/User.php b/src/Wallabag/UserBundle/Entity/User.php
index 48446e3c..aeab761d 100644
--- a/src/Wallabag/UserBundle/Entity/User.php
+++ b/src/Wallabag/UserBundle/Entity/User.php
@@ -8,8 +8,9 @@ use FOS\UserBundle\Model\User as BaseUser;
 use JMS\Serializer\Annotation\Accessor;
 use JMS\Serializer\Annotation\Groups;
 use JMS\Serializer\Annotation\XmlRoot;
-use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface;
+use Scheb\TwoFactorBundle\Model\BackupCodeInterface;
-use Scheb\TwoFactorBundle\Model\TrustedComputerInterface;
+use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface as EmailTwoFactorInterface;
+use Scheb\TwoFactorBundle\Model\Google\TwoFactorInterface as GoogleTwoFactorInterface;
 use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Wallabag\ApiBundle\Entity\Client;
@@ -28,7 +29,7 @@ use Wallabag\CoreBundle\Helper\EntityTimestampsTrait;
 * @UniqueEntity("email")
 * @UniqueEntity("username")
 */
-class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterface
+class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorInterface, BackupCodeInterface
 {
    use EntityTimestampsTrait;
@@ -123,16 +124,21 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
    private $authCode;
    /**
-     * @var bool
+     * @ORM\Column(name="googleAuthenticatorSecret", type="string", nullable=true)
-     *
-     * @ORM\Column(type="boolean")
     */
-    private $twoFactorAuthentication = false;
+    private $googleAuthenticatorSecret;
    /**
     * @ORM\Column(type="json_array", nullable=true)
     */
-    private $trusted;
+    private $backupCodes;
+    /**
+     * @var bool
+     *
+     * @ORM\Column(type="boolean")
+     */
+    private $emailTwoFactor = false;
    public function __construct()
    {
@@ -182,8 +188,6 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
    }
    /**
-     * @param Entry $entry
-     *
     * @return User
     */
    public function addEntry(Entry $entry)
@@ -233,54 +237,122 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
    /**
     * @return bool
     */
-    public function isTwoFactorAuthentication()
+    public function isEmailTwoFactor()
    {
-        return $this->twoFactorAuthentication;
+        return $this->emailTwoFactor;
    }
    /**
-     * @param bool $twoFactorAuthentication
+     * @param bool $emailTwoFactor
     */
-    public function setTwoFactorAuthentication($twoFactorAuthentication)
+    public function setEmailTwoFactor($emailTwoFactor)
    {
-        $this->twoFactorAuthentication = $twoFactorAuthentication;
+        $this->emailTwoFactor = $emailTwoFactor;
    }
-    public function isEmailAuthEnabled()
+    /**
+     * Used in the user config form to be "like" the email option.
+     */
+    public function isGoogleTwoFactor()
    {
-        return $this->twoFactorAuthentication;
+        return $this->isGoogleAuthenticatorEnabled();
    }
-    public function getEmailAuthCode()
+    /**
+     * {@inheritdoc}
+     */
+    public function isEmailAuthEnabled(): bool
+    {
+        return $this->emailTwoFactor;
+    }
+    /**
+     * {@inheritdoc}
+     */
+    public function getEmailAuthCode(): string
    {
        return $this->authCode;
    }
-    public function setEmailAuthCode($authCode)
+    /**
+     * {@inheritdoc}
+     */
+    public function setEmailAuthCode(string $authCode): void
    {
        $this->authCode = $authCode;
    }
-    public function addTrustedComputer($token, \DateTime $validUntil)
+    /**
+     * {@inheritdoc}
+     */
+    public function getEmailAuthRecipient(): string
    {
-        $this->trusted[$token] = $validUntil->format('r');
+        return $this->email;
    }
-    public function isTrustedComputer($token)
+    /**
+     * {@inheritdoc}
+     */
+    public function isGoogleAuthenticatorEnabled(): bool
    {
-        if (isset($this->trusted[$token])) {
+        return $this->googleAuthenticatorSecret ? true : false;
-            $now = new \DateTime();
+    }
-            $validUntil = new \DateTime($this->trusted[$token]);
-            return $now < $validUntil;
+    /**
-        }
+     * {@inheritdoc}
+     */
+    public function getGoogleAuthenticatorUsername(): string
+    {
+        return $this->username;
+    }
-        return false;
+    /**
+     * {@inheritdoc}
+     */
+    public function getGoogleAuthenticatorSecret(): string
+    {
+        return $this->googleAuthenticatorSecret;
+    }
+    /**
+     * {@inheritdoc}
+     */
+    public function setGoogleAuthenticatorSecret(?string $googleAuthenticatorSecret): void
+    {
+        $this->googleAuthenticatorSecret = $googleAuthenticatorSecret;
+    }
+    public function setBackupCodes(array $codes = null)
+    {
+        $this->backupCodes = $codes;
+    }
+    public function getBackupCodes()
+    {
+        return $this->backupCodes;
+    }
+    /**
+     * {@inheritdoc}
+     */
+    public function isBackupCode(string $code): bool
+    {
+        return false === $this->findBackupCode($code) ? false : true;
+    }
+    /**
+     * {@inheritdoc}
+     */
+    public function invalidateBackupCode(string $code): void
+    {
+        $key = $this->findBackupCode($code);
+        if (false !== $key) {
+            unset($this->backupCodes[$key]);
+        }
    }
    /**
-     * @param Client $client
-     *
     * @return User
     */
    public function addClient(Client $client)
@@ -309,4 +381,24 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
            return $this->clients->first();
        }
    }
+    /**
+     * Try to find a backup code from the list of backup codes of the current user.
