README

为管理员启用双因素认证

1. 安装和配置 scheb/2fa-bundle

composer ruquire scheb/2fa-bundle scheb/2fa-totp scheb/2fa-qr-code

config/packages/scheb_2fa.yaml

scheb_two_factor:
    totp:
        enabled: true
        server_name: draw.example.com
        issuer: Draw
        template: '@DrawUser/security/2fa_login.html.twig'
    security_tokens:
        - Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken
        - Symfony\Component\Security\Guard\Token\PostAuthenticationGuardToken

config/routes/scheb_2fa.yaml

admin_2fa_login:
    path: /admin/2fa
    defaults:
        _controller: "scheb_two_factor.form_controller::form"

admin_2fa_login_check:
    path: /admin/2fa_check

1. 根据防火墙启用双因素认证并配置 2fa 路由的 access_control：config/packages/security.yaml

security:
    firewalls:
        admin:
            two_factor:
                provider: app_user_provider_email # If you have more than one user provider
                auth_form_path: admin_2fa_login
                check_path: admin_2fa_login_check

      access_control:
        - { path: ^/admin/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS }
        - { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }

1. 实现 Draw\Bundle\UserBundle\Security\TwoFactorAuthenticationUserInterface 并使用 \Draw\Bundle\UserBundle\Entity\TwoFactorAuthenticationUserTrait 对用户实体进行数据库迁移。
2. 在 DrawUserBundle 中启用双因素认证。

draw_user:
    sonata:
        enabled: true
        user_admin_code: App\Sonata\Admin\UserAdmin
        2fa:
            enabled: true
            field_positions:
                2fa_enabled:
                    #Those are the default
                    list: '_action' #Before the _action list. Dynamically set to _actions for sonata 4.x
                    form: true #at the end of the form

启用双因素认证后，将提供两个操作：2fa-enable 和 2fa-disable。通过 TwoFactorAuthenticationExtension::getAccessMapping 配置访问权限。您可以通过重写 UserAdmin 类的 getAccess 方法来覆盖此设置。