diff --git a/composer.json b/composer.json index 70fd7488..6c8e654f 100644 --- a/composer.json +++ b/composer.json @@ -29,9 +29,11 @@ "omines/datatables-bundle": "^0.5.0", "php-translation/symfony-bundle": "^0.12.0", "phpdocumentor/reflection-docblock": "^5.2", - "r/u2f-two-factor-bundle": "^0.8.0", "s9e/text-formatter": "^2.1", - "scheb/two-factor-bundle": "^4.11", + "scheb/2fa-backup-code": "^5.13", + "scheb/2fa-bundle": "^5.13", + "scheb/2fa-google-authenticator": "^5.13", + "scheb/2fa-trusted-device": "^5.13", "sensio/framework-extra-bundle": "^6.1.1", "shivas/versioning-bundle": "^4.0", "symfony/apache-pack": "^1.0", @@ -67,7 +69,8 @@ "twig/inky-extra": "^3.0", "twig/intl-extra": "^3.0", "twig/markdown-extra": "^3.0", - "webmozart/assert": "^1.4" + "webmozart/assert": "^1.4", + "r/u2f-two-factor-bundle": "dev-scheb/2fa-support" }, "require-dev": { "dama/doctrine-test-bundle": "^7.0", @@ -139,5 +142,11 @@ "allow-contrib": false, "require": "5.4.*" } - } + }, + "repositories": [ + { + "type": "vcs", + "url": "https://github.com/jbtronics/u2f-two-factor-bundle.git" + } + ] } diff --git a/composer.lock b/composer.lock index ed412e55..430d25ac 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "3599c75572b6f6a85032719ab3f122e4", + "content-hash": "186080614c26d1b307fd99823f281e22", "packages": [ { "name": "beberlei/assert", @@ -4762,27 +4762,27 @@ }, { "name": "r/u2f-two-factor-bundle", - "version": "0.8.0", + "version": "dev-scheb/2fa-support", "source": { "type": "git", - "url": "https://github.com/darookee/u2f-two-factor-bundle.git", - "reference": "36d8b6af1976b6959d32ccc9081c6ae7d842cf09" + "url": "https://github.com/jbtronics/u2f-two-factor-bundle.git", + "reference": "3ba2d95de56a8ded97c841bbfac159f4350dbfdf" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/darookee/u2f-two-factor-bundle/zipball/36d8b6af1976b6959d32ccc9081c6ae7d842cf09", - "reference": "36d8b6af1976b6959d32ccc9081c6ae7d842cf09", + "url": "https://api.github.com/repos/jbtronics/u2f-two-factor-bundle/zipball/3ba2d95de56a8ded97c841bbfac159f4350dbfdf", + "reference": "3ba2d95de56a8ded97c841bbfac159f4350dbfdf", "shasum": "" }, "require": { "doctrine/collections": "^1.6", "doctrine/common": "*", "ext-json": "*", - "php": "^7.1.3", - "scheb/two-factor-bundle": "^3.2.0|^4.0.0", + "php": "^7.1.3|^8.0", + "scheb/2fa-bundle": "^5.0.0|^6.0.0", "symfony/event-dispatcher-contracts": "^2.0", - "symfony/framework-bundle": "^3.4|^4.0|^5.0", - "symfony/templating": "^3.4|^4.0|^5.0", + "symfony/framework-bundle": "^5.0|^6.0", + "symfony/templating": "^5.0|^6.0", "yubico/u2flib-server": "^1.0.0" }, "conflict": { @@ -4790,7 +4790,7 @@ "tubssz/u2f-two-factor-bundle": "*" }, "require-dev": { - "phpstan/phpstan": "^0.11.6" + "phpstan/phpstan": "^1.8.2" }, "type": "symfony-bundle", "autoload": { @@ -4798,7 +4798,6 @@ "R\\U2FTwoFactorBundle\\": "" } }, - "notification-url": "https://packagist.org/downloads/", "license": [ "MIT" ], @@ -4815,18 +4814,17 @@ "description": "Use U2F-Keys as 2FA for Symfony2, using scheb/two-factor-bundle", "homepage": "https://github.com/darookee/u2f-two-factor-bundle", "keywords": [ - "Authentication", - "Symfony2", + "authentication", "fido", + "symfony2", "two-factor", "two-step", "yubikey" ], "support": { - "issues": "https://github.com/darookee/u2f-two-factor-bundle/issues", - "source": "https://github.com/darookee/u2f-two-factor-bundle/tree/master" + "source": "https://github.com/jbtronics/u2f-two-factor-bundle/tree/scheb/2fa-support" }, - "time": "2020-05-19T07:35:18+00:00" + "time": "2022-08-13T22:31:11+00:00" }, { "name": "s9e/regexp-builder", @@ -5042,52 +5040,27 @@ "time": "2021-12-11T13:40:54+00:00" }, { - "name": "scheb/two-factor-bundle", - "version": "v4.18.4", + "name": "scheb/2fa-backup-code", + "version": "v5.13.2", "source": { "type": "git", - "url": "https://github.com/scheb/two-factor-bundle.git", - "reference": "78f5832d59ec49491ef27edc0fa03a3110139f5c" + "url": "https://github.com/scheb/2fa-backup-code.git", + "reference": "5584eb7a2c3deb80635c7173ad77858e51129c35" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/scheb/two-factor-bundle/zipball/78f5832d59ec49491ef27edc0fa03a3110139f5c", - "reference": "78f5832d59ec49491ef27edc0fa03a3110139f5c", + "url": "https://api.github.com/repos/scheb/2fa-backup-code/zipball/5584eb7a2c3deb80635c7173ad77858e51129c35", + "reference": "5584eb7a2c3deb80635c7173ad77858e51129c35", "shasum": "" }, "require": { - "lcobucci/jwt": "^3.2", - "paragonie/constant_time_encoding": "^2.2", - "php": ">=7.1.3", - "spomky-labs/otphp": "^9.1|^10.0", - "symfony/config": "^3.4|^4.0|^5.0", - "symfony/dependency-injection": "^3.4|^4.0|^5.0", - "symfony/event-dispatcher": "^3.4|^4.0|^5.0", - "symfony/framework-bundle": "^3.4|^4.0|^5.0", - "symfony/http-foundation": "^3.4|^4.0|^5.0", - "symfony/http-kernel": "^3.4|^4.0|^5.0", - "symfony/property-access": "^3.4|^4.0|^5.0", - "symfony/security-bundle": "^3.4|^4.0|^5.0", - "symfony/twig-bundle": "^3.4|^4.0|^5.0" + "scheb/2fa-bundle": "self.version" }, - "require-dev": { - "doctrine/persistence": "^1.3|^2.0", - "escapestudios/symfony2-coding-standard": "^3.9", - "phpunit/phpunit": "^7.0|^8.0|^9.0", - "squizlabs/php_codesniffer": "^3.5", - "swiftmailer/swiftmailer": "^6.0", - "symfony/polyfill-php80": "^1.15", - "symfony/yaml": "^3.4|^4.0|^5.0", - "vimeo/psalm": "^3.11" - }, - "type": "symfony-bundle", + "type": "library", "autoload": { "psr-4": { "Scheb\\TwoFactorBundle\\": "" - }, - "exclude-from-classmap": [ - "/Tests/" - ] + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -5099,8 +5072,77 @@ "email": "me@christianscheb.de" } ], - "description": "Provides two-factor authentication for Symfony applications", - "homepage": "https://github.com/scheb/two-factor-bundle", + "description": "Extends scheb/2fa-bundle with backup codes support", + "homepage": "https://github.com/scheb/2fa", + "keywords": [ + "2fa", + "Authentication", + "backup-codes", + "symfony", + "two-factor", + "two-step" + ], + "support": { + "source": "https://github.com/scheb/2fa-backup-code/tree/v5.13.2" + }, + "time": "2022-01-03T10:21:24+00:00" + }, + { + "name": "scheb/2fa-bundle", + "version": "v5.13.2", + "source": { + "type": "git", + "url": "https://github.com/scheb/2fa-bundle.git", + "reference": "dc575cc7bc94fa3a52b547698086f2ef015d2e81" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/scheb/2fa-bundle/zipball/dc575cc7bc94fa3a52b547698086f2ef015d2e81", + "reference": "dc575cc7bc94fa3a52b547698086f2ef015d2e81", + "shasum": "" + }, + "require": { + "ext-json": "*", + "php": ">=7.2.5", + "symfony/config": "^4.4|^5.0", + "symfony/dependency-injection": "^4.4|^5.0", + "symfony/event-dispatcher": "^4.4|^5.0", + "symfony/framework-bundle": "^4.4|^5.0", + "symfony/http-foundation": "^4.4|^5.0", + "symfony/http-kernel": "^4.4|^5.0", + "symfony/property-access": "^4.4|^5.0", + "symfony/security-bundle": "^4.4.1|^5.0", + "symfony/twig-bundle": "^4.4|^5.0" + }, + "conflict": { + "scheb/two-factor-bundle": "*" + }, + "suggest": { + "scheb/2fa-backup-code": "Emergency codes when you have no access to other methods", + "scheb/2fa-email": "Send codes by email", + "scheb/2fa-google-authenticator": "Google Authenticator support", + "scheb/2fa-qr-code": "Generate QR codes for Google Authenticator / TOTP", + "scheb/2fa-totp": "Temporary one-time password (TOTP) support (Google Authenticator