mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-21 09:35:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Use the domain name in server_name field of Google Authenticator QR code

Browse source 
We achieve that by decorating the GoogleAuthenticator service
This commit is contained in:
Jan Böhmer 2023-06-26 23:47:54 +02:00
parent 6fd79688b0
commit d6500c45aa
3 changed files with 76 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
config/packages/scheb_2fa.yaml
View file

@ -3,8 +3,8 @@ scheb_two_factor:
google: google:
enabled: true # If Google Authenticator should be enabled, default false enabled: true # If Google Authenticator should be enabled, default false
server_name: '%partdb.title%' # Server name used in QR code server_name: '$$DOMAIN$$' # This field is replaced by the domain name of the server in DecoratedGoogleAuthenticator
issuer: 'Part-DB' # Issuer name used in QR code issuer: '%partdb.title%' # Issuer name used in QR code
digits: 6 # Number of digits in authentication code digits: 6 # Number of digits in authentication code
window: 1 # How many codes before/after the current one would be accepted as valid window: 1 # How many codes before/after the current one would be accepted as valid
template: security/2fa_form.html.twig template: security/2fa_form.html.twig

4
src/Controller/UserSettingsController.php
View file

@ -35,6 +35,7 @@ use App\Services\UserSystem\UserAvatarHelper;
use Doctrine\ORM\EntityManagerInterface; use Doctrine\ORM\EntityManagerInterface;
use RuntimeException; use RuntimeException;
use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Google\GoogleAuthenticator; use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Google\GoogleAuthenticator;
use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Google\GoogleAuthenticatorInterface;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\EventDispatcher\EventDispatcher; use Symfony\Component\EventDispatcher\EventDispatcher;
use Symfony\Component\EventDispatcher\EventDispatcherInterface; use Symfony\Component\EventDispatcher\EventDispatcherInterface;
@ -204,7 +205,8 @@ class UserSettingsController extends AbstractController
* @return RedirectResponse|Response * @return RedirectResponse|Response
*/ */
#[Route(path: '/settings', name: 'user_settings')] #[Route(path: '/settings', name: 'user_settings')]
public function userSettings(Request $request, EntityManagerInterface $em, UserPasswordHasherInterface $passwordEncoder, GoogleAuthenticator $googleAuthenticator, BackupCodeManager $backupCodeManager, FormFactoryInterface $formFactory, UserAvatarHelper $avatarHelper): RedirectResponse|Response public function userSettings(Request $request, EntityManagerInterface $em, UserPasswordHasherInterface $passwordEncoder,
GoogleAuthenticatorInterface $googleAuthenticator, BackupCodeManager $backupCodeManager, FormFactoryInterface $formFactory, UserAvatarHelper $avatarHelper): RedirectResponse|Response
{ {
/** @var User $user */ /** @var User $user */
$user = $this->getUser(); $user = $this->getUser();

71
src/Services/UserSystem/TFA/DecoratedGoogleAuthenticator.php Normal file
View file

@ -0,0 +1,71 @@
<?php
/*
* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
*
* Copyright (C) 2019 - 2023 Jan Böhmer (https://github.com/jbtronics)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published
* by the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
namespace App\Services\UserSystem\TFA;
use Scheb\TwoFactorBundle\Model\Google\TwoFactorInterface;
use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Google\GoogleAuthenticator;
use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Google\GoogleAuthenticatorInterface;
use Symfony\Component\DependencyInjection\Attribute\AsDecorator;
use Symfony\Component\DependencyInjection\Attribute\AutowireDecorated;
use Symfony\Component\HttpFoundation\RequestStack;
#[AsDecorator(GoogleAuthenticatorInterface::class)]
class DecoratedGoogleAuthenticator implements GoogleAuthenticatorInterface
{
public function __construct(
#[AutowireDecorated]
private GoogleAuthenticatorInterface $inner,
private RequestStack $requestStack)
{
}
public function checkCode(TwoFactorInterface $user, string $code): bool
{
return $this->inner->checkCode($user, $code);
}
public function getQRContent(TwoFactorInterface $user): string
{
$qr_content = $this->inner->getQRContent($user);
//Replace $$DOMAIN$$ with the current domain
$request = $this->requestStack->getCurrentRequest();
//If no request is available, just put "Part-DB" as domain
$domain = "Part-DB";
if ($request !== null) {
$domain = $request->getHttpHost();
}
//Domain must be url encoded
$domain = urlencode($domain);
return str_replace(urlencode('$$DOMAIN$$'), $domain, $qr_content);
}
public function generateSecret(): string
{
return $this->inner->generateSecret();
}
}