mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-24 02:38:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added an service for generating Backup codes and added some tests.

Browse source
This commit is contained in:
Jan Böhmer 2019-12-27 15:20:06 +01:00
parent 452fc3e78a
commit fba5f9794f
16 changed files with 245 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

5
config/services.yaml
View file

@ -120,6 +120,11 @@ services:
arguments: arguments:
$mimeTypes: '@mime_types' $mimeTypes: '@mime_types'
App\Services\TFA\BackupCodeGenerator:
arguments:
$code_length: 8
$code_count: 10
App\Services\TranslationExtractor\PermissionExtractor: App\Services\TranslationExtractor\PermissionExtractor:
tags: tags:
- { name: 'translation.extractor', alias: 'permissionExtractor'} - { name: 'translation.extractor', alias: 'permissionExtractor'}

31
src/Entity/UserSystem/User.php
View file

@ -191,7 +191,7 @@ class User extends AttachmentContainingDBElement implements UserInterface, HasPe
* @var string[]|null A list of backup codes that can be used, if the user has no access to its Google Authenticator device * @var string[]|null A list of backup codes that can be used, if the user has no access to its Google Authenticator device
* @ORM\Column(type="json") * @ORM\Column(type="json")
*/ */
protected $backupCodes; protected $backupCodes = [];
/** @var \DateTime The time when the backup codes were generated /** @var \DateTime The time when the backup codes were generated
* @ORM\Column(type="datetime", nullable=true) * @ORM\Column(type="datetime", nullable=true)
@ -201,7 +201,7 @@ class User extends AttachmentContainingDBElement implements UserInterface, HasPe
/** @var int The version of the trusted device cookie. Used to invalidate all trusted device cookies at once. /** @var int The version of the trusted device cookie. Used to invalidate all trusted device cookies at once.
* @ORM\Column(type="integer") * @ORM\Column(type="integer")
*/ */
protected $trustedDeviceCookieVersion; protected $trustedDeviceCookieVersion = 0;
/** @var Collection<TwoFactorKeyInterface> /** @var Collection<TwoFactorKeyInterface>
* @ORM\OneToMany(targetEntity="App\Entity\UserSystem\U2FKey", mappedBy="user") * @ORM\OneToMany(targetEntity="App\Entity\UserSystem\U2FKey", mappedBy="user")
@ -775,15 +775,19 @@ class User extends AttachmentContainingDBElement implements UserInterface, HasPe
public function setBackupCodes(array $codes) : self public function setBackupCodes(array $codes) : self
{ {
$this->backupCodes = $codes; $this->backupCodes = $codes;
if(empty($codes)) {
$this->backupCodesGenerationDate = null;
} else {
$this->backupCodesGenerationDate = new \DateTime(); $this->backupCodesGenerationDate = new \DateTime();
}
return $this; return $this;
} }
/** /**
* Return the date when the backup codes were generated. * Return the date when the backup codes were generated.
* @return \DateTime * @return \DateTime|null
*/ */
public function getBackupCodesGenerationDate() : \DateTime public function getBackupCodesGenerationDate() : ?\DateTime
{ {
return $this->backupCodesGenerationDate; return $this->backupCodesGenerationDate;
} }
@ -806,24 +810,39 @@ class User extends AttachmentContainingDBElement implements UserInterface, HasPe
$this->trustedDeviceCookieVersion++; $this->trustedDeviceCookieVersion++;
} }
/**
* Check if U2F is enabled
* @return bool
*/
public function isU2FAuthEnabled(): bool public function isU2FAuthEnabled(): bool
{ {
return count($this->u2fKeys) > 0; return count($this->u2fKeys) > 0;
} }
/** @return Collection<TwoFactorKeyInterface> */ /**
* Get all U2F Keys that are associated with this user
* @return Collection<TwoFactorKeyInterface>
*/
public function getU2FKeys(): Collection public function getU2FKeys(): Collection
{ {
return $this->u2fKeys; return $this->u2fKeys;
} }
/**
* Add a U2F key to this user.
* @param TwoFactorKeyInterface $key
*/
public function addU2FKey(TwoFactorKeyInterface $key): void public function addU2FKey(TwoFactorKeyInterface $key): void
{ {
$this->u2fKeys->add($key); $this->u2fKeys->add($key);
} }
/**
* Remove a U2F key from this user.
* @param TwoFactorKeyInterface $key
*/
public function removeU2FKey(TwoFactorKeyInterface $key): void public function removeU2FKey(TwoFactorKeyInterface $key): void
{ {
$this->u2fKeys->remove($key); $this->u2fKeys->removeElement($key);
} }
} }

