aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/Wallabag/UserBundle/Entity/User.php
diff options
context:
space:
mode:
Diffstat (limited to 'src/Wallabag/UserBundle/Entity/User.php')
-rw-r--r--src/Wallabag/UserBundle/Entity/User.php152
1 files changed, 122 insertions, 30 deletions
diff --git a/src/Wallabag/UserBundle/Entity/User.php b/src/Wallabag/UserBundle/Entity/User.php
index 48446e3c..aeab761d 100644
--- a/src/Wallabag/UserBundle/Entity/User.php
+++ b/src/Wallabag/UserBundle/Entity/User.php
@@ -8,8 +8,9 @@ use FOS\UserBundle\Model\User as BaseUser;
8use JMS\Serializer\Annotation\Accessor; 8use JMS\Serializer\Annotation\Accessor;
9use JMS\Serializer\Annotation\Groups; 9use JMS\Serializer\Annotation\Groups;
10use JMS\Serializer\Annotation\XmlRoot; 10use JMS\Serializer\Annotation\XmlRoot;
11use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface; 11use Scheb\TwoFactorBundle\Model\BackupCodeInterface;
12use Scheb\TwoFactorBundle\Model\TrustedComputerInterface; 12use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface as EmailTwoFactorInterface;
13use Scheb\TwoFactorBundle\Model\Google\TwoFactorInterface as GoogleTwoFactorInterface;
13use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity; 14use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
14use Symfony\Component\Security\Core\User\UserInterface; 15use Symfony\Component\Security\Core\User\UserInterface;
15use Wallabag\ApiBundle\Entity\Client; 16use Wallabag\ApiBundle\Entity\Client;
@@ -28,7 +29,7 @@ use Wallabag\CoreBundle\Helper\EntityTimestampsTrait;
28 * @UniqueEntity("email") 29 * @UniqueEntity("email")
29 * @UniqueEntity("username") 30 * @UniqueEntity("username")
30 */ 31 */
31class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterface 32class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorInterface, BackupCodeInterface
32{ 33{
33 use EntityTimestampsTrait; 34 use EntityTimestampsTrait;
34 35
@@ -123,16 +124,21 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
123 private $authCode; 124 private $authCode;
124 125
125 /** 126 /**
126 * @var bool 127 * @ORM\Column(name="googleAuthenticatorSecret", type="string", nullable=true)
127 *
128 * @ORM\Column(type="boolean")
129 */ 128 */
130 private $twoFactorAuthentication = false; 129 private $googleAuthenticatorSecret;
131 130
132 /** 131 /**
133 * @ORM\Column(type="json_array", nullable=true) 132 * @ORM\Column(type="json_array", nullable=true)
134 */ 133 */
135 private $trusted; 134 private $backupCodes;
135
136 /**
137 * @var bool
138 *
139 * @ORM\Column(type="boolean")
140 */
141 private $emailTwoFactor = false;
136 142
137 public function __construct() 143 public function __construct()
138 { 144 {
@@ -182,8 +188,6 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
182 } 188 }
183 189
184 /** 190 /**
185 * @param Entry $entry
186 *
187 * @return User 191 * @return User
188 */ 192 */
189 public function addEntry(Entry $entry) 193 public function addEntry(Entry $entry)
@@ -233,54 +237,122 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
233 /** 237 /**
234 * @return bool 238 * @return bool
235 */ 239 */
236 public function isTwoFactorAuthentication() 240 public function isEmailTwoFactor()
237 { 241 {
238 return $this->twoFactorAuthentication; 242 return $this->emailTwoFactor;
239 } 243 }
240 244
241 /** 245 /**
242 * @param bool $twoFactorAuthentication 246 * @param bool $emailTwoFactor
243 */ 247 */
244 public function setTwoFactorAuthentication($twoFactorAuthentication) 248 public function setEmailTwoFactor($emailTwoFactor)
245 { 249 {
246 $this->twoFactorAuthentication = $twoFactorAuthentication; 250 $this->emailTwoFactor = $emailTwoFactor;
247 } 251 }
248 252
249 public function isEmailAuthEnabled() 253 /**
254 * Used in the user config form to be "like" the email option.
255 */
256 public function isGoogleTwoFactor()
250 { 257 {
251 return $this->twoFactorAuthentication; 258 return $this->isGoogleAuthenticatorEnabled();
252 } 259 }
253 260
254 public function getEmailAuthCode() 261 /**
262 * {@inheritdoc}
263 */
264 public function isEmailAuthEnabled(): bool
265 {
266 return $this->emailTwoFactor;
267 }
268
269 /**
270 * {@inheritdoc}
271 */
272 public function getEmailAuthCode(): string
255 { 273 {
256 return $this->authCode; 274 return $this->authCode;
257 } 275 }
258 276
259 public function setEmailAuthCode($authCode) 277 /**
278 * {@inheritdoc}
279 */
280 public function setEmailAuthCode(string $authCode): void
260 { 281 {
261 $this->authCode = $authCode; 282 $this->authCode = $authCode;
262 } 283 }
263 284
264 public function addTrustedComputer($token, \DateTime $validUntil) 285 /**
286 * {@inheritdoc}
287 */
288 public function getEmailAuthRecipient(): string
265 { 289 {
266 $this->trusted[$token] = $validUntil->format('r'); 290 return $this->email;
267 } 291 }
268 292
269 public function isTrustedComputer($token) 293 /**
294 * {@inheritdoc}
295 */
296 public function isGoogleAuthenticatorEnabled(): bool
270 { 297 {
271 if (isset($this->trusted[$token])) { 298 return $this->googleAuthenticatorSecret ? true : false;
272 $now = new \DateTime(); 299 }
273 $validUntil = new \DateTime($this->trusted[$token]);
274 300
275 return $now < $validUntil; 301 /**
276 } 302 * {@inheritdoc}
303 */
304 public function getGoogleAuthenticatorUsername(): string
305 {
306 return $this->username;
307 }
277 308
278 return false; 309 /**
310 * {@inheritdoc}
311 */
312 public function getGoogleAuthenticatorSecret(): string
313 {
314 return $this->googleAuthenticatorSecret;
315 }
316
317 /**
318 * {@inheritdoc}
319 */
320 public function setGoogleAuthenticatorSecret(?string $googleAuthenticatorSecret): void
321 {
322 $this->googleAuthenticatorSecret = $googleAuthenticatorSecret;
323 }
324
325 public function setBackupCodes(array $codes = null)
326 {
327 $this->backupCodes = $codes;
328 }
329
330 public function getBackupCodes()
331 {
332 return $this->backupCodes;
333 }
334
335 /**
336 * {@inheritdoc}
337 */
338 public function isBackupCode(string $code): bool
339 {
340 return false === $this->findBackupCode($code) ? false : true;
341 }
342
343 /**
344 * {@inheritdoc}
345 */
346 public function invalidateBackupCode(string $code): void
347 {
348 $key = $this->findBackupCode($code);
349
350 if (false !== $key) {
351 unset($this->backupCodes[$key]);
352 }
279 } 353 }
280 354
281 /** 355 /**
282 * @param Client $client
283 *
284 * @return User 356 * @return User
285 */ 357 */
286 public function addClient(Client $client) 358 public function addClient(Client $client)
@@ -309,4 +381,24 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
309 return $this->clients->first(); 381 return $this->clients->first();
310 } 382 }
311 } 383 }
384
385 /**
386 * Try to find a backup code from the list of backup codes of the current user.
387 *
388 * @param string $code Given code from the user
389 *
390 * @return string|false
391 */
392 private function findBackupCode(string $code)
393 {
394 foreach ($this->backupCodes as $key => $backupCode) {
395 // backup code are hashed using `password_hash`
396 // see ConfigController->otpAppAction
397 if (password_verify($code, $backupCode)) {
398 return $key;
399 }
400 }
401
402 return false;
403 }
312} 404}