From acd4412080dfb73ecaa7f9983728d1d55bc27ea4 Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Sun, 2 Dec 2018 08:54:54 +0100 Subject: Create a dedicated tab to reset data --- .../Resources/translations/messages.da.yml | 1 + .../Resources/translations/messages.de.yml | 1 + .../Resources/translations/messages.en.yml | 1 + .../Resources/translations/messages.es.yml | 1 + .../Resources/translations/messages.fa.yml | 1 + .../Resources/translations/messages.fr.yml | 1 + .../Resources/translations/messages.it.yml | 1 + .../Resources/translations/messages.oc.yml | 1 + .../Resources/translations/messages.pl.yml | 1 + .../Resources/translations/messages.pt.yml | 1 + .../Resources/translations/messages.ro.yml | 1 + .../Resources/translations/messages.ru.yml | 1 + .../Resources/translations/messages.th.yml | 1 + .../Resources/translations/messages.tr.yml | 1 + .../views/themes/material/Config/index.html.twig | 63 +++++++++++----------- 15 files changed, 46 insertions(+), 31 deletions(-) diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml index 5a770dff..96679a9c 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml @@ -59,6 +59,7 @@ config: password: 'Adgangskode' # rules: 'Tagging rules' new_user: 'Tilføj bruger' + # reset: 'Reset area' form: save: 'Gem' form_settings: diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml index 2ae8f08e..c56e87b5 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml @@ -59,6 +59,7 @@ config: password: 'Kennwort' rules: 'Tagging-Regeln' new_user: 'Benutzer hinzufügen' + reset: 'Zurücksetzen' form: save: 'Speichern' form_settings: diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml index d1d74159..d57cea0f 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml @@ -59,6 +59,7 @@ config: password: 'Password' rules: 'Tagging rules' new_user: 'Add a user' + reset: 'Reset area' form: save: 'Save' form_settings: diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml index 741d3e9f..e1c4e221 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml @@ -59,6 +59,7 @@ config: password: 'Contraseña' rules: 'Reglas de etiquetado automáticas' new_user: 'Añadir un usuario' + reset: 'Reiniciar mi cuenta' form: save: 'Guardar' form_settings: diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml index 2ef5dd52..2ede433e 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml @@ -59,6 +59,7 @@ config: password: 'رمز' rules: 'برچسب‌گذاری خودکار' new_user: 'افزودن کاربر' + # reset: 'Reset area' form: save: 'ذخیره' form_settings: diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml index 7a2029b4..d69ae280 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml @@ -59,6 +59,7 @@ config: password: "Mot de passe" rules: "Règles de tag automatiques" new_user: "Créer un compte" + reset: "Réinitialisation" form: save: "Enregistrer" form_settings: diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml index 3a459445..f16ffb6b 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml @@ -59,6 +59,7 @@ config: password: 'Password' rules: 'Regole di etichettatura' new_user: 'Aggiungi utente' + reset: 'Area di reset' form: save: 'Salva' form_settings: diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml index 9df9e645..b568fbc5 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml @@ -59,6 +59,7 @@ config: password: 'Senhal' rules: "Règlas d'etiquetas automaticas" new_user: 'Crear un compte' + reset: 'Zòna de reïnicializacion' form: save: 'Enregistrar' form_settings: diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml index 684c40e2..b58e14f4 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml @@ -59,6 +59,7 @@ config: password: 'Hasło' rules: 'Zasady tagowania' new_user: 'Dodaj użytkownika' + reset: 'Reset' form: save: 'Zapisz' form_settings: diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml index 7932d7ab..add28bf7 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml @@ -59,6 +59,7 @@ config: password: 'Senha' rules: 'Regras de tags' new_user: 'Adicionar um usuário' + # reset: 'Reset area' form: save: 'Salvar' form_settings: diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml index 4d091f03..6a38c4a1 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml @@ -59,6 +59,7 @@ config: password: 'Parolă' # rules: 'Tagging rules' new_user: 'Crează un utilizator' + # reset: 'Reset area' form: save: 'Salvează' form_settings: diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml index cc327ae4..1b7ac38a 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml @@ -58,6 +58,7 @@ config: password: 'Пароль' rules: 'Правила настройки простановки тегов' new_user: 'Добавить пользователя' + reset: 'Сброс данных' form: save: 'Сохранить' form_settings: diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml index 148aa541..fe1b35be 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml @@ -59,6 +59,7 @@ config: password: 'รหัสผ่าน' rules: 'การแท็กข้อบังคับ' new_user: 'เพิ่มผู้ใช้' + reset: 'รีเซ็ตพื้นที่ ' form: save: 'บันทึก' form_settings: diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml index 6fb9852a..638714e4 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml @@ -59,6 +59,7 @@ config: password: 'Şifre' rules: 'Etiketleme kuralları' new_user: 'Bir kullanıcı ekle' + # reset: 'Reset area' form: save: 'Kaydet' form_settings: diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig index f896fe2d..35800989 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig @@ -16,6 +16,7 @@
  • {{ 'config.tab_menu.user_info'|trans }}
  • {{ 'config.tab_menu.password'|trans }}
  • {{ 'config.tab_menu.rules'|trans }}
    • +
  • {{ 'config.tab_menu.reset'|trans }}
    • @@ -218,37 +219,6 @@ {{ form_widget(form.user.save, {'attr': {'class': 'btn waves-effect waves-light'}}) }} {{ form_widget(form.user._token) }} - -

    - -
    -
    {{ 'config.reset.title'|trans }}
    -

    {{ 'config.reset.description'|trans }}

    - - {{ 'config.reset.annotations'|trans }} - - - {{ 'config.reset.tags'|trans }} - - - {{ 'config.reset.archived'|trans }} - - - {{ 'config.reset.entries'|trans }} - -
    - - {% if enabled_users > 1 %} -

    - -
    -
    {{ 'config.form_user.delete.title'|trans }}
    -

    {{ 'config.form_user.delete.description'|trans }}

    - -
    - {% endif %}
    @@ -422,6 +392,37 @@
    + +
    +
    +
    {{ 'config.reset.title'|trans }}
    +

    {{ 'config.reset.description'|trans }}

    + + {{ 'config.reset.annotations'|trans }} + + + {{ 'config.reset.tags'|trans }} + + + {{ 'config.reset.archived'|trans }} + + + {{ 'config.reset.entries'|trans }} + +
    + + {% if enabled_users > 1 %} +