60
src/Services/TFA/BackupCodeGenerator.php Normal file
View file

@ -0,0 +1,60 @@
<?php
namespace App\Services\TFA;
/**
* This class generates random backup codes for two factor authentication
* @package App\Services\TFA
*/
class BackupCodeGenerator
{
protected $code_length;
protected $code_count;
/**
* BackupCodeGenerator constructor.
* @param int $code_length How many characters a single code should have.
* @param int $code_count How many codes are generated for a whole backup set.
*/
public function __construct(int $code_length, int $code_count)
{
if ($code_length > 32) {
throw new \RuntimeException('Backup code can have maximum 32 digits!');
}
if ($code_length < 6) {
throw new \RuntimeException('Code must have at least 6 digits to ensure security!');
}
$this->code_count = $code_count;
$this->code_length = $code_length;
}
/**
* Generates a single backup code.
* It is a random hexadecimal value with the digit count configured in constructor
* @return string The generated backup code (e.g. 1f3870be2)
* @throws \Exception If no entropy source is available.
*/
public function generateSingleCode() : string
{
$bytes = random_bytes(32);
return substr(md5($bytes), 0, $this->code_length);
}
/**
* Returns a full backup code set. The code count can be configured in the constructor
* @return string[] An array containing different backup codes.
* @throws \Exception If no entropy source is available
*/
public function generateCodeSet() : array
{
$array = [];
for($n=0; $n<$this->code_count; $n++) {
$array[] = $this->generateSingleCode();
}
return $array;
}
}

1
tests/Controller/AdminPages/AbstractAdminControllerTest.php
View file

@ -26,6 +26,7 @@ use Symfony\Component\Security\Core\Exception\AccessDeniedException;
/** /**
* @group slow * @group slow
* @group DB
*/ */
abstract class AbstractAdminControllerTest extends WebTestCase abstract class AbstractAdminControllerTest extends WebTestCase
{ {

1
tests/Controller/AdminPages/AttachmentTypeControllerTest.php
View file

@ -25,6 +25,7 @@ use App\Entity\Attachments\AttachmentType;
/** /**
* @group slow * @group slow
* @group DB
*/ */
class AttachmentTypeControllerTest extends AbstractAdminControllerTest class AttachmentTypeControllerTest extends AbstractAdminControllerTest
{ {

1
tests/Controller/AdminPages/CategoryControllerTest.php
View file

@ -25,6 +25,7 @@ use App\Entity\Parts\Category;
/** /**
* @group slow * @group slow
* @group DB
*/ */
class CategoryControllerTest extends AbstractAdminControllerTest class CategoryControllerTest extends AbstractAdminControllerTest
{ {

1
tests/Controller/AdminPages/DeviceControllerTest.php
View file

@ -25,6 +25,7 @@ use App\Entity\Devices\Device;
/** /**
* @group slow * @group slow
* @group DB
*/ */
class DeviceControllerTest extends AbstractAdminControllerTest class DeviceControllerTest extends AbstractAdminControllerTest
{ {

1
tests/Controller/AdminPages/FootprintControllerTest.php
View file

@ -25,6 +25,7 @@ use App\Entity\Parts\Footprint;
/** /**
* @group slow * @group slow
* @group DB
*/ */
class FootprintControllerTest extends AbstractAdminControllerTest class FootprintControllerTest extends AbstractAdminControllerTest
{ {

1
tests/Controller/AdminPages/ManufacturerControllerTest.php
View file

@ -25,6 +25,7 @@ use App\Entity\Parts\Manufacturer;
/** /**
* @group slow * @group slow
* @group DB
*/ */
class ManufacturerControllerTest extends AbstractAdminControllerTest class ManufacturerControllerTest extends AbstractAdminControllerTest
{ {

1
tests/Controller/AdminPages/MeasurementUnitControllerTest.php
View file

@ -25,6 +25,7 @@ use App\Entity\Parts\MeasurementUnit;
/** /**
* @group slow * @group slow
* @group DB
*/ */
class MeasurementUnitControllerTest extends AbstractAdminControllerTest class MeasurementUnitControllerTest extends AbstractAdminControllerTest
{ {

1
tests/Controller/AdminPages/StorelocationControllerTest.php
View file

@ -25,6 +25,7 @@ use App\Entity\Parts\Storelocation;
/** /**
* @group slow * @group slow
* @group DB
*/ */
class StorelocationControllerTest extends AbstractAdminControllerTest class StorelocationControllerTest extends AbstractAdminControllerTest
{ {

1
tests/Controller/AdminPages/SupplierControllerTest.php
View file

@ -25,6 +25,7 @@ use App\Entity\Parts\Supplier;
/** /**
* @group slow * @group slow
* @group DB
*/ */
class SupplierControllerTest extends AbstractAdminControllerTest class SupplierControllerTest extends AbstractAdminControllerTest
{ {

1
tests/Controller/RedirectControllerTest.php
View file

@ -27,6 +27,7 @@ use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
/** /**
* @group slow * @group slow
* @group DB
*/ */
class RedirectControllerTest extends WebTestCase class RedirectControllerTest extends WebTestCase
{ {

