12 files changed, 198 insertions, 78 deletions

diff --git a/src/Wallabag/UserBundle/Controller/ManageController.php b/src/Wallabag/UserBundle/Controller/ManageController.php
index f3de656f..63a06206 100644
--- a/src/Wallabag/UserBundle/Controller/ManageController.php
+++ b/src/Wallabag/UserBundle/Controller/ManageController.php
@@ -7,10 +7,9 @@ use FOS\UserBundle\FOSUserEvents;
 use Pagerfanta\Adapter\DoctrineORMAdapter;
 use Pagerfanta\Exception\OutOfRangeCurrentPageException;
 use Pagerfanta\Pagerfanta;
-use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
-use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
 use Symfony\Bundle\FrameworkBundle\Controller\Controller;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Routing\Annotation\Route;
 use Wallabag\UserBundle\Entity\User;
 use Wallabag\UserBundle\Form\SearchUserType;
 
@@ -22,8 +21,7 @@ class ManageController extends Controller
     /**
      * Creates a new User entity.
      *
-     * @Route("/new", name="user_new")
-     * @Method({"GET", "POST"})
+     * @Route("/new", name="user_new", methods={"GET", "POST"})
      */
     public function newAction(Request $request)
     {
@@ -60,19 +58,33 @@ class ManageController extends Controller
     /**
      * Displays a form to edit an existing User entity.
      *
-     * @Route("/{id}/edit", name="user_edit")
-     * @Method({"GET", "POST"})
+     * @Route("/{id}/edit", name="user_edit", methods={"GET", "POST"})
      */
     public function editAction(Request $request, User $user)
     {
+        $userManager = $this->container->get('fos_user.user_manager');
+
         $deleteForm = $this->createDeleteForm($user);
-        $editForm = $this->createForm('Wallabag\UserBundle\Form\UserType', $user);
-        $editForm->handleRequest($request);
+        $form = $this->createForm('Wallabag\UserBundle\Form\UserType', $user);
+        $form->handleRequest($request);
 
-        if ($editForm->isSubmitted() && $editForm->isValid()) {
-            $em = $this->getDoctrine()->getManager();
-            $em->persist($user);
-            $em->flush();
+        // `googleTwoFactor` isn't a field within the User entity, we need to define it's value in a different way
+        if ($this->getParameter('twofactor_auth') && true === $user->isGoogleAuthenticatorEnabled() && false === $form->isSubmitted()) {
+            $form->get('googleTwoFactor')->setData(true);
+        }
+
+        if ($form->isSubmitted() && $form->isValid()) {
+            // handle creation / reset of the OTP secret if checkbox changed from the previous state
+            if ($this->getParameter('twofactor_auth')) {
+                if (true === $form->get('googleTwoFactor')->getData() && false === $user->isGoogleAuthenticatorEnabled()) {
+                    $user->setGoogleAuthenticatorSecret($this->get('scheb_two_factor.security.google_authenticator')->generateSecret());
+                    $user->setEmailTwoFactor(false);
+                } elseif (false === $form->get('googleTwoFactor')->getData() && true === $user->isGoogleAuthenticatorEnabled()) {
+                    $user->setGoogleAuthenticatorSecret(null);
+                }
+            }
+
+            $userManager->updateUser($user);
 
             $this->get('session')->getFlashBag()->add(
                 'notice',
@@ -84,7 +96,7 @@ class ManageController extends Controller
 
         return $this->render('WallabagUserBundle:Manage:edit.html.twig', [
             'user' => $user,
-            'edit_form' => $editForm->createView(),
+            'edit_form' => $form->createView(),
             'delete_form' => $deleteForm->createView(),
             'twofactor_auth' => $this->getParameter('twofactor_auth'),
         ]);
@@ -93,8 +105,7 @@ class ManageController extends Controller
     /**
      * Deletes a User entity.
      *
-     * @Route("/{id}", name="user_delete")
-     * @Method("DELETE")
+     * @Route("/{id}", name="user_delete", methods={"DELETE"})
      */
     public function deleteAction(Request $request, User $user)
     {
@@ -135,8 +146,6 @@ class ManageController extends Controller
         $form->handleRequest($request);
 
         if ($form->isSubmitted() && $form->isValid()) {
-            $this->get('logger')->info('searching users');
-
             $searchTerm = (isset($request->get('search_user')['term']) ? $request->get('search_user')['term'] : '');
 
