Add a two-step setup of OTP

Before this change, 2FA with OTP was enabled before the user was able to submit a code to validate the setup. Thus, this could lead to a situation where the user is locked out of her account if there was an issue setting up her application. Now we rely on a new boolean property that is set to true only after the user submits a valid code during the setup phase. Fixes #4867 Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2025-08-21 18:11:10 +00:00 · 2025-04-13 16:12:13 +02:00 · 2025-04-13 16:12:13 +02:00 · b09224cac1
commit b09224cac1
parent 3f6c01103d
6 changed files with 125 additions and 17 deletions
--- a/migrations/Version20250413133131.php
+++ b/migrations/Version20250413133131.php
@ -0,0 +1,47 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Application\Migrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Wallabag\Doctrine\WallabagMigration;
+
+/**
+ * Add boolean for two-step setup for google authenticator.
+ */
+final class Version20250413133131 extends WallabagMigration
+{
+    public function up(Schema $schema): void
+    {
+        $userTable = $schema->getTable($this->getTable('user'));
+
+        $this->skipIf($userTable->hasColumn('google_authenticator'), 'It seems that you already played this migration.');
+
+        $userTable->addColumn('google_authenticator', 'boolean', [
+            'default' => false,
+            'notnull' => true,
+        ]);
+    }
+
+    /**
+     * Query to update data in user table, as it's not possible to perform this in the `up` method.
+     */
+    public function postUp(Schema $schema): void
+    {
+        $this->skipIf(!$schema->getTable($this->getTable('user'))->hasColumn('google_authenticator'), 'Unable to update google_authenticator column');
+        $this->connection->executeQuery(
+            'UPDATE ' . $this->getTable('user') . ' SET google_authenticator = :googleAuthenticator WHERE googleAuthenticatorSecret IS NOT NULL AND googleAuthenticatorSecret <> :emptyString',
+            [
+                'googleAuthenticator' => true,
+                'emptyString' => '',
+            ]
+        );
+    }
+
+    public function down(Schema $schema): void
+    {
+        $userTable = $schema->getTable($this->getTable('user'));
+        $userTable->dropColumn('google_authenticator');
+    }
+}