- Update SchebTwoFactorBundle to version 3
- Enable Google 2fa on the bundle
- Disallow ability to use both email and google as 2fa
- Update Ocramius Proxy Manager to handle typed function & attributes (from PHP 7)
- use `$this->addFlash` shortcut instead of `$this->get('session')->getFlashBag()->add`
- update admin to be able to create/reset the 2fa
Thanks to the BC compatibility, almost nothing have to be changed.
All changes are related to new bundle version of:
- SensioFrameworkExtraBundle
- DoctrineFixturesBundle
There were this error in the console:
> The association Wallabag\CoreBundle\Entity\SiteCredential#user refers to the inverse side field Wallabag\UserBundle\Entity\User#site_credentials which does not exist.
When a user login using the form we know log an error level information with information about the user:
- username used
- IP
- User agent
For example:
> Authentication failure for user "eza", from IP "127.0.0.1", with UA: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36".
It’ll allows server admin using fail2ban to configure it to block these people if they generate too much failure authentication.
While creating a new user using the API, we also create a new client for the current user.
So the app which just create the user can use its newly created client to configure the app.
That new client is only return after creating the user.
When calling the endpoint /api/user to get user information, the new client information won’t be return.
The only ugly things is how we handle error by generating the view and then parse the content to retrieve all errors…
Fix exposition fields in User entity