             $qb = $em->getRepository('WallabagUserBundle:User')->getQueryBuilderForSearch($searchTerm);
@@ -161,7 +170,7 @@ class ManageController extends Controller
     }
 
     /**
-     * Creates a form to delete a User entity.
+     * Create a form to delete a User entity.
      *
      * @param User $user The User entity
      *
diff --git a/src/Wallabag/UserBundle/DataFixtures/ORM/LoadUserData.php b/src/Wallabag/UserBundle/DataFixtures/UserFixtures.php
index 26dbda3b..1e375e09 100644
--- a/src/Wallabag/UserBundle/DataFixtures/ORM/LoadUserData.php
+++ b/src/Wallabag/UserBundle/DataFixtures/UserFixtures.php
@@ -1,13 +1,12 @@
 <?php
 
-namespace Wallabag\UserBundle\DataFixtures\ORM;
+namespace Wallabag\UserBundle\DataFixtures;
 
-use Doctrine\Common\DataFixtures\AbstractFixture;
-use Doctrine\Common\DataFixtures\OrderedFixtureInterface;
+use Doctrine\Bundle\FixturesBundle\Fixture;
 use Doctrine\Common\Persistence\ObjectManager;
 use Wallabag\UserBundle\Entity\User;
 
-class LoadUserData extends AbstractFixture implements OrderedFixtureInterface
+class UserFixtures extends Fixture
 {
     /**
      * {@inheritdoc}
@@ -50,12 +49,4 @@ class LoadUserData extends AbstractFixture implements OrderedFixtureInterface
 
         $manager->flush();
     }
-
-    /**
-     * {@inheritdoc}
-     */
-    public function getOrder()
-    {
-        return 10;
-    }
 }
diff --git a/src/Wallabag/UserBundle/Entity/User.php b/src/Wallabag/UserBundle/Entity/User.php
index 48446e3c..43fa6a80 100644
--- a/src/Wallabag/UserBundle/Entity/User.php
+++ b/src/Wallabag/UserBundle/Entity/User.php
@@ -8,8 +8,9 @@ use FOS\UserBundle\Model\User as BaseUser;
 use JMS\Serializer\Annotation\Accessor;
 use JMS\Serializer\Annotation\Groups;
 use JMS\Serializer\Annotation\XmlRoot;
-use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface;
-use Scheb\TwoFactorBundle\Model\TrustedComputerInterface;
+use Scheb\TwoFactorBundle\Model\BackupCodeInterface;
+use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface as EmailTwoFactorInterface;
+use Scheb\TwoFactorBundle\Model\Google\TwoFactorInterface as GoogleTwoFactorInterface;
 use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Wallabag\ApiBundle\Entity\Client;
@@ -28,7 +29,7 @@ use Wallabag\CoreBundle\Helper\EntityTimestampsTrait;
  * @UniqueEntity("email")
  * @UniqueEntity("username")
  */
-class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterface
+class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorInterface, BackupCodeInterface
 {
     use EntityTimestampsTrait;
 
@@ -123,16 +124,21 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
     private $authCode;
 
     /**
-     * @var bool
-     *
-     * @ORM\Column(type="boolean")
+     * @ORM\Column(name="googleAuthenticatorSecret", type="string", nullable=true)
      */
-    private $twoFactorAuthentication = false;
+    private $googleAuthenticatorSecret;
 