compatible)", + "scheb/2fa-trusted-device": "Trusted devices support" + }, + "type": "symfony-bundle", + "autoload": { + "psr-4": { + "Scheb\\TwoFactorBundle\\": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Christian Scheb", + "email": "me@christianscheb.de" + } + ], + "description": "A generic interface to implement two-factor authentication in Symfony applications", + "homepage": "https://github.com/scheb/2fa", "keywords": [ "2fa", "Authentication", @@ -5109,11 +5151,108 @@ "two-step" ], "support": { - "issues": "https://github.com/scheb/two-factor-bundle/issues", - "source": "https://github.com/scheb/two-factor-bundle/tree/v4.18.4" + "source": "https://github.com/scheb/2fa-bundle/tree/v5.13.2" }, - "abandoned": "scheb/2fa-bundle", - "time": "2020-10-30T19:24:18+00:00" + "time": "2022-04-16T10:18:34+00:00" + }, + { + "name": "scheb/2fa-google-authenticator", + "version": "v5.13.2", + "source": { + "type": "git", + "url": "https://github.com/scheb/2fa-google-authenticator.git", + "reference": "9477bfc47b5927fb165022dd75700aefdd45a8cc" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/scheb/2fa-google-authenticator/zipball/9477bfc47b5927fb165022dd75700aefdd45a8cc", + "reference": "9477bfc47b5927fb165022dd75700aefdd45a8cc", + "shasum": "" + }, + "require": { + "paragonie/constant_time_encoding": "^2.2", + "scheb/2fa-bundle": "self.version", + "spomky-labs/otphp": "^9.1|^10.0" + }, + "type": "library", + "autoload": { + "psr-4": { + "Scheb\\TwoFactorBundle\\": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Christian Scheb", + "email": "me@christianscheb.de" + } + ], + "description": "Extends scheb/2fa-bundle with two-factor authentication using Google Authenticator", + "homepage": "https://github.com/scheb/2fa", + "keywords": [ + "2fa", + "Authentication", + "google-authenticator", + "symfony", + "two-factor", + "two-step" + ], + "support": { + "source": "https://github.com/scheb/2fa-google-authenticator/tree/v5.13.2" + }, + "time": "2022-01-03T10:21:24+00:00" + }, + { + "name": "scheb/2fa-trusted-device", + "version": "v5.13.2", + "source": { + "type": "git", + "url": "https://github.com/scheb/2fa-trusted-device.git", + "reference": "acf5a1526eb2111fb7a82b9b52eb34b1ddfdc526" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/scheb/2fa-trusted-device/zipball/acf5a1526eb2111fb7a82b9b52eb34b1ddfdc526", + "reference": "acf5a1526eb2111fb7a82b9b52eb34b1ddfdc526", + "shasum": "" + }, + "require": { + "lcobucci/jwt": "^3.4|^4.0", + "scheb/2fa-bundle": "self.version" + }, + "type": "library", + "autoload": { + "psr-4": { + "Scheb\\TwoFactorBundle\\": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Christian Scheb", + "email": "me@christianscheb.de" + } + ], + "description": "Extends scheb/2fa-bundle with trusted devices support", + "homepage": "https://github.com/scheb/2fa", + "keywords": [ + "2fa", + "Authentication", + "symfony", + "trusted-device", + "two-factor", + "two-step" + ], + "support": { + "source": "https://github.com/scheb/2fa-trusted-device/tree/v5.13.2" + }, + "time": "2022-01-03T10:21:24+00:00" }, { "name": "sensio/framework-extra-bundle", @@ -14270,16 +14409,16 @@ }, { "name": "symplify/easy-coding-standard", - "version": "11.1.2", + "version": "11.1.4", "source": { "type": "git", "url": "https://github.com/symplify/easy-coding-standard.git", - "reference": "4c01fcf17b7f60cff21ab91d62a729aa9737f726" + "reference": "d70ff73140ef96b1faa04c93fc57b2b1e9d6d8bd" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symplify/easy-coding-standard/zipball/4c01fcf17b7f60cff21ab91d62a729aa9737f726", - "reference": "4c01fcf17b7f60cff21ab91d62a729aa9737f726", + "url": "https://api.github.com/repos/symplify/easy-coding-standard/zipball/d70ff73140ef96b1faa04c93fc57b2b1e9d6d8bd", + "reference": "d70ff73140ef96b1faa04c93fc57b2b1e9d6d8bd", "shasum": "" }, "require": { @@ -14309,7 +14448,7 @@ ], "description": "Prefixed scoped version of ECS package", "support": { - "source": "https://github.com/symplify/easy-coding-standard/tree/11.1.2" + "source": "https://github.com/symplify/easy-coding-standard/tree/11.1.4" }, "funding": [ { @@ -14321,7 +14460,7 @@ "type": "github" } ], - "time": "2022-08-09T10:12:07+00:00" + "time": "2022-08-13T19:37:11+00:00" }, { "name": "vimeo/psalm", @@ -14486,6 +14625,7 @@ "minimum-stability": "stable", "stability-flags": { "florianv/swap-bundle": 20, + "r/u2f-two-factor-bundle": 20, "roave/security-advisories": 20 }, "prefer-stable": false, diff --git a/config/bundles.php b/config/bundles.php index e8da8562..f08122e3 100644 --- a/config/bundles.php +++ b/config/bundles.php @@ -19,10 +19,10 @@ return [ DAMA\DoctrineTestBundle\DAMADoctrineTestBundle::class => ['test' => true], Twig\Extra\TwigExtraBundle\TwigExtraBundle::class => ['all' => true], Gregwar\CaptchaBundle\GregwarCaptchaBundle::class => ['all' => true], - Scheb\TwoFactorBundle\SchebTwoFactorBundle::class => ['all' => true], - R\U2FTwoFactorBundle\RU2FTwoFactorBundle::class => ['all' => true], Translation\Bundle\TranslationBundle::class => ['all' => true], Florianv\SwapBundle\FlorianvSwapBundle::class => ['all' => true], Nelmio\SecurityBundle\NelmioSecurityBundle::class => ['all' => true], Symfony\UX\Turbo\TurboBundle::class => ['all' => true], + Scheb\TwoFactorBundle\SchebTwoFactorBundle::class => ['all' => true], + R\U2FTwoFactorBundle\RU2FTwoFactorBundle::class => ['all' => true], ]; diff --git a/config/packages/scheb_two_factor.yaml b/config/packages/scheb_2fa.yaml similarity index 80% rename from config/packages/scheb_two_factor.yaml rename to config/packages/scheb_2fa.yaml index 3f34c9ce..9ba0ed41 100644 --- a/config/packages/scheb_two_factor.yaml +++ b/config/packages/scheb_2fa.yaml @@ -1,9 +1,5 @@ -# See the configuration reference at https://github.com/scheb/two-factor-bundle/blob/master/Resources/doc/configuration.md +# See the configuration reference at https://symfony.com/bundles/SchebTwoFactorBundle/5.x/configuration.html scheb_two_factor: - security_tokens: - - Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken - # If you're using guard-based authentication, you have to use this one: - # - Symfony\Component\Security\Guard\Token\PostAuthenticationGuardToken google: enabled: true # If Google Authenticator should be enabled, default false @@ -22,4 +18,11 @@ scheb_two_factor: extend_lifetime: false # Automatically extend lifetime of the trusted cookie on re-login cookie_name: trusted_device # Name of the trusted device cookie cookie_secure: false # Set the 'Secure' (HTTPS Only) flag on the trusted device cookie - cookie_same_site: "lax" # The same-site option of the cookie, can be "lax" or "strict" \ No newline at end of file + cookie_same_site: "lax" # The same-site option of the cookie, can be "lax" or "strict" + + security_tokens: + - Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken + # If you're using guard-based authentication, you have to use this one: + # - Symfony\Component\Security\Guard\Token\PostAuthenticationGuardToken + # If you're using authenticator-based security (introduced in Symfony 5.1), you have to use this one: + # - Symfony\Component\Security\Http\Authenticator\Token\PostAuthenticationToken diff --git a/config/packages/security.yaml b/config/packages/security.yaml index cd50fc96..e4c3e3a7 100644 --- a/config/packages/security.yaml +++ b/config/packages/security.yaml @@ -23,7 +23,7 @@ security: two_factor: