通过以下方式搜索 
godzillante / u2f-two-factor-bundle
使用 U2F 密钥为 Symfony 提供 2FA,使用 scheb/two-factor-bundle
0.3.0
2016-02-19 22:30 UTC
Requires
- scheb/two-factor-bundle: ^1.4 | ^2.0
- yubico/u2flib-server: ^0.1.0 | ^1.0.0
Conflicts
- darookee/u2f-two-factor-bundle: *
This package is not auto-updated.
Last update: 2024-09-20 18:54:11 UTC
README
此 Symfony2 扩展包使用 scheb/two-factor-bundle 为您的网站提供 u2f 身份验证。
安装
步骤 1: 使用 Composer 下载
php composer.phar require tubssz/u2f-two-factor-bundle
步骤 2: 启用扩展包
将以下内容添加到您的 app/AppKernel.php
<?php // ... public function registerBundles() { $bundles = array( // ... new Scheb\TwoFactorBundle\SchebTwoFactorBundle(), new R\U2FTwoFactorBundle\RU2FTwoFactorBundle(), // ... ); // ... } // ...
步骤 3: 配置
以下选项可用但不是必需的
r_u2f_two_factor: formTemplate: RU2FTwoFActorBundle:Authentication:form.html.twig registerTemplate: RU2FTwoFActorBundle:Registration:register.html.twig authCodeParameter: _auth_code
为了使身份验证工作,您的用户必须实现 R\U2FTwoFactorBundle\Model\U2F\TwoFactorInterface
<?php // ... use R\U2FTwoFactorBundle\Model\U2F\TwoFactorInterface as U2FTwoFactorInterface; // ... class User implements U2FTwoFactorInterface { // ... /** * @ORM\OneToMany(targetEntity="Club\BaseBundle\Entity\U2FKey", mappedBy="user") * @var ArrayCollection **/ protected $u2fKeys; /** * isU2FAuthEnabled * @return boolean **/ public function isU2FAuthEnabled() { // If the User has Keys associated, use U2F // You may use a different logic here return count($this->u2fKeys) > 0; } /** * getU2FKeys * @return ArrayCollection **/ public function getU2FKeys() { return $this->u2fKeys; } /** * addU2FKey * @param U2FKey $key * @return void **/ public function addU2FKey($key) { $this->u2fKeys->add($key); } /** * __construct * @return void **/ public function __construct() { // ... $this->u2fKeys = new ArrayCollection(); // ... } }
为了注册,您还需要一个实现 R\U2FTwoFactorBundle\Model\U2F\TwoFactorKeyInterface 的实体。这里是一个使用 doctrine 的示例。
<?php // ... use R\U2FTwoFactorBundle\Model\U2F\TwoFactorKeyInterface; /** * Class U2FKey * @ORM\Entity * @ORM\Table(name="u2f_keys", * uniqueConstraints={@ORM\UniqueConstraint(name="user_unique",columns={"user_id", * "key_handle"})}) */ class U2FKey implements TwoFactorKeyInterface { /** * @ORM\Id * @ORM\Column(type="integer") * @ORM\GeneratedValue(strategy="AUTO") */ protected $id; /** * @ORM\Column(type="string") * @var string **/ public $keyHandle; /** * @ORM\Column(type="string") * @var string **/ public $publicKey; /** * @ORM\Column(type="string") * @var string **/ public $certificate; /** * @ORM\Column(type="string") * @var int **/ public $counter; /** * @ORM\ManyToOne(targetEntity="AcmeBundle\Entity\User", inversedBy="u2fKeys") * @var User **/ protected $user; /** * @ORM\Column(type="string") * @var string **/ protected $name; // ... }
然后您需要创建一个事件监听器来获取和存储已注册密钥的数据。
<?php use AcmeBundle\Entity\U2FKey; use R\U2FTwoFactorBundle\Event\RegisterEvent; use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\EventDispatcher\EventSubscriberInterface; class U2FRegistrationListener implements EventSubscriberInterface { // .. /** * getSubscribedEvents * @return array **/ public static function getSubscribedEvents() { return array( 'r_u2f_two_factor.register' => 'onRegister', ); } /** * onRegister * @param RegisterEvent $event * @return void **/ public function onRegister(RegisterEvent $event) { $user = $event->getUser($event); $registrationData = $event->getRegistration(); $newKey = new U2FKey(); $newKey->fromRegistrationData($registrationData); $newKey->setUser($user); $newKey->setName($event->getKeyName()); // persist the new key // generate new response, here we redirect the user to the fos user // profile $response = new RedirectResponse($this->router->generate('fos_user_profile_show')); $event->setResponse($response); } }
将其添加到您的 services.yml
acme.u2f_listener: class: AcmeBundle\EventListener\U2FRegistrationListener tags: - { name: kernel.event_subscriber }
还将路由定义添加到您的 app/config/routing.yml
r_u2f: resource: "@RU2FTwoFactorBundle/Resources/config/routing.yml" prefix: /
可以通过访问 /u2f_register 来注册密钥。它需要以 https 方式提供服务!
许可证
此扩展包可在 MIT 许可证 下获得。