     /**
      * @ORM\Column(type="json_array", nullable=true)
      */
-    private $trusted;
+    private $backupCodes;
+
+    /**
+     * @var bool
+     *
+     * @ORM\Column(type="boolean")
+     */
+    private $emailTwoFactor = false;
 
     public function __construct()
     {
@@ -233,49 +239,119 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
     /**
      * @return bool
      */
-    public function isTwoFactorAuthentication()
+    public function isEmailTwoFactor()
     {
-        return $this->twoFactorAuthentication;
+        return $this->emailTwoFactor;
     }
 
     /**
-     * @param bool $twoFactorAuthentication
+     * @param bool $emailTwoFactor
      */
-    public function setTwoFactorAuthentication($twoFactorAuthentication)
+    public function setEmailTwoFactor($emailTwoFactor)
     {
-        $this->twoFactorAuthentication = $twoFactorAuthentication;
+        $this->emailTwoFactor = $emailTwoFactor;
     }
 
-    public function isEmailAuthEnabled()
+    /**
+     * Used in the user config form to be "like" the email option.
+     */
+    public function isGoogleTwoFactor()
+    {
+        return $this->isGoogleAuthenticatorEnabled();
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function isEmailAuthEnabled(): bool
     {
-        return $this->twoFactorAuthentication;
+        return $this->emailTwoFactor;
     }
 
-    public function getEmailAuthCode()
+    /**
+     * {@inheritdoc}
+     */
+    public function getEmailAuthCode(): string
     {
         return $this->authCode;
     }
 
-    public function setEmailAuthCode($authCode)
+    /**
+     * {@inheritdoc}
+     */
+    public function setEmailAuthCode(string $authCode): void
     {
         $this->authCode = $authCode;
     }
 
-    public function addTrustedComputer($token, \DateTime $validUntil)
+    /**
+     * {@inheritdoc}
+     */
+    public function getEmailAuthRecipient(): string
     {
-        $this->trusted[$token] = $validUntil->format('r');
+        return $this->email;
     }
 
-    public function isTrustedComputer($token)
+    /**
+     * {@inheritdoc}
+     */
+    public function isGoogleAuthenticatorEnabled(): bool
     {
-        if (isset($this->trusted[$token])) {
-            $now = new \DateTime();
-            $validUntil = new \DateTime($this->trusted[$token]);
+        return $this->googleAuthenticatorSecret ? true : false;
+    }
 
-            return $now < $validUntil;
-        }
+    /**
+     * {@inheritdoc}
+     */
+    public function getGoogleAuthenticatorUsername(): string
+    {
+        return $this->username;
+    }
 
-        return false;
+    /**
+     * {@inheritdoc}
+     */
+    public function getGoogleAuthenticatorSecret(): string
+    {
+        return $this->googleAuthenticatorSecret;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function setGoogleAuthenticatorSecret(?string $googleAuthenticatorSecret): void
+    {
+        $this->googleAuthenticatorSecret = $googleAuthenticatorSecret;
+    }
+
+    public function setBackupCodes(array $codes = null)
+    {
+        $this->backupCodes = $codes;
+    }
+
+    public function getBackupCodes()
+    {
+        return $this->backupCodes;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function isBackupCode(string $code): bool
+    {
+        return false === $this->findBackupCode($code) ? false : true;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function invalidateBackupCode(string $code): void
+    {
+        $key = $this->findBackupCode($code);
+
+        if (false !== $key) {
+            unset($this->backupCodes[$key]);
+        }
     }
 