auth_form_path: 2fa_login check_path: 2fa_login_check - csrf_token_generator: security.csrf.token_manager + enable_csrf: true # activate different ways to authenticate diff --git a/config/routes/scheb_two_factor.yaml b/config/routes/scheb_2fa.yaml similarity index 77% rename from config/routes/scheb_two_factor.yaml rename to config/routes/scheb_2fa.yaml index 18482a5b..c0b47b5e 100644 --- a/config/routes/scheb_two_factor.yaml +++ b/config/routes/scheb_2fa.yaml @@ -1,7 +1,7 @@ 2fa_login: path: /{_locale}/2fa defaults: - _controller: "scheb_two_factor.form_controller:form" + _controller: "scheb_two_factor.form_controller::form" 2fa_login_check: path: /{_locale}/2fa_check diff --git a/src/Validator/Constraints/ValidGoogleAuthCodeValidator.php b/src/Validator/Constraints/ValidGoogleAuthCodeValidator.php index 8ef75d12..3e5dc11a 100644 --- a/src/Validator/Constraints/ValidGoogleAuthCodeValidator.php +++ b/src/Validator/Constraints/ValidGoogleAuthCodeValidator.php @@ -44,6 +44,7 @@ namespace App\Validator\Constraints; use App\Entity\UserSystem\User; use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Google\GoogleAuthenticator; +use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Google\GoogleAuthenticatorInterface; use Symfony\Component\Form\FormInterface; use Symfony\Component\Validator\Constraint; use Symfony\Component\Validator\ConstraintValidator; @@ -54,7 +55,7 @@ class ValidGoogleAuthCodeValidator extends ConstraintValidator { protected $googleAuthenticator; - public function __construct(GoogleAuthenticator $googleAuthenticator) + public function __construct(GoogleAuthenticatorInterface $googleAuthenticator) { $this->googleAuthenticator = $googleAuthenticator; } diff --git a/symfony.lock b/symfony.lock index 961a7e39..c1517266 100644 --- a/symfony.lock +++ b/symfony.lock @@ -185,9 +185,6 @@ "laminas/laminas-zendframework-bridge": { "version": "1.1.1" }, - "lcobucci/jwt": { - "version": "3.3.1" - }, "league/html-to-markdown": { "version": "4.8.2" }, @@ -261,9 +258,6 @@ "openlss/lib-array2xml": { "version": "1.0.0" }, - "paragonie/constant_time_encoding": { - "version": "v2.3.0" - }, "paragonie/random_compat": { "version": "v9.99.99" }, @@ -361,7 +355,7 @@ "version": "1.0.1" }, "r/u2f-two-factor-bundle": { - "version": "0.7.0" + "version": "dev-scheb/2fa-support" }, "roave/security-advisories": { "version": "dev-master" @@ -378,17 +372,17 @@ "sabberworm/php-css-parser": { "version": "8.3.0" }, - "scheb/two-factor-bundle": { - "version": "3.16", + "scheb/2fa-bundle": { + "version": "5.13", "recipe": { - "repo": "github.com/symfony/recipes-contrib", - "branch": "master", - "version": "3.16", - "ref": "b5789cd9710e2ee555bf361079b991068a0f640b" + "repo": "github.com/symfony/recipes", + "branch": "main", + "version": "5.0", + "ref": "0a83961ef50ff91812b229a6f0caf28431d94aec" }, "files": [ - "./config/packages/scheb_two_factor.yaml", - "./config/routes/scheb_two_factor.yaml" + "./config/packages/scheb_2fa.yaml", + "./config/routes/scheb_2fa.yaml" ] }, "sebastian/diff": { @@ -409,9 +403,6 @@ "shivas/versioning-bundle": { "version": "3.1.3" }, - "spomky-labs/otphp": { - "version": "v9.1.4" - }, "symfony/apache-pack": { "version": "1.0", "recipe": { @@ -702,9 +693,6 @@ "symfony/string": { "version": "v5.1.0" }, - "symfony/templating": { - "version": "v4.3.4" - }, "symfony/translation": { "version": "5.3", "recipe": { @@ -805,9 +793,6 @@ "tecnickcom/tc-lib-color": { "version": "1.12.15" }, - "thecodingmachine/safe": { - "version": "v0.1.16" - }, "tijsverkoyen/css-to-inline-styles": { "version": "2.2.2" }, @@ -843,8 +828,5 @@ }, "webmozart/path-util": { "version": "2.3.0" - }, - "yubico/u2flib-server": { - "version": "1.0.2" } }