    + +
    +
    {{ 'config.form_user.delete.title'|trans }}
    +

    {{ 'config.form_user.delete.description'|trans }}

    + +
    + {% endif %} +
    -- cgit v1.2.3 From a6b242a1fd6f8900d80354361449f1bf62506ef9 Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Sun, 2 Dec 2018 12:43:05 +0100 Subject: Enable OTP 2FA - Update SchebTwoFactorBundle to version 3 - Enable Google 2fa on the bundle - Disallow ability to use both email and google as 2fa - Update Ocramius Proxy Manager to handle typed function & attributes (from PHP 7) - use `$this->addFlash` shortcut instead of `$this->get('session')->getFlashBag()->add` - update admin to be able to create/reset the 2fa --- app/DoctrineMigrations/Version20181202073750.php | 22 ++++ app/Resources/static/themes/_global/index.js | 18 ++++ app/Resources/static/themes/material/index.js | 5 + app/config/config.yml | 8 +- app/config/routing.yml | 8 ++ app/config/security.yml | 9 ++ composer.json | 6 +- .../CoreBundle/Command/ShowUserCommand.php | 3 +- .../CoreBundle/Controller/ConfigController.php | 35 +++++-- .../CoreBundle/Form/Type/UserInformationType.php | 9 +- .../Resources/translations/messages.da.yml | 9 +- .../Resources/translations/messages.de.yml | 9 +- .../Resources/translations/messages.en.yml | 9 +- .../Resources/translations/messages.es.yml | 9 +- .../Resources/translations/messages.fa.yml | 9 +- .../Resources/translations/messages.fr.yml | 8 +- .../Resources/translations/messages.it.yml | 9 +- .../Resources/translations/messages.oc.yml | 9 +- .../Resources/translations/messages.pl.yml | 9 +- .../Resources/translations/messages.pt.yml | 9 +- .../Resources/translations/messages.ro.yml | 9 +- .../Resources/translations/messages.ru.yml | 9 +- .../Resources/translations/messages.th.yml | 9 +- .../Resources/translations/messages.tr.yml | 9 +- .../views/themes/baggy/Config/index.html.twig | 88 +++++++++------- .../views/themes/material/Config/index.html.twig | 45 +++++--- .../UserBundle/Controller/ManageController.php | 67 ++++++++++-- src/Wallabag/UserBundle/Entity/User.php | 94 ++++++++++++----- src/Wallabag/UserBundle/Form/UserType.php | 9 +- src/Wallabag/UserBundle/Mailer/AuthCodeMailer.php | 2 +- .../Resources/views/Authentication/form.html.twig | 14 ++- .../Resources/views/Manage/edit.html.twig | 17 +++- .../CoreBundle/Command/ShowUserCommandTest.php | 3 +- .../CoreBundle/Controller/ConfigControllerTest.php | 113 +++++++++++++++++++++ .../Controller/SecurityControllerTest.php | 28 +++-- .../UserBundle/Mailer/AuthCodeMailerTest.php | 2 +- 36 files changed, 553 insertions(+), 177 deletions(-) create mode 100644 app/DoctrineMigrations/Version20181202073750.php diff --git a/app/DoctrineMigrations/Version20181202073750.php b/app/DoctrineMigrations/Version20181202073750.php new file mode 100644 index 00000000..a2308b99 --- /dev/null +++ b/app/DoctrineMigrations/Version20181202073750.php @@ -0,0 +1,22 @@ +addSql('ALTER TABLE ' . $this->getTable('user') . ' ADD googleAuthenticatorSecret VARCHAR(191) DEFAULT NULL, CHANGE twoFactorAuthentication emailTwoFactor BOOLEAN NOT NULL, DROP trusted'); + } + + public function down(Schema $schema): void + { + $this->addSql('ALTER TABLE `' . $this->getTable('user') . '` DROP googleAuthenticatorSecret, CHANGE emailtwofactor twoFactorAuthentication BOOLEAN NOT NULL, ADD trusted TEXT DEFAULT NULL'); + } +} diff --git a/app/Resources/static/themes/_global/index.js b/app/Resources/static/themes/_global/index.js index bb3e95b6..9ad96fc0 100644 --- a/app/Resources/static/themes/_global/index.js +++ b/app/Resources/static/themes/_global/index.js @@ -89,4 +89,22 @@ $(document).ready(() => { } }; }); + + // mimic radio button because emailTwoFactor is a boolean + $('#update_user_googleTwoFactor').on('change', () => { + $('#update_user_emailTwoFactor').prop('checked', false); + }); + + $('#update_user_emailTwoFactor').on('change', () => { + $('#update_user_googleTwoFactor').prop('checked', false); + }); + + // same mimic for super admin + $('#user_googleTwoFactor').on('change', () => { + $('#user_emailTwoFactor').prop('checked', false); + }); + + $('#user_emailTwoFactor').on('change', () => { + $('#user_googleTwoFactor').prop('checked', false); + }); }); diff --git a/app/Resources/static/themes/material/index.js b/app/Resources/static/themes/material/index.js index 05794597..2926cad1 100755 --- a/app/Resources/static/themes/material/index.js +++ b/app/Resources/static/themes/material/index.js @@ -50,25 +50,30 @@ $(document).ready(() => { $('#tag_label').focus(); return false; }); + $('#nav-btn-add').on('click', () => { toggleNav('.nav-panel-add', '#entry_url'); return false; }); + const materialAddForm = $('.nav-panel-add'); materialAddForm.on('submit', () => { materialAddForm.addClass('disabled'); $('input#entry_url', materialAddForm).prop('readonly', true).trigger('blur'); }); + $('#nav-btn-search').on('click', () => { toggleNav('.nav-panel-search', '#search_entry_term'); return false; }); + $('.close').on('click', (e) => { $(e.target).parent('.nav-panel-item').hide(100); $('.nav-panel-actions').show(100); $('.nav-panels').css('background', 'transparent'); return false; }); + $(window).scroll(() => { const s = $(window).scrollTop(); const d = $(document).height(); diff --git a/app/config/config.yml b/app/config/config.yml index 4b34af30..908f53b7 100644 --- a/app/config/config.yml +++ b/app/config/config.yml @@ -198,10 +198,14 @@ fos_oauth_server: refresh_token_lifetime: 1209600 scheb_two_factor: - trusted_computer: + trusted_device: enabled: true cookie_name: wllbg_trusted_computer - cookie_lifetime: 2592000 + lifetime: 2592000 + + google: + enabled: "%twofactor_auth%" + template: WallabagUserBundle:Authentication:form.html.twig email: enabled: "%twofactor_auth%" diff --git a/app/config/routing.yml b/app/config/routing.yml index 0bd2d130..a7c0f7e9 100644 --- a/app/config/routing.yml +++ b/app/config/routing.yml @@ -51,3 +51,11 @@ craue_config_settings_modify: fos_js_routing: resource: "@FOSJsRoutingBundle/Resources/config/routing/routing.xml" + +2fa_login: + path: /2fa + defaults: + _controller: "scheb_two_factor.form_controller:form" + +2fa_login_check: + path: /2fa_check diff --git a/app/config/security.yml b/app/config/security.yml index 96489e26..6a21b4e5 100644 --- a/app/config/security.yml +++ b/app/config/security.yml @@ -56,9 +56,17 @@ security: path: /logout target: / + two_factor: + provider: fos_userbundle + auth_form_path: 2fa_login + check_path: 2fa_login_check + access_control: - { path: ^/api/(doc|version|info|user), roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } + # force role for logout otherwise when 2fa enable, you won't be able to logout + # https://github.com/scheb/two-factor-bundle/issues/168#issuecomment-430822478 + - { path: ^/logout, roles: [IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_2FA_IN_PROGRESS] } - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: /(unread|starred|archive|all).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY } @@ -67,5 +75,6 @@ security: - { path: ^/share, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/settings, roles: ROLE_SUPER_ADMIN } - { path: ^/annotations, roles: ROLE_USER } + - { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS } - { path: ^/users, roles: ROLE_SUPER_ADMIN } - { path: ^/, roles: ROLE_USER } diff --git a/composer.json b/composer.json index 21d71b74..771580c6 100644 --- a/composer.json +++ b/composer.json @@ -31,7 +31,7 @@ "issues": "https://github.com/wallabag/wallabag/issues" }, "require": { - "php": ">=7.1.0", + "php": ">=7.1.3", "ext-pcre": "*", "ext-dom": "*", "ext-curl": "*", @@ -70,7 +70,7 @@ "friendsofsymfony/user-bundle": "2.0.*", "friendsofsymfony/oauth-server-bundle": "^1.5", "stof/doctrine-extensions-bundle": "^1.2", - "scheb/two-factor-bundle": "^2.14", + "scheb/two-factor-bundle": "^3.0", "grandt/phpepub": "dev-master", "wallabag/php-mobi": "~1.0", "kphoen/rulerz-bundle": "~0.13", @@ -147,7 +147,7 @@ "config": { "bin-dir": "bin", "platform": { - "php": "7.1" + "php": "7.1.3" } }, "minimum-stability": "dev", diff --git a/src/Wallabag/CoreBundle/Command/ShowUserCommand.php b/src/Wallabag/CoreBundle/Command/ShowUserCommand.php index a0184267..c95efbf3 100644 --- a/src/Wallabag/CoreBundle/Command/ShowUserCommand.php +++ b/src/Wallabag/CoreBundle/Command/ShowUserCommand.php @@ -57,7 +57,8 @@ class ShowUserCommand extends ContainerAwareCommand sprintf('Display name: %s', $user->getName()), sprintf('Creation date: %s', $user->getCreatedAt()->format('Y-m-d H:i:s')), sprintf('Last login: %s', null !== $user->getLastLogin() ? $user->getLastLogin()->format('Y-m-d H:i:s') : 'never'), - sprintf('2FA activated: %s', $user->isTwoFactorAuthentication() ? 'yes' : 'no'), + sprintf('2FA (email) activated: %s', $user->isEmailTwoFactor() ? 'yes' : 'no'), + sprintf('2FA (OTP) activated: %s', $user->isGoogleAuthenticatorEnabled() ? 'yes' : 'no'), ]); } diff --git a/src/Wallabag/CoreBundle/Controller/ConfigController.php b/src/Wallabag/CoreBundle/Controller/ConfigController.php index be6feb7c..5bbe1c74 100644 --- a/src/Wallabag/CoreBundle/Controller/ConfigController.php +++ b/src/Wallabag/CoreBundle/Controller/ConfigController.php @@ -46,7 +46,7 @@ class ConfigController extends Controller $activeTheme = $this->get('liip_theme.active_theme'); $activeTheme->setName($config->getTheme()); - $this->get('session')->getFlashBag()->add( + $this->addFlash( 'notice', 'flashes.config.notice.config_saved' ); @@ -68,7 +68,7 @@ class ConfigController extends Controller $userManager->updateUser($user, true); } - $this->get('session')->getFlashBag()->add('notice', $message); + $this->addFlash('notice', $message); return $this->redirect($this->generateUrl('config') . '#set4'); } @@ -80,10 +80,29 @@ class ConfigController extends Controller ]); $userForm->handleRequest($request); + // `googleTwoFactor` isn't a field within the User entity, we need to define it's value in a different way + if (true === $user->isGoogleAuthenticatorEnabled() && false === $userForm->isSubmitted()) { + $userForm->get('googleTwoFactor')->setData(true); + } + if ($userForm->isSubmitted() && $userForm->isValid()) { + // handle creation / reset of the OTP secret if checkbox changed from the previous state + if (true === $userForm->get('googleTwoFactor')->getData() && false === $user->isGoogleAuthenticatorEnabled()) { + $secret = $this->get('scheb_two_factor.security.google_authenticator')->generateSecret(); + + $user->setGoogleAuthenticatorSecret($secret); + $user->setEmailTwoFactor(false); + + $qrCode = $this->get('scheb_two_factor.security.google_authenticator')->getQRContent($user); + + $this->addFlash('OTPSecret', ['code' => $secret, 'qrCode' => $qrCode]); + } elseif (false === $userForm->get('googleTwoFactor')->getData() && true === $user->isGoogleAuthenticatorEnabled()) { + $user->setGoogleAuthenticatorSecret(null); + } + $userManager->updateUser($user, true); - $this->get('session')->getFlashBag()->add( + $this->addFlash( 'notice', 'flashes.config.notice.user_updated' ); @@ -99,7 +118,7 @@ class ConfigController extends Controller $em->persist($config); $em->flush(); - $this->get('session')->getFlashBag()->add( + $this->addFlash( 'notice', 'flashes.config.notice.rss_updated' ); @@ -131,7 +150,7 @@ class ConfigController extends Controller $em->persist($taggingRule); $em->flush(); - $this->get('session')->getFlashBag()->add( + $this->addFlash( 'notice', 'flashes.config.notice.tagging_rules_updated' ); @@ -178,7 +197,7 @@ class ConfigController extends Controller return new JsonResponse(['token' => $config->getRssToken()]); } - $this->get('session')->getFlashBag()->add( + $this->addFlash( 'notice', 'flashes.config.notice.rss_token_updated' ); @@ -203,7 +222,7 @@ class ConfigController extends Controller $em->remove($rule); $em->flush(); - $this->get('session')->getFlashBag()->add( + $this->addFlash( 'notice', 'flashes.config.notice.tagging_rules_deleted' ); @@ -269,7 +288,7 @@ class ConfigController extends Controller break; } - $this->get('session')->getFlashBag()->add( + $this->addFlash( 'notice', 'flashes.config.notice.' . $type . '_reset' ); diff --git a/src/Wallabag/CoreBundle/Form/Type/UserInformationType.php b/src/Wallabag/CoreBundle/Form/Type/UserInformationType.php index 07c99949..6e4c9154 100644 --- a/src/Wallabag/CoreBundle/Form/Type/UserInformationType.php +++ b/src/Wallabag/CoreBundle/Form/Type/UserInformationType.php @@ -21,9 +21,14 @@ class UserInformationType extends AbstractType ->add('email', EmailType::class, [ 'label' => 'config.form_user.email_label', ]) - ->add('twoFactorAuthentication', CheckboxType::class, [ + ->add('emailTwoFactor', CheckboxType::class, [ 'required' => false, - 'label' => 'config.form_user.twoFactorAuthentication_label', + 'label' => 'config.form_user.emailTwoFactor_label', + ]) + ->add('googleTwoFactor', CheckboxType::class, [ + 'required' => false, + 'label' => 'config.form_user.googleTwoFactor_label', + 'mapped' => false, ]) ->add('save', SubmitType::class, [ 'label' => 'config.form.save', diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml index 96679a9c..e62ba6d0 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml @@ -99,11 +99,11 @@ config: # all: 'All' # rss_limit: 'Number of items in the feed' form_user: - # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code on every new untrusted connexion" + # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Navn' email_label: 'Emailadresse' - # twoFactorAuthentication_label: 'Two factor authentication' - # help_twoFactorAuthentication: "If you enable 2FA, each time you want to login to wallabag, you'll receive a code by email." + # emailTwoFactor_label: 'Using email (receive a code by email)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' delete: # title: Delete my account (a.k.a danger zone) # description: If you remove your account, ALL your articles, ALL your tags, ALL your annotations and your account will be PERMANENTLY removed (it can't be UNDONE). You'll then be logged out. @@ -533,7 +533,8 @@ user: email_label: 'Emailadresse' # enabled_label: 'Enabled' # last_login_label: 'Last login' - # twofactor_label: Two factor authentication + # twofactor_email_label: Two factor authentication by email + # twofactor_google_label: Two factor authentication by Google # save: Save # delete: Delete # delete_confirm: Are you sure? diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml index c56e87b5..f2d0408f 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml @@ -99,11 +99,11 @@ config: all: 'Alle' rss_limit: 'Anzahl der Einträge pro Feed' form_user: - two_factor_description: "Wenn du die Zwei-Faktor-Authentifizierung aktivierst, erhältst du eine E-Mail mit einem Code bei jeder nicht vertrauenswürdigen Verbindung" + # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Name' email_label: 'E-Mail-Adresse' - twoFactorAuthentication_label: 'Zwei-Faktor-Authentifizierung' - help_twoFactorAuthentication: "Wenn du 2FA aktivierst, wirst du bei jedem Login einen Code per E-Mail bekommen." + # emailTwoFactor_label: 'Using email (receive a code by email)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' delete: title: 'Lösche mein Konto (a.k.a Gefahrenzone)' description: 'Wenn du dein Konto löschst, werden ALL deine Artikel, ALL deine Tags, ALL deine Anmerkungen und dein Konto dauerhaft gelöscht (kann NICHT RÜCKGÄNGIG gemacht werden). Du wirst anschließend ausgeloggt.' @@ -533,7 +533,8 @@ user: email_label: 'E-Mail-Adresse' enabled_label: 'Aktiviert' last_login_label: 'Letzter Login' - twofactor_label: 'Zwei-Faktor-Authentifizierung' + # twofactor_email_label: Two factor authentication by email + # twofactor_google_label: Two factor authentication by Google save: 'Speichern' delete: 'Löschen' delete_confirm: 'Bist du sicher?' diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml index d57cea0f..859acdc0 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml @@ -99,11 +99,11 @@ config: all: 'All' rss_limit: 'Number of items in the feed' form_user: - two_factor_description: "Enabling two factor authentication means you'll receive an email with a code on every new untrusted connection." + two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Name' email_label: 'Email' - twoFactorAuthentication_label: 'Two factor authentication' - help_twoFactorAuthentication: "If you enable 2FA, each time you want to login to wallabag, you'll receive a code by email." + emailTwoFactor_label: 'Using email (receive a code by email)' + googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' delete: title: Delete my account (a.k.a danger zone) description: If you remove your account, ALL your articles, ALL your tags, ALL your annotations and your account will be PERMANENTLY removed (it can't be UNDONE). You'll then be logged out. @@ -533,7 +533,8 @@ user: email_label: 'Email' enabled_label: 'Enabled' last_login_label: 'Last login' - twofactor_label: Two factor authentication + twofactor_email_label: Two factor authentication by email + twofactor_google_label: Two factor authentication by Google save: Save delete: Delete delete_confirm: Are you sure? diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml index e1c4e221..3c3cbed4 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml @@ -99,11 +99,11 @@ config: # all: 'All' rss_limit: 'Límite de artículos en feed RSS' form_user: - two_factor_description: "Con la autenticación en dos pasos recibirá código por e-mail en cada nueva conexión que no sea de confianza." + # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Nombre' email_label: 'Dirección de e-mail' - twoFactorAuthentication_label: 'Autenticación en dos pasos' - help_twoFactorAuthentication: "Si activas la autenticación en dos pasos, cada vez que quieras iniciar sesión en wallabag recibirás un código por e-mail." + # emailTwoFactor_label: 'Using email (receive a code by email)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' delete: title: Eliminar mi cuenta (Zona peligrosa) description: Si eliminas tu cuenta, TODOS tus artículos, TODAS tus etiquetas, TODAS tus anotaciones y tu cuenta serán eliminadas de forma PERMANENTE (no se puede deshacer). Después serás desconectado. @@ -533,7 +533,8 @@ user: email_label: 'E-mail' enabled_label: 'Activado' last_login_label: 'Último inicio de sesión' - twofactor_label: Autenticación en dos pasos + # twofactor_email_label: Two factor authentication by email + # twofactor_google_label: Two factor authentication by Google save: Guardar delete: Eliminar delete_confirm: ¿Estás seguro? diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml index 2ede433e..ca25b390 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml @@ -99,11 +99,11 @@ config: # all: 'All' rss_limit: 'محدودیت آر-اس-اس' form_user: - two_factor_description: "با فعال‌کردن تأیید ۲مرحله‌ای هر بار که اتصال تأییدنشده‌ای برقرار شد، به شما یک کد از راه ایمیل فرستاده می‌شود" + # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'نام' email_label: 'نشانی ایمیل' - twoFactorAuthentication_label: 'تأیید ۲مرحله‌ای' - # help_twoFactorAuthentication: "If you enable 2FA, each time you want to login to wallabag, you'll receive a code by email." + # emailTwoFactor_label: 'Using email (receive a code by email)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' delete: # title: Delete my account (a.k.a danger zone) # description: If you remove your account, ALL your articles, ALL your tags, ALL your annotations and your account will be PERMANENTLY removed (it can't be UNDONE). You'll then be logged out. @@ -533,7 +533,8 @@ user: email_label: 'نشانی ایمیل' # enabled_label: 'Enabled' # last_login_label: 'Last login' - # twofactor_label: Two factor authentication + # twofactor_email_label: Two factor authentication by email + # twofactor_google_label: Two factor authentication by Google # save: Save # delete: Delete # delete_confirm: Are you sure? diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml index d69ae280..b809ca32 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml @@ -99,11 +99,11 @@ config: all: "Tous" rss_limit: "Nombre d’articles dans le flux" form_user: - two_factor_description: "Activer l’authentification double-facteur veut dire que vous allez recevoir un code par courriel à chaque nouvelle connexion non approuvée." + two_factor_description: "Activer l’authentification double-facteur veut dire que vous allez recevoir un code par courriel OU que vous devriez utiliser une application de mot de passe à usage unique (comme Google Authenticator) pour obtenir un code temporaire à chaque nouvelle connexion non approuvée. Vous ne pouvez pas choisir les deux options." name_label: "Nom" email_label: "Adresse courriel" - twoFactorAuthentication_label: "Double authentification" - help_twoFactorAuthentication: "Si vous activez 2FA, à chaque tentative de connexion à wallabag, vous recevrez un code par email." + emailTwoFactor_label: 'En utlisant l’email (recevez un code par email)' + googleTwoFactor_label: 'En utilisant une application de mot de passe à usage unique (ouvrez l’app, comme Google Authenticator, pour obtenir un mot de passe à usage unique)' delete: title: "Supprimer mon compte (attention danger !)" description: "Si vous confirmez la suppression de votre compte, TOUS les articles, TOUS les tags, TOUTES les annotations et votre compte seront DÉFINITIVEMENT supprimé (c’est IRRÉVERSIBLE). Vous serez ensuite déconnecté." @@ -534,6 +534,8 @@ user: enabled_label: "Activé" last_login_label: "Dernière connexion" twofactor_label: "Double authentification" + twofactor_email_label: Double authentification par email + twofactor_google_label: Double authentification par Google save: "Sauvegarder" delete: "Supprimer" delete_confirm: "Êtes-vous sûr ?" diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml index f16ffb6b..7279dba1 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml @@ -99,11 +99,11 @@ config: # all: 'All' rss_limit: 'Numero di elementi nel feed' form_user: - two_factor_description: "Abilitando l'autenticazione a due fattori riceverai una e-mail con un codice per ogni nuova connesione non verificata" + # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Nome' email_label: 'E-mail' - twoFactorAuthentication_label: 'Autenticazione a due fattori' - help_twoFactorAuthentication: "Se abiliti l'autenticazione a due fattori, ogni volta che vorrai connetterti a wallabag, riceverai un codice via E-mail." + # emailTwoFactor_label: 'Using email (receive a code by email)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' delete: title: Cancella il mio account (zona pericolosa) description: Rimuovendo il tuo account, TUTTI i tuoi articoli, TUTTE le tue etichette, TUTTE le tue annotazioni ed il tuo account verranno rimossi PERMANENTEMENTE (impossibile da ANNULLARE). Verrai poi disconnesso. @@ -533,7 +533,8 @@ user: email_label: 'E-mail' enabled_label: 'Abilitato' last_login_label: 'Ultima connessione' - twofactor_label: Autenticazione a due fattori + # twofactor_email_label: Two factor authentication by email + # twofactor_google_label: Two factor authentication by Google save: Salva delete: Cancella delete_confirm: Sei sicuro? diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml index b568fbc5..f262ba7b 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml @@ -99,11 +99,11 @@ config: all: 'Totes' rss_limit: "Nombre d'articles dins un flux RSS" form_user: - two_factor_description: "Activar l'autentificacion en dos temps vòl dire que recebretz un còdi per corrièl per cada novèla connexion pas aprovada." + # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Nom' email_label: 'Adreça de corrièl' - twoFactorAuthentication_label: 'Dobla autentificacion' - help_twoFactorAuthentication: "S'avètz activat l'autentificacion en dos temps, cada còp que volètz vos connectar a wallabag, recebretz un còdi per corrièl." + # emailTwoFactor_label: 'Using email (receive a code by email)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' delete: title: Suprimir mon compte (Mèfi zòna perilhosa) description: Se confirmatz la supression de vòstre compte, TOTES vòstres articles, TOTAS vòstras etiquetas, TOTAS vòstras anotacions e vòstre compte seràn suprimits per totjorn. E aquò es IRREVERSIBLE. Puèi seretz desconnectat. @@ -533,7 +533,8 @@ user: email_label: 'Adreça de corrièl' enabled_label: 'Actiu' last_login_label: 'Darrièra connexion' - twofactor_label: 'Autentificacion doble-factor' + # twofactor_email_label: Two factor authentication by email + # twofactor_google_label: Two factor authentication by Google save: 'Enregistrar' delete: 'Suprimir' delete_confirm: 'Sètz segur ?' diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml index b58e14f4..99c2183e 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml @@ -99,11 +99,11 @@ config: all: 'Wszystkie' rss_limit: 'Link do RSS' form_user: - two_factor_description: "Włączenie autoryzacji dwuetapowej oznacza, że będziesz otrzymywał maile z kodem przy każdym nowym, niezaufanym połączeniu" + two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Nazwa' email_label: 'Adres email' - twoFactorAuthentication_label: 'Autoryzacja dwuetapowa' - help_twoFactorAuthentication: "Jeżeli włączysz autoryzację dwuetapową. Za każdym razem, kiedy będziesz chciał się zalogować, dostaniesz kod na swój e-mail." + # emailTwoFactor_label: 'Using email (receive a code by email)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' delete: title: Usuń moje konto (niebezpieczna strefa !) description: Jeżeli usuniesz swoje konto, wszystkie twoje artykuły, tagi, adnotacje, oraz konto zostaną trwale usunięte (operacja jest NIEODWRACALNA). Następnie zostaniesz wylogowany. @@ -533,7 +533,8 @@ user: email_label: 'Adres email' enabled_label: 'Włączony' last_login_label: 'Ostatnie logowanie' - twofactor_label: Autoryzacja dwuetapowa + # twofactor_email_label: Two factor authentication by email + # twofactor_google_label: Two factor authentication by Google save: Zapisz delete: Usuń delete_confirm: Jesteś pewien? diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml index add28bf7..806c2d78 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml @@ -99,11 +99,11 @@ config: # all: 'All' rss_limit: 'Número de itens no feed' form_user: - two_factor_description: 'Habilitar autenticação de dois passos significa que você receberá um e-mail com um código a cada nova conexão desconhecida.' + # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Nome' email_label: 'E-mail' - twoFactorAuthentication_label: 'Autenticação de dois passos' - # help_twoFactorAuthentication: "If you enable 2FA, each time you want to login to wallabag, you'll receive a code by email." + # emailTwoFactor_label: 'Using email (receive a code by email)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' delete: # title: Delete my account (a.k.a danger zone) # description: If you remove your account, ALL your articles, ALL your tags, ALL your annotations and your account will be PERMANENTLY removed (it can't be UNDONE). You'll then be logged out. @@ -533,7 +533,8 @@ user: email_label: 'E-mail' enabled_label: 'Habilitado' last_login_label: 'Último login' - twofactor_label: 'Autenticação de dois passos' + # twofactor_email_label: Two factor authentication by email + # twofactor_google_label: Two factor authentication by Google save: 'Salvar' delete: 'Apagar' delete_confirm: 'Tem certeza?' diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml index 6a38c4a1..ed75ed6e 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml @@ -99,11 +99,11 @@ config: # all: 'All' rss_limit: 'Limită RSS' form_user: - # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code on every new untrusted connexion" + # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Nume' email_label: 'E-mail' - # twoFactorAuthentication_label: 'Two factor authentication' - # help_twoFactorAuthentication: "If you enable 2FA, each time you want to login to wallabag, you'll receive a code by email." + # emailTwoFactor_label: 'Using email (receive a code by email)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' delete: # title: Delete my account (a.k.a danger zone) # description: If you remove your account, ALL your articles, ALL your tags, ALL your annotations and your account will be PERMANENTLY removed (it can't be UNDONE). You'll then be logged out. @@ -533,7 +533,8 @@ user: email_label: 'E-mail' # enabled_label: 'Enabled' # last_login_label: 'Last login' - # twofactor_label: Two factor authentication + # twofactor_email_label: Two factor authentication by email + # twofactor_google_label: Two factor authentication by Google # save: Save # delete: Delete # delete_confirm: Are you sure? diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml index 1b7ac38a..1c6e6771 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml @@ -96,11 +96,11 @@ config: archive: 'архивные' rss_limit: 'Количество записей в фиде' form_user: - two_factor_description: "Включить двухфакторную аутентификацию, Вы получите сообщение на указанный email с кодом, при каждом новом непроверенном подключении." + # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Имя' email_label: 'Email' - twoFactorAuthentication_label: 'Двухфакторная аутентификация' - help_twoFactorAuthentication: "Если Вы включите двухфакторную аутентификацию, то Вы будете получать код на указанный ранее email, каждый раз при входе в wallabag." + # emailTwoFactor_label: 'Using email (receive a code by email)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' delete: title: "Удалить мой аккаунт (или опасная зона)" description: "Если Вы удалите ваш аккаунт, ВСЕ ваши записи, теги и другие данные, будут БЕЗВОЗВРАТНО удалены (операция не может быть отменена после). Затем Вы выйдете из системы." @@ -521,7 +521,8 @@ user: email_label: 'Email' enabled_label: 'Включить' last_login_label: 'Последний вход' - twofactor_label: "Двухфакторная аутентификация" + # twofactor_email_label: Two factor authentication by email + # twofactor_google_label: Two factor authentication by Google save: "Сохранить" delete: "Удалить" delete_confirm: "Вы уверены?" diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml index fe1b35be..af798943 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml @@ -99,11 +99,11 @@ config: all: 'ทั้งหมด' rss_limit: 'จำนวนไอเทมที่เก็บ' form_user: - two_factor_description: "การเปิดใช้งาน two factor authentication คือคุณจะต้องได้รับอีเมลกับ code ที่ยังไม่ตรวจสอบในการเชื่อมต่อ" + # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'ชื่อ' email_label: 'อีเมล' - twoFactorAuthentication_label: 'Two factor authentication' - help_twoFactorAuthentication: "ถ้าคุณเปิด 2FA, ในแต่ละช่วงเวลาที่คุณต้องการลงชื่อเข้าใช wallabag, คุณจะต้องได้รับ code จากอีเมล" + # emailTwoFactor_label: 'Using email (receive a code by email)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' delete: title: ลบบัญชีของฉัน (โซนที่เป็นภัย!) description: ถ้าคุณลบบัญชีของคุณIf , รายการทั้งหมดของคุณ, แท็กทั้งหมดของคุณ, หมายเหตุทั้งหมดของคุณและบัญชีของคุณจะถูกลบอย่างถาวร (มันไม่สามารถยกเลิกได้) คุณจะต้องลงชื่อออก @@ -531,7 +531,8 @@ user: email_label: 'อีเมล' enabled_label: 'เปิดใช้งาน' last_login_label: 'ลงชื้อเข้าใช้ครั้งสุดท้าย' - twofactor_label: Two factor authentication + # twofactor_email_label: Two factor authentication by email + # twofactor_google_label: Two factor authentication by Google save: บันทึก delete: ลบ delete_confirm: ตุณแน่ใจหรือไม่? diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml index 638714e4..352a2cc4 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml @@ -99,11 +99,11 @@ config: # all: 'All' rss_limit: 'RSS içeriğinden talep edilecek makale limiti' form_user: - two_factor_description: "İki adımlı doğrulamayı aktifleştirdiğinizde, her yeni güvenilmeyen bağlantılarda size e-posta ile bir kod alacaksınız." + # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'İsim' email_label: 'E-posta' - twoFactorAuthentication_label: 'İki adımlı doğrulama' - # help_twoFactorAuthentication: "If you enable 2FA, each time you want to login to wallabag, you'll receive a code by email." + # emailTwoFactor_label: 'Using email (receive a code by email)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' delete: # title: Delete my account (a.k.a danger zone) # description: If you remove your account, ALL your articles, ALL your tags, ALL your annotations and your account will be PERMANENTLY removed (it can't be UNDONE). You'll then be logged out. @@ -531,7 +531,8 @@ user: email_label: 'E-posta' # enabled_label: 'Enabled' # last_login_label: 'Last login' - # twofactor_label: Two factor authentication + # twofactor_email_label: Two factor authentication by email + # twofactor_google_label: Two factor authentication by Google # save: Save # delete: Delete # delete_confirm: Are you sure? diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig index bcc57dac..5c4e44dd 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig @@ -176,43 +176,36 @@
    - {{ form_label(form.user.twoFactorAuthentication) }} - {{ form_errors(form.user.twoFactorAuthentication) }} - {{ form_widget(form.user.twoFactorAuthentication) }} + {{ form_label(form.user.emailTwoFactor) }} + {{ form_errors(form.user.emailTwoFactor) }} + {{ form_widget(form.user.emailTwoFactor) }}
    - - live_help - +
    +
    + {{ form_label(form.user.googleTwoFactor) }} + {{ form_widget(form.user.googleTwoFactor) }} + {{ form_errors(form.user.googleTwoFactor) }} +
    + {% for OTPSecret in app.session.flashbag.get('OTPSecret') %} +
    + You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. +
    + That code will disapear after a page reload. +

    + {{ OTPSecret.code }} +

    + Or you can scan that QR Code with your app: +
    + + + +
    + {% endfor %}
    {% endif %} -

    {{ 'config.reset.title'|trans }}

    -
    -

    {{ 'config.reset.description'|trans }}

    - -
    - {{ form_widget(form.user._token) }} {{ form_widget(form.user.save) }} @@ -277,7 +270,7 @@ {% endfor %} - {{ form_start(form.new_tagging_rule) }} + {{ form_start(form.new_tagging_rule) }} {{ form_errors(form.new_tagging_rule) }}
    @@ -382,4 +375,31 @@ + +

    {{ 'config.reset.title'|trans }}

    +
    +

    {{ 'config.reset.description'|trans }}

    + +
    {% endblock %} diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig index 35800989..887d154f 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig @@ -112,8 +112,7 @@ @@ -198,22 +197,38 @@ {% if twofactor_auth %} -
    -
    +
    {{ 'config.form_user.two_factor_description'|trans }} -
    - - {{ form_widget(form.user.twoFactorAuthentication) }} - {{ form_label(form.user.twoFactorAuthentication) }} - {{ form_errors(form.user.twoFactorAuthentication) }} -
    -
    - - live_help - +
    + {{ form_widget(form.user.emailTwoFactor) }} + {{ form_label(form.user.emailTwoFactor) }} + {{ form_errors(form.user.emailTwoFactor) }} +
    +
    + {{ form_widget(form.user.googleTwoFactor) }} + {{ form_label(form.user.googleTwoFactor) }} + {{ form_errors(form.user.googleTwoFactor) }} +
    -
    + + {% for OTPSecret in app.session.flashbag.get('OTPSecret') %} +
    + You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. +
    + That code will disapear after a page reload. +

