fix issue sonata-project#1191

Author: davidromani

docs/reference/two_step_validation.rst

@@ -35,12 +35,12 @@ Edit the configuration file:
         google_authenticator:
             enabled: true
             server:  yourserver.com
-            ip_white_list:
+            trusted_ip_list:
                 - 127.0.0.1
             forced_for_role:
                 - ROLE_ADMIN
 
-Also, if you want to use ``ip_white_list`` and ``forced_for_role``
+Also, if you want to use ``trusted_ip_list`` and ``forced_for_role``
 configuration nodes for automatically setting the secret to user
 (secret - a connection between user and device that will scans QR-code)
 and showing QR-code in login form, you need to set the success handler

src/DependencyInjection/Configuration.php

@@ -69,6 +69,11 @@ public function getConfigTreeBuilder()
                         ->scalarNode('server')->cannotBeEmpty()->end()
                         ->scalarNode('enabled')->defaultFalse()->end()
                         ->arrayNode('ip_white_list')
+                            ->prototype('scalar')->end()
+                            ->info('IPs for which 2FA will be skipped.')
+                            ->setDeprecated('The "%node%" option is deprecated. Use "trusted_ip_list" instead with the same values.')
+                        ->end()
+                        ->arrayNode('trusted_ip_list')
                             ->prototype('scalar')->end()
                             ->defaultValue(['127.0.0.1'])
                             ->info('IPs for which 2FA will be skipped.')

src/DependencyInjection/SonataUserExtension.php

@@ -174,11 +174,22 @@ public function configureGoogleAuthenticator($config, ContainerBuilder $containe
 
         if (!class_exists('Google\Authenticator\GoogleAuthenticator')
             && !class_exists('Sonata\GoogleAuthenticator\GoogleAuthenticator')) {
-            throw new \RuntimeException('Please add ``sonata-project/google-authenticator`` package');
+            throw new \RuntimeException('Please add "sonata-project/google-authenticator" package');
         }
 
         $container->setParameter('sonata.user.google.authenticator.forced_for_role', $config['google_authenticator']['forced_for_role']);
-        $container->setParameter('sonata.user.google.authenticator.ip_white_list', $config['google_authenticator']['ip_white_list']);
+
+        // NEXT_MAJOR: Remove this checks and only set the `trusted_ip_list`.
+        if (\count($config['google_authenticator']['ip_white_list']) > 0 && $config['google_authenticator']['trusted_ip_list'] !== ['127.0.0.1']) {
+            throw new \LogicException('Please use only "trusted_ip_list" parameter, "ip_white_list" is deprecated.');
+        }
+        $trustedIpList = $config['google_authenticator']['trusted_ip_list'];
+        if (\count($config['google_authenticator']['ip_white_list']) > 0) {
+            $trustedIpList = $config['google_authenticator']['ip_white_list'];
+        }
+        // NEXT_MAJOR: Remove `sonata.user.google.authenticator.ip_white_list` parameter.
+        $container->setParameter('sonata.user.google.authenticator.ip_white_list', $trustedIpList);
+        $container->setParameter('sonata.user.google.authenticator.trusted_ip_list', $trustedIpList);
 
         $container->getDefinition('sonata.user.google.authenticator.provider')
             ->replaceArgument(0, $config['google_authenticator']['server']);

src/GoogleAuthenticator/Helper.php

@@ -39,28 +39,28 @@ class Helper
     /**
      * @var string[]
      */
-    private $ipWhiteList;
+    private $trustedIpList;
 
     /**
      * @var AuthorizationCheckerInterface
      */
     private $authorizationChecker;
 
     /**
-     * @param string[] $ipWhiteList IPs that will bypass 2FA authorization
+     * @param string[] $trustedIpList IPs that will bypass 2FA authorization
      */
     public function __construct(
         $server,
         BaseGoogleAuthenticator $authenticator,
         AuthorizationCheckerInterface $authorizationChecker,
         array $forcedForRoles = [],
-        array $ipWhiteList = []
+        array $trustedIpList = []
     ) {
         $this->server = $server;
         $this->authenticator = $authenticator;
         $this->authorizationChecker = $authorizationChecker;
         $this->forcedForRoles = $forcedForRoles;
-        $this->ipWhiteList = $ipWhiteList;
+        $this->trustedIpList = $trustedIpList;
     }
 