     /**
@@ -309,4 +385,24 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf
             return $this->clients->first();
         }
     }
+
+    /**
+     * Try to find a backup code from the list of backup codes of the current user.
+     *
+     * @param string $code Given code from the user
+     *
+     * @return string|false
+     */
+    private function findBackupCode(string $code)
+    {
+        foreach ($this->backupCodes as $key => $backupCode) {
+            // backup code are hashed using `password_hash`
+            // see ConfigController->otpAppAction
+            if (password_verify($code, $backupCode)) {
+                return $key;
+            }
+        }
+
+        return false;
+    }
 }
diff --git a/src/Wallabag/UserBundle/EventListener/CreateConfigListener.php b/src/Wallabag/UserBundle/EventListener/CreateConfigListener.php
index e4d55c19..81954213 100644
--- a/src/Wallabag/UserBundle/EventListener/CreateConfigListener.php
+++ b/src/Wallabag/UserBundle/EventListener/CreateConfigListener.php
@@ -6,6 +6,7 @@ use Doctrine\ORM\EntityManager;
 use FOS\UserBundle\Event\UserEvent;
 use FOS\UserBundle\FOSUserEvents;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\HttpFoundation\Session\Session;
 use Wallabag\CoreBundle\Entity\Config;
 
 /**
@@ -17,22 +18,24 @@ class CreateConfigListener implements EventSubscriberInterface
     private $em;
     private $theme;
     private $itemsOnPage;
-    private $rssLimit;
+    private $feedLimit;
     private $language;
     private $readingSpeed;
     private $actionMarkAsRead;
     private $listMode;
+    private $session;
 
-    public function __construct(EntityManager $em, $theme, $itemsOnPage, $rssLimit, $language, $readingSpeed, $actionMarkAsRead, $listMode)
+    public function __construct(EntityManager $em, $theme, $itemsOnPage, $feedLimit, $language, $readingSpeed, $actionMarkAsRead, $listMode, Session $session)
     {
         $this->em = $em;
         $this->theme = $theme;
         $this->itemsOnPage = $itemsOnPage;
-        $this->rssLimit = $rssLimit;
+        $this->feedLimit = $feedLimit;
         $this->language = $language;
         $this->readingSpeed = $readingSpeed;
         $this->actionMarkAsRead = $actionMarkAsRead;
         $this->listMode = $listMode;
+        $this->session = $session;
     }
 
     public static function getSubscribedEvents()
@@ -51,8 +54,8 @@ class CreateConfigListener implements EventSubscriberInterface
         $config = new Config($event->getUser());
         $config->setTheme($this->theme);
         $config->setItemsPerPage($this->itemsOnPage);
-        $config->setRssLimit($this->rssLimit);
-        $config->setLanguage($this->language);
+        $config->setFeedLimit($this->feedLimit);
+        $config->setLanguage($this->session->get('_locale', $this->language));
         $config->setReadingSpeed($this->readingSpeed);
         $config->setActionMarkAsRead($this->actionMarkAsRead);
         $config->setListMode($this->listMode);
diff --git a/src/Wallabag/UserBundle/Form/UserType.php b/src/Wallabag/UserBundle/Form/UserType.php
index 56fea640..026db9a2 100644
--- a/src/Wallabag/UserBundle/Form/UserType.php
+++ b/src/Wallabag/UserBundle/Form/UserType.php
@@ -35,9 +35,14 @@ class UserType extends AbstractType
                 'required' => false,
                 'label' => 'user.form.enabled_label',
             ])
-            ->add('twoFactorAuthentication', CheckboxType::class, [
+            ->add('emailTwoFactor', CheckboxType::class, [
                 'required' => false,
-                'label' => 'user.form.twofactor_label',
+                'label' => 'user.form.twofactor_email_label',
+            ])
+            ->add('googleTwoFactor', CheckboxType::class, [
+                'required' => false,
+                'label' => 'user.form.twofactor_google_label',
+                'mapped' => false,
             ])
             ->add('save', SubmitType::class, [
                 'label' => 'user.form.save',
diff --git a/src/Wallabag/UserBundle/Mailer/AuthCodeMailer.php b/src/Wallabag/UserBundle/Mailer/AuthCodeMailer.php
index aed805c9..2797efde 100644
--- a/src/Wallabag/UserBundle/Mailer/AuthCodeMailer.php
+++ b/src/Wallabag/UserBundle/Mailer/AuthCodeMailer.php
@@ -78,7 +78,7 @@ class AuthCodeMailer implements AuthCodeMailerInterface
      *
      * @param TwoFactorInterface $user
      */
-    public function sendAuthCode(TwoFactorInterface $user)
+    public function sendAuthCode(TwoFactorInterface $user): void
     {
         $template = $this->twig->loadTemplate('WallabagUserBundle:TwoFactor:email_auth_code.html.twig');
 