    + {{ OTPSecret.code }} +

    + Or you can scan that QR Code with your app: +
    + + + +
    + {% endfor %} {% endif %} {{ form_widget(form.user.save, {'attr': {'class': 'btn waves-effect waves-light'}}) }} diff --git a/src/Wallabag/UserBundle/Controller/ManageController.php b/src/Wallabag/UserBundle/Controller/ManageController.php index a9746fb4..08ed25dd 100644 --- a/src/Wallabag/UserBundle/Controller/ManageController.php +++ b/src/Wallabag/UserBundle/Controller/ManageController.php @@ -8,6 +8,7 @@ use Pagerfanta\Adapter\DoctrineORMAdapter; use Pagerfanta\Exception\OutOfRangeCurrentPageException; use Pagerfanta\Pagerfanta; use Symfony\Bundle\FrameworkBundle\Controller\Controller; +use Symfony\Component\Form\FormInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Annotation\Route; use Wallabag\UserBundle\Entity\User; @@ -31,10 +32,10 @@ class ManageController extends Controller // enable created user by default $user->setEnabled(true); - $form = $this->createForm('Wallabag\UserBundle\Form\NewUserType', $user); - $form->handleRequest($request); + $form = $this->createEditForm('NewUserType', $user, $request); if ($form->isSubmitted() && $form->isValid()) { + $user = $this->handleOtp($form, $user); $userManager->updateUser($user); // dispatch a created event so the associated config will be created @@ -62,14 +63,14 @@ class ManageController extends Controller */ public function editAction(Request $request, User $user) { + $userManager = $this->container->get('fos_user.user_manager'); + $deleteForm = $this->createDeleteForm($user); - $editForm = $this->createForm('Wallabag\UserBundle\Form\UserType', $user); - $editForm->handleRequest($request); + $form = $this->createEditForm('UserType', $user, $request); - if ($editForm->isSubmitted() && $editForm->isValid()) { - $em = $this->getDoctrine()->getManager(); - $em->persist($user); - $em->flush(); + if ($form->isSubmitted() && $form->isValid()) { + $user = $this->handleOtp($form, $user); + $userManager->updateUser($user); $this->get('session')->getFlashBag()->add( 'notice', @@ -81,7 +82,7 @@ class ManageController extends Controller return $this->render('WallabagUserBundle:Manage:edit.html.twig', [ 'user' => $user, - 'edit_form' => $editForm->createView(), + 'edit_form' => $form->createView(), 'delete_form' => $deleteForm->createView(), 'twofactor_auth' => $this->getParameter('twofactor_auth'), ]); @@ -157,7 +158,7 @@ class ManageController extends Controller } /** - * Creates a form to delete a User entity. + * Create a form to delete a User entity. * * @param User $user The User entity * @@ -171,4 +172,50 @@ class ManageController extends Controller ->getForm() ; } + + /** + * Create a form to create or edit a User entity. + * + * @param string $type Might be NewUserType or UserType + * @param User $user The new / edit user + * @param Request $request The request + * + * @return FormInterface + */ + private function createEditForm($type, User $user, Request $request) + { + $form = $this->createForm('Wallabag\UserBundle\Form\\' . $type, $user); + $form->handleRequest($request); + + // `googleTwoFactor` isn't a field within the User entity, we need to define it's value in a different way + if (true === $user->isGoogleAuthenticatorEnabled() && false === $form->isSubmitted()) { + $form->get('googleTwoFactor')->setData(true); + } + + return $form; + } + + /** + * Handle OTP update, taking care to only have one 2fa enable at a time. + * + * @see ConfigController + * + * @param FormInterface $form + * @param User $user + * + * @return User + */ + private function handleOtp(FormInterface $form, User $user) + { + if (true === $form->get('googleTwoFactor')->getData() && false === $user->isGoogleAuthenticatorEnabled()) { + $user->setGoogleAuthenticatorSecret($this->get('scheb_two_factor.security.google_authenticator')->generateSecret()); + $user->setEmailTwoFactor(false); + + return $user; + } + + $user->setGoogleAuthenticatorSecret(null); + + return $user; + } } diff --git a/src/Wallabag/UserBundle/Entity/User.php b/src/Wallabag/UserBundle/Entity/User.php index 48446e3c..6e305719 100644 --- a/src/Wallabag/UserBundle/Entity/User.php +++ b/src/Wallabag/UserBundle/Entity/User.php @@ -8,8 +8,8 @@ use FOS\UserBundle\Model\User as BaseUser; use JMS\Serializer\Annotation\Accessor; use JMS\Serializer\Annotation\Groups; use JMS\Serializer\Annotation\XmlRoot; -use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface; -use Scheb\TwoFactorBundle\Model\TrustedComputerInterface; +use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface as EmailTwoFactorInterface; +use Scheb\TwoFactorBundle\Model\Google\TwoFactorInterface as GoogleTwoFactorInterface; use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity; use Symfony\Component\Security\Core\User\UserInterface; use Wallabag\ApiBundle\Entity\Client; @@ -28,7 +28,7 @@ use Wallabag\CoreBundle\Helper\EntityTimestampsTrait; * @UniqueEntity("email") * @UniqueEntity("username") */ -class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterface +class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorInterface { use EntityTimestampsTrait; @@ -123,16 +123,16 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf private $authCode; /** - * @var bool - * - * @ORM\Column(type="boolean") + * @ORM\Column(name="googleAuthenticatorSecret", type="string", nullable=true) */ - private $twoFactorAuthentication = false; + private $googleAuthenticatorSecret; /** - * @ORM\Column(type="json_array", nullable=true) + * @var bool + * + * @ORM\Column(type="boolean") */ - private $trusted; + private $emailTwoFactor = false; public function __construct() { @@ -233,49 +233,89 @@ class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterf /** * @return bool */ - public function isTwoFactorAuthentication() + public function isEmailTwoFactor() + { + return $this->emailTwoFactor; + } + + /** + * @param bool $emailTwoFactor + */ + public function setEmailTwoFactor($emailTwoFactor) { - return $this->twoFactorAuthentication; + $this->emailTwoFactor = $emailTwoFactor; } /** - * @param bool $twoFactorAuthentication + * Used in the user config form to be "like" the email option. */ - public function setTwoFactorAuthentication($twoFactorAuthentication) + public function isGoogleTwoFactor() { - $this->twoFactorAuthentication = $twoFactorAuthentication; + return $this->isGoogleAuthenticatorEnabled(); } - public function isEmailAuthEnabled() + /** + * {@inheritdoc} + */ + public function isEmailAuthEnabled(): bool { - return $this->twoFactorAuthentication; + return $this->emailTwoFactor; } - public function getEmailAuthCode() + /** + * {@inheritdoc} + */ + public function getEmailAuthCode(): string { return $this->authCode; } - public function setEmailAuthCode($authCode) + /** + * {@inheritdoc} + */ + public function setEmailAuthCode(string $authCode): void { $this->authCode = $authCode; } - public function addTrustedComputer($token, \DateTime $validUntil) + /** + * {@inheritdoc} + */ + public function getEmailAuthRecipient(): string { - $this->trusted[$token] = $validUntil->format('r'); + return $this->email; } - public function isTrustedComputer($token) + /** + * {@inheritdoc} + */ + public function isGoogleAuthenticatorEnabled(): bool { - if (isset($this->trusted[$token])) { - $now = new \DateTime(); - $validUntil = new \DateTime($this->trusted[$token]); + return $this->googleAuthenticatorSecret ? true : false; + } - return $now < $validUntil; - } + /** + * {@inheritdoc} + */ + public function getGoogleAuthenticatorUsername(): string + { + return $this->username; + } - return false; + /** + * {@inheritdoc} + */ + public function getGoogleAuthenticatorSecret(): string + { + return $this->googleAuthenticatorSecret; + } + + /** + * {@inheritdoc} + */ + public function setGoogleAuthenticatorSecret(?string $googleAuthenticatorSecret): void + { + $this->googleAuthenticatorSecret = $googleAuthenticatorSecret; } /** diff --git a/src/Wallabag/UserBundle/Form/UserType.php b/src/Wallabag/UserBundle/Form/UserType.php index 56fea640..026db9a2 100644 --- a/src/Wallabag/UserBundle/Form/UserType.php +++ b/src/Wallabag/UserBundle/Form/UserType.php @@ -35,9 +35,14 @@ class UserType extends AbstractType 'required' => false, 'label' => 'user.form.enabled_label', ]) - ->add('twoFactorAuthentication', CheckboxType::class, [ + ->add('emailTwoFactor', CheckboxType::class, [ 'required' => false, - 'label' => 'user.form.twofactor_label', + 'label' => 'user.form.twofactor_email_label', + ]) + ->add('googleTwoFactor', CheckboxType::class, [ + 'required' => false, + 'label' => 'user.form.twofactor_google_label', + 'mapped' => false, ]) ->add('save', SubmitType::class, [ 'label' => 'user.form.save', diff --git a/src/Wallabag/UserBundle/Mailer/AuthCodeMailer.php b/src/Wallabag/UserBundle/Mailer/AuthCodeMailer.php index aed805c9..e8e29aa9 100644 --- a/src/Wallabag/UserBundle/Mailer/AuthCodeMailer.php +++ b/src/Wallabag/UserBundle/Mailer/AuthCodeMailer.php @@ -78,7 +78,7 @@ class AuthCodeMailer implements AuthCodeMailerInterface * * @param TwoFactorInterface $user */ - public function sendAuthCode(TwoFactorInterface $user) + public function sendAuthCode(TwoFactorInterface $user): void { $template = $this->twig->loadTemplate('WallabagUserBundle:TwoFactor:email_auth_code.html.twig'); diff --git a/src/Wallabag/UserBundle/Resources/views/Authentication/form.html.twig b/src/Wallabag/UserBundle/Resources/views/Authentication/form.html.twig index c8471bdd..47a5cb78 100644 --- a/src/Wallabag/UserBundle/Resources/views/Authentication/form.html.twig +++ b/src/Wallabag/UserBundle/Resources/views/Authentication/form.html.twig @@ -1,7 +1,8 @@ +{# Override `vendor/scheb/two-factor-bundle/Resources/views/Authentication/form.html.twig` #} {% extends "WallabagUserBundle::layout.html.twig" %} {% block fos_user_content %} -
    +
    @@ -9,14 +10,19 @@

    {{ flashMessage|trans }}

    {% endfor %} + {# Authentication errors #} + {% if authenticationError %} +

    {{ authenticationError|trans(authenticationErrorData) }}

    + {% endif %} +
    - +
    - {% if useTrustedOption %} + {% if displayTrustedOption %}
    - +
    {% endif %} diff --git a/src/Wallabag/UserBundle/Resources/views/Manage/edit.html.twig b/src/Wallabag/UserBundle/Resources/views/Manage/edit.html.twig index 3ffd15f5..8be37e79 100644 --- a/src/Wallabag/UserBundle/Resources/views/Manage/edit.html.twig +++ b/src/Wallabag/UserBundle/Resources/views/Manage/edit.html.twig @@ -50,10 +50,21 @@ {% if twofactor_auth %}
    - {{ form_widget(edit_form.twoFactorAuthentication) }} - {{ form_label(edit_form.twoFactorAuthentication) }} - {{ form_errors(edit_form.twoFactorAuthentication) }} + {{ form_widget(edit_form.emailTwoFactor) }} + {{ form_label(edit_form.emailTwoFactor) }} + {{ form_errors(edit_form.emailTwoFactor) }}
    +
    + {{ form_widget(edit_form.googleTwoFactor) }} + {{ form_label(edit_form.googleTwoFactor) }} + {{ form_errors(edit_form.googleTwoFactor) }} +
    + + {% if user.isGoogleAuthenticatorEnabled %} +
    +

    OTP Secret: {{ user.googleAuthenticatorSecret }}

    +
    + {% endif %}
    {% endif %} diff --git a/tests/Wallabag/CoreBundle/Command/ShowUserCommandTest.php b/tests/Wallabag/CoreBundle/Command/ShowUserCommandTest.php index 9b34f2a0..ed383a2c 100644 --- a/tests/Wallabag/CoreBundle/Command/ShowUserCommandTest.php +++ b/tests/Wallabag/CoreBundle/Command/ShowUserCommandTest.php @@ -59,7 +59,8 @@ class ShowUserCommandTest extends WallabagCoreTestCase $this->assertContains('Username: admin', $tester->getDisplay()); $this->assertContains('Email: bigboss@wallabag.org', $tester->getDisplay()); $this->assertContains('Display name: Big boss', $tester->getDisplay()); - $this->assertContains('2FA activated: no', $tester->getDisplay()); + $this->assertContains('2FA (email) activated', $tester->getDisplay()); + $this->assertContains('2FA (OTP) activated', $tester->getDisplay()); } public function testShowUser() diff --git a/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php b/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php index c9dbbaa3..9ca52c64 100644 --- a/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php +++ b/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php @@ -297,6 +297,119 @@ class ConfigControllerTest extends WallabagCoreTestCase $this->assertContains('flashes.config.notice.user_updated', $alert[0]); } + public function testUserEnable2faEmail() + { + $this->logInAs('admin'); + $client = $this->getClient(); + + $crawler = $client->request('GET', '/config'); + + $this->assertSame(200, $client->getResponse()->getStatusCode()); + + $form = $crawler->filter('button[id=update_user_save]')->form(); + + $data = [ + 'update_user[emailTwoFactor]' => '1', + ]; + + $client->submit($form, $data); + + $this->assertSame(302, $client->getResponse()->getStatusCode()); + + $crawler = $client->followRedirect(); + + $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text'])); + $this->assertContains('flashes.config.notice.user_updated', $alert[0]); + + // restore user + $em = $this->getEntityManager(); + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); + + $this->assertTrue($user->isEmailTwoFactor()); + + $user->setEmailTwoFactor(false); + $em->persist($user); + $em->flush(); + } + + public function testUserEnable2faGoogle() + { + $this->logInAs('admin'); + $client = $this->getClient(); + + $crawler = $client->request('GET', '/config'); + + $this->assertSame(200, $client->getResponse()->getStatusCode()); + + $form = $crawler->filter('button[id=update_user_save]')->form(); + + $data = [ + 'update_user[googleTwoFactor]' => '1', + ]; + + $client->submit($form, $data); + + $this->assertSame(302, $client->getResponse()->getStatusCode()); + + $crawler = $client->followRedirect(); + + $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text'])); + $this->assertContains('flashes.config.notice.user_updated', $alert[0]); + + // restore user + $em = $this->getEntityManager(); + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); + + $this->assertTrue($user->isGoogleAuthenticatorEnabled()); + + $user->setGoogleAuthenticatorSecret(null); + $em->persist($user); + $em->flush(); + } + + public function testUserEnable2faBoth() + { + $this->logInAs('admin'); + $client = $this->getClient(); + + $crawler = $client->request('GET', '/config'); + + $this->assertSame(200, $client->getResponse()->getStatusCode()); + + $form = $crawler->filter('button[id=update_user_save]')->form(); + + $data = [ + 'update_user[googleTwoFactor]' => '1', + 'update_user[emailTwoFactor]' => '1', + ]; + + $client->submit($form, $data); + + $this->assertSame(302, $client->getResponse()->getStatusCode()); + + $crawler = $client->followRedirect(); + + $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text'])); + $this->assertContains('flashes.config.notice.user_updated', $alert[0]); + + // restore user + $em = $this->getEntityManager(); + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); + + $this->assertTrue($user->isGoogleAuthenticatorEnabled()); + $this->assertFalse($user->isEmailTwoFactor()); + + $user->setGoogleAuthenticatorSecret(null); + $em->persist($user); + $em->flush(); + } + public function testRssUpdateResetToken() { $this->logInAs('admin'); diff --git a/tests/Wallabag/CoreBundle/Controller/SecurityControllerTest.php b/tests/Wallabag/CoreBundle/Controller/SecurityControllerTest.php index 395208a2..b03c7550 100644 --- a/tests/Wallabag/CoreBundle/Controller/SecurityControllerTest.php +++ b/tests/Wallabag/CoreBundle/Controller/SecurityControllerTest.php @@ -26,7 +26,7 @@ class SecurityControllerTest extends WallabagCoreTestCase $this->assertContains('config.form_rss.description', $crawler->filter('body')->extract(['_text'])[0]); } - public function testLoginWith2Factor() + public function testLoginWith2FactorEmail() { $client = $this->getClient(); @@ -42,7 +42,7 @@ class SecurityControllerTest extends WallabagCoreTestCase $user = $em ->getRepository('WallabagUserBundle:User') ->findOneByUsername('admin'); - $user->setTwoFactorAuthentication(true); + $user->setEmailTwoFactor(true); $em->persist($user); $em->flush(); @@ -54,12 +54,12 @@ class SecurityControllerTest extends WallabagCoreTestCase $user = $em ->getRepository('WallabagUserBundle:User') ->findOneByUsername('admin'); - $user->setTwoFactorAuthentication(false); + $user->setEmailTwoFactor(false); $em->persist($user); $em->flush(); } - public function testTrustedComputer() + public function testLoginWith2FactorGoogle() { $client = $this->getClient(); @@ -69,15 +69,27 @@ class SecurityControllerTest extends WallabagCoreTestCase return; } + $client->followRedirects(); + $em = $client->getContainer()->get('doctrine.orm.entity_manager'); $user = $em ->getRepository('WallabagUserBundle:User') ->findOneByUsername('admin'); + $user->setGoogleAuthenticatorSecret('26LDIHYGHNELOQEM'); + $em->persist($user); + $em->flush(); + + $this->logInAsUsingHttp('admin'); + $crawler = $client->request('GET', '/config'); + $this->assertContains('scheb_two_factor.trusted', $crawler->filter('body')->extract(['_text'])[0]); - $date = new \DateTime(); - $user->addTrustedComputer('ABCDEF', $date->add(new \DateInterval('P1M'))); - $this->assertTrue($user->isTrustedComputer('ABCDEF')); - $this->assertFalse($user->isTrustedComputer('FEDCBA')); + // restore user + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); + $user->setGoogleAuthenticatorSecret(null); + $em->persist($user); + $em->flush(); } public function testEnabledRegistration() diff --git a/tests/Wallabag/UserBundle/Mailer/AuthCodeMailerTest.php b/tests/Wallabag/UserBundle/Mailer/AuthCodeMailerTest.php index e34e13a8..1713c10c 100644 --- a/tests/Wallabag/UserBundle/Mailer/AuthCodeMailerTest.php +++ b/tests/Wallabag/UserBundle/Mailer/AuthCodeMailerTest.php @@ -33,7 +33,7 @@ TWIG; public function testSendEmail() { $user = new User(); - $user->setTwoFactorAuthentication(true); + $user->setEmailTwoFactor(true); $user->setEmailAuthCode(666666); $user->setEmail('test@wallabag.io'); $user->setName('Bob'); -- cgit v1.2.3 From edc79ad886e4c96d1c2d205fedf5a9c19a177ee1 Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Sun, 2 Dec 2018 17:25:56 +0100 Subject: Fix test for custom version of the tidy extension --- tests/Wallabag/CoreBundle/Helper/ContentProxyTest.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/Wallabag/CoreBundle/Helper/ContentProxyTest.php b/tests/Wallabag/CoreBundle/Helper/ContentProxyTest.php index 3dd9273c..508adb1b 100644 --- a/tests/Wallabag/CoreBundle/Helper/ContentProxyTest.php +++ b/tests/Wallabag/CoreBundle/Helper/ContentProxyTest.php @@ -163,7 +163,7 @@ class ContentProxyTest extends TestCase $this->assertSame('http://1.1.1.1', $entry->getUrl()); $this->assertSame('this is my title', $entry->getTitle()); - $this->assertContains('this is my content', $entry->getContent()); + $this->assertContains('content', $entry->getContent()); $this->assertSame('http://3.3.3.3/cover.jpg', $entry->getPreviewPicture()); $this->assertSame('text/html', $entry->getMimetype()); $this->assertSame('fr', $entry->getLanguage()); @@ -205,7 +205,7 @@ class ContentProxyTest extends TestCase $this->assertSame('http://1.1.1.1', $entry->getUrl()); $this->assertSame('this is my title', $entry->getTitle()); - $this->assertContains('this is my content', $entry->getContent()); + $this->assertContains('content', $entry->getContent()); $this->assertNull($entry->getPreviewPicture()); $this->assertSame('text/html', $entry->getMimetype()); $this->assertSame('fr', $entry->getLanguage()); @@ -247,7 +247,7 @@ class ContentProxyTest extends TestCase $this->assertSame('http://1.1.1.1', $entry->getUrl()); $this->assertSame('this is my title', $entry->getTitle()); - $this->assertContains('this is my content', $entry->getContent()); + $this->assertContains('content', $entry->getContent()); $this->assertSame('text/html', $entry->getMimetype()); $this->assertNull($entry->getLanguage()); $this->assertSame('200', $entry->getHttpStatus()); @@ -296,7 +296,7 @@ class ContentProxyTest extends TestCase $this->assertSame('http://1.1.1.1', $entry->getUrl()); $this->assertSame('this is my title', $entry->getTitle()); - $this->assertContains('this is my content', $entry->getContent()); + $this->assertContains('content', $entry->getContent()); $this->assertNull($entry->getPreviewPicture()); $this->assertSame('text/html', $entry->getMimetype()); $this->assertSame('fr', $entry->getLanguage()); @@ -332,7 +332,7 @@ class ContentProxyTest extends TestCase $this->assertSame('http://1.1.1.1', $entry->getUrl()); $this->assertSame('this is my title', $entry->getTitle()); - $this->assertContains('this is my content', $entry->getContent()); + $this->assertContains('content', $entry->getContent()); $this->assertSame('text/html', $entry->getMimetype()); $this->assertSame('fr', $entry->getLanguage()); $this->assertSame(4.0, $entry->getReadingTime()); @@ -371,7 +371,7 @@ class ContentProxyTest extends TestCase $this->assertSame('http://1.1.1.1', $entry->getUrl()); $this->assertSame('this is my title', $entry->getTitle()); - $this->assertContains('this is my content', $entry->getContent()); + $this->assertContains('content', $entry->getContent()); $this->assertSame('text/html', $entry->getMimetype()); $this->assertSame('fr', $entry->getLanguage()); $this->assertSame(4.0, $entry->getReadingTime()); @@ -406,7 +406,7 @@ class ContentProxyTest extends TestCase $this->assertSame('http://1.1.1.1', $entry->getUrl()); $this->assertSame('this is my title', $entry->getTitle()); - $this->assertContains('this is my content', $entry->getContent()); + $this->assertContains('content', $entry->getContent()); $this->assertSame('text/html', $entry->getMimetype()); $this->assertSame('fr', $entry->getLanguage()); $this->assertSame(4.0, $entry->getReadingTime()); -- cgit v1.2.3 From 2dfbe9e5faf40364b60e6c76f3cc9fac5bf11fa4 Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Sun, 2 Dec 2018 18:39:02 +0100 Subject: Fix tests --- .../CoreBundle/Controller/ConfigController.php | 20 +++---- .../views/themes/baggy/Config/index.html.twig | 9 ++- .../views/themes/material/Config/index.html.twig | 6 +- .../UserBundle/Controller/ManageController.php | 70 ++++++---------------- 4 files changed, 36 insertions(+), 69 deletions(-) diff --git a/src/Wallabag/CoreBundle/Controller/ConfigController.php b/src/Wallabag/CoreBundle/Controller/ConfigController.php index 5bbe1c74..846e96ff 100644 --- a/src/Wallabag/CoreBundle/Controller/ConfigController.php +++ b/src/Wallabag/CoreBundle/Controller/ConfigController.php @@ -81,23 +81,23 @@ class ConfigController extends Controller $userForm->handleRequest($request); // `googleTwoFactor` isn't a field within the User entity, we need to define it's value in a different way - if (true === $user->isGoogleAuthenticatorEnabled() && false === $userForm->isSubmitted()) { + if ($this->getParameter('twofactor_auth') && true === $user->isGoogleAuthenticatorEnabled() && false === $userForm->isSubmitted()) { $userForm->get('googleTwoFactor')->setData(true); } if ($userForm->isSubmitted() && $userForm->isValid()) { // handle creation / reset of the OTP secret if checkbox changed from the previous state - if (true === $userForm->get('googleTwoFactor')->getData() && false === $user->isGoogleAuthenticatorEnabled()) { - $secret = $this->get('scheb_two_factor.security.google_authenticator')->generateSecret(); + if ($this->getParameter('twofactor_auth')) { + if (true === $userForm->get('googleTwoFactor')->getData() && false === $user->isGoogleAuthenticatorEnabled()) { + $secret = $this->get('scheb_two_factor.security.google_authenticator')->generateSecret(); - $user->setGoogleAuthenticatorSecret($secret); - $user->setEmailTwoFactor(false); + $user->setGoogleAuthenticatorSecret($secret); + $user->setEmailTwoFactor(false); - $qrCode = $this->get('scheb_two_factor.security.google_authenticator')->getQRContent($user); - - $this->addFlash('OTPSecret', ['code' => $secret, 'qrCode' => $qrCode]); - } elseif (false === $userForm->get('googleTwoFactor')->getData() && true === $user->isGoogleAuthenticatorEnabled()) { - $user->setGoogleAuthenticatorSecret(null); + $this->addFlash('OtpQrCode', $this->get('scheb_two_factor.security.google_authenticator')->getQRContent($user)); + } elseif (false === $userForm->get('googleTwoFactor')->getData() && true === $user->isGoogleAuthenticatorEnabled()) { + $user->setGoogleAuthenticatorSecret(null); + } } $userManager->updateUser($user, true); diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig index 5c4e44dd..6ee57443 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig @@ -86,8 +86,7 @@
    @@ -186,20 +185,20 @@ {{ form_widget(form.user.googleTwoFactor) }} {{ form_errors(form.user.googleTwoFactor) }} - {% for OTPSecret in app.session.flashbag.get('OTPSecret') %} + {% for OtpQrCode in app.session.flashbag.get('OtpQrCode') %}
    You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password.
    That code will disapear after a page reload.

