wallabag/wallabag
1
0
Fork 1
mirror of https://github.com/wallabag/wallabag.git synced 2026-02-28 17:57:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixup! Add a two-step setup of OTP

Browse Source 
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
This commit is contained in:
Kevin Decherf
2025-07-20 19:03:54 +02:00
parent 462f71c515
commit cd8cd39773
2 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Entity/User.php
View File

@ -147,7 +147,9 @@ class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorI
#[ORM\Column(name: 'googleAuthenticatorSecret', type: 'string', nullable: true)]
private $googleAuthenticatorSecret;
#[ORM\Column(name: 'google_authenticator', type: 'boolean')]
// default value is explicitly set to false here to ensure that Doctrine
// does not complain about schema mapping mismatch
#[ORM\Column(name: 'google_authenticator', type: 'boolean', options: ['default' => false])]
private $googleAuthenticator = false;
/**

11
tests/Controller/ConfigControllerTest.php
View File

@ -1253,6 +1253,13 @@ class ConfigControllerTest extends WallabagTestCase
$secret = $crawler->filter('div#config_otp_app_secret pre code')->innerText();
$this->assertSame('DUMMYSECRET', $secret);
$em = $this->getEntityManager();
$user = $em
->getRepository(User::class)
->findOneByUsername('admin');
// At this phase, the user should not have 2FA enabled
$this->assertFalse($user->isGoogleTwoFactor());
// First test: send invalid OTP code
$form = $crawler->filter('form[name=config_otp_app_check]')->form();
$data = [
@ -1286,6 +1293,7 @@ class ConfigControllerTest extends WallabagTestCase
// Restore user
$user->setGoogleAuthenticatorSecret(null);
$user->setGoogleAuthenticator(false);
$user->setBackupCodes([]);
$em->persist($user);
$em->flush();
@ -1302,6 +1310,7 @@ class ConfigControllerTest extends WallabagTestCase
->findOneByUsername('admin');
$user->setGoogleAuthenticatorSecret('Google2FA');
$user->setGoogleAuthenticator(true);
$em->persist($user);
$em->flush();
@ -1314,7 +1323,6 @@ class ConfigControllerTest extends WallabagTestCase
$this->assertStringContainsString('flashes.config.notice.otp_disabled', $client->getContainer()->get(SessionInterface::class)->getFlashBag()->get('notice')[0]);
// restore user
$em = $this->getEntityManager();
$user = $em
->getRepository(User::class)
@ -1322,6 +1330,7 @@ class ConfigControllerTest extends WallabagTestCase
$this->assertEmpty($user->getGoogleAuthenticatorSecret());
$this->assertEmpty($user->getBackupCodes());
$this->assertFalse($user->isGoogleTwoFactor());
}
public function testExportTaggingRule()