mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-21 17:39:06 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Moved user settings and 2FA related controller into its own class UserSettingsController.

Browse source
This commit is contained in:
Jan Böhmer 2019-12-29 17:17:12 +01:00
parent 16bc257b17
commit 39aaab07c5
3 changed files with 270 additions and 237 deletions
Download patch file Download diff file Expand all files Collapse all files

65
src/Controller/SecurityController.php
View file

@ -169,71 +169,6 @@ class SecurityController extends AbstractController
'form' => $form->createView()
]);
}
/**
* @Route("/user/u2f_delete", name="u2f_delete", methods={"DELETE"})
*
* @return \Symfony\Component\HttpFoundation\RedirectResponse
*/
public function removeU2FToken(Request $request, EntityManagerInterface $entityManager, BackupCodeManager $backupCodeManager)
{
$user = $this->getUser();
if (!$user instanceof User) {
return new \RuntimeException('This controller only works only for Part-DB User objects!');
}
//When user change its settings, he should be logged in fully.
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
if ($this->isCsrfTokenValid('delete'.$user->getId(), $request->request->get('_token'))) {
if($request->request->has('key_id')) {
$key_id = $request->request->get('key_id');
$key_repo = $entityManager->getRepository(U2FKey::class);
/** @var U2FKey|null $u2f */
$u2f = $key_repo->find($key_id);
if($u2f === null) {
$this->addFlash('danger','tfa_u2f.u2f_delete.not_existing');
throw new \RuntimeException('Key not existing!');
}
//User can only delete its own U2F keys
if ($u2f->getUser() !== $user) {
$this->addFlash('danger', 'tfa_u2f.u2f_delete.access_denied');
throw new \RuntimeException('You can only delete your own U2F keys!');
}
$backupCodeManager->disableBackupCodesIfUnused($user);
$entityManager->remove($u2f);
$entityManager->flush();
$this->addFlash('success', 'tfa.u2f.u2f_delete.success');
}
} else {
$this->addFlash('error','csfr_invalid');
}
return $this->redirectToRoute('user_settings');
}
/**
* @Route("/user/invalidate_trustedDevices", name="tfa_trustedDevices_invalidate", methods={"DELETE"})
*/
public function resetTrustedDevices(Request $request, EntityManagerInterface $entityManager)
{
$user = $this->getUser();
if (!$user instanceof User) {
return new \RuntimeException('This controller only works only for Part-DB User objects!');
}
//When user change its settings, he should be logged in fully.
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
if ($this->isCsrfTokenValid('devices_reset'.$user->getId(), $request->request->get('_token'))) {
$user->invalidateTrustedDeviceTokens();
$entityManager->flush();
$this->addFlash('success', 'tfa_trustedDevice.invalidate.success');
} else {
$this->addFlash('error','csfr_invalid');
}
return $this->redirectToRoute('user_settings');
}
/**
* @Route("/logout", name="logout")