    - {{ OTPSecret.code }} + {{ app.user.getGoogleAuthenticatorSecret }}

    Or you can scan that QR Code with your app:
    {% endfor %} diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig index 887d154f..ca7eb9f3 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig @@ -212,20 +212,20 @@ - {% for OTPSecret in app.session.flashbag.get('OTPSecret') %} + {% for OtpQrCode in app.session.flashbag.get('OtpQrCode') %}
    You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password.
    That code will disapear after a page reload.

    - {{ OTPSecret.code }} + {{ app.user.getGoogleAuthenticatorSecret }}

    Or you can scan that QR Code with your app:
    {% endfor %} diff --git a/src/Wallabag/UserBundle/Controller/ManageController.php b/src/Wallabag/UserBundle/Controller/ManageController.php index 08ed25dd..b9fd8660 100644 --- a/src/Wallabag/UserBundle/Controller/ManageController.php +++ b/src/Wallabag/UserBundle/Controller/ManageController.php @@ -8,7 +8,6 @@ use Pagerfanta\Adapter\DoctrineORMAdapter; use Pagerfanta\Exception\OutOfRangeCurrentPageException; use Pagerfanta\Pagerfanta; use Symfony\Bundle\FrameworkBundle\Controller\Controller; -use Symfony\Component\Form\FormInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Annotation\Route; use Wallabag\UserBundle\Entity\User; @@ -32,10 +31,10 @@ class ManageController extends Controller // enable created user by default $user->setEnabled(true); - $form = $this->createEditForm('NewUserType', $user, $request); + $form = $this->createForm('Wallabag\UserBundle\Form\NewUserType', $user); + $form->handleRequest($request); if ($form->isSubmitted() && $form->isValid()) { - $user = $this->handleOtp($form, $user); $userManager->updateUser($user); // dispatch a created event so the associated config will be created @@ -66,10 +65,25 @@ class ManageController extends Controller $userManager = $this->container->get('fos_user.user_manager'); $deleteForm = $this->createDeleteForm($user); - $form = $this->createEditForm('UserType', $user, $request); + $form = $this->createForm('Wallabag\UserBundle\Form\UserType', $user); + $form->handleRequest($request); + + // `googleTwoFactor` isn't a field within the User entity, we need to define it's value in a different way + if ($this->getParameter('twofactor_auth') && true === $user->isGoogleAuthenticatorEnabled() && false === $form->isSubmitted()) { + $form->get('googleTwoFactor')->setData(true); + } if ($form->isSubmitted() && $form->isValid()) { - $user = $this->handleOtp($form, $user); + // handle creation / reset of the OTP secret if checkbox changed from the previous state + if ($this->getParameter('twofactor_auth')) { + if (true === $form->get('googleTwoFactor')->getData() && false === $user->isGoogleAuthenticatorEnabled()) { + $user->setGoogleAuthenticatorSecret($this->get('scheb_two_factor.security.google_authenticator')->generateSecret()); + $user->setEmailTwoFactor(false); + } elseif (false === $form->get('googleTwoFactor')->getData() && true === $user->isGoogleAuthenticatorEnabled()) { + $user->setGoogleAuthenticatorSecret(null); + } + } + $userManager->updateUser($user); $this->get('session')->getFlashBag()->add( @@ -172,50 +186,4 @@ class ManageController extends Controller ->getForm() ; } - - /** - * Create a form to create or edit a User entity. - * - * @param string $type Might be NewUserType or UserType - * @param User $user The new / edit user - * @param Request $request The request - * - * @return FormInterface - */ - private function createEditForm($type, User $user, Request $request) - { - $form = $this->createForm('Wallabag\UserBundle\Form\\' . $type, $user); - $form->handleRequest($request); - - // `googleTwoFactor` isn't a field within the User entity, we need to define it's value in a different way - if (true === $user->isGoogleAuthenticatorEnabled() && false === $form->isSubmitted()) { - $form->get('googleTwoFactor')->setData(true); - } - - return $form; - } - - /** - * Handle OTP update, taking care to only have one 2fa enable at a time. - * - * @see ConfigController - * - * @param FormInterface $form - * @param User $user - * - * @return User - */ - private function handleOtp(FormInterface $form, User $user) - { - if (true === $form->get('googleTwoFactor')->getData() && false === $user->isGoogleAuthenticatorEnabled()) { - $user->setGoogleAuthenticatorSecret($this->get('scheb_two_factor.security.google_authenticator')->generateSecret()); - $user->setEmailTwoFactor(false); - - return $user; - } - - $user->setGoogleAuthenticatorSecret(null); - - return $user; - } } -- cgit v1.2.3 From 43ccf4b1787c294dbfa7b052c41e95ac9eeca3af Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Sun, 2 Dec 2018 18:47:34 +0100 Subject: Cleanup --- src/Wallabag/UserBundle/Controller/ManageController.php | 2 -- src/Wallabag/UserBundle/Mailer/AuthCodeMailer.php | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/src/Wallabag/UserBundle/Controller/ManageController.php b/src/Wallabag/UserBundle/Controller/ManageController.php index b9fd8660..63a06206 100644 --- a/src/Wallabag/UserBundle/Controller/ManageController.php +++ b/src/Wallabag/UserBundle/Controller/ManageController.php @@ -146,8 +146,6 @@ class ManageController extends Controller $form->handleRequest($request); if ($form->isSubmitted() && $form->isValid()) { - $this->get('logger')->info('searching users'); - $searchTerm = (isset($request->get('search_user')['term']) ? $request->get('search_user')['term'] : ''); $qb = $em->getRepository('WallabagUserBundle:User')->getQueryBuilderForSearch($searchTerm); diff --git a/src/Wallabag/UserBundle/Mailer/AuthCodeMailer.php b/src/Wallabag/UserBundle/Mailer/AuthCodeMailer.php index e8e29aa9..2797efde 100644 --- a/src/Wallabag/UserBundle/Mailer/AuthCodeMailer.php +++ b/src/Wallabag/UserBundle/Mailer/AuthCodeMailer.php @@ -97,7 +97,7 @@ class AuthCodeMailer implements AuthCodeMailerInterface $message = new \Swift_Message(); $message - ->setTo($user->getEmail()) + ->setTo($user->getEmailAuthRecipient()) ->setFrom($this->senderEmail, $this->senderName) ->setSubject($subject) ->setBody($bodyText, 'text/plain') -- cgit v1.2.3 From 6e4fc956abc909232044e7af0fa37cbb1b510f18 Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Mon, 3 Dec 2018 06:15:57 +0100 Subject: Better translations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace “Google Authenticator” by “Google Authenticator, Authy or FreeOTP” in all text. Translate how to use the code / qr code. --- .../CoreBundle/Resources/translations/messages.da.yml | 7 +++++-- .../CoreBundle/Resources/translations/messages.de.yml | 7 +++++-- .../CoreBundle/Resources/translations/messages.en.yml | 7 +++++-- .../CoreBundle/Resources/translations/messages.es.yml | 7 +++++-- .../CoreBundle/Resources/translations/messages.fa.yml | 7 +++++-- .../CoreBundle/Resources/translations/messages.fr.yml | 7 +++++-- .../CoreBundle/Resources/translations/messages.it.yml | 7 +++++-- .../CoreBundle/Resources/translations/messages.oc.yml | 7 +++++-- .../CoreBundle/Resources/translations/messages.pl.yml | 7 +++++-- .../CoreBundle/Resources/translations/messages.pt.yml | 7 +++++-- .../CoreBundle/Resources/translations/messages.ro.yml | 7 +++++-- .../CoreBundle/Resources/translations/messages.ru.yml | 7 +++++-- .../CoreBundle/Resources/translations/messages.th.yml | 7 +++++-- .../CoreBundle/Resources/translations/messages.tr.yml | 7 +++++-- .../Resources/views/themes/material/Config/index.html.twig | 13 ++++++------- 15 files changed, 76 insertions(+), 35 deletions(-) diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml index e62ba6d0..d3e96e5c 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml @@ -99,11 +99,14 @@ config: # all: 'All' # rss_limit: 'Number of items in the feed' form_user: - # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." + # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Navn' email_label: 'Emailadresse' # emailTwoFactor_label: 'Using email (receive a code by email)' - # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + # two_factor_code_description_2: 'You can scan that QR Code with your app:' + # two_factor_code_description_3: 'Or use that code:' delete: # title: Delete my account (a.k.a danger zone) # description: If you remove your account, ALL your articles, ALL your tags, ALL your annotations and your account will be PERMANENTLY removed (it can't be UNDONE). You'll then be logged out. diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml index f2d0408f..9aeddceb 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml @@ -99,11 +99,14 @@ config: all: 'Alle' rss_limit: 'Anzahl der Einträge pro Feed' form_user: - # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." + # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Name' email_label: 'E-Mail-Adresse' # emailTwoFactor_label: 'Using email (receive a code by email)' - # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + # two_factor_code_description_2: 'You can scan that QR Code with your app:' + # two_factor_code_description_3: 'Or use that code:' delete: title: 'Lösche mein Konto (a.k.a Gefahrenzone)' description: 'Wenn du dein Konto löschst, werden ALL deine Artikel, ALL deine Tags, ALL deine Anmerkungen und dein Konto dauerhaft gelöscht (kann NICHT RÜCKGÄNGIG gemacht werden). Du wirst anschließend ausgeloggt.' diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml index 859acdc0..22c68c79 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml @@ -99,11 +99,14 @@ config: all: 'All' rss_limit: 'Number of items in the feed' form_user: - two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." + two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Name' email_label: 'Email' emailTwoFactor_label: 'Using email (receive a code by email)' - googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' + googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + two_factor_code_description_2: 'You can scan that QR Code with your app:' + two_factor_code_description_3: 'Or use that code:' delete: title: Delete my account (a.k.a danger zone) description: If you remove your account, ALL your articles, ALL your tags, ALL your annotations and your account will be PERMANENTLY removed (it can't be UNDONE). You'll then be logged out. diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml index 3c3cbed4..6e710e56 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml @@ -99,11 +99,14 @@ config: # all: 'All' rss_limit: 'Límite de artículos en feed RSS' form_user: - # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." + # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Nombre' email_label: 'Dirección de e-mail' # emailTwoFactor_label: 'Using email (receive a code by email)' - # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + # two_factor_code_description_2: 'You can scan that QR Code with your app:' + # two_factor_code_description_3: 'Or use that code:' delete: title: Eliminar mi cuenta (Zona peligrosa) description: Si eliminas tu cuenta, TODOS tus artículos, TODAS tus etiquetas, TODAS tus anotaciones y tu cuenta serán eliminadas de forma PERMANENTE (no se puede deshacer). Después serás desconectado. diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml index ca25b390..855f38cc 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml @@ -99,11 +99,14 @@ config: # all: 'All' rss_limit: 'محدودیت آر-اس-اس' form_user: - # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." + # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'نام' email_label: 'نشانی ایمیل' # emailTwoFactor_label: 'Using email (receive a code by email)' - # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + # two_factor_code_description_2: 'You can scan that QR Code with your app:' + # two_factor_code_description_3: 'Or use that code:' delete: # title: Delete my account (a.k.a danger zone) # description: If you remove your account, ALL your articles, ALL your tags, ALL your annotations and your account will be PERMANENTLY removed (it can't be UNDONE). You'll then be logged out. diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml index b809ca32..f92b64a5 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml @@ -99,11 +99,14 @@ config: all: "Tous" rss_limit: "Nombre d’articles dans le flux" form_user: - two_factor_description: "Activer l’authentification double-facteur veut dire que vous allez recevoir un code par courriel OU que vous devriez utiliser une application de mot de passe à usage unique (comme Google Authenticator) pour obtenir un code temporaire à chaque nouvelle connexion non approuvée. Vous ne pouvez pas choisir les deux options." + two_factor_description: "Activer l’authentification double-facteur veut dire que vous allez recevoir un code par courriel OU que vous devriez utiliser une application de mot de passe à usage unique (comme Google Authenticator, Authy or FreeOTP) pour obtenir un code temporaire à chaque nouvelle connexion non approuvée. Vous ne pouvez pas choisir les deux options." name_label: "Nom" email_label: "Adresse courriel" emailTwoFactor_label: 'En utlisant l’email (recevez un code par email)' - googleTwoFactor_label: 'En utilisant une application de mot de passe à usage unique (ouvrez l’app, comme Google Authenticator, pour obtenir un mot de passe à usage unique)' + googleTwoFactor_label: 'En utilisant une application de mot de passe à usage unique (ouvrez l’app, comme Google Authenticator, Authy or FreeOTP, pour obtenir un mot de passe à usage unique)' + two_factor_code_description_1: Vous venez d’activer l’authentification double-facteur, ouvrez votre application OTP pour configurer la génération du mot de passe à usage unique. Ces informations disparaîtront après un rechargement de la page. + two_factor_code_description_2: 'Vous pouvez scanner le QR code avec votre application :' + two_factor_code_description_3: 'Ou utiliser le code suivant :' delete: title: "Supprimer mon compte (attention danger !)" description: "Si vous confirmez la suppression de votre compte, TOUS les articles, TOUS les tags, TOUTES les annotations et votre compte seront DÉFINITIVEMENT supprimé (c’est IRRÉVERSIBLE). Vous serez ensuite déconnecté." diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml index 7279dba1..95d4ac20 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml @@ -99,11 +99,14 @@ config: # all: 'All' rss_limit: 'Numero di elementi nel feed' form_user: - # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." + # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Nome' email_label: 'E-mail' # emailTwoFactor_label: 'Using email (receive a code by email)' - # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + # two_factor_code_description_2: 'You can scan that QR Code with your app:' + # two_factor_code_description_3: 'Or use that code:' delete: title: Cancella il mio account (zona pericolosa) description: Rimuovendo il tuo account, TUTTI i tuoi articoli, TUTTE le tue etichette, TUTTE le tue annotazioni ed il tuo account verranno rimossi PERMANENTEMENTE (impossibile da ANNULLARE). Verrai poi disconnesso. diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml index f262ba7b..96725a06 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml @@ -99,11 +99,14 @@ config: all: 'Totes' rss_limit: "Nombre d'articles dins un flux RSS" form_user: - # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." + # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Nom' email_label: 'Adreça de corrièl' # emailTwoFactor_label: 'Using email (receive a code by email)' - # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + # two_factor_code_description_2: 'You can scan that QR Code with your app:' + # two_factor_code_description_3: 'Or use that code:' delete: title: Suprimir mon compte (Mèfi zòna perilhosa) description: Se confirmatz la supression de vòstre compte, TOTES vòstres articles, TOTAS vòstras etiquetas, TOTAS vòstras anotacions e vòstre compte seràn suprimits per totjorn. E aquò es IRREVERSIBLE. Puèi seretz desconnectat. diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml index 99c2183e..5f77061c 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml @@ -99,11 +99,14 @@ config: all: 'Wszystkie' rss_limit: 'Link do RSS' form_user: - two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." + two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Nazwa' email_label: 'Adres email' # emailTwoFactor_label: 'Using email (receive a code by email)' - # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + # two_factor_code_description_2: 'You can scan that QR Code with your app:' + # two_factor_code_description_3: 'Or use that code:' delete: title: Usuń moje konto (niebezpieczna strefa !) description: Jeżeli usuniesz swoje konto, wszystkie twoje artykuły, tagi, adnotacje, oraz konto zostaną trwale usunięte (operacja jest NIEODWRACALNA). Następnie zostaniesz wylogowany. diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml index 806c2d78..f40f9795 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml @@ -99,11 +99,14 @@ config: # all: 'All' rss_limit: 'Número de itens no feed' form_user: - # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." + # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Nome' email_label: 'E-mail' # emailTwoFactor_label: 'Using email (receive a code by email)' - # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + # two_factor_code_description_2: 'You can scan that QR Code with your app:' + # two_factor_code_description_3: 'Or use that code:' delete: # title: Delete my account (a.k.a danger zone) # description: If you remove your account, ALL your articles, ALL your tags, ALL your annotations and your account will be PERMANENTLY removed (it can't be UNDONE). You'll then be logged out. diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml index ed75ed6e..369d2d44 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml @@ -99,11 +99,14 @@ config: # all: 'All' rss_limit: 'Limită RSS' form_user: - # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." + # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Nume' email_label: 'E-mail' # emailTwoFactor_label: 'Using email (receive a code by email)' - # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + # two_factor_code_description_2: 'You can scan that QR Code with your app:' + # two_factor_code_description_3: 'Or use that code:' delete: # title: Delete my account (a.k.a danger zone) # description: If you remove your account, ALL your articles, ALL your tags, ALL your annotations and your account will be PERMANENTLY removed (it can't be UNDONE). You'll then be logged out. diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml index 1c6e6771..d9b33fed 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml @@ -96,11 +96,14 @@ config: archive: 'архивные' rss_limit: 'Количество записей в фиде' form_user: - # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." + # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Имя' email_label: 'Email' # emailTwoFactor_label: 'Using email (receive a code by email)' - # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + # two_factor_code_description_2: 'You can scan that QR Code with your app:' + # two_factor_code_description_3: 'Or use that code:' delete: title: "Удалить мой аккаунт (или опасная зона)" description: "Если Вы удалите ваш аккаунт, ВСЕ ваши записи, теги и другие данные, будут БЕЗВОЗВРАТНО удалены (операция не может быть отменена после). Затем Вы выйдете из системы." diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml index af798943..f25bac84 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml @@ -99,11 +99,14 @@ config: all: 'ทั้งหมด' rss_limit: 'จำนวนไอเทมที่เก็บ' form_user: - # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." + # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'ชื่อ' email_label: 'อีเมล' # emailTwoFactor_label: 'Using email (receive a code by email)' - # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + # two_factor_code_description_2: 'You can scan that QR Code with your app:' + # two_factor_code_description_3: 'Or use that code:' delete: title: ลบบัญชีของฉัน (โซนที่เป็นภัย!) description: ถ้าคุณลบบัญชีของคุณIf , รายการทั้งหมดของคุณ, แท็กทั้งหมดของคุณ, หมายเหตุทั้งหมดของคุณและบัญชีของคุณจะถูกลบอย่างถาวร (มันไม่สามารถยกเลิกได้) คุณจะต้องลงชื่อออก diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml index 352a2cc4..d65fc001 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml @@ -99,11 +99,14 @@ config: # all: 'All' rss_limit: 'RSS içeriğinden talep edilecek makale limiti' form_user: - # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator) to get a one time code on every new untrusted connection. You can't choose both option." + # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'İsim' email_label: 'E-posta' # emailTwoFactor_label: 'Using email (receive a code by email)' - # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, to get a one time code)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + # two_factor_code_description_2: 'You can scan that QR Code with your app:' + # two_factor_code_description_3: 'Or use that code:' delete: # title: Delete my account (a.k.a danger zone) # description: If you remove your account, ALL your articles, ALL your tags, ALL your annotations and your account will be PERMANENTLY removed (it can't be UNDONE). You'll then be logged out. diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig index ca7eb9f3..73cf592e 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig @@ -214,19 +214,18 @@ {% for OtpQrCode in app.session.flashbag.get('OtpQrCode') %}
    - You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. + {{ 'config.form_user.two_factor_code_description_1'|trans }}
    - That code will disapear after a page reload. + {{ 'config.form_user.two_factor_code_description_2'|trans }}