+     *
+     * @param string $code Given code from the user
+     *
+     * @return string|false
+     */
+    private function findBackupCode(string $code)
+    {
+        foreach ($this->backupCodes as $key => $backupCode) {
+            // backup code are hashed using `password_hash`
+            // see ConfigController->otpAppAction
+            if (password_verify($code, $backupCode)) {
+                return $key;
+            }
+        }
+        return false;
+    }
 }

diff --git a/src/Wallabag/UserBundle/Entity/User.php b/src/Wallabag/UserBundle/Entity/User.php index 48446e3c..aeab761d 100644 --- a/src/Wallabag/UserBundle/Entity/User.php +++ b/src/Wallabag/UserBundle/Entity/User.php
@@ -8,8 +8,9 @@ use FOS\UserBundle\Model\User as BaseUser;
8	use JMS\Serializer\Annotation\Accessor;	8	use JMS\Serializer\Annotation\Accessor;
9	use JMS\Serializer\Annotation\Groups;	9	use JMS\Serializer\Annotation\Groups;
10	use JMS\Serializer\Annotation\XmlRoot;	10	use JMS\Serializer\Annotation\XmlRoot;
11	use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface;	11	use Scheb\TwoFactorBundle\Model\BackupCodeInterface;
12	use Scheb\TwoFactorBundle\Model\TrustedComputerInterface;	12	use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface as EmailTwoFactorInterface;
		13	use Scheb\TwoFactorBundle\Model\Google\TwoFactorInterface as GoogleTwoFactorInterface;
13	use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;	14	use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
14	use Symfony\Component\Security\Core\User\UserInterface;	15	use Symfony\Component\Security\Core\User\UserInterface;
15	use Wallabag\ApiBundle\Entity\Client;	16	use Wallabag\ApiBundle\Entity\Client;
@@ -28,7 +29,7 @@ use Wallabag\CoreBundle\Helper\EntityTimestampsTrait;
28	* @UniqueEntity("email")	29	* @UniqueEntity("email")
29	* @UniqueEntity("username")	30	* @UniqueEntity("username")
30	*/	31	*/
31	class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterface	32	class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorInterface, BackupCodeInterface
32	{	33	{
33	use EntityTimestampsTrait;	34	use EntityTimestampsTrait;
34		35
@@ -123,16 +124,21 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
123	private $authCode;	124	private $authCode;
124		125
125	/**	126	/**
126	* @var bool	127	* @ORM\Column(name="googleAuthenticatorSecret", type="string", nullable=true)
127	*
128	* @ORM\Column(type="boolean")
129	*/	128	*/
130	private $twoFactorAuthentication = false;	129	private $googleAuthenticatorSecret;
131		130
132	/**	131	/**
133	* @ORM\Column(type="json_array", nullable=true)	132	* @ORM\Column(type="json_array", nullable=true)
134	*/	133	*/
135	private $trusted;	134	private $backupCodes;
		135
		136	/**
		137	* @var bool
		138	*
		139	* @ORM\Column(type="boolean")
		140	*/
		141	private $emailTwoFactor = false;
136		142
137	public function __construct()	143	public function __construct()
138	{	144	{
@@ -182,8 +188,6 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
182	}	188	}
183		189
184	/**	190	/**
185	* @param Entry $entry
186	*
187	* @return User	191	* @return User
188	*/	192	*/
189	public function addEntry(Entry $entry)	193	public function addEntry(Entry $entry)
@@ -233,54 +237,122 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
233	/**	237	/**
234	* @return bool	238	* @return bool
235	*/	239	*/
236	public function isTwoFactorAuthentication()	240	public function isEmailTwoFactor()
237	{	241	{
238	return $this->twoFactorAuthentication;	242	return $this->emailTwoFactor;
239	}	243	}
240		244
241	/**	245	/**
242	* @param bool $twoFactorAuthentication	246	* @param bool $emailTwoFactor
243	*/	247	*/
244	public function setTwoFactorAuthentication($twoFactorAuthentication)	248	public function setEmailTwoFactor($emailTwoFactor)
245	{	249	{
246	$this->twoFactorAuthentication = $twoFactorAuthentication;	250	$this->emailTwoFactor = $emailTwoFactor;
247	}	251	}
248		252
249	public function isEmailAuthEnabled()	253	/**
		254	* Used in the user config form to be "like" the email option.