     /**
@@ -99,7 +99,7 @@ public function getSessionKey(UsernamePasswordToken $token)
 
     public function needToHaveGoogle2FACode(Request $request): bool
     {
-        if (\in_array($request->getClientIp(), $this->ipWhiteList, true)) {
+        if (\in_array($request->getClientIp(), $this->trustedIpList, true)) {
             return false;
         }
 

src/Resources/config/google_authenticator.xml

@@ -9,7 +9,7 @@
             <argument type="service" id="sonata.user.google.authenticator"/>
             <argument type="service" id="security.authorization_checker"/>
             <argument>%sonata.user.google.authenticator.forced_for_role%</argument>
-            <argument>%sonata.user.google.authenticator.ip_white_list%</argument>
+            <argument>%sonata.user.google.authenticator.trusted_ip_list%</argument>
         </service>
         <service id="sonata.user.google.authenticator.interactive_login_listener" class="Sonata\UserBundle\GoogleAuthenticator\InteractiveLoginListener">
             <tag name="kernel.event_listener" event="security.interactive_login" method="onSecurityInteractiveLogin"/>

tests/DependencyInjection/ConfigurationTest.php

@@ -42,7 +42,8 @@ public function testDefault(): void
             ],
             'google_authenticator' => [
                 'enabled' => false,
-                'ip_white_list' => ['127.0.0.1'],
+                'ip_white_list' => [],
+                'trusted_ip_list' => ['127.0.0.1'],
                 'forced_for_role' => ['ROLE_ADMIN'],
             ],
             'manager_type' => 'orm',

tests/DependencyInjection/SonataUserExtensionTest.php

@@ -256,7 +256,7 @@ public function testConfigureGoogleAuthenticatorEnabled(): void
     {
         $this->expectDeprecation('The \'Google\Authenticator\' namespace is deprecated in sonata-project/GoogleAuthenticator since version 2.1 and will be removed in 3.0.');
 
-        $this->load(['google_authenticator' => ['enabled' => true, 'forced_for_role' => ['ROLE_USER'], 'ip_white_list' => ['0.0.0.1'],
+        $this->load(['google_authenticator' => ['enabled' => true, 'forced_for_role' => ['ROLE_USER'], 'trusted_ip_list' => ['0.0.0.1'],
                                                 'server' => 'bar', ]]);
 
         $this->assertContainerBuilderHasParameter('sonata.user.google.authenticator.enabled', true);
@@ -265,7 +265,7 @@ public function testConfigureGoogleAuthenticatorEnabled(): void
         $this->assertContainerBuilderHasService('sonata.user.google.authenticator.interactive_login_listener');
         $this->assertContainerBuilderHasService('sonata.user.google.authenticator.request_listener');
         $this->assertContainerBuilderHasParameter('sonata.user.google.authenticator.forced_for_role', ['ROLE_ADMIN', 'ROLE_USER']);
-        $this->assertContainerBuilderHasParameter('sonata.user.google.authenticator.ip_white_list', ['127.0.0.1', '0.0.0.1']);
+        $this->assertContainerBuilderHasParameter('sonata.user.google.authenticator.trusted_ip_list', ['127.0.0.1', '0.0.0.1']);
         $this->assertContainerBuilderHasServiceDefinitionWithArgument('sonata.user.google.authenticator.provider', 0, 'bar');
     }
 

tests/EventListener/TwoFactorLoginSuccessHandlerTest.php

@@ -105,8 +105,8 @@ private function createTestClass(?string $secret, string $userRole, ?string $rem
         $routerMock = $this->createMock(UrlGeneratorInterface::class);
         $routerMock->method('generate')->willReturn('/admin/dashboard');
         $forcedRoles = ['ROLE_ADMIN'];
-        $ipWhiteList = ['127.0.0.1'];
-        $helper = new Helper('site.tld', new GoogleAuthenticator(), $authChecker, $forcedRoles, $ipWhiteList);
+        $trustedIpList = ['127.0.0.1'];
+        $helper = new Helper('site.tld', new GoogleAuthenticator(), $authChecker, $forcedRoles, $trustedIpList);
         $this->testClass = new TwoFactorLoginSuccessHandler(
             $templateEngineMock,
             $helper,