From 2db616b586f473238706e554e809086935e0f33a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= <nicolas.loeuillet@smile.fr>
Date: Tue, 13 Oct 2015 22:43:15 +0200
Subject: 2factor authentication via email

---
 .../CoreBundle/Form/Type/UserInformationType.php   |  1 +
 .../views/themes/baggy/Config/index.html.twig      |  8 +++
 .../views/themes/material/Config/index.html.twig   |  8 +++
 src/Wallabag/UserBundle/Entity/User.php            | 68 +++++++++++++++++++++-
 .../UserBundle/Resources/config/services.yml       | 19 ++++++
 .../themes/baggy/Authentication/form.html.twig     | 32 ++++++++++
 .../themes/material/Authentication/form.html.twig  | 33 +++++++++++
 7 files changed, 168 insertions(+), 1 deletion(-)
 create mode 100644 src/Wallabag/UserBundle/Resources/views/themes/baggy/Authentication/form.html.twig
 create mode 100644 src/Wallabag/UserBundle/Resources/views/themes/material/Authentication/form.html.twig

(limited to 'src')

diff --git a/src/Wallabag/CoreBundle/Form/Type/UserInformationType.php b/src/Wallabag/CoreBundle/Form/Type/UserInformationType.php
index 84f02013..e06c937d 100644
--- a/src/Wallabag/CoreBundle/Form/Type/UserInformationType.php
+++ b/src/Wallabag/CoreBundle/Form/Type/UserInformationType.php
@@ -13,6 +13,7 @@ class UserInformationType extends AbstractType
         $builder
             ->add('name', 'text')
             ->add('email', 'email')
+            ->add('twoFactorAuthentication', 'checkbox', array('required' => false))
             ->add('save', 'submit')
             ->remove('username')
             ->remove('plainPassword')
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig
index 64305b16..cee4f672 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig
@@ -100,6 +100,14 @@
             </div>
         </fieldset>
 
+        <fieldset class="w500p inline">
+            <div class="row">
+                {{ form_label(form.user.twoFactorAuthentication) }}
+                {{ form_errors(form.user.twoFactorAuthentication) }}
+                {{ form_widget(form.user.twoFactorAuthentication) }}
+            </div>
+        </fieldset>
+
         {{ form_rest(form.user) }}
     </form>
 
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig
index 0d8e9f24..b20c4ea5 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig
@@ -132,6 +132,14 @@
                                 </div>
                             </div>
 
+                            <div class="row">
+                                <div class="input-field col s12">
+                                    {{ form_widget(form.user.twoFactorAuthentication) }}
+                                    {{ form_label(form.user.twoFactorAuthentication) }}
+                                    {{ form_errors(form.user.twoFactorAuthentication) }}
+                                </div>
+                            </div>
+
                             <div class="hidden">{{ form_rest(form.user) }}</div>
                             <button class="btn waves-effect waves-light" type="submit" name="action">
                                 {% trans %}Save{% endtrans %}
diff --git a/src/Wallabag/UserBundle/Entity/User.php b/src/Wallabag/UserBundle/Entity/User.php
index 8f02e070..d2efd200 100644
--- a/src/Wallabag/UserBundle/Entity/User.php
+++ b/src/Wallabag/UserBundle/Entity/User.php
@@ -4,6 +4,8 @@ namespace Wallabag\UserBundle\Entity;
 
 use Doctrine\Common\Collections\ArrayCollection;
 use Doctrine\ORM\Mapping as ORM;
+use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface;
+use Scheb\TwoFactorBundle\Model\TrustedComputerInterface;
 use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
 use Symfony\Component\Security\Core\User\UserInterface;
 use JMS\Serializer\Annotation\ExclusionPolicy;
@@ -24,7 +26,7 @@ use Wallabag\CoreBundle\Entity\Tag;
  * @UniqueEntity("email")
  * @UniqueEntity("username")
  */
-class User extends BaseUser
+class User extends BaseUser implements TwoFactorInterface, TrustedComputerInterface
 {
     /**
      * @var int
@@ -72,6 +74,22 @@ class User extends BaseUser
      */
     protected $tags;
 
+    /**
+     * @ORM\Column(type="integer", nullable=true)
+     */
+    private $authCode;
+
+    /**
+     * @var bool Enabled yes/no
+     * @ORM\Column(type="boolean")
+     */
+    private $twoFactorAuthentication = false;
+
+    /**
+     * @ORM\Column(type="json_array", nullable=true)
+     */
+    private $trusted;
+
     public function __construct()
     {
         parent::__construct();
@@ -201,4 +219,52 @@ class User extends BaseUser
     {
         return $this->config;
     }
+
+    /**
+     * @return bool
+     */
+    public function isTwoFactorAuthentication()
+    {
+        return $this->twoFactorAuthentication;
+    }
+
+    /**
+     * @param bool $twoFactorAuthentication
+     */
+    public function setTwoFactorAuthentication($twoFactorAuthentication)
+    {
+        $this->twoFactorAuthentication = $twoFactorAuthentication;
+    }
+
+    public function isEmailAuthEnabled()
+    {
+        return $this->twoFactorAuthentication;
+    }
+
+    public function getEmailAuthCode()
+    {
+        return $this->authCode;
+    }
+
+    public function setEmailAuthCode($authCode)
+    {
+        $this->authCode = $authCode;
+    }
+
+    public function addTrustedComputer($token, \DateTime $validUntil)
+    {
+        $this->trusted[$token] = $validUntil->format('r');
+    }
+
+    public function isTrustedComputer($token)
+    {
+        if (isset($this->trusted[$token])) {
+            $now = new \DateTime();
+            $validUntil = new \DateTime($this->trusted[$token]);
+
+            return $now < $validUntil;
+        }
+
+        return false;
+    }
 }
diff --git a/src/Wallabag/UserBundle/Resources/config/services.yml b/src/Wallabag/UserBundle/Resources/config/services.yml
index e69de29b..9cdd247d 100644
--- a/src/Wallabag/UserBundle/Resources/config/services.yml
+++ b/src/Wallabag/UserBundle/Resources/config/services.yml
@@ -0,0 +1,19 @@
+parameters:
+    wallabag_user.twofactor.email.provider.class: Wallabag\UserBundle\Security\TwoFactor\Email\Helper
+    wallabag_user.twofactor.email.interactive_login_listener.class: Wallabag\UserBundle\Security\TwoFactor\Email\InteractiveLoginListener
+    wallabag_user.twofactor.email.request_listener.class: Wallabag\UserBundle\Security\TwoFactor\Email\RequestListener
+
+services:
+    wallabag_user.twofactor.email.provider:
+        class: %wallabag_user.twofactor.email.provider.class%
+        arguments: ['@doctrine.orm.entity_manager', '@mailer']
+    wallabag_user.twofactor.email.interactive_login_listener:
+        class: %wallabag_user.twofactor.email.interactive_login_listener.class%
+        tags:
+            - { name: kernel.event_listener, event: security.interactive_login, method: onSecurityInteractiveLogin }
+        arguments: ['@wallabag_user.twofactor.email.provider']
+    wallabag_user.twofactor.email.request_listener:
+        class: %wallabag_user.twofactor.email.request_listener.class%
+        tags:
+            - { name: kernel.event_listener, event: kernel.request, method: onCoreRequest, priority: -1 }
+        arguments: ['@wallabag_user.twofactor.email.provider', '@security.context', '@templating', '@router']
diff --git a/src/Wallabag/UserBundle/Resources/views/themes/baggy/Authentication/form.html.twig b/src/Wallabag/UserBundle/Resources/views/themes/baggy/Authentication/form.html.twig
new file mode 100644
index 00000000..5bb91081
--- /dev/null
+++ b/src/Wallabag/UserBundle/Resources/views/themes/baggy/Authentication/form.html.twig
@@ -0,0 +1,32 @@
+{% extends "WallabagUserBundle::layout.html.twig" %}
+
+{% block fos_user_content %}
+<form class="form" action="" method="post">
+    <fieldset class="w500p center">
+        {% for flashMessage in app.session.flashbag.get("two_factor") %}
+        <p class="error">{{ flashMessage|trans }}</p>
+        {% endfor %}
+
+        <div class="row">
+            <label for="_auth_code">{{ "scheb_two_factor.auth_code"|trans }}</label>
+            <input id="_auth_code" type="text" autocomplete="off" name="_auth_code" />
+        </div>
+
+        {% if useTrustedOption %}
+        <div class="row">
+            <input id="_trusted" type="checkbox" name="_trusted" />
+            <label for="_trusted">{{ "scheb_two_factor.trusted"|trans }}</label>
+        </div>
+        {% endif %}
+
+        <div class="row mts txtcenter">
+            <a href="{{ path('fos_user_security_logout') }}" class="waves-effect waves-light grey btn"><i class="material-icons left"></i> {% trans %}Cancel{% endtrans %}</a>
+            <button type="submit" name="send">
+                {{ "scheb_two_factor.login"|trans }}
+                <i class="mdi-content-send right"></i>
+            </button>
+        </div>
+    </fieldset>
+
+</form>
+{% endblock %}
diff --git a/src/Wallabag/UserBundle/Resources/views/themes/material/Authentication/form.html.twig b/src/Wallabag/UserBundle/Resources/views/themes/material/Authentication/form.html.twig
new file mode 100644
index 00000000..fa0e3dc1
--- /dev/null
+++ b/src/Wallabag/UserBundle/Resources/views/themes/material/Authentication/form.html.twig
@@ -0,0 +1,33 @@
+{% extends "WallabagUserBundle::layout.html.twig" %}
+
+{% block fos_user_content %}
+<form class="form" action="" method="post">
+    <div class="card-content">
+        <div class="row">
+
+            {% for flashMessage in app.session.flashbag.get("two_factor") %}
+            <p class="error">{{ flashMessage|trans }}</p>
+            {% endfor %}
+
+            <div class="input-field col s12">
+                <label for="_auth_code">{{ "scheb_two_factor.auth_code"|trans }}</label>
+                <input id="_auth_code" type="text" autocomplete="off" name="_auth_code" />
+            </div>
+
+            {% if useTrustedOption %}
+            <div class="input-field col s12">
+                <input id="_trusted" type="checkbox" name="_trusted" />
+                <label for="_trusted">{{ "scheb_two_factor.trusted"|trans }}</label>
+            </div>
+            {% endif %}
+        </div>
+    </div>
+    <div class="card-action center">
+        <a href="{{ path('fos_user_security_logout') }}" class="waves-effect waves-light grey btn"><i class="material-icons left"></i> {% trans %}Cancel{% endtrans %}</a>
+        <button class="btn waves-effect waves-light" type="submit" name="send">
+            {{ "scheb_two_factor.login"|trans }}
+            <i class="mdi-content-send right"></i>
+        </button>
+    </div>
+</form>
+{% endblock %}
-- 
cgit v1.2.3