    - {{ app.user.getGoogleAuthenticatorSecret }} -

    - Or you can scan that QR Code with your app: -
    - +

    + {{ 'config.form_user.two_factor_code_description_3'|trans }} +

    + {{ app.user.getGoogleAuthenticatorSecret }}
    {% endfor %} {% endif %} -- cgit v1.2.3 From dfd0a7bc5feb4fd7b77d7e2f3a25c5c3febc1eba Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Mon, 3 Dec 2018 06:51:06 +0100 Subject: Add backup codes --- app/DoctrineMigrations/Version20181202073750.php | 22 +++++++++++-- app/config/config.yml | 3 ++ composer.json | 3 +- .../CoreBundle/Controller/ConfigController.php | 3 ++ .../Resources/translations/messages.da.yml | 1 + .../Resources/translations/messages.de.yml | 1 + .../Resources/translations/messages.en.yml | 1 + .../Resources/translations/messages.es.yml | 1 + .../Resources/translations/messages.fa.yml | 1 + .../Resources/translations/messages.fr.yml | 1 + .../Resources/translations/messages.it.yml | 1 + .../Resources/translations/messages.oc.yml | 1 + .../Resources/translations/messages.pl.yml | 1 + .../Resources/translations/messages.pt.yml | 1 + .../Resources/translations/messages.ro.yml | 1 + .../Resources/translations/messages.ru.yml | 1 + .../Resources/translations/messages.th.yml | 1 + .../Resources/translations/messages.tr.yml | 1 + .../views/themes/baggy/Config/index.html.twig | 19 ++++++----- .../views/themes/material/Config/index.html.twig | 8 +++-- src/Wallabag/UserBundle/Entity/User.php | 38 +++++++++++++++++++++- 21 files changed, 96 insertions(+), 14 deletions(-) diff --git a/app/DoctrineMigrations/Version20181202073750.php b/app/DoctrineMigrations/Version20181202073750.php index a2308b99..b6ad8bd7 100644 --- a/app/DoctrineMigrations/Version20181202073750.php +++ b/app/DoctrineMigrations/Version20181202073750.php @@ -12,11 +12,29 @@ final class Version20181202073750 extends WallabagMigration { public function up(Schema $schema): void { - $this->addSql('ALTER TABLE ' . $this->getTable('user') . ' ADD googleAuthenticatorSecret VARCHAR(191) DEFAULT NULL, CHANGE twoFactorAuthentication emailTwoFactor BOOLEAN NOT NULL, DROP trusted'); + $tableName = $this->getTable('annotation'); + + switch ($this->connection->getDatabasePlatform()->getName()) { + case 'sqlite': + break; + case 'mysql': + $this->addSql('ALTER TABLE ' . $this->getTable('user') . ' ADD googleAuthenticatorSecret VARCHAR(191) DEFAULT NULL, CHANGE twoFactorAuthentication emailTwoFactor BOOLEAN NOT NULL, DROP trusted, ADD backupCodes LONGTEXT DEFAULT NULL COMMENT \'(DC2Type:json_array)\''); + break; + case 'postgresql': + break; + } } public function down(Schema $schema): void { - $this->addSql('ALTER TABLE `' . $this->getTable('user') . '` DROP googleAuthenticatorSecret, CHANGE emailtwofactor twoFactorAuthentication BOOLEAN NOT NULL, ADD trusted TEXT DEFAULT NULL'); + switch ($this->connection->getDatabasePlatform()->getName()) { + case 'sqlite': + break; + case 'mysql': + $this->addSql('ALTER TABLE `' . $this->getTable('user') . '` DROP googleAuthenticatorSecret, CHANGE emailtwofactor twoFactorAuthentication BOOLEAN NOT NULL, ADD trusted TEXT DEFAULT NULL, DROP backupCodes'); + break; + case 'postgresql': + break; + } } } diff --git a/app/config/config.yml b/app/config/config.yml index 908f53b7..2d8f9bf0 100644 --- a/app/config/config.yml +++ b/app/config/config.yml @@ -203,6 +203,9 @@ scheb_two_factor: cookie_name: wllbg_trusted_computer lifetime: 2592000 + backup_codes: + enabled: "%twofactor_auth%" + google: enabled: "%twofactor_auth%" template: WallabagUserBundle:Authentication:form.html.twig diff --git a/composer.json b/composer.json index 771580c6..7678d7b8 100644 --- a/composer.json +++ b/composer.json @@ -87,7 +87,8 @@ "friendsofsymfony/jsrouting-bundle": "^2.2", "bdunogier/guzzle-site-authenticator": "^1.0.0", "defuse/php-encryption": "^2.1", - "html2text/html2text": "^4.1" + "html2text/html2text": "^4.1", + "pragmarx/recovery": "^0.1.0" }, "require-dev": { "doctrine/doctrine-fixtures-bundle": "~3.0", diff --git a/src/Wallabag/CoreBundle/Controller/ConfigController.php b/src/Wallabag/CoreBundle/Controller/ConfigController.php index 846e96ff..c9fc5702 100644 --- a/src/Wallabag/CoreBundle/Controller/ConfigController.php +++ b/src/Wallabag/CoreBundle/Controller/ConfigController.php @@ -2,6 +2,7 @@ namespace Wallabag\CoreBundle\Controller; +use PragmaRX\Recovery\Recovery as BackupCodes; use Symfony\Bundle\FrameworkBundle\Controller\Controller; use Symfony\Component\HttpFoundation\JsonResponse; use Symfony\Component\HttpFoundation\RedirectResponse; @@ -93,10 +94,12 @@ class ConfigController extends Controller $user->setGoogleAuthenticatorSecret($secret); $user->setEmailTwoFactor(false); + $user->setBackupCodes((new BackupCodes())->toArray()); $this->addFlash('OtpQrCode', $this->get('scheb_two_factor.security.google_authenticator')->getQRContent($user)); } elseif (false === $userForm->get('googleTwoFactor')->getData() && true === $user->isGoogleAuthenticatorEnabled()) { $user->setGoogleAuthenticatorSecret(null); + $user->setBackupCodes(null); } } diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml index d3e96e5c..0114a983 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml @@ -107,6 +107,7 @@ config: # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. # two_factor_code_description_2: 'You can scan that QR Code with your app:' # two_factor_code_description_3: 'Or use that code:' + # two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' delete: # title: Delete my account (a.k.a danger zone) # description: If you remove your account, ALL your articles, ALL your tags, ALL your annotations and your account will be PERMANENTLY removed (it can't be UNDONE). You'll then be logged out. diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml index 9aeddceb..fd9796ba 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml @@ -107,6 +107,7 @@ config: # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. # two_factor_code_description_2: 'You can scan that QR Code with your app:' # two_factor_code_description_3: 'Or use that code:' + # two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' delete: title: 'Lösche mein Konto (a.k.a Gefahrenzone)' description: 'Wenn du dein Konto löschst, werden ALL deine Artikel, ALL deine Tags, ALL deine Anmerkungen und dein Konto dauerhaft gelöscht (kann NICHT RÜCKGÄNGIG gemacht werden). Du wirst anschließend ausgeloggt.' diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml index 22c68c79..ddc079ed 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml @@ -107,6 +107,7 @@ config: two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. two_factor_code_description_2: 'You can scan that QR Code with your app:' two_factor_code_description_3: 'Or use that code:' + two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' delete: title: Delete my account (a.k.a danger zone) description: If you remove your account, ALL your articles, ALL your tags, ALL your annotations and your account will be PERMANENTLY removed (it can't be UNDONE). You'll then be logged out. diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml index 6e710e56..8ac66169 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml @@ -107,6 +107,7 @@ config: # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. # two_factor_code_description_2: 'You can scan that QR Code with your app:' # two_factor_code_description_3: 'Or use that code:' + # two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' delete: title: Eliminar mi cuenta (Zona peligrosa) description: Si eliminas tu cuenta, TODOS tus artículos, TODAS tus etiquetas, TODAS tus anotaciones y tu cuenta serán eliminadas de forma PERMANENTE (no se puede deshacer). Después serás desconectado. diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml index 855f38cc..bc754ca2 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml @@ -107,6 +107,7 @@ config: # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. # two_factor_code_description_2: 'You can scan that QR Code with your app:' # two_factor_code_description_3: 'Or use that code:' + # two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' delete: # title: Delete my account (a.k.a danger zone) # description: If you remove your account, ALL your articles, ALL your tags, ALL your annotations and your account will be PERMANENTLY removed (it can't be UNDONE). You'll then be logged out. diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml index f92b64a5..28841145 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml @@ -107,6 +107,7 @@ config: two_factor_code_description_1: Vous venez d’activer l’authentification double-facteur, ouvrez votre application OTP pour configurer la génération du mot de passe à usage unique. Ces informations disparaîtront après un rechargement de la page. two_factor_code_description_2: 'Vous pouvez scanner le QR code avec votre application :' two_factor_code_description_3: 'Ou utiliser le code suivant :' + two_factor_code_description_4: 'N’oubliez pas de sauvegarder ces codes de secours dans un endroit sûr, vous pourrez les utiliser si vous ne pouvez plus accéder à votre application OTP :' delete: title: "Supprimer mon compte (attention danger !)" description: "Si vous confirmez la suppression de votre compte, TOUS les articles, TOUS les tags, TOUTES les annotations et votre compte seront DÉFINITIVEMENT supprimé (c’est IRRÉVERSIBLE). Vous serez ensuite déconnecté." diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml index 95d4ac20..b78dcb32 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml @@ -107,6 +107,7 @@ config: # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. # two_factor_code_description_2: 'You can scan that QR Code with your app:' # two_factor_code_description_3: 'Or use that code:' + # two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' delete: title: Cancella il mio account (zona pericolosa) description: Rimuovendo il tuo account, TUTTI i tuoi articoli, TUTTE le tue etichette, TUTTE le tue annotazioni ed il tuo account verranno rimossi PERMANENTEMENTE (impossibile da ANNULLARE). Verrai poi disconnesso. diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml index 96725a06..c1f57bc7 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml @@ -107,6 +107,7 @@ config: # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. # two_factor_code_description_2: 'You can scan that QR Code with your app:' # two_factor_code_description_3: 'Or use that code:' + # two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' delete: title: Suprimir mon compte (Mèfi zòna perilhosa) description: Se confirmatz la supression de vòstre compte, TOTES vòstres articles, TOTAS vòstras etiquetas, TOTAS vòstras anotacions e vòstre compte seràn suprimits per totjorn. E aquò es IRREVERSIBLE. Puèi seretz desconnectat. diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml index 5f77061c..2dc8d854 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml @@ -107,6 +107,7 @@ config: # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. # two_factor_code_description_2: 'You can scan that QR Code with your app:' # two_factor_code_description_3: 'Or use that code:' + # two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' delete: title: Usuń moje konto (niebezpieczna strefa !) description: Jeżeli usuniesz swoje konto, wszystkie twoje artykuły, tagi, adnotacje, oraz konto zostaną trwale usunięte (operacja jest NIEODWRACALNA). Następnie zostaniesz wylogowany. diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml index f40f9795..a81d8d0d 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml @@ -107,6 +107,7 @@ config: # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. # two_factor_code_description_2: 'You can scan that QR Code with your app:' # two_factor_code_description_3: 'Or use that code:' + # two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' delete: # title: Delete my account (a.k.a danger zone) # description: If you remove your account, ALL your articles, ALL your tags, ALL your annotations and your account will be PERMANENTLY removed (it can't be UNDONE). You'll then be logged out. diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml index 369d2d44..fd565819 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml @@ -107,6 +107,7 @@ config: # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. # two_factor_code_description_2: 'You can scan that QR Code with your app:' # two_factor_code_description_3: 'Or use that code:' + # two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' delete: # title: Delete my account (a.k.a danger zone) # description: If you remove your account, ALL your articles, ALL your tags, ALL your annotations and your account will be PERMANENTLY removed (it can't be UNDONE). You'll then be logged out. diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml index d9b33fed..5a0c5445 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml @@ -104,6 +104,7 @@ config: # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. # two_factor_code_description_2: 'You can scan that QR Code with your app:' # two_factor_code_description_3: 'Or use that code:' + # two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' delete: title: "Удалить мой аккаунт (или опасная зона)" description: "Если Вы удалите ваш аккаунт, ВСЕ ваши записи, теги и другие данные, будут БЕЗВОЗВРАТНО удалены (операция не может быть отменена после). Затем Вы выйдете из системы." diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml index f25bac84..a69b5008 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml @@ -107,6 +107,7 @@ config: # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. # two_factor_code_description_2: 'You can scan that QR Code with your app:' # two_factor_code_description_3: 'Or use that code:' + # two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' delete: title: ลบบัญชีของฉัน (โซนที่เป็นภัย!) description: ถ้าคุณลบบัญชีของคุณIf , รายการทั้งหมดของคุณ, แท็กทั้งหมดของคุณ, หมายเหตุทั้งหมดของคุณและบัญชีของคุณจะถูกลบอย่างถาวร (มันไม่สามารถยกเลิกได้) คุณจะต้องลงชื่อออก diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml index d65fc001..0c3d84e9 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml @@ -107,6 +107,7 @@ config: # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. # two_factor_code_description_2: 'You can scan that QR Code with your app:' # two_factor_code_description_3: 'Or use that code:' + # two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' delete: # title: Delete my account (a.k.a danger zone) # description: If you remove your account, ALL your articles, ALL your tags, ALL your annotations and your account will be PERMANENTLY removed (it can't be UNDONE). You'll then be logged out. diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig index 6ee57443..cf439408 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig @@ -187,19 +187,22 @@ {% for OtpQrCode in app.session.flashbag.get('OtpQrCode') %}
    - You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. + {{ 'config.form_user.two_factor_code_description_1'|trans }}
    - That code will disapear after a page reload. + {{ 'config.form_user.two_factor_code_description_2'|trans }}

    - {{ app.user.getGoogleAuthenticatorSecret }} -

    - Or you can scan that QR Code with your app: -
    - +

    + {{ 'config.form_user.two_factor_code_description_3'|trans }} +

    + {{ app.user.getGoogleAuthenticatorSecret }} +

    + {{ 'config.form_user.two_factor_code_description_4'|trans }} +

    + {{ app.user.getBackupCodes|join("\n")|nl2br }}
    {% endfor %} diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig index 73cf592e..5b00eb7b 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig @@ -112,7 +112,7 @@ @@ -220,12 +220,16 @@



