From 8add8c919dd0609df0f530a2ad2296ce654c1682 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <Jan.h.boehmer@gmx.de>
Date: Thu, 26 Dec 2019 12:46:44 +0100
Subject: [PATCH] Allow to disable the google authenticator 2fa.

---
 src/Controller/UserController.php       | 31 ++++++----
 src/Form/TFAGoogleSettingsType.php      | 77 +++++++++++++++++++++++++
 src/Form/TFASettingsType.php            | 42 --------------
 templates/Users/_2fa_settings.html.twig | 67 +++++++++++----------
 4 files changed, 133 insertions(+), 84 deletions(-)
 create mode 100644 src/Form/TFAGoogleSettingsType.php
 delete mode 100644 src/Form/TFASettingsType.php

diff --git a/src/Controller/UserController.php b/src/Controller/UserController.php
index 8985e16d..4f346981 100644
--- a/src/Controller/UserController.php
+++ b/src/Controller/UserController.php
@@ -25,7 +25,7 @@ use App\Entity\Attachments\AttachmentType;
 use App\Entity\Attachments\UserAttachment;
 use App\Entity\UserSystem\User;
 use App\Form\Permissions\PermissionsType;
-use App\Form\TFASettingsType;
+use App\Form\TFAGoogleSettingsType;
 use App\Form\UserAdminForm;
 use App\Form\UserSettingsType;
 use App\Services\EntityExporter;
@@ -240,18 +240,26 @@ class UserController extends AdminPages\BaseAdminController
         }
 
         //Handle 2FA things
-        $tfa_form = $this->createForm(TFASettingsType::class, $user);
-        $tfa_form->handleRequest($request);
-        if (!$user->getGoogleAuthenticatorSecret()) {
+        $google_form = $this->createForm(TFAGoogleSettingsType::class, $user);
+        $google_enabled = $user->isGoogleAuthenticatorEnabled();
+        if (!$form->isSubmitted() && !$google_enabled) {
             $user->setGoogleAuthenticatorSecret($googleAuthenticator->generateSecret());
-            $tfa_form->setData($user);
+            $google_form->get('googleAuthenticatorSecret')->setData($user->getGoogleAuthenticatorSecret());
         }
+        $google_form->handleRequest($request);
 
-        if ($tfa_form->isSubmitted() && $tfa_form->isValid()) {
-            //Save 2FA settings (save secrets)
-            $user->setGoogleAuthenticatorSecret($tfa_form->get('googleAuthenticatorSecret')->getData());
-            $em->flush();
-            $this->addFlash('success', 'user.settings.2fa.google.activated');
+        if($google_form->isSubmitted() && $google_form->isValid()) {
+            if (!$google_enabled) {
+                //Save 2FA settings (save secrets)
+                $user->setGoogleAuthenticatorSecret($google_form->get('googleAuthenticatorSecret')->getData());
+                $em->flush();
+                $this->addFlash('success', 'user.settings.2fa.google.activated');
+            } elseif ($google_enabled) {
+                //Remove secret to disable google authenticator
+                $user->setGoogleAuthenticatorSecret(null);
+                $em->flush();
+                $this->addFlash('success', 'user.settings.2fa.google.disabled');
+            }
         }
 
 
@@ -264,8 +272,9 @@ class UserController extends AdminPages\BaseAdminController
             'pw_form' => $pw_form->createView(),
             'page_need_reload' => $page_need_reload,
 
