diff options
Diffstat (limited to 'src/Wallabag/UserBundle/Entity/User.php')
-rw-r--r-- | src/Wallabag/UserBundle/Entity/User.php | 152 |
1 files changed, 122 insertions, 30 deletions
diff --git a/src/Wallabag/UserBundle/Entity/User.php b/src/Wallabag/UserBundle/Entity/User.php index 48446e3c..aeab761d 100644 --- a/src/Wallabag/UserBundle/Entity/User.php +++ b/src/Wallabag/UserBundle/Entity/User.php | |||
@@ -8,8 +8,9 @@ use FOS\UserBundle\Model\User as BaseUser; | |||
8 | use JMS\Serializer\Annotation\Accessor; | 8 | use JMS\Serializer\Annotation\Accessor; |
9 | use JMS\Serializer\Annotation\Groups; | 9 | use JMS\Serializer\Annotation\Groups; |
10 | use JMS\Serializer\Annotation\XmlRoot; | 10 | use JMS\Serializer\Annotation\XmlRoot; |
11 | use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface; | 11 | use Scheb\TwoFactorBundle\Model\BackupCodeInterface; |
12 | use Scheb\TwoFactorBundle\Model\TrustedComputerInterface; | 12 | use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface as EmailTwoFactorInterface; |
13 | use Scheb\TwoFactorBundle\Model\Google\TwoFactorInterface as GoogleTwoFactorInterface; | ||
13 | use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity; | 14 | use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity; |
14 | use Symfony\Component\Security\Core\User\UserInterface; | 15 | use Symfony\Component\Security\Core\User\UserInterface; |
15 | use Wallabag\ApiBundle\Entity\Client; | 16 | use Wallabag\ApiBundle\Entity\Client; |
@@ -28,7 +29,7 @@ use Wallabag\CoreBundle\Helper\EntityTimestampsTrait; | |||
28 | * @UniqueEntity("email") | 29 | * @UniqueEntity("email") |
29 | * @UniqueEntity("username") | 30 | * @UniqueEntity("username") |
30 | */ | 31 | */ |
31 | class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterface | 32 | class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorInterface, BackupCodeInterface |
32 | { | 33 | { |
33 | use EntityTimestampsTrait; | 34 | use EntityTimestampsTrait; |
34 | 35 | ||
@@ -123,16 +124,21 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf | |||
123 | private $authCode; | 124 | private $authCode; |
124 | 125 | ||
125 | /** | 126 | /** |
126 | * @var bool | 127 | * @ORM\Column(name="googleAuthenticatorSecret", type="string", nullable=true) |
127 | * | ||
128 | * @ORM\Column(type="boolean") | ||
129 | */ | 128 | */ |
130 | private $twoFactorAuthentication = false; | 129 | private $googleAuthenticatorSecret; |
131 | 130 | ||
132 | /** | 131 | /** |
133 | * @ORM\Column(type="json_array", nullable=true) | 132 | * @ORM\Column(type="json_array", nullable=true) |
134 | */ | 133 | */ |
135 | private $trusted; | 134 | private $backupCodes; |
135 | |||
136 | /** | ||
137 | * @var bool | ||
138 | * | ||
139 | * @ORM\Column(type="boolean") | ||
140 | */ | ||
141 | private $emailTwoFactor = false; | ||
136 | 142 | ||
137 | public function __construct() | 143 | public function __construct() |
138 | { | 144 | { |
@@ -182,8 +188,6 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf | |||
182 | } | 188 | } |
183 | 189 | ||
184 | /** | 190 | /** |
185 | * @param Entry $entry | ||
186 | * | ||
187 | * @return User | 191 | * @return User |
188 | */ | 192 | */ |
189 | public function addEntry(Entry $entry) | 193 | public function addEntry(Entry $entry) |
@@ -233,54 +237,122 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf | |||
233 | /** | 237 | /** |
234 | * @return bool | 238 | * @return bool |
235 | */ | 239 | */ |
236 | public function isTwoFactorAuthentication() | 240 | public function isEmailTwoFactor() |
237 | { | 241 | { |
238 | return $this->twoFactorAuthentication; | 242 | return $this->emailTwoFactor; |
239 | } | 243 | } |
240 | 244 | ||
241 | /** | 245 | /** |
242 | * @param bool $twoFactorAuthentication | 246 | * @param bool $emailTwoFactor |
243 | */ | 247 | */ |
244 | public function setTwoFactorAuthentication($twoFactorAuthentication) | 248 | public function setEmailTwoFactor($emailTwoFactor) |
245 | { | 249 | { |
246 | $this->twoFactorAuthentication = $twoFactorAuthentication; | 250 | $this->emailTwoFactor = $emailTwoFactor; |
247 | } | 251 | } |
248 | 252 | ||
249 | public function isEmailAuthEnabled() | 253 | /** |
254 | * Used in the user config form to be "like" the email option. | ||
255 | */ | ||
256 | public function isGoogleTwoFactor() | ||
