通过 
搜索
搜索r / u2f-two-factor-bundle
使用U2F密钥作为Symfony2的2FA,使用scheb/two-factor-bundle
0.8.0
2020-05-19 07:35 UTC
Requires
- php: ^7.1.3
- ext-json: *
- doctrine/collections: ^1.6
- doctrine/common: *
- scheb/two-factor-bundle: ^3.2.0|^4.0.0
- symfony/event-dispatcher-contracts: ^2.0
- symfony/framework-bundle: ^3.4|^4.0|^5.0
- symfony/templating: ^3.4|^4.0|^5.0
- yubico/u2flib-server: ^1.0.0
Requires (Dev)
- phpstan/phpstan: ^0.11.6
Conflicts
README
这个Symfony2组件提供了使用 scheb/two-factor-bundle 的u2f身份验证功能。
安装
步骤1:使用Composer下载
php composer.phar require r/u2f-two-factor-bundle
步骤2:启用组件(使用Symfony Flex时跳过)
将以下内容添加到您的 app/AppKernel.php
<?php // ... public function registerBundles() { $bundles = array( // ... new Scheb\TwoFactorBundle\SchebTwoFactorBundle(), new R\U2FTwoFactorBundle\RU2FTwoFactorBundle(), // ... ); // ... } // ...
步骤3:配置
以下选项可用但不是必需的
r_u2f_two_factor: formTemplate: RU2FTwoFactorBundle:Authentication:form.html.twig registerTemplate: RU2FTwoFactorBundle:Registration:register.html.twig authCodeParameter: _auth_code
为了使身份验证工作,您必须实现 R\U2FTwoFactorBundle\Model\U2F\TwoFactorInterface
<?php // ... use Doctrine\Common\Collections\Collection; use R\U2FTwoFactorBundle\Model\U2F\TwoFactorInterface as U2FTwoFactorInterface; use R\U2FTwoFactorBundle\Model\U2F\TwoFactorKeyInterface; use Club\BaseBundle\Entity\U2FKey; // ... class User implements U2FTwoFactorInterface { // ... /** * @ORM\OneToMany(targetEntity=U2FKey::class, mappedBy="user") * @var Collection<TwoFactorKeyInterface> **/ protected $u2fKeys; public function isU2FAuthEnabled(): bool { // If the User has Keys associated, use U2F // You may use a different logic here return count($this->u2fKeys) > 0; } /** @return Collection<TwoFactorKeyInterface> **/ public function getU2FKeys(): Collection { return $this->u2fKeys; } public function addU2FKey(TwoFactorKeyInterface $key): void { $this->u2fKeys->add($key); } public function removeU2FKey(TwoFactorKeyInterface $key): void { $this->u2fKeys->remove($key); } public function __construct() { // ... $this->u2fKeys = new ArrayCollection(); // ... } }
为了注册,您还需要一个实现 R\U2FTwoFactorBundle\Model\U2F\TwoFactorKeyInterface 的实体。以下是一个使用doctrine的示例。
<?php // ... use R\U2FTwoFactorBundle\Model\U2F\TwoFactorKeyInterface; use u2flib_server\Registration; /** * @ORM\Entity * @ORM\Table(name="u2f_keys", * uniqueConstraints={@ORM\UniqueConstraint(name="user_unique",columns={"user_id", * "keyHandle"})}) */ class U2FKey implements TwoFactorKeyInterface { /** * @ORM\Id * @ORM\Column(type="integer") * @ORM\GeneratedValue(strategy="AUTO") */ protected $id; /** * @ORM\Column(type="string") * @var string **/ protected $keyHandle; /** * @ORM\Column(type="string") * @var string **/ protected $publicKey; /** * @ORM\Column(type="text") * @var string **/ protected $certificate; /** * @ORM\Column(type="string") * @var int **/ protected $counter; /** * @ORM\ManyToOne(targetEntity="AcmeBundle\Entity\User", inversedBy="u2fKeys") * @var User **/ protected $user; /** * @ORM\Column(type="string") * @var string **/ protected $name; // ... public function fromRegistrationData(Registration $data): void { $this->keyHandle = $data->keyHandle; $this->publicKey = $data->publicKey; $this->certificate = $data->certificate; $this->counter = $data->counter; } /** @inheritDoc */ public function getKeyHandle() { return $this->keyHandle; } /** @inheritDoc */ public function setKeyHandle($keyHandle) { $this->keyHandle = $keyHandle; } /** @inheritDoc */ public function getPublicKey() { return $this->publicKey; } /** @inheritDoc */ public function setPublicKey($publicKey) { $this->publicKey = $publicKey; } /** @inheritDoc */ public function getCertificate() { return $this->certificate; } /** @inheritDoc */ public function setCertificate($certificate) { $this->certificate = $certificate; } /** @inheritDoc */ public function getCounter() { return $this->counter; } /** @inheritDoc */ public function setCounter($counter) { $this->counter = $counter; } /** @inheritDoc */ public function getName() { return $this->name; } /** @inheritDoc */ public function setName($name) { $this->name = $name; } }
然后您需要创建一个事件订阅者以获取和存储注册密钥的数据。
<?php use AcmeBundle\Entity\U2FKey; use R\U2FTwoFactorBundle\Event\RegisterEvent; use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\EventDispatcher\EventSubscriberInterface; use Symfony\Component\Routing\Generator\UrlGeneratorInterface; class U2FRegistrationSubscriber implements EventSubscriberInterface { /** @var UrlGeneratorInterface */ private $router; public function __construct(UrlGeneratorInterface $router) { $this->router = $router; } // .. /** @return string[] **/ public static function getSubscribedEvents(): array { return array( 'r_u2f_two_factor.register' => 'onRegister', ); } public function onRegister(RegisterEvent $event): void { $user = $event->getUser($event); $registration = $event->getRegistration(); $newKey = new U2FKey(); $newKey->fromRegistrationData($registration); $newKey->setUser($user); $newKey->setName($event->getKeyName()); // persist the new key // generate new response, here we redirect the user to the fos user // profile $response = new RedirectResponse($this->router->generate('fos_user_profile_show')); $event->setResponse($response); } }
同时,将路由定义添加到您的 app/config/routing.yml
r_u2f: resource: "@RU2FTwoFactorBundle/Resources/config/routing.yml" prefix: /
可以在 /u2f_register 进行密钥注册。它需要以https方式提供!
步骤4:包含JavaScript
首先,您需要将依赖 u2f-api 添加到您的 package.json。
如果您使用Webpack Encore,请在您的 webpack.config.js 中包含此行,然后完成
.addEntry('ru2ftwofactor', './web/bundles/ru2ftwofactor/js/auth.js')
如果您没有使用Webpack Encore,您需要自己捆绑 web/bundles/ru2ftwofactor/js/auth.js,覆盖 formTemplate 和 registerTemplate 并在此处添加您的JavaScript引用。
许可
此组件可在 MIT许可 下使用。