mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-07-09 18:04:33 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added an basic form to add Google Authenticator.

Browse source
This commit is contained in:
Jan Böhmer 2019-12-23 17:20:28 +01:00
parent 24672a30b9
commit 35b5640627
10 changed files with 277 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

27
src/Controller/UserController.php
View file

@ -25,12 +25,14 @@ use App\Entity\Attachments\AttachmentType;
use App\Entity\Attachments\UserAttachment;
use App\Entity\UserSystem\User;
use App\Form\Permissions\PermissionsType;
use App\Form\TFASettingsType;
use App\Form\UserAdminForm;
use App\Form\UserSettingsType;
use App\Services\EntityExporter;
use App\Services\EntityImporter;
use App\Services\StructuralElementRecursionHelper;
use Doctrine\ORM\EntityManagerInterface;
use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Google\GoogleAuthenticator;
use Symfony\Component\Asset\Packages;
use Symfony\Component\Form\Extension\Core\Type\PasswordType;
use Symfony\Component\Form\Extension\Core\Type\RepeatedType;
@ -150,7 +152,7 @@ class UserController extends AdminPages\BaseAdminController
/**
* @Route("/settings", name="user_settings")
*/
public function userSettings(Request $request, EntityManagerInterface $em, UserPasswordEncoderInterface $passwordEncoder)
public function userSettings(Request $request, EntityManagerInterface $em, UserPasswordEncoderInterface $passwordEncoder, GoogleAuthenticator $googleAuthenticator)
{
/**
* @var User
@ -224,6 +226,22 @@ class UserController extends AdminPages\BaseAdminController
$this->addFlash('success', 'user.settings.pw_changed_flash');
}
//Handle 2FA things
$tfa_form = $this->createForm(TFASettingsType::class, $user);
$tfa_form->handleRequest($request);
if (!$user->getGoogleAuthenticatorSecret()) {
$user->setGoogleAuthenticatorSecret($googleAuthenticator->generateSecret());
$tfa_form->setData($user);
}
if ($tfa_form->isSubmitted() && $tfa_form->isValid()) {
//Save 2FA settings (save secrets)
$user->setGoogleAuthenticatorSecret($tfa_form->get('googleAuthenticatorSecret')->getData());
$em->flush();
$this->addFlash('success', 'user.settings.2fa.google.activated');
}
/******************************
* Output both forms
*****************************/
@ -232,6 +250,13 @@ class UserController extends AdminPages\BaseAdminController
'settings_form' => $form->createView(),
'pw_form' => $pw_form->createView(),
'page_need_reload' => $page_need_reload,
'tfa_form' => $tfa_form->createView(),
'tfa_google' => [
'qrContent' => $googleAuthenticator->getQRContent($user),
'secret' => $user->getGoogleAuthenticatorSecret(),
'username' => $user->getGoogleAuthenticatorUsername()
]
]);
}

42
src/Form/TFASettingsType.php Normal file
View file

@ -0,0 +1,42 @@
<?php
namespace App\Form;
use App\Entity\UserSystem\User;
use App\Validator\Constraints\ValidGoogleAuthCode;
use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\Extension\Core\Type\HiddenType;
use Symfony\Component\Form\Extension\Core\Type\ResetType;
use Symfony\Component\Form\Extension\Core\Type\SubmitType;
use Symfony\Component\Form\Extension\Core\Type\TextType;
use Symfony\Component\Form\FormBuilderInterface;
use Symfony\Component\OptionsResolver\OptionsResolver;
class TFASettingsType extends AbstractType
{
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder->add('google_confirmation', TextType::class, [
'mapped' => false,
'attr' => ['maxlength' => '6', 'minlength' => '6', 'pattern' => '\d*'],
'constraints' => [new ValidGoogleAuthCode()]
]);
$builder->add('googleAuthenticatorSecret', HiddenType::class,[
'disabled' => false,
]);
$builder->add('submit', SubmitType::class);
$builder->add('cancel', ResetType::class);
}
public function configureOptions(OptionsResolver $resolver)
{
$resolver->setDefaults([
'data_class' => User::class,
]);
}
}

12
src/Validator/Constraints/ValidGoogleAuthCode.php Normal file
View file

@ -0,0 +1,12 @@
<?php
namespace App\Validator\Constraints;
use Symfony\Component\Validator\Constraint;
class ValidGoogleAuthCode extends Constraint
{
}

65
src/Validator/Constraints/ValidGoogleAuthCodeValidator.php Normal file
View file

@ -0,0 +1,65 @@
<?php
namespace App\Validator\Constraints;
use App\Entity\UserSystem\User;
use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Google\GoogleAuthenticator;
use Symfony\Component\Form\Form;
use Symfony\Component\Form\FormInterface;
use Symfony\Component\Validator\Constraint;
use Symfony\Component\Validator\ConstraintValidator;
use Symfony\Component\Validator\Exception\UnexpectedTypeException;
use Symfony\Component\Validator\Exception\UnexpectedValueException;
class ValidGoogleAuthCodeValidator extends ConstraintValidator
{
protected $googleAuthenticator;
public function __construct(GoogleAuthenticator $googleAuthenticator)
{
$this->googleAuthenticator = $googleAuthenticator;
}
/**
* @inheritDoc
*/
public function validate($value, Constraint $constraint)
{
if (!$constraint instanceof ValidGoogleAuthCode) {
throw new UnexpectedTypeException($constraint, ValidGoogleAuthCode::class);
}
if (null === $value || '' === $value) {
return;
}
if (!\is_string($value)) {
throw new UnexpectedValueException($value, 'string');
}
if(!ctype_digit($value)) {
$this->context->addViolation('validator.google_code.only_digits_allowed');
}
//Number must have 6 digits
if(strlen($value) !== 6) {
$this->context->addViolation('validator.google_code.wrong_digit_count');
}
//Try to retrieve the user we want to check
if($this->context->getObject() instanceof FormInterface &&
$this->context->getObject()->getParent() instanceof FormInterface
&& $this->context->getObject()->getParent()->getData() instanceof User) {
$user = $this->context->getObject()->getParent()->getData();
//Check if the given code is valid
if(!$this->googleAuthenticator->checkCode($user, $value)) {
$this->context->addViolation('validator.google_code.wrong_code');
}
}
}
}