- Update SchebTwoFactorBundle to version 3
- Enable Google 2fa on the bundle
- Disallow ability to use both email and google as 2fa
- Update Ocramius Proxy Manager to handle typed function & attributes (from PHP 7)
- use `$this->addFlash` shortcut instead of `$this->get('session')->getFlashBag()->add`
- update admin to be able to create/reset the 2fa
When a user login using the form we know log an error level information with information about the user:
- username used
- IP
- User agent
For example:
> Authentication failure for user "eza", from IP "127.0.0.1", with UA: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36".
It’ll allows server admin using fail2ban to configure it to block these people if they generate too much failure authentication.
When resetting the password, the overriden template we used wasn’t well spelled.
And since we are using a locked version of FOSUser (on a custom commit), the translation of `resetting.check_email` is wrong in any language but english.
We are injecting CraueConfig service when we only need to retrieve one or two values from it.
Instead I discovered we can directly inject a value from a service in the service definition!
When a user register, the template displayed saying it should now check its email was misspelled.
Resulting in displaying the default one (with margin issue).
Using a listener, user config is now created when a user:
- is created from the command line
- register (with or without email confirmation)
- is created from the config panel
Instead of queing real Entry to process, we queue all the item to import from Pocket in a raw format.
Then, the worker retrieve that information, find / create the entry and save it.
