Enable OTP 2FA

- Update SchebTwoFactorBundle to version 3 - Enable Google 2fa on the bundle - Disallow ability to use both email and google as 2fa - Update Ocramius Proxy Manager to handle typed function & attributes (from PHP 7) - use `$this->addFlash` shortcut instead of `$this->get('session')->getFlashBag()->add` - update admin to be able to create/reset the 2fa
2018-12-02 12:43:05 +01:00
parent acd4412080
commit a6b242a1fd
36 changed files with 554 additions and 178 deletions
--- a/tests/Wallabag/CoreBundle/Command/ShowUserCommandTest.php
+++ b/tests/Wallabag/CoreBundle/Command/ShowUserCommandTest.php
@ -59,7 +59,8 @@ class ShowUserCommandTest extends WallabagCoreTestCase
        $this->assertContains('Username: admin', $tester->getDisplay());
        $this->assertContains('Email: bigboss@wallabag.org', $tester->getDisplay());
        $this->assertContains('Display name: Big boss', $tester->getDisplay());
-        $this->assertContains('2FA activated: no', $tester->getDisplay());
+        $this->assertContains('2FA (email) activated', $tester->getDisplay());
+        $this->assertContains('2FA (OTP) activated', $tester->getDisplay());
    }

    public function testShowUser()
--- a/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php
+++ b/tests/Wallabag/CoreBundle/Controller/ConfigControllerTest.php
@ -297,6 +297,119 @@ class ConfigControllerTest extends WallabagCoreTestCase
        $this->assertContains('flashes.config.notice.user_updated', $alert[0]);
    }

+    public function testUserEnable2faEmail()
+    {
+        $this->logInAs('admin');
+        $client = $this->getClient();
+
+        $crawler = $client->request('GET', '/config');
+
+        $this->assertSame(200, $client->getResponse()->getStatusCode());
+
+        $form = $crawler->filter('button[id=update_user_save]')->form();
+
+        $data = [
+            'update_user[emailTwoFactor]' => '1',
+        ];
+
+        $client->submit($form, $data);
+
+        $this->assertSame(302, $client->getResponse()->getStatusCode());
+
+        $crawler = $client->followRedirect();
+
+        $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text']));
+        $this->assertContains('flashes.config.notice.user_updated', $alert[0]);
+
+        // restore user
+        $em = $this->getEntityManager();
+        $user = $em
+            ->getRepository('WallabagUserBundle:User')
+            ->findOneByUsername('admin');
+
+        $this->assertTrue($user->isEmailTwoFactor());
+
+        $user->setEmailTwoFactor(false);
+        $em->persist($user);
+        $em->flush();
+    }
+
+    public function testUserEnable2faGoogle()
+    {
+        $this->logInAs('admin');
+        $client = $this->getClient();
+
+        $crawler = $client->request('GET', '/config');
+
+        $this->assertSame(200, $client->getResponse()->getStatusCode());
+
+        $form = $crawler->filter('button[id=update_user_save]')->form();
+
+        $data = [
+            'update_user[googleTwoFactor]' => '1',
+        ];
+
+        $client->submit($form, $data);
+
+        $this->assertSame(302, $client->getResponse()->getStatusCode());
+
+        $crawler = $client->followRedirect();
+
+        $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text']));
+        $this->assertContains('flashes.config.notice.user_updated', $alert[0]);
+
+        // restore user
+        $em = $this->getEntityManager();
+        $user = $em
+            ->getRepository('WallabagUserBundle:User')
+            ->findOneByUsername('admin');
+
+        $this->assertTrue($user->isGoogleAuthenticatorEnabled());
+
+        $user->setGoogleAuthenticatorSecret(null);
+        $em->persist($user);
+        $em->flush();
+    }
+
+    public function testUserEnable2faBoth()
+    {
+        $this->logInAs('admin');
+        $client = $this->getClient();
+
+        $crawler = $client->request('GET', '/config');
+
+        $this->assertSame(200, $client->getResponse()->getStatusCode());
+
+        $form = $crawler->filter('button[id=update_user_save]')->form();
+
+        $data = [
+            'update_user[googleTwoFactor]' => '1',
+            'update_user[emailTwoFactor]' => '1',
+        ];
+
+        $client->submit($form, $data);
+
+        $this->assertSame(302, $client->getResponse()->getStatusCode());
+
+        $crawler = $client->followRedirect();
+
+        $this->assertGreaterThan(1, $alert = $crawler->filter('body')->extract(['_text']));
+        $this->assertContains('flashes.config.notice.user_updated', $alert[0]);
+
+        // restore user
+        $em = $this->getEntityManager();
+        $user = $em
+            ->getRepository('WallabagUserBundle:User')
+            ->findOneByUsername('admin');
+
+        $this->assertTrue($user->isGoogleAuthenticatorEnabled());
+        $this->assertFalse($user->isEmailTwoFactor());
+
+        $user->setGoogleAuthenticatorSecret(null);
+        $em->persist($user);
+        $em->flush();
+    }
+
    public function testRssUpdateResetToken()
    {
        $this->logInAs('admin');
--- a/tests/Wallabag/CoreBundle/Controller/SecurityControllerTest.php
+++ b/tests/Wallabag/CoreBundle/Controller/SecurityControllerTest.php
@ -26,7 +26,7 @@ class SecurityControllerTest extends WallabagCoreTestCase
        $this->assertContains('config.form_rss.description', $crawler->filter('body')->extract(['_text'])[0]);
    }

