mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-21 09:35:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Allow to delete Webauthn Keys

Browse source
This commit is contained in:
Jan Böhmer 2022-10-04 00:16:10 +02:00
parent ac978abe1d
commit 9c688e22dc
2 changed files with 33 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

31
src/Controller/UserSettingsController.php
View file

@ -44,6 +44,7 @@ namespace App\Controller;
use App\Entity\UserSystem\U2FKey;
use App\Entity\UserSystem\User;
use App\Entity\UserSystem\WebauthnKey;
use App\Events\SecurityEvent;
use App\Events\SecurityEvents;
use App\Form\TFAGoogleSettingsType;
@ -130,6 +131,7 @@ class UserSettingsController extends AbstractController
}
if ($this->isCsrfTokenValid('delete'.$user->getId(), $request->request->get('_token'))) {
//Handle U2F key removal
if ($request->request->has('key_id')) {
$key_id = $request->request->get('key_id');
$key_repo = $entityManager->getRepository(U2FKey::class);
@ -138,14 +140,14 @@ class UserSettingsController extends AbstractController
if (null === $u2f) {
$this->addFlash('danger', 'tfa_u2f.u2f_delete.not_existing');
throw new RuntimeException('Key not existing!');
return $this->redirectToRoute('user_settings');
}
//User can only delete its own U2F keys
if ($u2f->getUser() !== $user) {
$this->addFlash('danger', 'tfa_u2f.u2f_delete.access_denied');
throw new RuntimeException('You can only delete your own U2F keys!');
return $this->redirectToRoute('user_settings');
}
$backupCodeManager->disableBackupCodesIfUnused($user);
@ -153,6 +155,31 @@ class UserSettingsController extends AbstractController
$entityManager->flush();
$this->addFlash('success', 'tfa.u2f.u2f_delete.success');
$security_event = new SecurityEvent($user);
$this->eventDispatcher->dispatch($security_event, SecurityEvents::U2F_REMOVED);
} else if ($request->request->has('webauthn_key_id')) {
$key_id = $request->request->get('webauthn_key_id');
$key_repo = $entityManager->getRepository(WebauthnKey::class);
/** @var WebauthnKey|null $key */
$key = $key_repo->find($key_id);
if (null === $key) {
$this->addFlash('error', 'tfa_u2f.u2f_delete.not_existing');
return $this->redirectToRoute('user_settings');
}
//User can only delete its own U2F keys
if ($key->getUser() !== $user) {
$this->addFlash('error', 'tfa_u2f.u2f_delete.access_denied');
return $this->redirectToRoute('user_settings');
}
$backupCodeManager->disableBackupCodesIfUnused($user);
$entityManager->remove($key);
$entityManager->flush();
$this->addFlash('success', 'tfa.u2f.u2f_delete.success');
$security_event = new SecurityEvent($user);
$this->eventDispatcher->dispatch($security_event, SecurityEvents::U2F_REMOVED);
}

4
src/Services/TFA/BackupCodeManager.php
View file

@ -76,6 +76,10 @@ class BackupCodeManager
return;
}
if ($user->isWebAuthnAuthenticatorEnabled()) {
return;
}
$user->setBackupCodes([]);
}