@@ -97,7 +97,7 @@ class AuthCodeMailer implements AuthCodeMailerInterface
 
         $message = new \Swift_Message();
         $message
-            ->setTo($user->getEmail())
+            ->setTo($user->getEmailAuthRecipient())
             ->setFrom($this->senderEmail, $this->senderName)
             ->setSubject($subject)
             ->setBody($bodyText, 'text/plain')
diff --git a/src/Wallabag/UserBundle/Repository/UserRepository.php b/src/Wallabag/UserBundle/Repository/UserRepository.php
index be693d3b..4abd55f1 100644
--- a/src/Wallabag/UserBundle/Repository/UserRepository.php
+++ b/src/Wallabag/UserBundle/Repository/UserRepository.php
@@ -9,18 +9,18 @@ use Wallabag\UserBundle\Entity\User;
 class UserRepository extends EntityRepository
 {
     /**
-     * Find a user by its username and rss roken.
+     * Find a user by its username and Feed token.
      *
      * @param string $username
-     * @param string $rssToken
+     * @param string $feedToken
      *
      * @return User|null
      */
-    public function findOneByUsernameAndRsstoken($username, $rssToken)
+    public function findOneByUsernameAndFeedtoken($username, $feedToken)
     {
         return $this->createQueryBuilder('u')
             ->leftJoin('u.config', 'c')
-            ->where('c.rssToken = :rss_token')->setParameter('rss_token', $rssToken)
+            ->where('c.feedToken = :feed_token')->setParameter('feed_token', $feedToken)
             ->andWhere('u.username = :username')->setParameter('username', $username)
             ->getQuery()
             ->getOneOrNullResult();
diff --git a/src/Wallabag/UserBundle/Resources/config/services.yml b/src/Wallabag/UserBundle/Resources/config/services.yml
index d3925de3..2dcf3011 100644
--- a/src/Wallabag/UserBundle/Resources/config/services.yml
+++ b/src/Wallabag/UserBundle/Resources/config/services.yml
@@ -28,11 +28,12 @@ services:
             - "@doctrine.orm.entity_manager"
             - "%wallabag_core.theme%"
             - "%wallabag_core.items_on_page%"
-            - "%wallabag_core.rss_limit%"
+            - "%wallabag_core.feed_limit%"
             - "%wallabag_core.language%"
             - "%wallabag_core.reading_speed%"
             - "%wallabag_core.action_mark_as_read%"
             - "%wallabag_core.list_mode%"
+            - "@session"
         tags:
             - { name: kernel.event_subscriber }
 
diff --git a/src/Wallabag/UserBundle/Resources/views/Authentication/form.html.twig b/src/Wallabag/UserBundle/Resources/views/Authentication/form.html.twig
index c8471bdd..47a5cb78 100644
--- a/src/Wallabag/UserBundle/Resources/views/Authentication/form.html.twig
+++ b/src/Wallabag/UserBundle/Resources/views/Authentication/form.html.twig
@@ -1,7 +1,8 @@
+{# Override `vendor/scheb/two-factor-bundle/Resources/views/Authentication/form.html.twig` #}
 {% extends "WallabagUserBundle::layout.html.twig" %}
 
 {% block fos_user_content %}
-<form class="form" action="" method="post">
+<form class="form" action="{{ path("2fa_login_check") }}" method="post">
     <div class="card-content">
         <div class="row">
 
@@ -9,14 +10,19 @@
             <p class="error">{{ flashMessage|trans }}</p>
             {% endfor %}
 
