philetaylor/u2f-two-factor-bundle

使用U2F密钥作为Symfony2的2FA,使用scheb/two-factor-bundle

此软件包的规范存储库似乎已消失,因此该软件包已被冻结。

维护者

详情

github.com/PhilETaylor/u2f-two-factor-bundle

主页

源代码

安装: 207

依赖者: 0

建议者: 0

安全: 0

星级: 1

关注者: 2

分支: 10

语言:JavaScript

类型:symfony-bundle

0.6.2 2018-07-23 08:17 UTC

Requires

Conflicts

MIT 4a7e4d65078b608dce6c43f4378eae3de4c3f3b7

  • Nils Uliczka <nils.uliczka.woop@darookee.net>
  • Francesco De Francesco <francesco.defrancesco.woop@gmail.com>

Symfony2Authenticationtwo-factoryubikeytwo-stepfido

This package is auto-updated.

Last update: 2023-04-07 20:18:11 UTC

README

此Symfony2扩展包使用scheb/two-factor-bundle为您的网站提供u2f身份验证。

安装

步骤1:使用Composer下载

php composer.phar require r/u2f-two-factor-bundle

步骤2:启用扩展包

将以下内容添加到您的 app/AppKernel.php

<?php

// ...
public function registerBundles()
{
    $bundles = array(
        // ...
        new Scheb\TwoFactorBundle\SchebTwoFactorBundle(),
        new R\U2FTwoFactorBundle\RU2FTwoFactorBundle(),
        // ...
    );
    // ...
}
// ...

步骤3:配置

以下选项可用,但不是必需的

ru2_f_two_factor:
    formTemplate: RU2FTwoFactorBundle:Authentication:form.html.twig
    registerTemplate: RU2FTwoFactorBundle:Registration:register.html.twig
    authCodeParameter: _auth_code

为了使身份验证工作,您必须实现 R\U2FTwoFactorBundle\Model\U2F\TwoFactorInterface

<?php

// ...
use R\U2FTwoFactorBundle\Model\U2F\TwoFactorInterface as U2FTwoFactorInterface;
// ...
class User implements U2FTwoFactorInterface
{
// ...
    /**
     * @ORM\OneToMany(targetEntity="Club\BaseBundle\Entity\U2FKey", mappedBy="user")
     * @var ArrayCollection
     **/
    protected $u2fKeys;

    /**
     * isU2FAuthEnabled
     * @return boolean
     **/
    public function isU2FAuthEnabled()
    {
        // If the User has Keys associated, use U2F
        // You may use a different logic here
        return count($this->u2fKeys) > 0;
    }

    /**
     * getU2FKeys
     * @return ArrayCollection
     **/
    public function getU2FKeys()
    {
        return $this->u2fKeys;
    }

    /**
     * addU2FKey
     * @param U2FKey $key
     * @return void
     **/
    public function addU2FKey($key)
    {
        $this->u2fKeys->add($key);
    }
    
    /**
     * removeU2FKey
     * @param U2FKey $key
     * @return void
     **/
    public function removeU2FKey($key)
    {
        $this->u2fKeys->remove($key);
    }

    /**
     * __construct
     * @return void
     **/
    public function __construct()
    {
        // ...
        $this->u2fKeys = new ArrayCollection();
        // ...
    }
}

对于注册,您还需要一个实现 R\U2FTwoFactorBundle\Model\U2F\TwoFactorKeyInterface 的实体。以下是一个使用doctrine的示例。

<?php
// ...
use R\U2FTwoFactorBundle\Model\U2F\TwoFactorKeyInterface;

/**
 * Class U2FKey
 * @ORM\Entity
 * @ORM\Table(name="u2f_keys",
 * uniqueConstraints={@ORM\UniqueConstraint(name="user_unique",columns={"user_id",
 * "keyHandle"})})
 */
class U2FKey implements TwoFactorKeyInterface
{
    /**
     * @ORM\Id
     * @ORM\Column(type="integer")
     * @ORM\GeneratedValue(strategy="AUTO")
     */
    protected $id;

    /**
     * @ORM\Column(type="string")
     * @var string
     **/
    public $keyHandle;

    /**
     * @ORM\Column(type="string")
     * @var string
     **/
    public $publicKey;

    /**
     * @ORM\Column(type="text")
     * @var string
     **/
    public $certificate;

    /**
     * @ORM\Column(type="string")
     * @var int
     **/
    public $counter;

    /**
     * @ORM\ManyToOne(targetEntity="AcmeBundle\Entity\User", inversedBy="u2fKeys")
     * @var User
     **/
    protected $user;

    /**
     * @ORM\Column(type="string")
     * @var string
     **/
    protected $name;

    // ...
    
    public function fromRegistrationData($data)
    {
        $this->keyHandle = $data->keyHandle;
        $this->publicKey = $data->publicKey;
        $this->certificate = $data->certificate;
        $this->counter = $data->counter;
    }
}

然后您需要创建一个事件监听器以获取和存储注册密钥的数据。

<?php

use AcmeBundle\Entity\U2FKey;
use R\U2FTwoFactorBundle\Event\RegisterEvent;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;

class U2FRegistrationListener implements EventSubscriberInterface
{
    // ..
    /**
     * getSubscribedEvents
     * @return array
     **/
    public static function getSubscribedEvents()
    {
        return array(
            'r_u2f_two_factor.register' => 'onRegister',
        );
    }

    /**
     * onRegister
     * @param RegisterEvent $event
     * @return void
     **/
    public function onRegister(RegisterEvent $event)
    {
        $user = $event->getUser($event);
        $registrationData = $event->getRegistration();
        $newKey = new U2FKey();
        $newKey->fromRegistrationData($registrationData);
        $newKey->setUser($user);
        $newKey->setName($event->getKeyName());

        // persist the new key

        // generate new response, here we redirect the user to the fos user
        // profile
        $response = new RedirectResponse($this->router->generate('fos_user_profile_show'));
        $event->setResponse($response);
    }
}

将其添加到您的 services.yml

acme.u2f_listener:
    class: AcmeBundle\EventListener\U2FRegistrationListener
    tags:
        - { name: kernel.event_subscriber }

还要将路由定义添加到您的 app/config/routing.yml

r_u2f:
    resource: "@RU2FTwoFactorBundle/Resources/config/routing.yml"
    prefix: /

可以通过访问 /u2f_register 注册密钥。它需要以https方式提供!

许可

此扩展包可在MIT许可证下获得。