    {{ 'config.form_user.two_factor_code_description_3'|trans }}

    {{ app.user.getGoogleAuthenticatorSecret }} +

    + {{ 'config.form_user.two_factor_code_description_4'|trans }} +

    + {{ app.user.getBackupCodes|join("\n")|nl2br }} {% endfor %} {% endif %} diff --git a/src/Wallabag/UserBundle/Entity/User.php b/src/Wallabag/UserBundle/Entity/User.php index 6e305719..ab34e2bf 100644 --- a/src/Wallabag/UserBundle/Entity/User.php +++ b/src/Wallabag/UserBundle/Entity/User.php @@ -8,6 +8,7 @@ use FOS\UserBundle\Model\User as BaseUser; use JMS\Serializer\Annotation\Accessor; use JMS\Serializer\Annotation\Groups; use JMS\Serializer\Annotation\XmlRoot; +use Scheb\TwoFactorBundle\Model\BackupCodeInterface; use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface as EmailTwoFactorInterface; use Scheb\TwoFactorBundle\Model\Google\TwoFactorInterface as GoogleTwoFactorInterface; use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity; @@ -28,7 +29,7 @@ use Wallabag\CoreBundle\Helper\EntityTimestampsTrait; * @UniqueEntity("email") * @UniqueEntity("username") */ -class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorInterface +class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorInterface, BackupCodeInterface { use EntityTimestampsTrait; @@ -127,6 +128,11 @@ class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorI */ private $googleAuthenticatorSecret; + /** + * @ORM\Column(type="json_array", nullable=true) + */ + private $backupCodes; + /** * @var bool * @@ -318,6 +324,36 @@ class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorI $this->googleAuthenticatorSecret = $googleAuthenticatorSecret; } + public function setBackupCodes(array $codes = null) + { + $this->backupCodes = $codes; + } + + public function getBackupCodes() + { + return $this->backupCodes; + } + + /** + * {@inheritdoc} + */ + public function isBackupCode(string $code): bool + { + return \in_array($code, $this->backupCodes, true); + } + + /** + * {@inheritdoc} + */ + public function invalidateBackupCode(string $code): void + { + $key = array_search($code, $this->backupCodes, true); + + if (false !== $key) { + unset($this->backupCodes[$key]); + } + } + /** * @param Client $client * -- cgit v1.2.3 From 842af5c3571c5318ae4e1c81dc52457fbf6d3f21 Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Wed, 5 Dec 2018 11:39:51 +0100 Subject: Add SQLite & PG migration Also remove the forced `server_version` from dbal config to avoid an hard overriding across all database. --- app/DoctrineMigrations/Version20181202073750.php | 46 +++++++++++++++++++++--- 1 file changed, 41 insertions(+), 5 deletions(-) diff --git a/app/DoctrineMigrations/Version20181202073750.php b/app/DoctrineMigrations/Version20181202073750.php index b6ad8bd7..5978291e 100644 --- a/app/DoctrineMigrations/Version20181202073750.php +++ b/app/DoctrineMigrations/Version20181202073750.php @@ -6,21 +6,39 @@ use Doctrine\DBAL\Schema\Schema; use Wallabag\CoreBundle\Doctrine\WallabagMigration; /** - * Add 2fa OTP (named google authenticator). + * Add 2fa OTP stuff. */ final class Version20181202073750 extends WallabagMigration { public function up(Schema $schema): void { - $tableName = $this->getTable('annotation'); - switch ($this->connection->getDatabasePlatform()->getName()) { case 'sqlite': + $this->addSql('DROP INDEX UNIQ_1D63E7E5C05FB297'); + $this->addSql('DROP INDEX UNIQ_1D63E7E5A0D96FBF'); + $this->addSql('DROP INDEX UNIQ_1D63E7E592FC23A8'); + $this->addSql('CREATE TEMPORARY TABLE __temp__' . $this->getTable('user', true) . ' AS SELECT id, username, username_canonical, email, email_canonical, enabled, salt, password, last_login, confirmation_token, password_requested_at, roles, name, created_at, updated_at, authCode, twoFactorAuthentication FROM ' . $this->getTable('user', true) . ''); + $this->addSql('DROP TABLE ' . $this->getTable('user', true) . ''); + $this->addSql('CREATE TABLE ' . $this->getTable('user', true) . ' (id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, username VARCHAR(180) NOT NULL COLLATE BINARY, username_canonical VARCHAR(180) NOT NULL COLLATE BINARY, email VARCHAR(180) NOT NULL COLLATE BINARY, email_canonical VARCHAR(180) NOT NULL COLLATE BINARY, enabled BOOLEAN NOT NULL, password VARCHAR(255) NOT NULL COLLATE BINARY, last_login DATETIME DEFAULT NULL, password_requested_at DATETIME DEFAULT NULL, name CLOB DEFAULT NULL COLLATE BINARY, created_at DATETIME NOT NULL, updated_at DATETIME NOT NULL, authCode INTEGER DEFAULT NULL, emailTwoFactor BOOLEAN NOT NULL, salt VARCHAR(255) DEFAULT NULL, confirmation_token VARCHAR(180) DEFAULT NULL, roles CLOB NOT NULL --(DC2Type:array) + , googleAuthenticatorSecret VARCHAR(255) DEFAULT NULL, backupCodes CLOB DEFAULT NULL --(DC2Type:json_array) + )'); + $this->addSql('INSERT INTO ' . $this->getTable('user', true) . ' (id, username, username_canonical, email, email_canonical, enabled, salt, password, last_login, confirmation_token, password_requested_at, roles, name, created_at, updated_at, authCode, emailTwoFactor) SELECT id, username, username_canonical, email, email_canonical, enabled, salt, password, last_login, confirmation_token, password_requested_at, roles, name, created_at, updated_at, authCode, twoFactorAuthentication FROM __temp__' . $this->getTable('user', true) . ''); + $this->addSql('DROP TABLE __temp__' . $this->getTable('user', true) . ''); + $this->addSql('CREATE UNIQUE INDEX UNIQ_1D63E7E5C05FB297 ON ' . $this->getTable('user', true) . ' (confirmation_token)'); + $this->addSql('CREATE UNIQUE INDEX UNIQ_1D63E7E5A0D96FBF ON ' . $this->getTable('user', true) . ' (email_canonical)'); + $this->addSql('CREATE UNIQUE INDEX UNIQ_1D63E7E592FC23A8 ON ' . $this->getTable('user', true) . ' (username_canonical)'); break; case 'mysql': - $this->addSql('ALTER TABLE ' . $this->getTable('user') . ' ADD googleAuthenticatorSecret VARCHAR(191) DEFAULT NULL, CHANGE twoFactorAuthentication emailTwoFactor BOOLEAN NOT NULL, DROP trusted, ADD backupCodes LONGTEXT DEFAULT NULL COMMENT \'(DC2Type:json_array)\''); + $this->addSql('ALTER TABLE ' . $this->getTable('user') . ' ADD googleAuthenticatorSecret VARCHAR(191) DEFAULT NULL'); + $this->addSql('ALTER TABLE ' . $this->getTable('user') . ' CHANGE twoFactorAuthentication emailTwoFactor BOOLEAN NOT NULL'); + $this->addSql('ALTER TABLE ' . $this->getTable('user') . ' DROP trusted'); + $this->addSql('ALTER TABLE ' . $this->getTable('user') . ' ADD backupCodes LONGTEXT DEFAULT NULL COMMENT \'(DC2Type:json_array)\''); break; case 'postgresql': + $this->addSql('ALTER TABLE ' . $this->getTable('user') . ' ADD googleAuthenticatorSecret VARCHAR(191) DEFAULT NULL'); + $this->addSql('ALTER TABLE ' . $this->getTable('user') . ' RENAME COLUMN twofactorauthentication TO emailTwoFactor'); + $this->addSql('ALTER TABLE ' . $this->getTable('user') . ' DROP trusted'); + $this->addSql('ALTER TABLE ' . $this->getTable('user') . ' ADD backupCodes TEXT DEFAULT NULL'); break; } } @@ -29,11 +47,29 @@ final class Version20181202073750 extends WallabagMigration { switch ($this->connection->getDatabasePlatform()->getName()) { case 'sqlite': + $this->addSql('DROP INDEX UNIQ_1D63E7E592FC23A8'); + $this->addSql('DROP INDEX UNIQ_1D63E7E5A0D96FBF'); + $this->addSql('DROP INDEX UNIQ_1D63E7E5C05FB297'); + $this->addSql('CREATE TEMPORARY TABLE __temp__' . $this->getTable('user', true) . ' AS SELECT id, username, username_canonical, email, email_canonical, enabled, salt, password, last_login, confirmation_token, password_requested_at, roles, name, created_at, updated_at, authCode, emailTwoFactor FROM "' . $this->getTable('user', true) . '"'); + $this->addSql('DROP TABLE "' . $this->getTable('user', true) . '"'); + $this->addSql('CREATE TABLE "' . $this->getTable('user', true) . '" (id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, username VARCHAR(180) NOT NULL, username_canonical VARCHAR(180) NOT NULL, email VARCHAR(180) NOT NULL, email_canonical VARCHAR(180) NOT NULL, enabled BOOLEAN NOT NULL, password VARCHAR(255) NOT NULL, last_login DATETIME DEFAULT NULL, password_requested_at DATETIME DEFAULT NULL, name CLOB DEFAULT NULL, created_at DATETIME NOT NULL, updated_at DATETIME NOT NULL, authCode INTEGER DEFAULT NULL, twoFactorAuthentication BOOLEAN NOT NULL, salt VARCHAR(255) NOT NULL COLLATE BINARY, confirmation_token VARCHAR(255) DEFAULT NULL COLLATE BINARY, roles CLOB NOT NULL COLLATE BINARY, trusted CLOB DEFAULT NULL COLLATE BINARY)'); + $this->addSql('INSERT INTO "' . $this->getTable('user', true) . '" (id, username, username_canonical, email, email_canonical, enabled, salt, password, last_login, confirmation_token, password_requested_at, roles, name, created_at, updated_at, authCode, twoFactorAuthentication) SELECT id, username, username_canonical, email, email_canonical, enabled, salt, password, last_login, confirmation_token, password_requested_at, roles, name, created_at, updated_at, authCode, emailTwoFactor FROM __temp__' . $this->getTable('user', true) . ''); + $this->addSql('DROP TABLE __temp__' . $this->getTable('user', true) . ''); + $this->addSql('CREATE UNIQUE INDEX UNIQ_1D63E7E592FC23A8 ON "' . $this->getTable('user', true) . '" (username_canonical)'); + $this->addSql('CREATE UNIQUE INDEX UNIQ_1D63E7E5A0D96FBF ON "' . $this->getTable('user', true) . '" (email_canonical)'); + $this->addSql('CREATE UNIQUE INDEX UNIQ_1D63E7E5C05FB297 ON "' . $this->getTable('user', true) . '" (confirmation_token)'); break; case 'mysql': - $this->addSql('ALTER TABLE `' . $this->getTable('user') . '` DROP googleAuthenticatorSecret, CHANGE emailtwofactor twoFactorAuthentication BOOLEAN NOT NULL, ADD trusted TEXT DEFAULT NULL, DROP backupCodes'); + $this->addSql('ALTER TABLE `' . $this->getTable('user') . '` DROP googleAuthenticatorSecret'); + $this->addSql('ALTER TABLE `' . $this->getTable('user') . '` CHANGE emailtwofactor twoFactorAuthentication BOOLEAN NOT NULL'); + $this->addSql('ALTER TABLE `' . $this->getTable('user') . '` ADD trusted TEXT DEFAULT NULL'); + $this->addSql('ALTER TABLE `' . $this->getTable('user') . '` DROP backupCodes'); break; case 'postgresql': + $this->addSql('ALTER TABLE ' . $this->getTable('user') . ' DROP googleAuthenticatorSecret'); + $this->addSql('ALTER TABLE ' . $this->getTable('user') . ' RENAME COLUMN emailTwoFactor TO twofactorauthentication'); + $this->addSql('ALTER TABLE ' . $this->getTable('user') . ' ADD trusted TEXT DEFAULT NULL'); + $this->addSql('ALTER TABLE ' . $this->getTable('user') . ' DROP backupCodes'); break; } } -- cgit v1.2.3 From 6df8b9c6a90de333c9e24a49615fffa9e350e382 Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Wed, 5 Dec 2018 14:29:46 +0100 Subject: Fix PG & Travis drop/create database --- .editorconfig | 2 +- .travis.yml | 10 ++++++---- GNUmakefile | 6 ++++++ 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/.editorconfig b/.editorconfig index 6553d30f..14044044 100644 --- a/.editorconfig +++ b/.editorconfig @@ -13,5 +13,5 @@ insert_final_newline = true indent_style = space indent_size = 2 -[Makefile] +[*akefile] indent_style = tab diff --git a/.travis.yml b/.travis.yml index 0ca1e192..c660bb5e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -51,15 +51,17 @@ install: before_script: - PHP=$TRAVIS_PHP_VERSION - - if [[ ! $PHP = hhvm* ]]; then echo "memory_limit=-1" >> ~/.phpenv/versions/$(phpenv version-name)/etc/conf.d/travis.ini; fi; - # xdebug isn't enable for PHP 7.1 - - if [[ ! $PHP = hhvm* ]]; then phpenv config-rm xdebug.ini || echo "xdebug not available"; fi + - echo "memory_limit=-1" >> ~/.phpenv/versions/$(phpenv version-name)/etc/conf.d/travis.ini + - phpenv config-rm xdebug.ini || echo "xdebug not available" - composer self-update --no-progress script: - travis_wait bash composer install -o --no-interaction --no-progress --prefer-dist + - echo "travis_fold:start:prepare" - - make prepare DB=$DB + # custom "prepare" for PG because the database should be created with a different user (see "before_script") + - if [[ ! $DB = pgsql ]]; then make prepare DB=$DB; fi; + - if [[ $DB = pgsql ]]; then make prepare-travis-pg DB=$DB; fi; - echo "travis_fold:end:prepare" - make fixtures diff --git a/GNUmakefile b/GNUmakefile index a04468cb..d8c16202 100755 --- a/GNUmakefile +++ b/GNUmakefile @@ -25,6 +25,12 @@ run: ## Run the wallabag built-in server build: ## Run webpack @npm run build:$(ENV) +prepare-travis-pg: ## Custom prepare for Travis & Postgres (do not drop/create the database) +ifdef DB + cp app/config/tests/parameters_test.$(DB).yml app/config/parameters_test.yml +endif + php bin/console doctrine:migrations:migrate --no-interaction --env=test + prepare: clean ## Prepare database for testsuite ifdef DB cp app/config/tests/parameters_test.$(DB).yml app/config/parameters_test.yml -- cgit v1.2.3 From e073090b8d86ce925f8a08b68e212cc2af66e639 Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Fri, 7 Dec 2018 18:00:57 +0100 Subject: Update translation --- src/Wallabag/CoreBundle/Resources/translations/messages.da.yml | 2 +- src/Wallabag/CoreBundle/Resources/translations/messages.de.yml | 2 +- src/Wallabag/CoreBundle/Resources/translations/messages.en.yml | 2 +- src/Wallabag/CoreBundle/Resources/translations/messages.es.yml | 2 +- src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml | 2 +- src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml | 2 +- src/Wallabag/CoreBundle/Resources/translations/messages.it.yml | 2 +- src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml | 2 +- src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml | 2 +- src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml | 2 +- src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml | 2 +- src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml | 2 +- src/Wallabag/CoreBundle/Resources/translations/messages.th.yml | 2 +- src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml | 2 +- 14 files changed, 14 insertions(+), 14 deletions(-) diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml index 0114a983..ae8f8695 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml @@ -538,7 +538,7 @@ user: # enabled_label: 'Enabled' # last_login_label: 'Last login' # twofactor_email_label: Two factor authentication by email - # twofactor_google_label: Two factor authentication by Google + # twofactor_google_label: Two factor authentication by OTP app # save: Save # delete: Delete # delete_confirm: Are you sure? diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml index fd9796ba..7b66e5dc 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml @@ -538,7 +538,7 @@ user: enabled_label: 'Aktiviert' last_login_label: 'Letzter Login' # twofactor_email_label: Two factor authentication by email - # twofactor_google_label: Two factor authentication by Google + # twofactor_google_label: Two factor authentication by OTP app save: 'Speichern' delete: 'Löschen' delete_confirm: 'Bist du sicher?' diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml index ddc079ed..567584b2 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml @@ -538,7 +538,7 @@ user: enabled_label: 'Enabled' last_login_label: 'Last login' twofactor_email_label: Two factor authentication by email - twofactor_google_label: Two factor authentication by Google + twofactor_google_label: Two factor authentication by OTP app save: Save delete: Delete delete_confirm: Are you sure? diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml index 8ac66169..1ba4bce4 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml @@ -538,7 +538,7 @@ user: enabled_label: 'Activado' last_login_label: 'Último inicio de sesión' # twofactor_email_label: Two factor authentication by email - # twofactor_google_label: Two factor authentication by Google + # twofactor_google_label: Two factor authentication by OTP app save: Guardar delete: Eliminar delete_confirm: ¿Estás seguro? diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml index bc754ca2..d20c89d9 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml @@ -538,7 +538,7 @@ user: # enabled_label: 'Enabled' # last_login_label: 'Last login' # twofactor_email_label: Two factor authentication by email - # twofactor_google_label: Two factor authentication by Google + # twofactor_google_label: Two factor authentication by OTP app # save: Save # delete: Delete # delete_confirm: Are you sure? diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml index 28841145..fd405059 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml @@ -539,7 +539,7 @@ user: last_login_label: "Dernière connexion" twofactor_label: "Double authentification" twofactor_email_label: Double authentification par email - twofactor_google_label: Double authentification par Google + twofactor_google_label: Double authentification par OTP app save: "Sauvegarder" delete: "Supprimer" delete_confirm: "Êtes-vous sûr ?" diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml index b78dcb32..33326231 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml @@ -538,7 +538,7 @@ user: enabled_label: 'Abilitato' last_login_label: 'Ultima connessione' # twofactor_email_label: Two factor authentication by email - # twofactor_google_label: Two factor authentication by Google + # twofactor_google_label: Two factor authentication by OTP app save: Salva delete: Cancella delete_confirm: Sei sicuro? diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml index c1f57bc7..599490e1 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml @@ -538,7 +538,7 @@ user: enabled_label: 'Actiu' last_login_label: 'Darrièra connexion' # twofactor_email_label: Two factor authentication by email - # twofactor_google_label: Two factor authentication by Google + # twofactor_google_label: Two factor authentication by OTP app save: 'Enregistrar' delete: 'Suprimir' delete_confirm: 'Sètz segur ?' diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml index 2dc8d854..89fd34dc 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml @@ -538,7 +538,7 @@ user: enabled_label: 'Włączony' last_login_label: 'Ostatnie logowanie' # twofactor_email_label: Two factor authentication by email - # twofactor_google_label: Two factor authentication by Google + # twofactor_google_label: Two factor authentication by OTP app save: Zapisz delete: Usuń delete_confirm: Jesteś pewien? diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml index a81d8d0d..f37aeb91 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml @@ -538,7 +538,7 @@ user: enabled_label: 'Habilitado' last_login_label: 'Último login' # twofactor_email_label: Two factor authentication by email - # twofactor_google_label: Two factor authentication by Google + # twofactor_google_label: Two factor authentication by OTP app save: 'Salvar' delete: 'Apagar' delete_confirm: 'Tem certeza?' diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml index fd565819..c9d9500d 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml @@ -538,7 +538,7 @@ user: # enabled_label: 'Enabled' # last_login_label: 'Last login' # twofactor_email_label: Two factor authentication by email - # twofactor_google_label: Two factor authentication by Google + # twofactor_google_label: Two factor authentication by OTP app # save: Save # delete: Delete # delete_confirm: Are you sure? diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml index 5a0c5445..62a078d4 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml @@ -526,7 +526,7 @@ user: enabled_label: 'Включить' last_login_label: 'Последний вход' # twofactor_email_label: Two factor authentication by email - # twofactor_google_label: Two factor authentication by Google + # twofactor_google_label: Two factor authentication by OTP app save: "Сохранить" delete: "Удалить" delete_confirm: "Вы уверены?" diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml index a69b5008..78b5727a 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml @@ -536,7 +536,7 @@ user: enabled_label: 'เปิดใช้งาน' last_login_label: 'ลงชื้อเข้าใช้ครั้งสุดท้าย' # twofactor_email_label: Two factor authentication by email - # twofactor_google_label: Two factor authentication by Google + # twofactor_google_label: Two factor authentication by OTP app save: บันทึก delete: ลบ delete_confirm: ตุณแน่ใจหรือไม่? diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml index 0c3d84e9..9f4c01f7 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml @@ -536,7 +536,7 @@ user: # enabled_label: 'Enabled' # last_login_label: 'Last login' # twofactor_email_label: Two factor authentication by email - # twofactor_google_label: Two factor authentication by Google + # twofactor_google_label: Two factor authentication by OTP app # save: Save # delete: Delete # delete_confirm: Are you sure? -- cgit v1.2.3 From 4c0e747940ac39630f1d2a6a14c628ba6729ecfd Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Fri, 7 Dec 2018 18:01:06 +0100 Subject: Remove secret from admin --- src/Wallabag/UserBundle/Resources/views/Manage/edit.html.twig | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/Wallabag/UserBundle/Resources/views/Manage/edit.html.twig b/src/Wallabag/UserBundle/Resources/views/Manage/edit.html.twig index 8be37e79..2de8f3a5 100644 --- a/src/Wallabag/UserBundle/Resources/views/Manage/edit.html.twig +++ b/src/Wallabag/UserBundle/Resources/views/Manage/edit.html.twig @@ -59,12 +59,6 @@ {{ form_label(edit_form.googleTwoFactor) }} {{ form_errors(edit_form.googleTwoFactor) }} - - {% if user.isGoogleAuthenticatorEnabled %} -
    -