		255	*/
		256	public function isGoogleTwoFactor()
250	{	257	{
251	return $this->twoFactorAuthentication;	258	return $this->isGoogleAuthenticatorEnabled();
252	}	259	}
253		260
254	public function getEmailAuthCode()	261	/**
		262	* {@inheritdoc}
		263	*/
		264	public function isEmailAuthEnabled(): bool
		265	{
		266	return $this->emailTwoFactor;
		267	}
		268
		269	/**
		270	* {@inheritdoc}
		271	*/
		272	public function getEmailAuthCode(): string
255	{	273	{
256	return $this->authCode;	274	return $this->authCode;
257	}	275	}
258		276
259	public function setEmailAuthCode($authCode)	277	/**
		278	* {@inheritdoc}
		279	*/
		280	public function setEmailAuthCode(string $authCode): void
260	{	281	{
261	$this->authCode = $authCode;	282	$this->authCode = $authCode;
262	}	283	}
263		284
264	public function addTrustedComputer($token, \DateTime $validUntil)	285	/**
		286	* {@inheritdoc}
		287	*/
		288	public function getEmailAuthRecipient(): string
265	{	289	{
266	$this->trusted[$token] = $validUntil->format('r');	290	return $this->email;
267	}	291	}
268		292
269	public function isTrustedComputer($token)	293	/**
		294	* {@inheritdoc}
		295	*/
		296	public function isGoogleAuthenticatorEnabled(): bool
270	{	297	{
271	if (isset($this->trusted[$token])) {	298	return $this->googleAuthenticatorSecret ? true : false;
272	$now = new \DateTime();	299	}
273	$validUntil = new \DateTime($this->trusted[$token]);
274		300
275	return $now < $validUntil;	301	/**
276	}	302	* {@inheritdoc}
		303	*/
		304	public function getGoogleAuthenticatorUsername(): string
		305	{
		306	return $this->username;
		307	}
277		308
278	return false;	309	/**
		310	* {@inheritdoc}
		311	*/
		312	public function getGoogleAuthenticatorSecret(): string
		313	{
		314	return $this->googleAuthenticatorSecret;
		315	}
		316
		317	/**
		318	* {@inheritdoc}
		319	*/
		320	public function setGoogleAuthenticatorSecret(?string $googleAuthenticatorSecret): void
		321	{
		322	$this->googleAuthenticatorSecret = $googleAuthenticatorSecret;
		323	}
		324
		325	public function setBackupCodes(array $codes = null)
		326	{
		327	$this->backupCodes = $codes;
		328	}
		329
		330	public function getBackupCodes()
		331	{
		332	return $this->backupCodes;
		333	}
		334
		335	/**
		336	* {@inheritdoc}
		337	*/
		338	public function isBackupCode(string $code): bool
		339	{
		340	return false === $this->findBackupCode($code) ? false : true;
		341	}
		342
		343	/**
		344	* {@inheritdoc}
		345	*/
		346	public function invalidateBackupCode(string $code): void
		347	{
		348	$key = $this->findBackupCode($code);
		349
		350	if (false !== $key) {
		351	unset($this->backupCodes[$key]);
		352	}
279	}	353	}
280		354
281	/**	355	/**
282	* @param Client $client
283	*
284	* @return User	356	* @return User
285	*/	357	*/
286	public function addClient(Client $client)	358	public function addClient(Client $client)
@@ -309,4 +381,24 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
309	return $this->clients->first();	381	return $this->clients->first();
310	}	382	}
311	}	383	}
		384
		385	/**
		386	* Try to find a backup code from the list of backup codes of the current user.
		387	*
		388	* @param string $code Given code from the user
		389	*
		390	* @return string\|false
		391	*/
		392	private function findBackupCode(string $code)
		393	{
		394	foreach ($this->backupCodes as $key => $backupCode) {
		395	// backup code are hashed using `password_hash`
		396	// see ConfigController->otpAppAction
		397	if (password_verify($code, $backupCode)) {
		398	return $key;
		399	}
		400	}
		401
		402	return false;
		403	}
312	}	404	}