aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/Wallabag/UserBundle/Entity/User.php
diff options
context:
space:
mode:
Diffstat (limited to 'src/Wallabag/UserBundle/Entity/User.php')
-rw-r--r--src/Wallabag/UserBundle/Entity/User.php148
1 files changed, 122 insertions, 26 deletions
diff --git a/src/Wallabag/UserBundle/Entity/User.php b/src/Wallabag/UserBundle/Entity/User.php
index 48446e3c..43fa6a80 100644
--- a/src/Wallabag/UserBundle/Entity/User.php
+++ b/src/Wallabag/UserBundle/Entity/User.php
@@ -8,8 +8,9 @@ use FOS\UserBundle\Model\User as BaseUser;
8use JMS\Serializer\Annotation\Accessor; 8use JMS\Serializer\Annotation\Accessor;
9use JMS\Serializer\Annotation\Groups; 9use JMS\Serializer\Annotation\Groups;
10use JMS\Serializer\Annotation\XmlRoot; 10use JMS\Serializer\Annotation\XmlRoot;
11use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface; 11use Scheb\TwoFactorBundle\Model\BackupCodeInterface;
12use Scheb\TwoFactorBundle\Model\TrustedComputerInterface; 12use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface as EmailTwoFactorInterface;
13use Scheb\TwoFactorBundle\Model\Google\TwoFactorInterface as GoogleTwoFactorInterface;
13use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity; 14use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
14use Symfony\Component\Security\Core\User\UserInterface; 15use Symfony\Component\Security\Core\User\UserInterface;
15use Wallabag\ApiBundle\Entity\Client; 16use Wallabag\ApiBundle\Entity\Client;
@@ -28,7 +29,7 @@ use Wallabag\CoreBundle\Helper\EntityTimestampsTrait;
28 * @UniqueEntity("email") 29 * @UniqueEntity("email")
29 * @UniqueEntity("username") 30 * @UniqueEntity("username")
30 */ 31 */
31class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterface 32class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorInterface, BackupCodeInterface
32{ 33{
33 use EntityTimestampsTrait; 34 use EntityTimestampsTrait;
34 35
@@ -123,16 +124,21 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
123 private $authCode; 124 private $authCode;
124 125
125 /** 126 /**
126 * @var bool 127 * @ORM\Column(name="googleAuthenticatorSecret", type="string", nullable=true)
127 *
128 * @ORM\Column(type="boolean")
129 */ 128 */
130 private $twoFactorAuthentication = false; 129 private $googleAuthenticatorSecret;
131 130
132 /** 131 /**
133 * @ORM\Column(type="json_array", nullable=true) 132 * @ORM\Column(type="json_array", nullable=true)
134 */ 133 */
135 private $trusted; 134 private $backupCodes;
135
136 /**
137 * @var bool
138 *
139 * @ORM\Column(type="boolean")
140 */
141 private $emailTwoFactor = false;
136 142
137 public function __construct() 143 public function __construct()
138 { 144 {
@@ -233,49 +239,119 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
233 /** 239 /**
234 * @return bool 240 * @return bool
235 */ 241 */
236 public function isTwoFactorAuthentication() 242 public function isEmailTwoFactor()
237 { 243 {
238 return $this->twoFactorAuthentication; 244 return $this->emailTwoFactor;
239 } 245 }
240 246
241 /** 247 /**
242 * @param bool $twoFactorAuthentication 248 * @param bool $emailTwoFactor
243 */ 249 */
244 public function setTwoFactorAuthentication($twoFactorAuthentication) 250 public function setEmailTwoFactor($emailTwoFactor)
245 { 251 {
246 $this->twoFactorAuthentication = $twoFactorAuthentication; 252 $this->emailTwoFactor = $emailTwoFactor;
247 } 253 }
248 254
249 public function isEmailAuthEnabled() 255 /**
256 * Used in the user config form to be "like" the email option.
257 */
258 public function isGoogleTwoFactor()
259 {
260 return $this->isGoogleAuthenticatorEnabled();
261 }
262
263 /**
264 * {@inheritdoc}
265 */
266 public function isEmailAuthEnabled(): bool
250 { 267 {
251 return $this->twoFactorAuthentication; 268 return $this->emailTwoFactor;
252 } 269 }
253 270
254 public function getEmailAuthCode() 271 /**
272 * {@inheritdoc}
273 */
274 public function getEmailAuthCode(): string
255 { 275 {
256 return $this->authCode; 276 return $this->authCode;
257 } 277 }
258 278
259 public function setEmailAuthCode($authCode) 279 /**
280 * {@inheritdoc}
281 */
282 public function setEmailAuthCode(string $authCode): void
260 { 283 {
261 $this->authCode = $authCode; 284 $this->authCode = $authCode;
262 } 285 }
263 286
264 public function addTrustedComputer($token, \DateTime $validUntil) 287 /**
288 * {@inheritdoc}
289 */
290 public function getEmailAuthRecipient(): string
265 { 291 {
266 $this->trusted[$token] = $validUntil->format('r'); 292 return $this->email;
267 } 293 }
268 294
269 public function isTrustedComputer($token) 295 /**
296 * {@inheritdoc}
297 */
298 public function isGoogleAuthenticatorEnabled(): bool
270 { 299 {
271 if (isset($this->trusted[$token])) { 300 return $this->googleAuthenticatorSecret ? true : false;
272 $now = new \DateTime(); 301 }
273 $validUntil = new \DateTime($this->trusted[$token]);
274 302
275 return $now < $validUntil; 303 /**
276 } 304 * {@inheritdoc}
305 */
306 public function getGoogleAuthenticatorUsername(): string
307 {
308 return $this->username;
309 }
277 310
278 return false; 311 /**
312 * {@inheritdoc}
313 */
314 public function getGoogleAuthenticatorSecret(): string
315 {
316 return $this->googleAuthenticatorSecret;
317 }
318
319 /**
320 * {@inheritdoc}
321 */
322 public function setGoogleAuthenticatorSecret(?string $googleAuthenticatorSecret): void
323 {
324 $this->googleAuthenticatorSecret = $googleAuthenticatorSecret;
325 }
326
327 public function setBackupCodes(array $codes = null)
328 {
329 $this->backupCodes = $codes;
330 }
331
332 public function getBackupCodes()
333 {
334 return $this->backupCodes;
335 }
336
337 /**
338 * {@inheritdoc}
339 */
340 public function isBackupCode(string $code): bool
341 {
342 return false === $this->findBackupCode($code) ? false : true;
343 }
344
345 /**
346 * {@inheritdoc}
347 */
348 public function invalidateBackupCode(string $code): void
349 {
350 $key = $this->findBackupCode($code);
351
352 if (false !== $key) {
353 unset($this->backupCodes[$key]);
354 }
279 } 355 }
280 356
281 /** 357 /**
@@ -309,4 +385,24 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
309 return $this->clients->first(); 385 return $this->clients->first();
310 } 386 }
311 } 387 }
388
389 /**
390 * Try to find a backup code from the list of backup codes of the current user.
391 *
392 * @param string $code Given code from the user
393 *
394 * @return string|false
395 */
396 private function findBackupCode(string $code)
397 {
398 foreach ($this->backupCodes as $key => $backupCode) {
399 // backup code are hashed using `password_hash`
400 // see ConfigController->otpAppAction
401 if (password_verify($code, $backupCode)) {
402 return $key;
403 }
404 }
405
406 return false;
407 }
312} 408}