Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for JSON needed for the 2fa_login endpoint #48

Closed
jsawicki-internetcompany opened this issue Jan 20, 2021 · 5 comments
Closed

Support for JSON needed for the 2fa_login endpoint #48

jsawicki-internetcompany opened this issue Jan 20, 2021 · 5 comments
Labels
Enhancement

Comments

@jsawicki-internetcompany
Copy link
Contributor

I'm using scheb/2fa in a Restful API; POST payloads are in json format in my API. Unfortunately, scheb/2fa does not support a JSON formatted payload in the 2fa_login endpoint.

I was looking at the source code and noticed that Scheb\TwoFactorBundle\Security\Http\Authenticator\TwoFactorAuthenticator has a method authenticate() that is initializing the object TwoFactorCodeCredentials. The TwoFactorCodeCredentials accepts a string code in the constructor. Currently, this string code is fetched with the help of TwoFactorFirewallConfig, to be precise method getAuthCodeFromRequest().

The method getAuthCodeFromRequest(Request $request) lives in class Scheb\TwoFactorBundle\Security\TwoFactor\TwoFactorFirewallConfig. In the definition of this method I can see that it uses arameterBagUtils::getRequestParameterValue($request, $this->getAuthCodeParameterName()) ?? ''.

The ParameterBagUtils lives in namespace Scheb\TwoFactorBundle\Security\Http.
In the ParameterBagUtils class I can see the method getRequestParameterValue.

The getRequestParameterValue method is not flexible enough to support for a json formatted Request payload
The improvement here would be to add support for json formatted Request payload; if my idea would be honored then I believe that scheb/2fa would be more restful.
@scheb
Copy link
Owner

scheb commented Jan 20, 2021

I see that's definitely a limitation. Interesting that you're the first one bringing that up, you're definitely not the first one using the bundle in a (JSON) API.

I believe it can be solved relatively easily, by providing a config option to configure JSON request format and changing a few things in the code. I'll probably go with something like this:

# config/packages/security.yaml
security:
    firewalls:
        your_firewall_name:
            # ...
            two_factor:
                request_format: json  # This to switch to a JSON payload

@jsawicki-internetcompany
Copy link
Contributor Author

Defining the format in the configuration file would be okay.
May I take the liberty to suggest the name for this configuration option? I think that payload_format would be a nice self-explaining configuration option name. However, it may be even better to support json without the need to set the configuration option. But I guess setting the format in the configuration file is good enough.

@scheb
Copy link
Owner

scheb commented Jan 21, 2021

However, it may be even better to support json without the need to set the configuration option. But I guess setting the format in the configuration file is good enough.

True, it should actually be possible to determine the payload format and switch to JSON. I have to try that out :)

@scheb
Copy link
Owner

scheb commented Jan 23, 2021

v5.4.0 relased, which supports JSON payloads.

Info: https://github.com/scheb/2fa/blob/5.x/doc/api.md#json-data

@scheb scheb closed this as completed Jan 23, 2021
@jsawicki-internetcompany
Copy link
Contributor Author

jsawicki-internetcompany commented Jan 29, 2021
edited
Loading

I executed composer update scheb/2fa and composer brought scheb/2fa to v5.4.2.
My check_path endpoint now works with these payload formats: application/json and application/x-www-form-urlencoded without changing anything in configuration files.

Thank you for the trouble.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@scheb @jsawicki-internetcompany