-            'tfa_form' => $tfa_form->createView(),
+            'google_form' => $google_form->createView(),
             'tfa_google' => [
+                'enabled' => $google_enabled,
                 'qrContent' => $googleAuthenticator->getQRContent($user),
                 'secret' => $user->getGoogleAuthenticatorSecret(),
                 'username' => $user->getGoogleAuthenticatorUsername()
diff --git a/src/Form/TFAGoogleSettingsType.php b/src/Form/TFAGoogleSettingsType.php
new file mode 100644
index 00000000..3b5362bf
--- /dev/null
+++ b/src/Form/TFAGoogleSettingsType.php
@@ -0,0 +1,77 @@
+<?php
+
+
+namespace App\Form;
+
+
+use App\Entity\UserSystem\User;
+use App\Validator\Constraints\ValidGoogleAuthCode;
+use Symfony\Component\Form\AbstractType;
+use Symfony\Component\Form\Extension\Core\Type\HiddenType;
+use Symfony\Component\Form\Extension\Core\Type\ResetType;
+use Symfony\Component\Form\Extension\Core\Type\SubmitType;
+use Symfony\Component\Form\Extension\Core\Type\TextType;
+use Symfony\Component\Form\FormBuilderInterface;
+use Symfony\Component\Form\FormEvent;
+use Symfony\Component\Form\FormEvents;
+use Symfony\Component\OptionsResolver\OptionsResolver;
+use Symfony\Contracts\Translation\TranslatorInterface;
+
+class TFAGoogleSettingsType extends AbstractType
+{
+
+    protected $translator;
+
+    public function __construct(TranslatorInterface $translator)
+    {
+        $this->translator = $translator;
+    }
+
+    public function buildForm(FormBuilderInterface $builder, array $options)
+    {
+        $builder->addEventListener(FormEvents::PRE_SET_DATA, function(FormEvent $event) {
+            $form = $event->getForm();
+            /** @var User $user */
+            $user = $event->getData();
+
+            //Only show setup fields, when google authenticator is not enabled
+            if(!$user->isGoogleAuthenticatorEnabled()) {
+                $form->add(
+                    'google_confirmation',
+                    TextType::class,
+                    [
+                        'mapped' => false,
+                        'attr' => ['maxlength' => '6', 'minlength' => '6', 'pattern' => '\d*', 'autocomplete' => 'off'],
+                        'constraints' => [new ValidGoogleAuthCode()]
+                    ]
+                );
+
+                $form->add(
+                    'googleAuthenticatorSecret',
+                    HiddenType::class,
+                    [
+                        'disabled' => false,
+                    ]
+                );
+
+                $form->add('submit', SubmitType::class, [
+                    'label' => $this->translator->trans('tfa_google.enable')
+                ]);
+            } else {
+                $form->add('submit', SubmitType::class, [
+                    'label' => $this->translator->trans('tfa_google.disable'),
+                    'attr' => ['class' => 'btn-danger']
+                ]);
+            }
+        });
+
+        //$builder->add('cancel', ResetType::class);
+    }
+
+    public function configureOptions(OptionsResolver $resolver)
+    {
+        $resolver->setDefaults([
+                                   'data_class' => User::class,
+                               ]);
+    }
+}
\ No newline at end of file
diff --git a/src/Form/TFASettingsType.php b/src/Form/TFASettingsType.php
deleted file mode 100644
index fa9da818..00000000
--- a/src/Form/TFASettingsType.php
+++ /dev/null
@@ -1,42 +0,0 @@
-<?php
-
-
-namespace App\Form;
-
-
-use App\Entity\UserSystem\User;
-use App\Validator\Constraints\ValidGoogleAuthCode;
-use Symfony\Component\Form\AbstractType;
-use Symfony\Component\Form\Extension\Core\Type\HiddenType;
-use Symfony\Component\Form\Extension\Core\Type\ResetType;
-use Symfony\Component\Form\Extension\Core\Type\SubmitType;
-use Symfony\Component\Form\Extension\Core\Type\TextType;
-use Symfony\Component\Form\FormBuilderInterface;
-use Symfony\Component\OptionsResolver\OptionsResolver;
-
-class TFASettingsType extends AbstractType
-{
-    public function buildForm(FormBuilderInterface $builder, array $options)
-    {
-        $builder->add('google_confirmation', TextType::class, [
-            'mapped' => false,
-            'attr' => ['maxlength' => '6', 'minlength' => '6', 'pattern' => '\d*', 'autocomplete' => 'off'],
-            'constraints' => [new ValidGoogleAuthCode()]
-        ]);
-
-        $builder->add('googleAuthenticatorSecret', HiddenType::class,[
-            'disabled' => false,
-        ]);
-
-
-        $builder->add('submit', SubmitType::class);
-        $builder->add('cancel', ResetType::class);
-    }
-
-    public function configureOptions(OptionsResolver $resolver)
-    {
-        $resolver->setDefaults([
-                                   'data_class' => User::class,
-                               ]);
-    }
-}
\ No newline at end of file
diff --git a/templates/Users/_2fa_settings.html.twig b/templates/Users/_2fa_settings.html.twig
index f24ec557..0ac1c6cd 100644
--- a/templates/Users/_2fa_settings.html.twig
+++ b/templates/Users/_2fa_settings.html.twig
@@ -4,7 +4,7 @@
         {% trans %}user.settings.2fa_settings{% endtrans %}
     </div>
     <div class="card-body">
-        {{ form_start(tfa_form) }}
+
         <ul class="nav nav-tabs" id="tfa-tabs" role="tablist">
             <li class="nav-item">
                 <a class="nav-link active" id="google-tab" data-toggle="tab" href="#tfa-google" role="tab"
@@ -17,44 +17,49 @@
         </ul>
         <div class="tab-content mt-3 mb-3" id="tfa-tabs-content">
             <div class="tab-pane fade show active" id="tfa-google" role="tabpanel" aria-labelledby="google-tab">
-                <div class="offset-3 row">
-                    <div class="col-3">
-                        <canvas class="qrcode" data-content="{{ tfa_google.qrContent }}"></canvas>
-                    </div>
-                    <div class="col-9 my-auto">
-                        <ol class="">
-                            <li>{% trans %}tfa_google.step.download{% endtrans %}</li>
-                            <li>{% trans %}tfa_google.step.scan{% endtrans %}</li>
-                            <li>{% trans %}tfa_google.step.input_code{% endtrans %}</li>
-                            <li>{% trans %}tfa_google.step.download_backup{% endtrans %}</li>
-                        </ol>
-                    </div>
-                </div>
-
-                <div class="offset-3">
-                    <button class="btn btn-link" type="button" data-toggle="collapse" data-target="#manualSetupCollapse" aria-expanded="false" aria-controls="manualSetupCollapse">
-                        {% trans %}tfa_google.manual_setup{% endtrans %}
-                    </button>
-                    <div class="collapse" id="manualSetupCollapse">
-                        <div class="card card-body mb-2">
-                            <p><b>{% trans %}tfa_google.manual_setup.type</b>{% endtrans %}: TOTP</p>
-                            <p><b>{% trans %}tfa_google.manual_setup.username</b>{% endtrans %}: {{ tfa_google.username }}</p>
-                            <p><b>{% trans %}tfa_google.manual_setup.secret</b>{% endtrans %}: {{ tfa_google.secret }}</p>
-                            <p><b>{% trans %}tfa_google.manual_setup.digit_count</b>{% endtrans %}: 6</p>
-
+                {{ form_start(google_form) }}
+                {% if not tfa_google.enabled %}
+                    <div class="offset-3 row">
+                        <div class="col-3">
+                            <canvas class="qrcode" data-content="{{ tfa_google.qrContent }}"></canvas>
+                        </div>
+                        <div class="col-9 my-auto">
+                            <ol class="">
+                                <li>{% trans %}tfa_google.step.download{% endtrans %}</li>
+                                <li>{% trans %}tfa_google.step.scan{% endtrans %}</li>
+                                <li>{% trans %}tfa_google.step.input_code{% endtrans %}</li>
+                                <li>{% trans %}tfa_google.step.download_backup{% endtrans %}</li>
+                            </ol>
                         </div>
                     </div>
-                </div>
 
