mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-21 01:25:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Prefer U2F as 2FA method if it is available.

Browse source
This commit is contained in:
Jan Böhmer 2019-12-29 17:36:41 +01:00
parent 39aaab07c5
commit b5e80ec1b7
3 changed files with 35 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

29
src/Controller/UserSettingsController.php
View file

@ -35,13 +35,14 @@ class UserSettingsController extends AbstractController
public function showBackupCodes()
{
$user = $this->getUser();
if (!$user instanceof User) {
return new \RuntimeException('This controller only works only for Part-DB User objects!');
}
//When user change its settings, he should be logged in fully.
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
if (!$user instanceof User) {
return new \RuntimeException('This controller only works only for Part-DB User objects!');
}
if (empty($user->getBackupCodes())) {
$this->addFlash('error', 'You do not have any backup codes enabled, therefore you can not view them!');
throw new Exception('You do not have any backup codes enabled, therefore you can not view them!');
@ -60,11 +61,14 @@ class UserSettingsController extends AbstractController
public function removeU2FToken(Request $request, EntityManagerInterface $entityManager, BackupCodeManager $backupCodeManager)
{
$user = $this->getUser();
//When user change its settings, he should be logged in fully.
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
if (!$user instanceof User) {
throw new \RuntimeException('This controller only works only for Part-DB User objects!');
}
//When user change its settings, he should be logged in fully.
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
if ($this->isCsrfTokenValid('delete'.$user->getId(), $request->request->get('_token'))) {
if($request->request->has('key_id')) {
@ -101,11 +105,14 @@ class UserSettingsController extends AbstractController
public function resetTrustedDevices(Request $request, EntityManagerInterface $entityManager)
{
$user = $this->getUser();
//When user change its settings, he should be logged in fully.
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
if (!$user instanceof User) {
return new \RuntimeException('This controller only works only for Part-DB User objects!');
}
//When user change its settings, he should be logged in fully.
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
if ($this->isCsrfTokenValid('devices_reset'.$user->getId(), $request->request->get('_token'))) {
$user->invalidateTrustedDeviceTokens();
@ -130,13 +137,13 @@ class UserSettingsController extends AbstractController
$page_need_reload = false;
if (!$user instanceof User) {
return new \RuntimeException('This controller only works only for Part-DB User objects!');
}
//When user change its settings, he should be logged in fully.
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
if (!$user instanceof User) {
throw new \RuntimeException('This controller only works only for Part-DB User objects!');
}
/***************************
* User settings form
***************************/