oss/wallabag
oss/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-09-15 18:57:05 +00:00
Code Wiki Activity

Add a two-step setup of OTP

Browse source 
Before this change, 2FA with OTP was enabled before the user was able to
submit a code to validate the setup. Thus, this could lead to a
situation where the user is locked out of her account if there was an
issue setting up her application.

Now we rely on a new boolean property that is set to true only after the
user submits a valid code during the setup phase.

Fixes #4867

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
This commit is contained in:
Kevin Decherf 2025-04-13 16:12:13 +02:00
parent 3f6c01103d
commit 5f0cb45b2d
3 changed files with 49 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

32
migrations/Version20250413133131.php Normal file
View file

@ -0,0 +1,32 @@
<?php
declare(strict_types=1);
namespace Application\Migrations;
use Doctrine\DBAL\Schema\Schema;
use Wallabag\Doctrine\WallabagMigration;
/**
* Add boolean for two-step setup for google authenticator
*/
final class Version20250413133131 extends WallabagMigration
{
public function up(Schema $schema): void
{
$userTable = $schema->getTable($this->getTable('user'));
$this->skipIf($userTable->hasColumn('googleauthenticator'), 'It seems that you already played this migration.');
$userTable->addColumn('googleauthenticator', 'boolean', [
'default' => false,
'notnull' => false,
]);
}
public function down(Schema $schema): void
{
$userTable = $schema->getTable($this->getTable('user'));
$userTable->dropColumn('googleauthenticator');
}
}

6
src/Controller/ConfigController.php
View file

@ -312,7 +312,8 @@ class ConfigController extends AbstractController
$user = $this->getUser(); $user = $this->getUser();
$user->setGoogleAuthenticatorSecret(''); $user->setGoogleAuthenticatorSecret(null);
$user->setGoogleAuthenticator(false);
$user->setBackupCodes(null); $user->setBackupCodes(null);
$this->userManager->updateUser($user); $this->userManager->updateUser($user);
@ -408,6 +409,9 @@ class ConfigController extends AbstractController
'notice', 'notice',
'flashes.config.notice.otp_enabled' 'flashes.config.notice.otp_enabled'
); );
$user->setGoogleAuthenticator(true);
$this->userManager->updateUser($user);
$this->entityManager->flush();
return $this->redirect($this->generateUrl('config') . '#set3'); return $this->redirect($this->generateUrl('config') . '#set3');
} }

13
src/Entity/User.php
View file

@ -147,6 +147,9 @@ class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorI
#[ORM\Column(name: 'googleAuthenticatorSecret', type: 'string', nullable: true)] #[ORM\Column(name: 'googleAuthenticatorSecret', type: 'string', nullable: true)]
private $googleAuthenticatorSecret; private $googleAuthenticatorSecret;
#[ORM\Column(name: 'googleAuthenticator', type: 'boolean')]
private $googleAuthenticator;
/** /**
* @var array * @var array
*/ */
@ -264,6 +267,14 @@ class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorI
$this->emailTwoFactor = $emailTwoFactor; $this->emailTwoFactor = $emailTwoFactor;
} }
/**
* @param bool $googleAuthenticator
*/
public function setGoogleAuthenticator(bool $googleAuthenticator): void
{
$this->googleAuthenticator = $googleAuthenticator;
}
/** /**
* Used in the user config form to be "like" the email option. * Used in the user config form to be "like" the email option.
*/ */
@ -294,7 +305,7 @@ class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorI
public function isGoogleAuthenticatorEnabled(): bool public function isGoogleAuthenticatorEnabled(): bool
{ {
return $this->googleAuthenticatorSecret ? true : false; return $this->googleAuthenticator;
} }
public function getGoogleAuthenticatorUsername(): string public function getGoogleAuthenticatorUsername(): string