From a6b242a1fd6f8900d80354361449f1bf62506ef9 Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Sun, 2 Dec 2018 12:43:05 +0100 Subject: Enable OTP 2FA - Update SchebTwoFactorBundle to version 3 - Enable Google 2fa on the bundle - Disallow ability to use both email and google as 2fa - Update Ocramius Proxy Manager to handle typed function & attributes (from PHP 7) - use `$this->addFlash` shortcut instead of `$this->get('session')->getFlashBag()->add` - update admin to be able to create/reset the 2fa --- .../views/themes/baggy/Config/index.html.twig | 88 +++++++++++++--------- 1 file changed, 54 insertions(+), 34 deletions(-) (limited to 'src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config') diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig index bcc57dac..5c4e44dd 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig @@ -176,43 +176,36 @@
- {{ form_label(form.user.twoFactorAuthentication) }} - {{ form_errors(form.user.twoFactorAuthentication) }} - {{ form_widget(form.user.twoFactorAuthentication) }} + {{ form_label(form.user.emailTwoFactor) }} + {{ form_errors(form.user.emailTwoFactor) }} + {{ form_widget(form.user.emailTwoFactor) }}
- - live_help - +
+
+ {{ form_label(form.user.googleTwoFactor) }} + {{ form_widget(form.user.googleTwoFactor) }} + {{ form_errors(form.user.googleTwoFactor) }} +
+ {% for OTPSecret in app.session.flashbag.get('OTPSecret') %} +
+ You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. +
+ That code will disapear after a page reload. +

+ {{ OTPSecret.code }} +

+ Or you can scan that QR Code with your app: +
+ + + +
+ {% endfor %}
{% endif %} -

{{ 'config.reset.title'|trans }}

-
-

{{ 'config.reset.description'|trans }}

- -
- {{ form_widget(form.user._token) }} {{ form_widget(form.user.save) }} @@ -277,7 +270,7 @@ {% endfor %} - {{ form_start(form.new_tagging_rule) }} + {{ form_start(form.new_tagging_rule) }} {{ form_errors(form.new_tagging_rule) }}
@@ -382,4 +375,31 @@ + +

{{ 'config.reset.title'|trans }}

+
+

{{ 'config.reset.description'|trans }}

+ +
{% endblock %} -- cgit v1.2.3 From 2dfbe9e5faf40364b60e6c76f3cc9fac5bf11fa4 Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Sun, 2 Dec 2018 18:39:02 +0100 Subject: Fix tests --- .../Resources/views/themes/baggy/Config/index.html.twig | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config') diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig index 5c4e44dd..6ee57443 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig @@ -86,8 +86,7 @@
@@ -186,20 +185,20 @@ {{ form_widget(form.user.googleTwoFactor) }} {{ form_errors(form.user.googleTwoFactor) }} - {% for OTPSecret in app.session.flashbag.get('OTPSecret') %} + {% for OtpQrCode in app.session.flashbag.get('OtpQrCode') %}
You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password.
That code will disapear after a page reload.

- {{ OTPSecret.code }} + {{ app.user.getGoogleAuthenticatorSecret }}

Or you can scan that QR Code with your app:
{% endfor %} -- cgit v1.2.3 From dfd0a7bc5feb4fd7b77d7e2f3a25c5c3febc1eba Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Mon, 3 Dec 2018 06:51:06 +0100 Subject: Add backup codes --- .../views/themes/baggy/Config/index.html.twig | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) (limited to 'src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config') diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig index 6ee57443..cf439408 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig @@ -187,19 +187,22 @@ {% for OtpQrCode in app.session.flashbag.get('OtpQrCode') %}
- You just enabled the OTP two factor authentication, open your OTP app and use that code to get a one time password. + {{ 'config.form_user.two_factor_code_description_1'|trans }}
- That code will disapear after a page reload. + {{ 'config.form_user.two_factor_code_description_2'|trans }}