-    public function testLoginWith2Factor()
+    public function testLoginWith2FactorEmail()
    {
        $client = $this->getClient();

@ -42,7 +42,7 @@ class SecurityControllerTest extends WallabagCoreTestCase
        $user = $em
            ->getRepository('WallabagUserBundle:User')
            ->findOneByUsername('admin');
-        $user->setTwoFactorAuthentication(true);
+        $user->setEmailTwoFactor(true);
        $em->persist($user);
        $em->flush();

@ -54,12 +54,12 @@ class SecurityControllerTest extends WallabagCoreTestCase
        $user = $em
            ->getRepository('WallabagUserBundle:User')
            ->findOneByUsername('admin');
-        $user->setTwoFactorAuthentication(false);
+        $user->setEmailTwoFactor(false);
        $em->persist($user);
        $em->flush();
    }

-    public function testTrustedComputer()
+    public function testLoginWith2FactorGoogle()
    {
        $client = $this->getClient();

@ -69,15 +69,27 @@ class SecurityControllerTest extends WallabagCoreTestCase
            return;
        }

+        $client->followRedirects();
+
        $em = $client->getContainer()->get('doctrine.orm.entity_manager');
        $user = $em
            ->getRepository('WallabagUserBundle:User')
            ->findOneByUsername('admin');
+        $user->setGoogleAuthenticatorSecret('26LDIHYGHNELOQEM');
+        $em->persist($user);
+        $em->flush();

-        $date = new \DateTime();
-        $user->addTrustedComputer('ABCDEF', $date->add(new \DateInterval('P1M')));
-        $this->assertTrue($user->isTrustedComputer('ABCDEF'));
-        $this->assertFalse($user->isTrustedComputer('FEDCBA'));
+        $this->logInAsUsingHttp('admin');
+        $crawler = $client->request('GET', '/config');
+        $this->assertContains('scheb_two_factor.trusted', $crawler->filter('body')->extract(['_text'])[0]);
+
+        // restore user
+        $user = $em
+            ->getRepository('WallabagUserBundle:User')
+            ->findOneByUsername('admin');
+        $user->setGoogleAuthenticatorSecret(null);
+        $em->persist($user);
+        $em->flush();
    }

    public function testEnabledRegistration()