From 0d6a7929e17c84052cbb3e494d5e5c195c24ca04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= <nicolas.loeuillet@smile.fr>
Date: Wed, 14 Oct 2015 17:10:12 +0200
Subject: add tests for 2factor authentication

---
 .../Tests/Controller/SecurityControllerTest.php    | 58 ++++++++++++++++++++++
 .../UserBundle/Resources/config/services.yml       | 19 -------
 2 files changed, 58 insertions(+), 19 deletions(-)
 create mode 100644 src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php

(limited to 'src')

diff --git a/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php
new file mode 100644
index 00000000..3402b340
--- /dev/null
+++ b/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php
@@ -0,0 +1,58 @@
+<?php
+
+namespace Wallabag\CoreBundle\Tests\Controller;
+
+use Wallabag\CoreBundle\Tests\WallabagCoreTestCase;
+
+class SecurityControllerTest extends WallabagCoreTestCase
+{
+    public function testLoginWithout2Factor()
+    {
+        $this->logInAs('admin');
+        $client = $this->getClient();
+        $client->followRedirects();
+
+        $client->request('GET', '/config');
+        $this->assertContains('RSS', $client->getResponse()->getContent());
+    }
+
+    public function testLoginWith2Factor()
+    {
+        $client = $this->getClient();
+        $client->followRedirects();
+
+        $em = $client->getContainer()->get('doctrine.orm.entity_manager');
+        $user = $em
+            ->getRepository('WallabagUserBundle:User')
+            ->findOneByUsername('admin');
+        $user->setTwoFactorAuthentication(true);
+        $em->persist($user);
+        $em->flush();
+
+        $this->logInAs('admin');
+        $client->request('GET', '/config');
+        $this->assertContains('trusted computer', $client->getResponse()->getContent());
+
+        // restore user
+        $user = $em
+            ->getRepository('WallabagUserBundle:User')
+            ->findOneByUsername('admin');
+        $user->setTwoFactorAuthentication(false);
+        $em->persist($user);
+        $em->flush();
+    }
+
+    public function testTrustedComputer()
+    {
+        $client = $this->getClient();
+        $em = $client->getContainer()->get('doctrine.orm.entity_manager');
+        $user = $em
+            ->getRepository('WallabagUserBundle:User')
+            ->findOneByUsername('admin');
+
+        $date = new \DateTime();
+        $user->addTrustedComputer('ABCDEF', $date->add(new \DateInterval('P1M')));
+        $this->assertTrue($user->isTrustedComputer('ABCDEF'));
+        $this->assertFalse($user->isTrustedComputer('FEDCBA'));
+    }
+}
diff --git a/src/Wallabag/UserBundle/Resources/config/services.yml b/src/Wallabag/UserBundle/Resources/config/services.yml
index 9cdd247d..e69de29b 100644
--- a/src/Wallabag/UserBundle/Resources/config/services.yml
+++ b/src/Wallabag/UserBundle/Resources/config/services.yml
@@ -1,19 +0,0 @@
-parameters:
-    wallabag_user.twofactor.email.provider.class: Wallabag\UserBundle\Security\TwoFactor\Email\Helper
-    wallabag_user.twofactor.email.interactive_login_listener.class: Wallabag\UserBundle\Security\TwoFactor\Email\InteractiveLoginListener
-    wallabag_user.twofactor.email.request_listener.class: Wallabag\UserBundle\Security\TwoFactor\Email\RequestListener
-
-services:
-    wallabag_user.twofactor.email.provider:
-        class: %wallabag_user.twofactor.email.provider.class%
-        arguments: ['@doctrine.orm.entity_manager', '@mailer']
-    wallabag_user.twofactor.email.interactive_login_listener:
-        class: %wallabag_user.twofactor.email.interactive_login_listener.class%
-        tags:
-            - { name: kernel.event_listener, event: security.interactive_login, method: onSecurityInteractiveLogin }
-        arguments: ['@wallabag_user.twofactor.email.provider']
-    wallabag_user.twofactor.email.request_listener:
-        class: %wallabag_user.twofactor.email.request_listener.class%
-        tags:
-            - { name: kernel.event_listener, event: kernel.request, method: onCoreRequest, priority: -1 }
-        arguments: ['@wallabag_user.twofactor.email.provider', '@security.context', '@templating', '@router']
-- 
cgit v1.2.3


From 18cf594f8ad4bb5236274cf1326c5e6ea549a570 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= <nicolas.loeuillet@smile.fr>
Date: Thu, 15 Oct 2015 13:17:21 +0200
Subject: move 2factor activation in parameters

---
 .../views/themes/baggy/Config/index.html.twig      |  2 +
 .../views/themes/material/Config/index.html.twig   |  2 +
 .../Tests/Controller/SecurityControllerTest.php    | 62 ++++++++++++----------
 3 files changed, 38 insertions(+), 28 deletions(-)

(limited to 'src')

diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig
index cee4f672..abe5dc9e 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig
@@ -100,6 +100,7 @@
             </div>
         </fieldset>
 
