-
-
Notifications
You must be signed in to change notification settings - Fork 484
/
Copy pathHelper.php
119 lines (102 loc) · 2.88 KB
/
Helper.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
<?php
declare(strict_types=1);
/*
* This file is part of the Sonata Project package.
*
* (c) Thomas Rabaix <thomas.rabaix@sonata-project.org>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Sonata\UserBundle\GoogleAuthenticator;
use Google\Authenticator\GoogleAuthenticator as BaseGoogleAuthenticator;
use Sonata\UserBundle\Model\UserInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
/**
* NEXT_MAJOR: Remove this class.
*
* @deprecated since sonata-project/user-bundle 4.14, it will be removed on 5.0.
*/
class Helper
{
/**
* @var string
*/
protected $server;
/**
* @var BaseGoogleAuthenticator
*/
protected $authenticator;
/**
* @var string[]
*/
private $forcedForRoles;
/**
* @var string[]
*/
private $trustedIpList;
/**
* @var AuthorizationCheckerInterface
*/
private $authorizationChecker;
/**
* @param string[] $trustedIpList IPs that will bypass 2FA authorization
*/
public function __construct(
$server,
BaseGoogleAuthenticator $authenticator,
AuthorizationCheckerInterface $authorizationChecker,
array $forcedForRoles = [],
array $trustedIpList = []
) {
$this->server = $server;
$this->authenticator = $authenticator;
$this->authorizationChecker = $authorizationChecker;
$this->forcedForRoles = $forcedForRoles;
$this->trustedIpList = $trustedIpList;
}
/**
* @param string $code
*
* @return bool
*/
public function checkCode(UserInterface $user, $code)
{
return $this->authenticator->checkCode($user->getTwoStepVerificationCode(), $code);
}
/**
* @return string
*/
public function getUrl(UserInterface $user)
{
return $this->authenticator->getUrl($user->getUsername(), $this->server, $user->getTwoStepVerificationCode());
}
/**
* @return string
*/
public function generateSecret()
{
return $this->authenticator->generateSecret();
}
/**
* @return string
*/
public function getSessionKey(UsernamePasswordToken $token)
{
return sprintf('sonata_user_google_authenticator_%s_%s', $token->getProviderKey(), $token->getUsername());
}
public function needToHaveGoogle2FACode(Request $request): bool
{
if (\in_array($request->getClientIp(), $this->trustedIpList, true)) {
return false;
}
foreach ($this->forcedForRoles as $role) {
if ($this->authorizationChecker->isGranted($role)) {
return true;
}
}
return false;
}
}