-                {{ form_row(tfa_form.google_confirmation) }}
+                    <div class="offset-3">
+                        <button class="btn btn-link" type="button" data-toggle="collapse" data-target="#manualSetupCollapse" aria-expanded="false" aria-controls="manualSetupCollapse">
+                            {% trans %}tfa_google.manual_setup{% endtrans %}
+                        </button>
+                        <div class="collapse" id="manualSetupCollapse">
+                            <div class="card card-body mb-2">
+                                <p><b>{% trans %}tfa_google.manual_setup.type</b>{% endtrans %}: TOTP</p>
+                                <p><b>{% trans %}tfa_google.manual_setup.username</b>{% endtrans %}: {{ tfa_google.username }}</p>
+                                <p><b>{% trans %}tfa_google.manual_setup.secret</b>{% endtrans %}: {{ tfa_google.secret }}</p>
+                                <p><b>{% trans %}tfa_google.manual_setup.digit_count</b>{% endtrans %}: 6</p>
+
+                            </div>
+                        </div>
+                    </div>
+
+                    {{ form_row(google_form.google_confirmation) }}
+                {% else %}
+                    Google Authenticator is enabled! TODO
+                {% endif %}
+                {{ form_row(google_form.submit) }}
+                {{ form_end(google_form) }}
             </div>
             <div class="tab-pane fade" id="tfa-backup" role="tabpanel" aria-labelledby="backup-tab">
 
             </div>
         </div>
 
-        {{ form_row(tfa_form.submit) }}
-        {{ form_row(tfa_form.cancel) }}
-        {{ form_end(tfa_form) }}
+
     </div>
 </div>
\ No newline at end of file