    OTP Secret: {{ user.googleAuthenticatorSecret }}

    -
    - {% endif %} {% endif %} -- cgit v1.2.3 From a0c5eb003f1cbeef10d5620e98870c7556e17c75 Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Fri, 18 Jan 2019 22:46:44 +0100 Subject: Change the way to enable 2FA And add a step to validate a generated code from the OTP app --- .../CoreBundle/Controller/ConfigController.php | 132 +++++++++++--- .../Resources/translations/messages.da.yml | 25 ++- .../Resources/translations/messages.de.yml | 16 +- .../Resources/translations/messages.en.yml | 26 ++- .../Resources/translations/messages.es.yml | 25 ++- .../Resources/translations/messages.fa.yml | 25 ++- .../Resources/translations/messages.fr.yml | 26 ++- .../Resources/translations/messages.it.yml | 24 ++- .../Resources/translations/messages.oc.yml | 24 ++- .../Resources/translations/messages.pl.yml | 26 ++- .../Resources/translations/messages.pt.yml | 24 ++- .../Resources/translations/messages.ro.yml | 24 ++- .../Resources/translations/messages.ru.yml | 24 ++- .../Resources/translations/messages.th.yml | 24 ++- .../Resources/translations/messages.tr.yml | 24 ++- .../views/themes/baggy/Config/index.html.twig | 61 +++---- .../views/themes/baggy/Config/otp_app.html.twig | 55 ++++++ .../views/themes/material/Config/index.html.twig | 65 ++++--- .../views/themes/material/Config/otp_app.html.twig | 63 +++++++ .../CoreBundle/Controller/ConfigControllerTest.php | 194 +++++++++------------ 20 files changed, 617 insertions(+), 290 deletions(-) create mode 100644 src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/otp_app.html.twig create mode 100644 src/Wallabag/CoreBundle/Resources/views/themes/material/Config/otp_app.html.twig diff --git a/src/Wallabag/CoreBundle/Controller/ConfigController.php b/src/Wallabag/CoreBundle/Controller/ConfigController.php index c9fc5702..2643eed0 100644 --- a/src/Wallabag/CoreBundle/Controller/ConfigController.php +++ b/src/Wallabag/CoreBundle/Controller/ConfigController.php @@ -81,28 +81,7 @@ class ConfigController extends Controller ]); $userForm->handleRequest($request); - // `googleTwoFactor` isn't a field within the User entity, we need to define it's value in a different way - if ($this->getParameter('twofactor_auth') && true === $user->isGoogleAuthenticatorEnabled() && false === $userForm->isSubmitted()) { - $userForm->get('googleTwoFactor')->setData(true); - } - if ($userForm->isSubmitted() && $userForm->isValid()) { - // handle creation / reset of the OTP secret if checkbox changed from the previous state - if ($this->getParameter('twofactor_auth')) { - if (true === $userForm->get('googleTwoFactor')->getData() && false === $user->isGoogleAuthenticatorEnabled()) { - $secret = $this->get('scheb_two_factor.security.google_authenticator')->generateSecret(); - - $user->setGoogleAuthenticatorSecret($secret); - $user->setEmailTwoFactor(false); - $user->setBackupCodes((new BackupCodes())->toArray()); - - $this->addFlash('OtpQrCode', $this->get('scheb_two_factor.security.google_authenticator')->getQRContent($user)); - } elseif (false === $userForm->get('googleTwoFactor')->getData() && true === $user->isGoogleAuthenticatorEnabled()) { - $user->setGoogleAuthenticatorSecret(null); - $user->setBackupCodes(null); - } - } - $userManager->updateUser($user, true); $this->addFlash( @@ -175,11 +154,118 @@ class ConfigController extends Controller ], 'twofactor_auth' => $this->getParameter('twofactor_auth'), 'wallabag_url' => $this->getParameter('domain_name'), - 'enabled_users' => $this->get('wallabag_user.user_repository') - ->getSumEnabledUsers(), + 'enabled_users' => $this->get('wallabag_user.user_repository')->getSumEnabledUsers(), ]); } + /** + * Enable 2FA using email. + * + * @param Request $request + * + * @Route("/config/otp/email", name="config_otp_email") + */ + public function otpEmailAction(Request $request) + { + if (!$this->getParameter('twofactor_auth')) { + return $this->createNotFoundException('two_factor not enabled'); + } + + $user = $this->getUser(); + + $user->setGoogleAuthenticatorSecret(null); + $user->setBackupCodes(null); + $user->setEmailTwoFactor(true); + + $this->container->get('fos_user.user_manager')->updateUser($user, true); + + $this->addFlash( + 'notice', + 'flashes.config.notice.otp_enabled' + ); + + return $this->redirect($this->generateUrl('config') . '#set3'); + } + + /** + * Enable 2FA using OTP app, user will need to confirm the generated code from the app. + * + * @Route("/config/otp/app", name="config_otp_app") + */ + public function otpAppAction() + { + if (!$this->getParameter('twofactor_auth')) { + return $this->createNotFoundException('two_factor not enabled'); + } + + $user = $this->getUser(); + + if (!$user->isGoogleTwoFactor()) { + $secret = $this->get('scheb_two_factor.security.google_authenticator')->generateSecret(); + + $user->setGoogleAuthenticatorSecret($secret); + $user->setEmailTwoFactor(false); + $user->setBackupCodes((new BackupCodes())->toArray()); + + $this->container->get('fos_user.user_manager')->updateUser($user, true); + } + + return $this->render('WallabagCoreBundle:Config:otp_app.html.twig', [ + 'qr_code' => $this->get('scheb_two_factor.security.google_authenticator')->getQRContent($user), + ]); + } + + /** + * Cancelling 2FA using OTP app. + * + * @Route("/config/otp/app/cancel", name="config_otp_app_cancel") + */ + public function otpAppCancelAction() + { + if (!$this->getParameter('twofactor_auth')) { + return $this->createNotFoundException('two_factor not enabled'); + } + + $user = $this->getUser(); + $user->setGoogleAuthenticatorSecret(null); + $user->setBackupCodes(null); + + $this->container->get('fos_user.user_manager')->updateUser($user, true); + + return $this->redirect($this->generateUrl('config') . '#set3'); + } + + /** + * Validate OTP code. + * + * @param Request $request + * + * @Route("/config/otp/app/check", name="config_otp_app_check") + */ + public function otpAppCheckAction(Request $request) + { + $isValid = $this->get('scheb_two_factor.security.google_authenticator')->checkCode( + $this->getUser(), + $request->get('_auth_code') + ); + + if (true === $isValid) { + $this->addFlash( + 'notice', + 'flashes.config.notice.otp_enabled' + ); + + return $this->redirect($this->generateUrl('config') . '#set3'); + } + + $this->addFlash( + 'two_factor', + 'scheb_two_factor.code_invalid' + ); + + return $this->redirect($this->generateUrl('config_otp_app')); + } + /** * @param Request $request * diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml index ae8f8695..454f547d 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.da.yml @@ -102,12 +102,16 @@ config: # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Navn' email_label: 'Emailadresse' - # emailTwoFactor_label: 'Using email (receive a code by email)' - # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' - # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. - # two_factor_code_description_2: 'You can scan that QR Code with your app:' - # two_factor_code_description_3: 'Or use that code:' - # two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + two_factor: + # emailTwoFactor_label: 'Using email (receive a code by email)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + # table_method: Method + # table_state: State + # table_action: Action + # state_enabled: Enabled + # state_disabled: Disabled + # action_email: Use email + # action_app: Use OTP App delete: # title: Delete my account (a.k.a danger zone) # description: If you remove your account, ALL your articles, ALL your tags, ALL your annotations and your account will be PERMANENTLY removed (it can't be UNDONE). You'll then be logged out. @@ -165,6 +169,15 @@ config: # and: 'One rule AND another' # matches: 'Tests that a subject matches a search (case-insensitive).
    Example: title matches "football"' # notmatches: 'Tests that a subject doesn''t match match a search (case-insensitive).
    Example: title notmatches "football"' + otp: + # page_title: Two-factor authentication + # app: + # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + # two_factor_code_description_2: 'You can scan that QR Code with your app:' + # two_factor_code_description_3: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + # two_factor_code_description_4: 'Test an OTP code from your configured app:' + # cancel: Cancel + # enable: Enable entry: # default_title: 'Title of the entry' diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml index 7b66e5dc..dc1d4723 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.de.yml @@ -102,12 +102,16 @@ config: # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Name' email_label: 'E-Mail-Adresse' - # emailTwoFactor_label: 'Using email (receive a code by email)' - # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' - # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. - # two_factor_code_description_2: 'You can scan that QR Code with your app:' - # two_factor_code_description_3: 'Or use that code:' - # two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + two_factor: + # emailTwoFactor_label: 'Using email (receive a code by email)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + # table_method: Method + # table_state: State + # table_action: Action + # state_enabled: Enabled + # state_disabled: Disabled + # action_email: Use email + # action_app: Use OTP App delete: title: 'Lösche mein Konto (a.k.a Gefahrenzone)' description: 'Wenn du dein Konto löschst, werden ALL deine Artikel, ALL deine Tags, ALL deine Anmerkungen und dein Konto dauerhaft gelöscht (kann NICHT RÜCKGÄNGIG gemacht werden). Du wirst anschließend ausgeloggt.' diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml index 567584b2..45145c80 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.en.yml @@ -102,12 +102,16 @@ config: two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Name' email_label: 'Email' - emailTwoFactor_label: 'Using email (receive a code by email)' - googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' - two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. - two_factor_code_description_2: 'You can scan that QR Code with your app:' - two_factor_code_description_3: 'Or use that code:' - two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + two_factor: + emailTwoFactor_label: 'Using email (receive a code by email)' + googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + table_method: Method + table_state: State + table_action: Action + state_enabled: Enabled + state_disabled: Disabled + action_email: Use email + action_app: Use OTP App delete: title: Delete my account (a.k.a danger zone) description: If you remove your account, ALL your articles, ALL your tags, ALL your annotations and your account will be PERMANENTLY removed (it can't be UNDONE). You'll then be logged out. @@ -165,6 +169,15 @@ config: and: 'One rule AND another' matches: 'Tests that a subject matches a search (case-insensitive).
    Example: title matches "football"' notmatches: 'Tests that a subject doesn''t match match a search (case-insensitive).
    Example: title notmatches "football"' + otp: + page_title: Two-factor authentication + app: + two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + two_factor_code_description_2: 'You can scan that QR Code with your app:' + two_factor_code_description_3: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + two_factor_code_description_4: 'Test an OTP code from your configured app:' + cancel: Cancel + enable: Enable entry: default_title: 'Title of the entry' @@ -584,6 +597,7 @@ flashes: tags_reset: Tags reset entries_reset: Entries reset archived_reset: Archived entries deleted + otp_enabled: Two-factor authentication enabled entry: notice: entry_already_saved: 'Entry already saved on %date%' diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml index 1ba4bce4..c1047e55 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.es.yml @@ -102,12 +102,16 @@ config: # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Nombre' email_label: 'Dirección de e-mail' - # emailTwoFactor_label: 'Using email (receive a code by email)' - # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' - # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. - # two_factor_code_description_2: 'You can scan that QR Code with your app:' - # two_factor_code_description_3: 'Or use that code:' - # two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + two_factor: + # emailTwoFactor_label: 'Using email (receive a code by email)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + # table_method: Method + # table_state: State + # table_action: Action + # state_enabled: Enabled + # state_disabled: Disabled + # action_email: Use email + # action_app: Use OTP App delete: title: Eliminar mi cuenta (Zona peligrosa) description: Si eliminas tu cuenta, TODOS tus artículos, TODAS tus etiquetas, TODAS tus anotaciones y tu cuenta serán eliminadas de forma PERMANENTE (no se puede deshacer). Después serás desconectado. @@ -165,6 +169,15 @@ config: and: 'Una regla Y la otra' matches: 'Prueba si un sujeto corresponde a una búsqueda (insensible a mayusculas).
    Ejemplo : title matches "fútbol"' # notmatches: 'Tests that a subject doesn''t match match a search (case-insensitive).
    Example: title notmatches "football"' + otp: + # page_title: Two-factor authentication + # app: + # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + # two_factor_code_description_2: 'You can scan that QR Code with your app:' + # two_factor_code_description_3: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + # two_factor_code_description_4: 'Test an OTP code from your configured app:' + # cancel: Cancel + # enable: Enable entry: default_title: 'Título del artículo' diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml index d20c89d9..3042de2e 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml @@ -102,12 +102,16 @@ config: # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'نام' email_label: 'نشانی ایمیل' - # emailTwoFactor_label: 'Using email (receive a code by email)' - # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' - # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. - # two_factor_code_description_2: 'You can scan that QR Code with your app:' - # two_factor_code_description_3: 'Or use that code:' - # two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + two_factor: + # emailTwoFactor_label: 'Using email (receive a code by email)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + # table_method: Method + # table_state: State + # table_action: Action + # state_enabled: Enabled + # state_disabled: Disabled + # action_email: Use email + # action_app: Use OTP App delete: # title: Delete my account (a.k.a danger zone) # description: If you remove your account, ALL your articles, ALL your tags, ALL your annotations and your account will be PERMANENTLY removed (it can't be UNDONE). You'll then be logged out. @@ -165,6 +169,15 @@ config: # and: 'One rule AND another' # matches: 'Tests that a subject matches a search (case-insensitive).
    Example: title matches "football"' # notmatches: 'Tests that a subject doesn''t match match a search (case-insensitive).
    Example: title notmatches "football"' + otp: + # page_title: Two-factor authentication + # app: + # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + # two_factor_code_description_2: 'You can scan that QR Code with your app:' + # two_factor_code_description_3: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + # two_factor_code_description_4: 'Test an OTP code from your configured app:' + # cancel: Cancel + # enable: Enable entry: # default_title: 'Title of the entry' diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml index fd405059..57740ba2 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml @@ -102,12 +102,16 @@ config: two_factor_description: "Activer l’authentification double-facteur veut dire que vous allez recevoir un code par courriel OU que vous devriez utiliser une application de mot de passe à usage unique (comme Google Authenticator, Authy or FreeOTP) pour obtenir un code temporaire à chaque nouvelle connexion non approuvée. Vous ne pouvez pas choisir les deux options." name_label: "Nom" email_label: "Adresse courriel" - emailTwoFactor_label: 'En utlisant l’email (recevez un code par email)' - googleTwoFactor_label: 'En utilisant une application de mot de passe à usage unique (ouvrez l’app, comme Google Authenticator, Authy or FreeOTP, pour obtenir un mot de passe à usage unique)' - two_factor_code_description_1: Vous venez d’activer l’authentification double-facteur, ouvrez votre application OTP pour configurer la génération du mot de passe à usage unique. Ces informations disparaîtront après un rechargement de la page. - two_factor_code_description_2: 'Vous pouvez scanner le QR code avec votre application :' - two_factor_code_description_3: 'Ou utiliser le code suivant :' - two_factor_code_description_4: 'N’oubliez pas de sauvegarder ces codes de secours dans un endroit sûr, vous pourrez les utiliser si vous ne pouvez plus accéder à votre application OTP :' + two_factor: + emailTwoFactor_label: 'En utlisant l’email (recevez un code par email)' + googleTwoFactor_label: 'En utilisant une application de mot de passe à usage unique (ouvrez l’app, comme Google Authenticator, Authy or FreeOTP, pour obtenir un mot de passe à usage unique)' + table_method: Méthode + table_state: État + table_action: Action + state_enabled: Activé + state_disabled: Désactivé + action_email: Utiliser l'email + action_app: Utiliser une app OTP delete: title: "Supprimer mon compte (attention danger !)" description: "Si vous confirmez la suppression de votre compte, TOUS les articles, TOUS les tags, TOUTES les annotations et votre compte seront DÉFINITIVEMENT supprimé (c’est IRRÉVERSIBLE). Vous serez ensuite déconnecté." @@ -165,6 +169,15 @@ config: and: "Une règle ET l’autre" matches: "Teste si un sujet correspond à une recherche (non sensible à la casse).
    Exemple : title matches \"football\"" notmatches: "Teste si un sujet ne correspond pas à une recherche (non sensible à la casse).
    Exemple : title notmatches \"football\"" + otp: + page_title: Authentification double-facteur + app: + two_factor_code_description_1: Vous venez d’activer l’authentification double-facteur, ouvrez votre application OTP pour configurer la génération du mot de passe à usage unique. Ces informations disparaîtront après un rechargement de la page. + two_factor_code_description_2: 'Vous pouvez scanner le QR code avec votre application :' + two_factor_code_description_3: 'N’oubliez pas de sauvegarder ces codes de secours dans un endroit sûr, vous pourrez les utiliser si vous ne pouvez plus accéder à votre application OTP :' + two_factor_code_description_4: 'Testez un code généré par votre application OTP :' + cancel: Annuler + enable: Activer entry: default_title: "Titre de l’article" @@ -585,6 +598,7 @@ flashes: tags_reset: "Tags supprimés" entries_reset: "Articles supprimés" archived_reset: "Articles archivés supprimés" + otp_enabled: "Authentification à double-facteur activée" entry: notice: entry_already_saved: "Article déjà sauvegardé le %date%" diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml index 33326231..274e5338 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.it.yml @@ -102,12 +102,15 @@ config: # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Nome' email_label: 'E-mail' - # emailTwoFactor_label: 'Using email (receive a code by email)' - # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' - # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. - # two_factor_code_description_2: 'You can scan that QR Code with your app:' - # two_factor_code_description_3: 'Or use that code:' - # two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + # emailTwoFactor_label: 'Using email (receive a code by email)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + # table_method: Method + # table_state: State + # table_action: Action + # state_enabled: Enabled + # state_disabled: Disabled + # action_email: Use email + # action_app: Use OTP App delete: title: Cancella il mio account (zona pericolosa) description: Rimuovendo il tuo account, TUTTI i tuoi articoli, TUTTE le tue etichette, TUTTE le tue annotazioni ed il tuo account verranno rimossi PERMANENTEMENTE (impossibile da ANNULLARE). Verrai poi disconnesso. @@ -165,6 +168,15 @@ config: and: "Una regola E un'altra" matches: 'Verifica che un oggetto risulti in una ricerca (case-insensitive).
    Esempio: titolo contiene "football"' # notmatches: 'Tests that a subject doesn''t match match a search (case-insensitive).
    Example: title notmatches "football"' + otp: + # page_title: Two-factor authentication + # app: + # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + # two_factor_code_description_2: 'You can scan that QR Code with your app:' + # two_factor_code_description_3: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + # two_factor_code_description_4: 'Test an OTP code from your configured app:' + # cancel: Cancel + # enable: Enable entry: default_title: "Titolo del contenuto" diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml index 599490e1..4e5370f9 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml @@ -102,12 +102,15 @@ config: # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Nom' email_label: 'Adreça de corrièl' - # emailTwoFactor_label: 'Using email (receive a code by email)' - # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' - # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. - # two_factor_code_description_2: 'You can scan that QR Code with your app:' - # two_factor_code_description_3: 'Or use that code:' - # two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + # emailTwoFactor_label: 'Using email (receive a code by email)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + # table_method: Method + # table_state: State + # table_action: Action + # state_enabled: Enabled + # state_disabled: Disabled + # action_email: Use email + # action_app: Use OTP App delete: title: Suprimir mon compte (Mèfi zòna perilhosa) description: Se confirmatz la supression de vòstre compte, TOTES vòstres articles, TOTAS vòstras etiquetas, TOTAS vòstras anotacions e vòstre compte seràn suprimits per totjorn. E aquò es IRREVERSIBLE. Puèi seretz desconnectat. @@ -165,6 +168,15 @@ config: and: "Una règla E l'autra" matches: 'Teste se un subjècte correspond a una recèrca (non sensibla a la cassa).
    Exemple : title matches \"football\"' notmatches: 'Teste se subjècte correspond pas a una recèrca (sensibla a la cassa).
    Example : title notmatches "football"' + otp: + # page_title: Two-factor authentication + # app: + # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + # two_factor_code_description_2: 'You can scan that QR Code with your app:' + # two_factor_code_description_3: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + # two_factor_code_description_4: 'Test an OTP code from your configured app:' + # cancel: Cancel + # enable: Enable entry: default_title: "Títol de l'article" diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml index 89fd34dc..a7a4d6c3 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml @@ -99,15 +99,18 @@ config: all: 'Wszystkie' rss_limit: 'Link do RSS' form_user: - two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." + # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Nazwa' email_label: 'Adres email' - # emailTwoFactor_label: 'Using email (receive a code by email)' - # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' - # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. - # two_factor_code_description_2: 'You can scan that QR Code with your app:' - # two_factor_code_description_3: 'Or use that code:' - # two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + # emailTwoFactor_label: 'Using email (receive a code by email)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + # table_method: Method + # table_state: State + # table_action: Action + # state_enabled: Enabled + # state_disabled: Disabled + # action_email: Use email + # action_app: Use OTP App delete: title: Usuń moje konto (niebezpieczna strefa !) description: Jeżeli usuniesz swoje konto, wszystkie twoje artykuły, tagi, adnotacje, oraz konto zostaną trwale usunięte (operacja jest NIEODWRACALNA). Następnie zostaniesz wylogowany. @@ -165,6 +168,15 @@ config: and: 'Jedna reguła I inna' matches: 'Sprawdź czy temat pasuje szukaj (duże lub małe litery).
    Przykład: tytuł zawiera "piłka nożna"' notmatches: 'Sprawdź czy temat nie zawiera szukaj (duże lub małe litery).
    Przykład: tytuł nie zawiera "piłka nożna"' + otp: + # page_title: Two-factor authentication + # app: + # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + # two_factor_code_description_2: 'You can scan that QR Code with your app:' + # two_factor_code_description_3: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + # two_factor_code_description_4: 'Test an OTP code from your configured app:' + # cancel: Cancel + # enable: Enable entry: default_title: 'Tytuł wpisu' diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml index f37aeb91..a5483a6d 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml @@ -102,12 +102,15 @@ config: # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Nome' email_label: 'E-mail' - # emailTwoFactor_label: 'Using email (receive a code by email)' - # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' - # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. - # two_factor_code_description_2: 'You can scan that QR Code with your app:' - # two_factor_code_description_3: 'Or use that code:' - # two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + # emailTwoFactor_label: 'Using email (receive a code by email)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + # table_method: Method + # table_state: State + # table_action: Action + # state_enabled: Enabled + # state_disabled: Disabled + # action_email: Use email + # action_app: Use OTP App delete: # title: Delete my account (a.k.a danger zone) # description: If you remove your account, ALL your articles, ALL your tags, ALL your annotations and your account will be PERMANENTLY removed (it can't be UNDONE). You'll then be logged out. @@ -165,6 +168,15 @@ config: and: 'Uma regra E outra' matches: 'Testa que um assunto corresponde a uma pesquisa (maiúscula ou minúscula).
    Exemplo: título corresponde a "futebol"' # notmatches: 'Tests that a subject doesn''t match match a search (case-insensitive).
    Example: title notmatches "football"' + otp: + # page_title: Two-factor authentication + # app: + # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + # two_factor_code_description_2: 'You can scan that QR Code with your app:' + # two_factor_code_description_3: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + # two_factor_code_description_4: 'Test an OTP code from your configured app:' + # cancel: Cancel + # enable: Enable entry: default_title: 'Título da entrada' diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml index c9d9500d..3b7fbd69 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml @@ -102,12 +102,15 @@ config: # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Nume' email_label: 'E-mail' - # emailTwoFactor_label: 'Using email (receive a code by email)' - # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' - # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. - # two_factor_code_description_2: 'You can scan that QR Code with your app:' - # two_factor_code_description_3: 'Or use that code:' - # two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + # emailTwoFactor_label: 'Using email (receive a code by email)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + # table_method: Method + # table_state: State + # table_action: Action + # state_enabled: Enabled + # state_disabled: Disabled + # action_email: Use email + # action_app: Use OTP App delete: # title: Delete my account (a.k.a danger zone) # description: If you remove your account, ALL your articles, ALL your tags, ALL your annotations and your account will be PERMANENTLY removed (it can't be UNDONE). You'll then be logged out. @@ -165,6 +168,15 @@ config: # and: 'One rule AND another' # matches: 'Tests that a subject matches a search (case-insensitive).
    Example: title matches "football"' # notmatches: 'Tests that a subject doesn''t match match a search (case-insensitive).
    Example: title notmatches "football"' + otp: + # page_title: Two-factor authentication + # app: + # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + # two_factor_code_description_2: 'You can scan that QR Code with your app:' + # two_factor_code_description_3: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + # two_factor_code_description_4: 'Test an OTP code from your configured app:' + # cancel: Cancel + # enable: Enable entry: # default_title: 'Title of the entry' diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml index 62a078d4..92746631 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.ru.yml @@ -99,12 +99,15 @@ config: # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'Имя' email_label: 'Email' - # emailTwoFactor_label: 'Using email (receive a code by email)' - # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' - # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. - # two_factor_code_description_2: 'You can scan that QR Code with your app:' - # two_factor_code_description_3: 'Or use that code:' - # two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + # emailTwoFactor_label: 'Using email (receive a code by email)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + # table_method: Method + # table_state: State + # table_action: Action + # state_enabled: Enabled + # state_disabled: Disabled + # action_email: Use email + # action_app: Use OTP App delete: title: "Удалить мой аккаунт (или опасная зона)" description: "Если Вы удалите ваш аккаунт, ВСЕ ваши записи, теги и другие данные, будут БЕЗВОЗВРАТНО удалены (операция не может быть отменена после). Затем Вы выйдете из системы." @@ -160,6 +163,15 @@ config: or: 'Одно правило ИЛИ другое' and: 'Одно правило И другое' matches: 'Тесты, в которых тема соответствует поиску (без учета регистра). Пример: title matches "футбол" ' + otp: + # page_title: Two-factor authentication + # app: + # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + # two_factor_code_description_2: 'You can scan that QR Code with your app:' + # two_factor_code_description_3: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + # two_factor_code_description_4: 'Test an OTP code from your configured app:' + # cancel: Cancel + # enable: Enable entry: default_title: 'Название записи' diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml index 78b5727a..1fe4fa0e 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.th.yml @@ -102,12 +102,15 @@ config: # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'ชื่อ' email_label: 'อีเมล' - # emailTwoFactor_label: 'Using email (receive a code by email)' - # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' - # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. - # two_factor_code_description_2: 'You can scan that QR Code with your app:' - # two_factor_code_description_3: 'Or use that code:' - # two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + # emailTwoFactor_label: 'Using email (receive a code by email)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + # table_method: Method + # table_state: State + # table_action: Action + # state_enabled: Enabled + # state_disabled: Disabled + # action_email: Use email + # action_app: Use OTP App delete: title: ลบบัญชีของฉัน (โซนที่เป็นภัย!) description: ถ้าคุณลบบัญชีของคุณIf , รายการทั้งหมดของคุณ, แท็กทั้งหมดของคุณ, หมายเหตุทั้งหมดของคุณและบัญชีของคุณจะถูกลบอย่างถาวร (มันไม่สามารถยกเลิกได้) คุณจะต้องลงชื่อออก @@ -165,6 +168,15 @@ config: and: 'หนึ่งข้อบังคับและอื่นๆ' matches: 'ทดสอบว่า เรื่อง นี้ตรงกับ การต้นหา (กรณีไม่ทราบ).
    ตัวอย่าง: หัวข้อที่ตรงกับ "football"' notmatches: 'ทดสอบว่า เรื่อง นี้ไม่ตรงกับ การต้นหา (กรณีไม่ทราบ).
    ตัวอย่าง: หัวข้อทีไม่ตรงกับ "football"' + otp: + # page_title: Two-factor authentication + # app: + # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + # two_factor_code_description_2: 'You can scan that QR Code with your app:' + # two_factor_code_description_3: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + # two_factor_code_description_4: 'Test an OTP code from your configured app:' + # cancel: Cancel + # enable: Enable entry: default_title: 'หัวข้อรายการ' diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml index 9f4c01f7..3b8a0d59 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml @@ -102,12 +102,15 @@ config: # two_factor_description: "Enabling two factor authentication means you'll receive an email with a code OR need to use an OTP app (like Google Authenticator, Authy or FreeOTP) to get a one time code on every new untrusted connection. You can't choose both option." name_label: 'İsim' email_label: 'E-posta' - # emailTwoFactor_label: 'Using email (receive a code by email)' - # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' - # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. - # two_factor_code_description_2: 'You can scan that QR Code with your app:' - # two_factor_code_description_3: 'Or use that code:' - # two_factor_code_description_4: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + # emailTwoFactor_label: 'Using email (receive a code by email)' + # googleTwoFactor_label: 'Using an OTP app (open the app, like Google Authenticator, Authy or FreeOTP, to get a one time code)' + # table_method: Method + # table_state: State + # table_action: Action + # state_enabled: Enabled + # state_disabled: Disabled + # action_email: Use email + # action_app: Use OTP App delete: # title: Delete my account (a.k.a danger zone) # description: If you remove your account, ALL your articles, ALL your tags, ALL your annotations and your account will be PERMANENTLY removed (it can't be UNDONE). You'll then be logged out. @@ -165,6 +168,15 @@ config: and: 'Bir kural ve diğeri' # matches: 'Tests that a subject matches a search (case-insensitive).
    Example: title matches "football"' # notmatches: 'Tests that a subject doesn''t match match a search (case-insensitive).
    Example: title notmatches "football"' + otp: + # page_title: Two-factor authentication + # app: + # two_factor_code_description_1: You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. It'll disapear after a page reload. + # two_factor_code_description_2: 'You can scan that QR Code with your app:' + # two_factor_code_description_3: 'Also, save these backup codes in a safe place, you can use them in case you lose access to your OTP app:' + # two_factor_code_description_4: 'Test an OTP code from your configured app:' + # cancel: Cancel + # enable: Enable entry: default_title: 'Makalenin başlığı' diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig index cf439408..93f8ddf8 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig @@ -168,48 +168,41 @@ + {{ form_widget(form.user.save) }} + {% if twofactor_auth %} +
    {{ 'config.otp.page_title'|trans }}
    +
    {{ 'config.form_user.two_factor_description'|trans }}
    -
    -
    - {{ form_label(form.user.emailTwoFactor) }} - {{ form_errors(form.user.emailTwoFactor) }} - {{ form_widget(form.user.emailTwoFactor) }} -
    -
    -
    - {{ form_label(form.user.googleTwoFactor) }} - {{ form_widget(form.user.googleTwoFactor) }} - {{ form_errors(form.user.googleTwoFactor) }} -
    - {% for OtpQrCode in app.session.flashbag.get('OtpQrCode') %} -
    - {{ 'config.form_user.two_factor_code_description_1'|trans }} -
    - {{ 'config.form_user.two_factor_code_description_2'|trans }} -