+            {# Authentication errors #}
+            {% if authenticationError %}
+            <p class="error">{{ authenticationError|trans(authenticationErrorData) }}</p>
+            {% endif %}
+
             <div class="input-field col s12">
                 <label for="_auth_code">{{ "scheb_two_factor.auth_code"|trans }}</label>
-                <input id="_auth_code" type="text" autocomplete="off" name="_auth_code" />
+                <input id="_auth_code" type="text" autocomplete="off" name="{{ authCodeParameterName }}" />
             </div>
 
-            {% if useTrustedOption %}
+            {% if displayTrustedOption %}
             <div class="input-field col s12">
-                <input id="_trusted" type="checkbox" name="_trusted" />
+                <input id="_trusted" type="checkbox" name="{{ trustedParameterName }}" />
                 <label for="_trusted">{{ "scheb_two_factor.trusted"|trans }}</label>
             </div>
             {% endif %}
diff --git a/src/Wallabag/UserBundle/Resources/views/Manage/edit.html.twig b/src/Wallabag/UserBundle/Resources/views/Manage/edit.html.twig
index 3ffd15f5..2de8f3a5 100644
--- a/src/Wallabag/UserBundle/Resources/views/Manage/edit.html.twig
+++ b/src/Wallabag/UserBundle/Resources/views/Manage/edit.html.twig
@@ -50,9 +50,14 @@
                                 {% if twofactor_auth %}
                                 <div class="row">
                                     <div class="input-field col s12">
-                                        {{ form_widget(edit_form.twoFactorAuthentication) }}
-                                        {{ form_label(edit_form.twoFactorAuthentication) }}
-                                        {{ form_errors(edit_form.twoFactorAuthentication) }}
+                                        {{ form_widget(edit_form.emailTwoFactor) }}
+                                        {{ form_label(edit_form.emailTwoFactor) }}
+                                        {{ form_errors(edit_form.emailTwoFactor) }}
+                                    </div>
+                                    <div class="input-field col s12">
+                                        {{ form_widget(edit_form.googleTwoFactor) }}
+                                        {{ form_label(edit_form.googleTwoFactor) }}
+                                        {{ form_errors(edit_form.googleTwoFactor) }}
                                     </div>
                                 </div>
                                 {% endif %}
diff --git a/src/Wallabag/UserBundle/Resources/views/Registration/register_content.html.twig b/src/Wallabag/UserBundle/Resources/views/Registration/register_content.html.twig
index d0a85fc7..85cd4f0d 100644
--- a/src/Wallabag/UserBundle/Resources/views/Registration/register_content.html.twig
+++ b/src/Wallabag/UserBundle/Resources/views/Registration/register_content.html.twig
@@ -3,7 +3,6 @@
 {{ form_start(form, {'method': 'post', 'action': path('fos_user_registration_register'), 'attr': {'class': 'fos_user_registration_register'}}) }}
     <div class="card-content">
         <div class="row">
-
             {{ form_widget(form._token) }}
 
             {% for flashMessage in app.session.flashbag.get('notice') %}
diff --git a/src/Wallabag/UserBundle/Resources/views/layout.html.twig b/src/Wallabag/UserBundle/Resources/views/layout.html.twig
index f97e9870..a47b31d0 100644
--- a/src/Wallabag/UserBundle/Resources/views/layout.html.twig
+++ b/src/Wallabag/UserBundle/Resources/views/layout.html.twig
@@ -15,6 +15,11 @@
             {% block fos_user_content %}
             {% endblock fos_user_content %}
         </div>
+        <div class="center">
+            <a href="{{ path('changeLocale', {'language': 'de'}) }}">Deutsch</a> –
+            <a href="{{ path('changeLocale', {'language': 'en'}) }}">English</a> –
+            <a href="{{ path('changeLocale', {'language': 'fr'}) }}">Français</a>
+        </div>
     </div>
 </main>
 {% endblock %}