tubssz / u2f-two-factor-bundle
此包已被弃用,不再维护。没有建议的替代包。
使用 U2F-Keys 为 Symfony 实现 2FA,使用 scheb/two-factor-bundle
0.3.0
2016-02-19 22:30 UTC
Requires
- scheb/two-factor-bundle: ^1.4 | ^2.0
- yubico/u2flib-server: ^0.1.0 | ^1.0.0
Conflicts
- darookee/u2f-two-factor-bundle: *
This package is not auto-updated.
Last update: 2017-01-18 15:43:07 UTC
README
此 Symfony2 扩展包为您的网站提供使用 scheb/two-factor-bundle 的 u2f 认证。
安装
步骤 1:使用 Composer 下载
php composer.phar require tubssz/u2f-two-factor-bundle
步骤 2:启用扩展包
将以下内容添加到您的 app/AppKernel.php
<?php // ... public function registerBundles() { $bundles = array( // ... new Scheb\TwoFactorBundle\SchebTwoFactorBundle(), new R\U2FTwoFactorBundle\RU2FTwoFactorBundle(), // ... ); // ... } // ...
步骤 3:配置
以下选项可用但不是必需的
r_u2f_two_factor: formTemplate: RU2FTwoFActorBundle:Authentication:form.html.twig registerTemplate: RU2FTwoFActorBundle:Registration:register.html.twig authCodeParameter: _auth_code
为了使身份验证工作,您必须实现 R\U2FTwoFactorBundle\Model\U2F\TwoFactorInterface
<?php // ... use R\U2FTwoFactorBundle\Model\U2F\TwoFactorInterface as U2FTwoFactorInterface; // ... class User implements U2FTwoFactorInterface { // ... /** * @ORM\OneToMany(targetEntity="Club\BaseBundle\Entity\U2FKey", mappedBy="user") * @var ArrayCollection **/ protected $u2fKeys; /** * isU2FAuthEnabled * @return boolean **/ public function isU2FAuthEnabled() { // If the User has Keys associated, use U2F // You may use a different logic here return count($this->u2fKeys) > 0; } /** * getU2FKeys * @return ArrayCollection **/ public function getU2FKeys() { return $this->u2fKeys; } /** * addU2FKey * @param U2FKey $key * @return void **/ public function addU2FKey($key) { $this->u2fKeys->add($key); } /** * __construct * @return void **/ public function __construct() { // ... $this->u2fKeys = new ArrayCollection(); // ... } }
对于注册,您还需要一个实现 R\U2FTwoFactorBundle\Model\U2F\TwoFactorKeyInterface
的实体。以下是一个使用 doctrine 的示例。
<?php // ... use R\U2FTwoFactorBundle\Model\U2F\TwoFactorKeyInterface; /** * Class U2FKey * @ORM\Entity * @ORM\Table(name="u2f_keys", * uniqueConstraints={@ORM\UniqueConstraint(name="user_unique",columns={"user_id", * "key_handle"})}) */ class U2FKey implements TwoFactorKeyInterface { /** * @ORM\Id * @ORM\Column(type="integer") * @ORM\GeneratedValue(strategy="AUTO") */ protected $id; /** * @ORM\Column(type="string") * @var string **/ public $keyHandle; /** * @ORM\Column(type="string") * @var string **/ public $publicKey; /** * @ORM\Column(type="string") * @var string **/ public $certificate; /** * @ORM\Column(type="string") * @var int **/ public $counter; /** * @ORM\ManyToOne(targetEntity="AcmeBundle\Entity\User", inversedBy="u2fKeys") * @var User **/ protected $user; /** * @ORM\Column(type="string") * @var string **/ protected $name; // ... }
然后您需要创建一个事件监听器以获取和存储注册密钥的数据。
<?php use AcmeBundle\Entity\U2FKey; use R\U2FTwoFactorBundle\Event\RegisterEvent; use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\EventDispatcher\EventSubscriberInterface; class U2FRegistrationListener implements EventSubscriberInterface { // .. /** * getSubscribedEvents * @return array **/ public static function getSubscribedEvents() { return array( 'r_u2f_two_factor.register' => 'onRegister', ); } /** * onRegister * @param RegisterEvent $event * @return void **/ public function onRegister(RegisterEvent $event) { $user = $event->getUser($event); $registrationData = $event->getRegistration(); $newKey = new U2FKey(); $newKey->fromRegistrationData($registrationData); $newKey->setUser($user); $newKey->setName($event->getKeyName()); // persist the new key // generate new response, here we redirect the user to the fos user // profile $response = new RedirectResponse($this->router->generate('fos_user_profile_show')); $event->setResponse($response); } }
将其添加到您的 services.yml
acme.u2f_listener: class: AcmeBundle\EventListener\U2FRegistrationListener tags: - { name: kernel.event_subscriber }
同时,将路由定义添加到您的 app/config/routing.yml
r_u2f: resource: "@RU2FTwoFactorBundle/Resources/config/routing.yml" prefix: /
密钥可以通过访问 /u2f_register
进行注册。它需要以 https 提供服务!
许可证
此扩展包可在 MIT 许可证 下使用。