+        {% if twofactor_auth %}
         <fieldset class="w500p inline">
             <div class="row">
                 {{ form_label(form.user.twoFactorAuthentication) }}
@@ -107,6 +108,7 @@
                 {{ form_widget(form.user.twoFactorAuthentication) }}
             </div>
         </fieldset>
+        {% endif %}
 
         {{ form_rest(form.user) }}
     </form>
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig
index b20c4ea5..ab24d4ef 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/Config/index.html.twig
@@ -132,6 +132,7 @@
                                 </div>
                             </div>
 
+                            {% if twofactor_auth %}
                             <div class="row">
                                 <div class="input-field col s12">
                                     {{ form_widget(form.user.twoFactorAuthentication) }}
@@ -139,6 +140,7 @@
                                     {{ form_errors(form.user.twoFactorAuthentication) }}
                                 </div>
                             </div>
+                            {% endif %}
 
                             <div class="hidden">{{ form_rest(form.user) }}</div>
                             <button class="btn waves-effect waves-light" type="submit" name="action">
diff --git a/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php b/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php
index 3402b340..b9f5d835 100644
--- a/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php
+++ b/src/Wallabag/CoreBundle/Tests/Controller/SecurityControllerTest.php
@@ -19,40 +19,46 @@ class SecurityControllerTest extends WallabagCoreTestCase
     public function testLoginWith2Factor()
     {
         $client = $this->getClient();
-        $client->followRedirects();
 
-        $em = $client->getContainer()->get('doctrine.orm.entity_manager');
-        $user = $em
-            ->getRepository('WallabagUserBundle:User')
-            ->findOneByUsername('admin');
-        $user->setTwoFactorAuthentication(true);
-        $em->persist($user);
-        $em->flush();
+        if ($client->getContainer()->getParameter('twofactor_auth')) {
+            $client->followRedirects();
 
-        $this->logInAs('admin');
-        $client->request('GET', '/config');
-        $this->assertContains('trusted computer', $client->getResponse()->getContent());
-
-        // restore user
-        $user = $em
-            ->getRepository('WallabagUserBundle:User')
-            ->findOneByUsername('admin');
-        $user->setTwoFactorAuthentication(false);
-        $em->persist($user);
-        $em->flush();
+            $em = $client->getContainer()->get('doctrine.orm.entity_manager');
+            $user = $em
+                ->getRepository('WallabagUserBundle:User')
+                ->findOneByUsername('admin');
+            $user->setTwoFactorAuthentication(true);
+            $em->persist($user);
+            $em->flush();
+
+            $this->logInAs('admin');
+            $client->request('GET', '/config');
+            $this->assertContains('trusted computer', $client->getResponse()->getContent());
+
+            // restore user
+            $user = $em
+                ->getRepository('WallabagUserBundle:User')
+                ->findOneByUsername('admin');
+            $user->setTwoFactorAuthentication(false);
+            $em->persist($user);
+            $em->flush();
+        }
     }
 
     public function testTrustedComputer()
     {
         $client = $this->getClient();
-        $em = $client->getContainer()->get('doctrine.orm.entity_manager');
-        $user = $em
-            ->getRepository('WallabagUserBundle:User')
-            ->findOneByUsername('admin');
-
-        $date = new \DateTime();
-        $user->addTrustedComputer('ABCDEF', $date->add(new \DateInterval('P1M')));
-        $this->assertTrue($user->isTrustedComputer('ABCDEF'));
-        $this->assertFalse($user->isTrustedComputer('FEDCBA'));
+
+        if ($client->getContainer()->getParameter('twofactor_auth')) {
+            $em = $client->getContainer()->get('doctrine.orm.entity_manager');
+            $user = $em
+                ->getRepository('WallabagUserBundle:User')
+                ->findOneByUsername('admin');
+
+            $date = new \DateTime();
+            $user->addTrustedComputer('ABCDEF', $date->add(new \DateInterval('P1M')));
+            $this->assertTrue($user->isTrustedComputer('ABCDEF'));
+            $this->assertFalse($user->isTrustedComputer('FEDCBA'));
+        }
     }
 }
-- 
cgit v1.2.3