    - - -

    - {{ 'config.form_user.two_factor_code_description_3'|trans }} -

    - {{ app.user.getGoogleAuthenticatorSecret }} -

    - {{ 'config.form_user.two_factor_code_description_4'|trans }} -

    - {{ app.user.getBackupCodes|join("\n")|nl2br }} -
    - {% endfor %} -
    + + + + + + + + + + + + + + + + + + + + + +
    {{ 'config.form_user.two_factor.table_method'|trans }}{{ 'config.form_user.two_factor.table_state'|trans }}{{ 'config.form_user.two_factor.table_action'|trans }}
    {{ 'config.form_user.two_factor.emailTwoFactor_label'|trans }}{% if app.user.isEmailTwoFactor %}{{ 'config.form_user.two_factor.state_enabled'|trans }}{% else %}{{ 'config.form_user.two_factor.state_disabled'|trans }}{% endif %}{{ 'config.form_user.two_factor.action_email'|trans }}
    {{ 'config.form_user.two_factor.googleTwoFactor_label'|trans }}{% if app.user.isGoogleTwoFactor %}{{ 'config.form_user.two_factor.state_enabled'|trans }}{% else %}{{ 'config.form_user.two_factor.state_disabled'|trans }}{% endif %}{{ 'config.form_user.two_factor.action_app'|trans }}
    + {% endif %} {{ form_widget(form.user._token) }} - {{ form_widget(form.user.save) }} {% if enabled_users > 1 %} diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/otp_app.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/otp_app.html.twig new file mode 100644 index 00000000..2e4442e3 --- /dev/null +++ b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/otp_app.html.twig @@ -0,0 +1,55 @@ +{% extends "WallabagCoreBundle::layout.html.twig" %} + +{% block title %}{{ 'config.page_title'|trans }} > {{ 'config.otp.page_title'|trans }}{% endblock %} + +{% block content %} +
    {{ 'config.otp.page_title'|trans }}
    + +
      +
    1. +

      {{ 'config.otp.app.two_factor_code_description_1'|trans }}

      +

      {{ 'config.otp.app.two_factor_code_description_2'|trans }}

      + +

      + + +

      +
      2. +
    2. +

      {{ 'config.otp.app.two_factor_code_description_3'|trans }}

      + +

      {{ app.user.getBackupCodes|join("\n")|nl2br }}

      +
      3. +
    3. +

      {{ 'config.otp.app.two_factor_code_description_4'|trans }}

      + + {% for flashMessage in app.session.flashbag.get("two_factor") %} +
      + {{ flashMessage|trans }} +
      + {% endfor %} + +
      +
      +
      +
      + + +
      +
      +
      +
      + + {{ 'config.otp.app.cancel'|trans }} + + +
      +
      +
      4. +
    +{% endblock %} diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig index 5b00eb7b..412c18f4 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig @@ -196,45 +196,40 @@ + {{ form_widget(form.user.save, {'attr': {'class': 'btn waves-effect waves-light'}}) }} + {% if twofactor_auth %} +
    +
    - {{ 'config.form_user.two_factor_description'|trans }} - -
    - {{ form_widget(form.user.emailTwoFactor) }} - {{ form_label(form.user.emailTwoFactor) }} - {{ form_errors(form.user.emailTwoFactor) }} -
    -
    - {{ form_widget(form.user.googleTwoFactor) }} - {{ form_label(form.user.googleTwoFactor) }} - {{ form_errors(form.user.googleTwoFactor) }} -
    +
    {{ 'config.otp.page_title'|trans }}
    + +

    {{ 'config.form_user.two_factor_description'|trans }}

    + + + + + + + + + + + + + + + + + + + + + + +
    {{ 'config.form_user.two_factor.table_method'|trans }}{{ 'config.form_user.two_factor.table_state'|trans }}{{ 'config.form_user.two_factor.table_action'|trans }}
    {{ 'config.form_user.two_factor.emailTwoFactor_label'|trans }}{% if app.user.isEmailTwoFactor %}{{ 'config.form_user.two_factor.state_enabled'|trans }}{% else %}{{ 'config.form_user.two_factor.state_disabled'|trans }}{% endif %}{{ 'config.form_user.two_factor.action_email'|trans }}
    {{ 'config.form_user.two_factor.googleTwoFactor_label'|trans }}{% if app.user.isGoogleTwoFactor %}{{ 'config.form_user.two_factor.state_enabled'|trans }}{% else %}{{ 'config.form_user.two_factor.state_disabled'|trans }}{% endif %}{{ 'config.form_user.two_factor.action_app'|trans }}
    - - {% for OtpQrCode in app.session.flashbag.get('OtpQrCode') %} -
    - {{ 'config.form_user.two_factor_code_description_1'|trans }} -
    - {{ 'config.form_user.two_factor_code_description_2'|trans }} -

    - - -

    - {{ 'config.form_user.two_factor_code_description_3'|trans }} -

    - {{ app.user.getGoogleAuthenticatorSecret }} -

    - {{ 'config.form_user.two_factor_code_description_4'|trans }} -

    - {{ app.user.getBackupCodes|join("\n")|nl2br }} -
    - {% endfor %} {% endif %} - - {{ form_widget(form.user.save, {'attr': {'class': 'btn waves-effect waves-light'}}) }} {{ form_widget(form.user._token) }} diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/otp_app.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/otp_app.html.twig new file mode 100644 index 00000000..6aef355e --- /dev/null +++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/otp_app.html.twig @@ -0,0 +1,63 @@ +{% extends "WallabagCoreBundle::layout.html.twig" %} + +{% block title %}{{ 'config.page_title'|trans }} > {{ 'config.otp.page_title'|trans }}{% endblock %} + +{% block content %} +
    +
    +
    +
    +
    {{ 'config.otp.page_title'|trans }}
    + +
      +
    1. +

      {{ 'config.otp.app.two_factor_code_description_1'|trans }}

      +

      {{ 'config.otp.app.two_factor_code_description_2'|trans }}

      + +

      + + +

      +
      2. +
    2. +

      {{ 'config.otp.app.two_factor_code_description_3'|trans }}

      + +

      {{ app.user.getBackupCodes|join("\n")|nl2br }}

      +
      3. +
    3. +

      {{ 'config.otp.app.two_factor_code_description_4'|trans }}

      + + {% for flashMessage in app.session.flashbag.get("two_factor") %} +
      + {{ flashMessage|trans }} +
      + {% endfor %} + +
      +
      +
      +
      + + +
      +
      +
      +
      + + {{ 'config.otp.app.cancel'|trans }} + + +
      +
      +
      4. +
    +
    +
    +
    +
    +{% endblock %} diff --git a/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php b/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php index 9ca52c64..1090a686 100644 --- a/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php +++ b/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php @@ -297,119 +297,6 @@ class ConfigControllerTest extends WallabagCoreTestCase $this->assertContains('flashes.config.notice.user_updated', $alert[0]); } - public function testUserEnable2faEmail() - { - $this->logInAs('admin'); - $client = $this->getClient(); - - $crawler = $client->request('GET', '/config'); - - $this->assertSame(200, $client->getResponse()->getStatusCode()); - - $form = $crawler->filter('button[id=update_user_save]')->form(); - - $data = [ - 'update_user[emailTwoFactor]' => '1', - ]; - - $client->submit($form, $data); - - $this->assertSame(302, $client->getResponse()->getStatusCode()); - - $crawler = $client->followRedirect(); - - $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text'])); - $this->assertContains('flashes.config.notice.user_updated', $alert[0]); - - // restore user - $em = $this->getEntityManager(); - $user = $em - ->getRepository('WallabagUserBundle:User') - ->findOneByUsername('admin'); - - $this->assertTrue($user->isEmailTwoFactor()); - - $user->setEmailTwoFactor(false); - $em->persist($user); - $em->flush(); - } - - public function testUserEnable2faGoogle() - { - $this->logInAs('admin'); - $client = $this->getClient(); - - $crawler = $client->request('GET', '/config'); - - $this->assertSame(200, $client->getResponse()->getStatusCode()); - - $form = $crawler->filter('button[id=update_user_save]')->form(); - - $data = [ - 'update_user[googleTwoFactor]' => '1', - ]; - - $client->submit($form, $data); - - $this->assertSame(302, $client->getResponse()->getStatusCode()); - - $crawler = $client->followRedirect(); - - $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text'])); - $this->assertContains('flashes.config.notice.user_updated', $alert[0]); - - // restore user - $em = $this->getEntityManager(); - $user = $em - ->getRepository('WallabagUserBundle:User') - ->findOneByUsername('admin'); - - $this->assertTrue($user->isGoogleAuthenticatorEnabled()); - - $user->setGoogleAuthenticatorSecret(null); - $em->persist($user); - $em->flush(); - } - - public function testUserEnable2faBoth() - { - $this->logInAs('admin'); - $client = $this->getClient(); - - $crawler = $client->request('GET', '/config'); - - $this->assertSame(200, $client->getResponse()->getStatusCode()); - - $form = $crawler->filter('button[id=update_user_save]')->form(); - - $data = [ - 'update_user[googleTwoFactor]' => '1', - 'update_user[emailTwoFactor]' => '1', - ]; - - $client->submit($form, $data); - - $this->assertSame(302, $client->getResponse()->getStatusCode()); - - $crawler = $client->followRedirect(); - - $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text'])); - $this->assertContains('flashes.config.notice.user_updated', $alert[0]); - - // restore user - $em = $this->getEntityManager(); - $user = $em - ->getRepository('WallabagUserBundle:User') - ->findOneByUsername('admin'); - - $this->assertTrue($user->isGoogleAuthenticatorEnabled()); - $this->assertFalse($user->isEmailTwoFactor()); - - $user->setGoogleAuthenticatorSecret(null); - $em->persist($user); - $em->flush(); - } - public function testRssUpdateResetToken() { $this->logInAs('admin'); @@ -1113,4 +1000,85 @@ class ConfigControllerTest extends WallabagCoreTestCase $this->assertNotSame('yuyuyuyu', $client->getRequest()->getLocale()); $this->assertNotSame('yuyuyuyu', $client->getContainer()->get('session')->get('_locale')); } + + public function testUserEnable2faEmail() + { + $this->logInAs('admin'); + $client = $this->getClient(); + + $crawler = $client->request('GET', '/config/otp/email'); + + $this->assertSame(302, $client->getResponse()->getStatusCode()); + + $crawler = $client->followRedirect(); + + $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text'])); + $this->assertContains('flashes.config.notice.otp_enabled', $alert[0]); + + // restore user + $em = $this->getEntityManager(); + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); + + $this->assertTrue($user->isEmailTwoFactor()); + + $user->setEmailTwoFactor(false); + $em->persist($user); + $em->flush(); + } + + public function testUserEnable2faGoogle() + { + $this->logInAs('admin'); + $client = $this->getClient(); + + $crawler = $client->request('GET', '/config/otp/app'); + + $this->assertSame(200, $client->getResponse()->getStatusCode()); + + // restore user + $em = $this->getEntityManager(); + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); + + $this->assertTrue($user->isGoogleTwoFactor()); + $this->assertGreaterThan(0, $user->getBackupCodes()); + + $user->setGoogleAuthenticatorSecret(false); + $user->setBackupCodes(null); + $em->persist($user); + $em->flush(); + } + + public function testUserEnable2faGoogleCancel() + { + $this->logInAs('admin'); + $client = $this->getClient(); + + $crawler = $client->request('GET', '/config/otp/app'); + + $this->assertSame(200, $client->getResponse()->getStatusCode()); + + // restore user + $em = $this->getEntityManager(); + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); + + $this->assertTrue($user->isGoogleTwoFactor()); + $this->assertGreaterThan(0, $user->getBackupCodes()); + + $crawler = $client->request('GET', '/config/otp/app/cancel'); + + $this->assertSame(302, $client->getResponse()->getStatusCode()); + + $user = $em + ->getRepository('WallabagUserBundle:User') + ->findOneByUsername('admin'); + + $this->assertFalse($user->isGoogleTwoFactor()); + $this->assertEmpty($user->getBackupCodes()); + } } -- cgit v1.2.3 From c416ed485fd318cafb8313679fa33cb65eb88e8e Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Sat, 19 Jan 2019 20:19:56 +0100 Subject: CS --- src/Wallabag/CoreBundle/Controller/ConfigController.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/Wallabag/CoreBundle/Controller/ConfigController.php b/src/Wallabag/CoreBundle/Controller/ConfigController.php index 2643eed0..ed92c999 100644 --- a/src/Wallabag/CoreBundle/Controller/ConfigController.php +++ b/src/Wallabag/CoreBundle/Controller/ConfigController.php @@ -161,11 +161,9 @@ class ConfigController extends Controller /** * Enable 2FA using email. * - * @param Request $request - * * @Route("/config/otp/email", name="config_otp_email") */ - public function otpEmailAction(Request $request) + public function otpEmailAction() { if (!$this->getParameter('twofactor_auth')) { return $this->createNotFoundException('two_factor not enabled'); -- cgit v1.2.3 From 7485a272ffbcc045e6002b4bf4ea289ce0a0f3b4 Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Wed, 23 Jan 2019 13:47:51 +0100 Subject: Revert PG on Travis about drop/create the database --- .travis.yml | 4 +--- GNUmakefile | 6 ------ 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/.travis.yml b/.travis.yml index c660bb5e..393d0033 100644 --- a/.travis.yml +++ b/.travis.yml @@ -59,9 +59,7 @@ script: - travis_wait bash composer install -o --no-interaction --no-progress --prefer-dist - echo "travis_fold:start:prepare" - # custom "prepare" for PG because the database should be created with a different user (see "before_script") - - if [[ ! $DB = pgsql ]]; then make prepare DB=$DB; fi; - - if [[ $DB = pgsql ]]; then make prepare-travis-pg DB=$DB; fi; + - make prepare DB=$DB - echo "travis_fold:end:prepare" - make fixtures diff --git a/GNUmakefile b/GNUmakefile index d8c16202..a04468cb 100755 --- a/GNUmakefile +++ b/GNUmakefile @@ -25,12 +25,6 @@ run: ## Run the wallabag built-in server build: ## Run webpack @npm run build:$(ENV) -prepare-travis-pg: ## Custom prepare for Travis & Postgres (do not drop/create the database) -ifdef DB - cp app/config/tests/parameters_test.$(DB).yml app/config/parameters_test.yml -endif - php bin/console doctrine:migrations:migrate --no-interaction --env=test - prepare: clean ## Prepare database for testsuite ifdef DB cp app/config/tests/parameters_test.$(DB).yml app/config/parameters_test.yml -- cgit v1.2.3 From 4654a83b6438b88e3b7062a21d18999d9df2fb8e Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Wed, 23 Jan 2019 14:43:39 +0100 Subject: Hash backup codes in the database using `password_hash` --- .../CoreBundle/Controller/ConfigController.php | 21 ++++++++++++------- .../views/themes/baggy/Config/otp_app.html.twig | 2 +- .../views/themes/material/Config/otp_app.html.twig | 2 +- src/Wallabag/UserBundle/Entity/User.php | 24 ++++++++++++++++++++-- 4 files changed, 38 insertions(+), 11 deletions(-) diff --git a/src/Wallabag/CoreBundle/Controller/ConfigController.php b/src/Wallabag/CoreBundle/Controller/ConfigController.php index ed92c999..9257ab18 100644 --- a/src/Wallabag/CoreBundle/Controller/ConfigController.php +++ b/src/Wallabag/CoreBundle/Controller/ConfigController.php @@ -197,18 +197,25 @@ class ConfigController extends Controller } $user = $this->getUser(); + $secret = $this->get('scheb_two_factor.security.google_authenticator')->generateSecret(); - if (!$user->isGoogleTwoFactor()) { - $secret = $this->get('scheb_two_factor.security.google_authenticator')->generateSecret(); + $user->setGoogleAuthenticatorSecret($secret); + $user->setEmailTwoFactor(false); - $user->setGoogleAuthenticatorSecret($secret); - $user->setEmailTwoFactor(false); - $user->setBackupCodes((new BackupCodes())->toArray()); + $backupCodes = (new BackupCodes())->toArray(); + $backupCodesHashed = array_map( + function ($backupCode) { + return password_hash($backupCode, PASSWORD_DEFAULT); + }, + $backupCodes + ); - $this->container->get('fos_user.user_manager')->updateUser($user, true); - } + $user->setBackupCodes($backupCodesHashed); + + $this->container->get('fos_user.user_manager')->updateUser($user, true); return $this->render('WallabagCoreBundle:Config:otp_app.html.twig', [ + 'backupCodes' => $backupCodes, 'qr_code' => $this->get('scheb_two_factor.security.google_authenticator')->getQRContent($user), ]); } diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/otp_app.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/otp_app.html.twig index 2e4442e3..0919646e 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/otp_app.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/otp_app.html.twig @@ -20,7 +20,7 @@

  • {{ 'config.otp.app.two_factor_code_description_3'|trans }}

    -

    {{ app.user.getBackupCodes|join("\n")|nl2br }}

    +

    {{ backupCodes|join("\n")|nl2br }}

  • {{ 'config.otp.app.two_factor_code_description_4'|trans }}

    diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/otp_app.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/otp_app.html.twig index 6aef355e..7875d787 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/otp_app.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/otp_app.html.twig @@ -24,7 +24,7 @@

  • {{ 'config.otp.app.two_factor_code_description_3'|trans }}

    -

    {{ app.user.getBackupCodes|join("\n")|nl2br }}

    +

    {{ backupCodes|join("\n")|nl2br }}

  • {{ 'config.otp.app.two_factor_code_description_4'|trans }}

    diff --git a/src/Wallabag/UserBundle/Entity/User.php b/src/Wallabag/UserBundle/Entity/User.php index ab34e2bf..43fa6a80 100644 --- a/src/Wallabag/UserBundle/Entity/User.php +++ b/src/Wallabag/UserBundle/Entity/User.php @@ -339,7 +339,7 @@ class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorI */ public function isBackupCode(string $code): bool { - return \in_array($code, $this->backupCodes, true); + return false === $this->findBackupCode($code) ? false : true; } /** @@ -347,7 +347,7 @@ class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorI */ public function invalidateBackupCode(string $code): void { - $key = array_search($code, $this->backupCodes, true); + $key = $this->findBackupCode($code); if (false !== $key) { unset($this->backupCodes[$key]); @@ -385,4 +385,24 @@ class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorI return $this->clients->first(); } } + + /** + * Try to find a backup code from the list of backup codes of the current user. + * + * @param string $code Given code from the user + * + * @return string|false + */ + private function findBackupCode(string $code) + { + foreach ($this->backupCodes as $key => $backupCode) { + // backup code are hashed using `password_hash` + // see ConfigController->otpAppAction + if (password_verify($code, $backupCode)) { + return $key; + } + } + + return false; + } } -- cgit v1.2.3