mirror of
https://github.com/wallabag/wallabag.git
synced 2024-11-15 21:41:06 +00:00
Hash backup codes in the database using password_hash
This commit is contained in:
Jeremy Benoist
parent
7485a272ff
commit
4654a83b64
4 changed files with 38 additions and 11 deletions
|
|
@ -197,18 +197,25 @@ class ConfigController extends Controller
|
|||
}
|
||||
|
||||
$user = $this->getUser();
|
||||
$secret = $this->get('scheb_two_factor.security.google_authenticator')->generateSecret();
|
||||
|
||||
if (!$user->isGoogleTwoFactor()) {
|
||||
$secret = $this->get('scheb_two_factor.security.google_authenticator')->generateSecret();
|
||||
$user->setGoogleAuthenticatorSecret($secret);
|
||||
$user->setEmailTwoFactor(false);
|
||||
|
||||
$user->setGoogleAuthenticatorSecret($secret);
|
||||
$user->setEmailTwoFactor(false);
|
||||
$user->setBackupCodes((new BackupCodes())->toArray());
|
||||
$backupCodes = (new BackupCodes())->toArray();
|
||||
$backupCodesHashed = array_map(
|
||||
function ($backupCode) {
|
||||
return password_hash($backupCode, PASSWORD_DEFAULT);
|
||||
},
|
||||
$backupCodes
|
||||
);
|
||||
|
||||
$this->container->get('fos_user.user_manager')->updateUser($user, true);
|
||||
}
|
||||
$user->setBackupCodes($backupCodesHashed);
|
||||
|
||||
$this->container->get('fos_user.user_manager')->updateUser($user, true);
|
||||
|
||||
return $this->render('WallabagCoreBundle:Config:otp_app.html.twig', [
|
||||
'backupCodes' => $backupCodes,
|
||||
'qr_code' => $this->get('scheb_two_factor.security.google_authenticator')->getQRContent($user),
|
||||
]);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@
|
|||
<li>
|
||||
<p>{{ 'config.otp.app.two_factor_code_description_3'|trans }}</p>
|
||||
|
||||
<p><strong>{{ app.user.getBackupCodes|join("\n")|nl2br }}</strong></p>
|
||||
<p><strong>{{ backupCodes|join("\n")|nl2br }}</strong></p>
|
||||
</li>
|
||||
<li>
|
||||
<p>{{ 'config.otp.app.two_factor_code_description_4'|trans }}</p>
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
<li>
|
||||
<p>{{ 'config.otp.app.two_factor_code_description_3'|trans }}</p>
|
||||
|
||||
<p><strong>{{ app.user.getBackupCodes|join("\n")|nl2br }}</strong></p>
|
||||
<p><strong>{{ backupCodes|join("\n")|nl2br }}</strong></p>
|
||||
</li>
|
||||
<li>
|
||||
<p>{{ 'config.otp.app.two_factor_code_description_4'|trans }}</p>
|
||||
|
|
|
|||
|
|
@ -339,7 +339,7 @@ class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorI
|
|||
*/
|
||||
public function isBackupCode(string $code): bool
|
||||
{
|
||||
return \in_array($code, $this->backupCodes, true);
|
||||
return false === $this->findBackupCode($code) ? false : true;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -347,7 +347,7 @@ class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorI
|
|||
*/
|
||||
public function invalidateBackupCode(string $code): void
|
||||
{
|
||||
$key = array_search($code, $this->backupCodes, true);
|
||||
$key = $this->findBackupCode($code);
|
||||
|
||||
if (false !== $key) {
|
||||
unset($this->backupCodes[$key]);
|
||||
|
|
@ -385,4 +385,24 @@ class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorI
|
|||
return $this->clients->first();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Try to find a backup code from the list of backup codes of the current user.
|
||||
*
|
||||
* @param string $code Given code from the user
|
||||
*
|
||||
* @return string|false
|
||||
*/
|
||||
private function findBackupCode(string $code)
|
||||
{
|
||||
foreach ($this->backupCodes as $key => $backupCode) {
|
||||
// backup code are hashed using `password_hash`
|
||||
// see ConfigController->otpAppAction
|
||||
if (password_verify($code, $backupCode)) {
|
||||
return $key;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue