-
-
Notifications
You must be signed in to change notification settings - Fork 158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add backup code functionality for 2FA #719
Changes from all commits
e4beea1
cd2553c
fb984d3
7ecb430
09dafbf
59e38fd
5b0cac8
8d97d00
1e9c16c
0789d28
52fdc80
87de5c3
8384774
826be5a
33b8a7e
30235e3
674d9f6
4511aba
69fceed
b4ad6ef
e38f8b2
0cc68f5
a22ba09
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -11,6 +11,7 @@ | |
namespace Contao; | ||
|
||
use Contao\CoreBundle\Exception\RedirectResponseException; | ||
use Scheb\TwoFactorBundle\Model\BackupCodeInterface; | ||
use Symfony\Component\HttpFoundation\Request; | ||
use Symfony\Component\Security\Core\Exception\AuthenticationException; | ||
use Symfony\Component\Security\Core\User\EquatableInterface; | ||
|
@@ -95,10 +96,11 @@ | |
* @property object $objLogout | ||
* @property string $useTwoFactor | ||
* @property string|null $secret | ||
* @property string|null $backupCodes | ||
* | ||
* @author Leo Feyer <https://github.com/leofeyer> | ||
*/ | ||
abstract class User extends System implements UserInterface, EquatableInterface, \Serializable | ||
abstract class User extends System implements UserInterface, EquatableInterface, BackupCodeInterface, \Serializable | ||
{ | ||
/** | ||
* Object instance (Singleton) | ||
|
@@ -630,6 +632,29 @@ public function isEqualTo(UserInterface $user) | |
return true; | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function isBackupCode(string $code): bool | ||
{ | ||
return \in_array($code, json_decode($this->backupCodes, true)); | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function invalidateBackupCode(string $code): void | ||
{ | ||
$backupCodes = json_decode($this->backupCodes, true); | ||
$key = array_search($code, $backupCodes); | ||
|
||
if ($key !== false) | ||
{ | ||
unset($backupCodes[$key]); | ||
$this->backupCodes = json_encode($backupCodes); | ||
} | ||
} | ||
Comment on lines
+638
to
+656
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't really like extending that functionality in the user class. Can't the logic be in the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. In fact that we use our own backup code manager, it's probably possible to use empty method stubs on the user class instead... |
||
|
||
/** | ||
* Trigger the importUser hook | ||
* | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wouldn't this mean the module generates an exception if you open the page with a REMEMBERME cookie?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unfortunately yes. And since we have no "re-enter your password" screen yet, the user will be redirected to the login module, which will happily tell them that they are already logged in. 😢