- {{ app.user.getGoogleAuthenticatorSecret }} -

- Or you can scan that QR Code with your app: -
- +

+ {{ 'config.form_user.two_factor_code_description_3'|trans }} +

+ {{ app.user.getGoogleAuthenticatorSecret }} +

+ {{ 'config.form_user.two_factor_code_description_4'|trans }} +

+ {{ app.user.getBackupCodes|join("\n")|nl2br }}
{% endfor %} -- cgit v1.2.3 From a0c5eb003f1cbeef10d5620e98870c7556e17c75 Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Fri, 18 Jan 2019 22:46:44 +0100 Subject: Change the way to enable 2FA And add a step to validate a generated code from the OTP app --- .../views/themes/baggy/Config/index.html.twig | 61 ++++++++++------------ .../views/themes/baggy/Config/otp_app.html.twig | 55 +++++++++++++++++++ 2 files changed, 82 insertions(+), 34 deletions(-) create mode 100644 src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/otp_app.html.twig (limited to 'src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config') diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig index cf439408..93f8ddf8 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig @@ -168,48 +168,41 @@ + {{ form_widget(form.user.save) }} + {% if twofactor_auth %} +
{{ 'config.otp.page_title'|trans }}
+
{{ 'config.form_user.two_factor_description'|trans }}
-
-
- {{ form_label(form.user.emailTwoFactor) }} - {{ form_errors(form.user.emailTwoFactor) }} - {{ form_widget(form.user.emailTwoFactor) }} -
-
-
- {{ form_label(form.user.googleTwoFactor) }} - {{ form_widget(form.user.googleTwoFactor) }} - {{ form_errors(form.user.googleTwoFactor) }} -
- {% for OtpQrCode in app.session.flashbag.get('OtpQrCode') %} -
- {{ 'config.form_user.two_factor_code_description_1'|trans }} -
- {{ 'config.form_user.two_factor_code_description_2'|trans }} -

- - -

- {{ 'config.form_user.two_factor_code_description_3'|trans }} -

- {{ app.user.getGoogleAuthenticatorSecret }} -

- {{ 'config.form_user.two_factor_code_description_4'|trans }} -

- {{ app.user.getBackupCodes|join("\n")|nl2br }} -
- {% endfor %} -
+ + + + + + + + + + + + + + + + + + + + + +
{{ 'config.form_user.two_factor.table_method'|trans }}{{ 'config.form_user.two_factor.table_state'|trans }}{{ 'config.form_user.two_factor.table_action'|trans }}
{{ 'config.form_user.two_factor.emailTwoFactor_label'|trans }}{% if app.user.isEmailTwoFactor %}{{ 'config.form_user.two_factor.state_enabled'|trans }}{% else %}{{ 'config.form_user.two_factor.state_disabled'|trans }}{% endif %}{{ 'config.form_user.two_factor.action_email'|trans }}
{{ 'config.form_user.two_factor.googleTwoFactor_label'|trans }}{% if app.user.isGoogleTwoFactor %}{{ 'config.form_user.two_factor.state_enabled'|trans }}{% else %}{{ 'config.form_user.two_factor.state_disabled'|trans }}{% endif %}{{ 'config.form_user.two_factor.action_app'|trans }}
+ {% endif %} {{ form_widget(form.user._token) }} - {{ form_widget(form.user.save) }} {% if enabled_users > 1 %} diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/otp_app.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/otp_app.html.twig new file mode 100644 index 00000000..2e4442e3 --- /dev/null +++ b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/otp_app.html.twig @@ -0,0 +1,55 @@ +{% extends "WallabagCoreBundle::layout.html.twig" %} + +{% block title %}{{ 'config.page_title'|trans }} > {{ 'config.otp.page_title'|trans }}{% endblock %} + +{% block content %} +
{{ 'config.otp.page_title'|trans }}
+ +
    +
  1. +

    {{ 'config.otp.app.two_factor_code_description_1'|trans }}

    +

    {{ 'config.otp.app.two_factor_code_description_2'|trans }}

    + +

    + + +

    +
    2. +
  2. +

    {{ 'config.otp.app.two_factor_code_description_3'|trans }}

    + +

    {{ app.user.getBackupCodes|join("\n")|nl2br }}

    +
    3. +
  3. +

    {{ 'config.otp.app.two_factor_code_description_4'|trans }}

    + + {% for flashMessage in app.session.flashbag.get("two_factor") %} +
    + {{ flashMessage|trans }} +
    + {% endfor %} + +
    +
    +
    +
    + + +
    +
    +
    +
    + + {{ 'config.otp.app.cancel'|trans }} + + +
    +
    +
    4. +
+{% endblock %} -- cgit v1.2.3 From 4654a83b6438b88e3b7062a21d18999d9df2fb8e Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Wed, 23 Jan 2019 14:43:39 +0100 Subject: Hash backup codes in the database using `password_hash` --- .../CoreBundle/Resources/views/themes/baggy/Config/otp_app.html.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config') diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/otp_app.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/otp_app.html.twig index 2e4442e3..0919646e 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/otp_app.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/otp_app.html.twig @@ -20,7 +20,7 @@

  • {{ 'config.otp.app.two_factor_code_description_3'|trans }}

    -

    {{ app.user.getBackupCodes|join("\n")|nl2br }}

    +

    {{ backupCodes|join("\n")|nl2br }}

  • {{ 'config.otp.app.two_factor_code_description_4'|trans }}

    -- cgit v1.2.3