250 | { | 257 | { |
251 | return $this->twoFactorAuthentication; | 258 | return $this->isGoogleAuthenticatorEnabled(); |
252 | } | 259 | } |
253 | 260 | ||
254 | public function getEmailAuthCode() | 261 | /** |
262 | * {@inheritdoc} | ||
263 | */ | ||
264 | public function isEmailAuthEnabled(): bool | ||
265 | { | ||
266 | return $this->emailTwoFactor; | ||
267 | } | ||
268 | |||
269 | /** | ||
270 | * {@inheritdoc} | ||
271 | */ | ||
272 | public function getEmailAuthCode(): string | ||
255 | { | 273 | { |
256 | return $this->authCode; | 274 | return $this->authCode; |
257 | } | 275 | } |
258 | 276 | ||
259 | public function setEmailAuthCode($authCode) | 277 | /** |
278 | * {@inheritdoc} | ||
279 | */ | ||
280 | public function setEmailAuthCode(string $authCode): void | ||
260 | { | 281 | { |
261 | $this->authCode = $authCode; | 282 | $this->authCode = $authCode; |
262 | } | 283 | } |
263 | 284 | ||
264 | public function addTrustedComputer($token, \DateTime $validUntil) | 285 | /** |
286 | * {@inheritdoc} | ||
287 | */ | ||
288 | public function getEmailAuthRecipient(): string | ||
265 | { | 289 | { |
266 | $this->trusted[$token] = $validUntil->format('r'); | 290 | return $this->email; |
267 | } | 291 | } |
268 | 292 | ||
269 | public function isTrustedComputer($token) | 293 | /** |
294 | * {@inheritdoc} | ||
295 | */ | ||
296 | public function isGoogleAuthenticatorEnabled(): bool | ||
270 | { | 297 | { |
271 | if (isset($this->trusted[$token])) { | 298 | return $this->googleAuthenticatorSecret ? true : false; |
272 | $now = new \DateTime(); | 299 | } |
273 | $validUntil = new \DateTime($this->trusted[$token]); | ||
274 | 300 | ||
275 | return $now < $validUntil; | 301 | /** |
276 | } | 302 | * {@inheritdoc} |
303 | */ | ||
304 | public function getGoogleAuthenticatorUsername(): string | ||
305 | { | ||
306 | return $this->username; | ||
307 | } | ||
277 | 308 | ||
278 | return false; | 309 | /** |
310 | * {@inheritdoc} | ||
311 | */ | ||
312 | public function getGoogleAuthenticatorSecret(): string | ||
313 | { | ||
314 | return $this->googleAuthenticatorSecret; | ||
315 | } | ||
316 | |||
317 | /** | ||
318 | * {@inheritdoc} | ||
319 | */ | ||
320 | public function setGoogleAuthenticatorSecret(?string $googleAuthenticatorSecret): void | ||
321 | { | ||
322 | $this->googleAuthenticatorSecret = $googleAuthenticatorSecret; | ||
323 | } | ||
324 | |||
325 | public function setBackupCodes(array $codes = null) | ||
326 | { | ||
327 | $this->backupCodes = $codes; | ||
328 | } | ||
329 | |||
330 | public function getBackupCodes() | ||
331 | { | ||
332 | return $this->backupCodes; | ||
333 | } | ||
334 | |||
335 | /** | ||
336 | * {@inheritdoc} | ||
337 | */ | ||
338 | public function isBackupCode(string $code): bool | ||
339 | { | ||
340 | return false === $this->findBackupCode($code) ? false : true; | ||
341 | } | ||
342 | |||
343 | /** | ||
344 | * {@inheritdoc} | ||
345 | */ | ||
346 | public function invalidateBackupCode(string $code): void | ||
347 | { | ||
348 | $key = $this->findBackupCode($code); | ||
349 | |||
350 | if (false !== $key) { | ||
351 | unset($this->backupCodes[$key]); | ||
352 | } | ||
279 | } | 353 | } |
280 | 354 | ||
281 | /** | 355 | /** |
282 | * @param Client $client | ||
283 | * | ||
284 | * @return User | 356 | * @return User |
285 | */ | 357 | */ |
286 | public function addClient(Client $client) | 358 | public function addClient(Client $client) |
@@ -309,4 +381,24 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf | |||
309 | return $this->clients->first(); | 381 | return $this->clients->first(); |
310 | } | 382 | } |
311 | } | 383 | } |
384 | |||
385 | /** | ||
386 | * Try to find a backup code from the list of backup codes of the current user. | ||
387 | * | ||
388 | * @param string $code Given code from the user | ||
389 | * | ||
390 | * @return string|false | ||
391 | */ | ||
392 | private function findBackupCode(string $code) | ||
393 | { | ||
394 | foreach ($this->backupCodes as $key => $backupCode) { | ||
395 | // backup code are hashed using `password_hash` | ||
396 | // see ConfigController->otpAppAction | ||
397 | if (password_verify($code, $backupCode)) { | ||
398 | return $key; | ||
399 | } | ||
400 | } | ||
401 | |||
402 | return false; | ||
403 | } | ||
312 | } | 404 | } |