-
Notifications
You must be signed in to change notification settings - Fork 73
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for JSON needed for the 2fa_login endpoint #48
Comments
I see that's definitely a limitation. Interesting that you're the first one bringing that up, you're definitely not the first one using the bundle in a (JSON) API. I believe it can be solved relatively easily, by providing a config option to configure JSON request format and changing a few things in the code. I'll probably go with something like this: # config/packages/security.yaml
security:
firewalls:
your_firewall_name:
# ...
two_factor:
request_format: json # This to switch to a JSON payload |
Defining the format in the configuration file would be okay. |
True, it should actually be possible to determine the payload format and switch to JSON. I have to try that out :) |
v5.4.0 relased, which supports JSON payloads. Info: https://github.com/scheb/2fa/blob/5.x/doc/api.md#json-data |
I executed Thank you for the trouble. |
I'm using
scheb/2fa
in a Restful API; POST payloads are in json format in my API. Unfortunately,scheb/2fa
does not support a JSON formatted payload in the2fa_login
endpoint.I was looking at the source code and noticed that
Scheb\TwoFactorBundle\Security\Http\Authenticator\TwoFactorAuthenticator
has a methodauthenticate()
that is initializing the objectTwoFactorCodeCredentials
. TheTwoFactorCodeCredentials
accepts a stringcode
in the constructor. Currently, this stringcode
is fetched with the help ofTwoFactorFirewallConfig
, to be precise methodgetAuthCodeFromRequest()
.The method
getAuthCodeFromRequest(Request $request)
lives in classScheb\TwoFactorBundle\Security\TwoFactor\TwoFactorFirewallConfig
. In the definition of this method I can see that it usesarameterBagUtils::getRequestParameterValue($request, $this->getAuthCodeParameterName()) ?? ''
.The
ParameterBagUtils
lives in namespaceScheb\TwoFactorBundle\Security\Http
.In the
ParameterBagUtils
class I can see the methodgetRequestParameterValue
.The
getRequestParameterValue
method is not flexible enough to support for a json formatted Request payloadThe improvement here would be to add support for json formatted Request payload; if my idea would be honored then I believe that
scheb/2fa
would be more restful.The text was updated successfully, but these errors were encountered: