mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-23 10:18:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Added possibilty to invalidate trusted devices.

Browse source
This commit is contained in:
Jan Böhmer 2019-12-29 16:43:43 +01:00
parent 3e56352688
commit 12dd269b3a
2 changed files with 40 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

25
src/Controller/SecurityController.php
View file

@ -205,11 +205,36 @@ class SecurityController extends AbstractController
$entityManager->flush(); $entityManager->flush();
$this->addFlash('success', 'tfa.u2f.u2f_delete.success'); $this->addFlash('success', 'tfa.u2f.u2f_delete.success');
} }
} else {
$this->addFlash('error','csfr_invalid');
} }
return $this->redirectToRoute('user_settings'); return $this->redirectToRoute('user_settings');
} }
/**
* @Route("/user/invalidate_trustedDevices", name="tfa_trustedDevices_invalidate", methods={"DELETE"})
*/
public function resetTrustedDevices(Request $request, EntityManagerInterface $entityManager)
{
$user = $this->getUser();
if (!$user instanceof User) {
return new \RuntimeException('This controller only works only for Part-DB User objects!');
}
//When user change its settings, he should be logged in fully.
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
if ($this->isCsrfTokenValid('devices_reset'.$user->getId(), $request->request->get('_token'))) {
$user->invalidateTrustedDeviceTokens();
$entityManager->flush();
$this->addFlash('success', 'tfa_trustedDevice.invalidate.success');
} else {
$this->addFlash('error','csfr_invalid');
}
return $this->redirectToRoute('user_settings');
}
/** /**
* @Route("/logout", name="logout") * @Route("/logout", name="logout")
*/ */

15
templates/Users/_2fa_settings.html.twig
View file

@ -20,6 +20,10 @@
<a class="nav-link" id="u2f-tab" data-toggle="tab" href="#tfa-u2f" role="tab" <a class="nav-link" id="u2f-tab" data-toggle="tab" href="#tfa-u2f" role="tab"
aria-controls="profile" aria-selected="false">{% trans %}tfa.settings.u2f.tab{% endtrans %}</a> aria-controls="profile" aria-selected="false">{% trans %}tfa.settings.u2f.tab{% endtrans %}</a>
</li> </li>
<li class="nav-item">
<a class="nav-link" id="trustedDevices-tab" data-toggle="tab" href="#tfa-trustedDevices" role="tab"
aria-controls="profile" aria-selected="false">{% trans %}tfa.settings.trustedDevices.tab{% endtrans %}</a>
</li>
</ul> </ul>
<div class="tab-content mt-3 mb-3" id="tfa-tabs-content"> <div class="tab-content mt-3 mb-3" id="tfa-tabs-content">
<div class="tab-pane fade show active" id="tfa-google" role="tabpanel" aria-labelledby="google-tab"> <div class="tab-pane fade show active" id="tfa-google" role="tabpanel" aria-labelledby="google-tab">
@ -132,6 +136,17 @@
<a href="{{ url('club_base_register_u2f') }}" class="btn btn-success"><i class="fas fa-plus-square fa-fw"></i> {% trans %}tfa_u2f.add_new_key{% endtrans %}</a> <a href="{{ url('club_base_register_u2f') }}" class="btn btn-success"><i class="fas fa-plus-square fa-fw"></i> {% trans %}tfa_u2f.add_new_key{% endtrans %}</a>
</div> </div>
<div class="tab-pane fade" id="tfa-trustedDevices" role="tabpanel" aria-labelledby="trustedDevices-tab-tab">
<p>{% trans %}tfa_trustedDevices.explanation{% endtrans %}</p>
<form action="{{ url('tfa_trustedDevices_invalidate') }}" method="post" data-delete-form data-title="{% trans %}tfa_trustedDevices.invalidate.confirm_title{% endtrans %}"
data-message="{% trans %}tfa_trustedDevices.invalidate.confirm_message{% endtrans %}">
<input type="hidden" name="_method" value="DELETE">
<input type="hidden" name="_token" value="{{ csrf_token('devices_reset' ~ user.id) }}">
<button class="btn btn-danger" type="submit">{% trans %}tfa_trustedDevices.invalidate.btn{% endtrans %}</button>
</form>
</div>
</div> </div>