85
tests/Entity/UserSystem/UserTest.php
View file

@ -21,6 +21,7 @@
namespace App\Tests\Entity\UserSystem; namespace App\Tests\Entity\UserSystem;
use App\Entity\UserSystem\U2FKey;
use App\Entity\UserSystem\User; use App\Entity\UserSystem\User;
use PHPUnit\Framework\TestCase; use PHPUnit\Framework\TestCase;
@ -36,4 +37,88 @@ class UserTest extends TestCase
$this->assertEquals('John Doe', $user->getFullName(false)); $this->assertEquals('John Doe', $user->getFullName(false));
$this->assertEquals('John Doe (username)', $user->getFullName(true)); $this->assertEquals('John Doe (username)', $user->getFullName(true));
} }
public function googleAuthenticatorEnabledDataProvider() : array
{
return [
[null, false],
['', false],
['SSSk38498', true]
];
}
/**
* @dataProvider googleAuthenticatorEnabledDataProvider
*/
public function testIsGoogleAuthenticatorEnabled(?string $secret, bool $expected)
{
$user = new User();
$user->setGoogleAuthenticatorSecret($secret);
$this->assertSame($expected ,$user->isGoogleAuthenticatorEnabled());
}
public function testSetBackupCodes()
{
$user = new User();
$codes = ["test", "invalid", "test"];
$user->setBackupCodes($codes);
// Backup Codes generation date must be changed!
$this->assertEquals(new \DateTime(), $user->getBackupCodesGenerationDate(), '', 0.1);
$this->assertEquals($codes, $user->getBackupCodes());
//Test what happens if we delete the backup keys
$user->setBackupCodes([]);
$this->assertEmpty($user->getBackupCodes());
$this->assertNull($user->getBackupCodesGenerationDate());
}
public function testIsBackupCode()
{
$user = new User();
$codes = ['aaaa', 'bbbb', 'cccc', 'dddd'];
$user->setBackupCodes($codes);
$this->assertTrue($user->isBackupCode('aaaa'));
$this->assertTrue($user->isBackupCode('cccc'));
$this->assertFalse($user->isBackupCode(''));
$this->assertFalse($user->isBackupCode('zzzz'));
}
public function testInvalidateBackupCode()
{
$user = new User();
$codes = ['aaaa', 'bbbb', 'cccc', 'dddd'];
$user->setBackupCodes($codes);
//Ensure the code is valid
$this->assertTrue($user->isBackupCode('aaaa'));
$this->assertTrue($user->isBackupCode('bbbb'));
//Invalidate code, afterwards the code has to be invalid!
$user->invalidateBackupCode('bbbb');
$this->assertFalse($user->isBackupCode('bbbb'));
$this->assertTrue($user->isBackupCode('aaaa'));
//No exception must happen, when we try to invalidate an not existing backup key!
$user->invalidateBackupCode('zzzz');
}
public function testInvalidateTrustedDeviceTokens()
{
$user = new User();
$old_value = $user->getTrustedTokenVersion();
//To invalidate the token, the new value must be bigger than the old value
$user->invalidateTrustedDeviceTokens();
$this->assertGreaterThan($old_value, $user->getTrustedTokenVersion());
}
public function testIsU2fEnabled()
{
$user = new User();
$user->addU2FKey(new U2FKey());
$this->assertTrue($user->isU2FAuthEnabled());
$user->getU2FKeys()->clear();
$this->assertFalse($user->isU2FAuthEnabled());
}
} }

3
tests/Services/EntityImporterTest.php
View file

@ -28,6 +28,9 @@ use App\Services\ElementTypeNameGenerator;
use App\Services\EntityImporter; use App\Services\EntityImporter;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase; use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
/**
* @group DB
*/
class EntityImporterTest extends WebTestCase class EntityImporterTest extends WebTestCase
{ {
/** /**

56
tests/Services/TFA/BackupCodeGeneratorTest.php Normal file
View file

@ -0,0 +1,56 @@
<?php
namespace App\Tests\Services\TFA;
use App\Services\TFA\BackupCodeGenerator;
use PHPUnit\Framework\TestCase;
class BackupCodeGeneratorTest extends TestCase
{
/**
* Test if an exception is thrown if you are using a too high code length
*/
public function testLengthUpperLimit()
{
$this->expectException(\RuntimeException::class);
new BackupCodeGenerator(33, 10);
}
/**
* Test if an exception is thrown if you are using a too high code length
*/
public function testLengthLowerLimit()
{
$this->expectException(\RuntimeException::class);
new BackupCodeGenerator(4, 10);
}
public function codeLengthDataProvider()
{
return [[6], [8], [10], [16]];
}
/**
* @dataProvider codeLengthDataProvider
*/
public function testGenerateSingleCode(int $code_length)
{
$generator = new BackupCodeGenerator($code_length, 10);
$this->assertRegExp("/^([a-f0-9]){{$code_length}}\$/", $generator->generateSingleCode());
}
public function codeCountDataProvider()
{
return [[2], [8], [10]];
}
/**
* @dataProvider codeCountDataProvider
*/
public function testGenerateCodeSet(int $code_count)
{
$generator = new BackupCodeGenerator(8, $code_count);
$this->assertCount($code_count, $generator->generateCodeSet());
}
}