Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wire clock for totp factories #235

Merged
merged 1 commit into from
Jun 18, 2024
Merged

Wire clock for totp factories #235

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions src/bundle/Resources/config/two_factor_provider_google.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Google\GoogleAuthenticatorTwoFactorProvider;
use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Google\GoogleTotpFactory;
use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
use Symfony\Component\DependencyInjection\Loader\Configurator\ReferenceConfigurator;
use function Symfony\Component\DependencyInjection\Loader\Configurator\service;

return static function (ContainerConfigurator $container): void {
Expand All @@ -18,6 +19,7 @@
'%scheb_two_factor.google.server_name%',
'%scheb_two_factor.google.issuer%',
'%scheb_two_factor.google.digits%',
(new ReferenceConfigurator('clock'))->nullOnInvalid(),
])

->set('scheb_two_factor.security.google_authenticator', GoogleAuthenticator::class)
Expand Down
2 changes: 2 additions & 0 deletions src/bundle/Resources/config/two_factor_provider_totp.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Totp\TotpAuthenticatorTwoFactorProvider;
use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Totp\TotpFactory;
use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
use Symfony\Component\DependencyInjection\Loader\Configurator\ReferenceConfigurator;
use function Symfony\Component\DependencyInjection\Loader\Configurator\service;

return static function (ContainerConfigurator $container): void {
Expand All @@ -19,6 +20,7 @@
'%scheb_two_factor.totp.server_name%',
'%scheb_two_factor.totp.issuer%',
'%scheb_two_factor.totp.parameters%',
(new ReferenceConfigurator('clock'))->nullOnInvalid(),
])

->set('scheb_two_factor.security.totp_authenticator', TotpAuthenticator::class)
Expand Down
12 changes: 10 additions & 2 deletions src/google-authenticator/Security/TwoFactor/Provider/Google/GoogleTotpFactory.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@

use OTPHP\TOTP;
use OTPHP\TOTPInterface;
use Psr\Clock\ClockInterface;
use ReflectionClass;
use Scheb\TwoFactorBundle\Model\Google\TwoFactorInterface;
use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Exception\TwoFactorProviderLogicException;
use function strlen;
Expand All @@ -19,6 +21,7 @@ public function __construct(
private readonly string|null $server,
private readonly string|null $issuer,
private readonly int $digits,
private readonly ClockInterface|null $clock = null,
) {
}

Expand All @@ -29,8 +32,13 @@ public function createTotpForUser(TwoFactorInterface $user): TOTPInterface
throw new TwoFactorProviderLogicException('Cannot initialize TOTP, no secret code provided.');
}

/** @psalm-suppress ArgumentTypeCoercion */
$totp = TOTP::create($secret, 30, 'sha1', $this->digits);
if ((new ReflectionClass(TOTP::class))->hasProperty('clock')) {
/** @psalm-suppress ArgumentTypeCoercion */
$totp = TOTP::create($secret, 30, 'sha1', $this->digits, clock: $this->clock);
} else {
/** @psalm-suppress ArgumentTypeCoercion */
$totp = TOTP::create($secret, 30, 'sha1', $this->digits);
}

$userAndHost = $user->getGoogleAuthenticatorUsername().(null !== $this->server && $this->server ? '@'.$this->server : '');
$totp->setLabel($userAndHost);
Expand Down
28 changes: 21 additions & 7 deletions src/totp/Security/TwoFactor/Provider/Totp/TotpFactory.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@

use OTPHP\TOTP;
use OTPHP\TOTPInterface;
use Psr\Clock\ClockInterface;
use ReflectionClass;
use Scheb\TwoFactorBundle\Model\Totp\TwoFactorInterface;
use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Exception\TwoFactorProviderLogicException;
use function strlen;
Expand All @@ -22,6 +24,7 @@ public function __construct(
private readonly string|null $server,
private readonly string|null $issuer,
private readonly array $customParameters,
private readonly ClockInterface|null $clock = null,
) {
}

Expand All @@ -37,13 +40,24 @@ public function createTotpForUser(TwoFactorInterface $user): TOTPInterface
throw new TwoFactorProviderLogicException('Cannot initialize TOTP, no secret code provided.');
}

/** @psalm-suppress ArgumentTypeCoercion */
$totp = TOTP::create(
$secret,
$totpConfiguration->getPeriod(),
$totpConfiguration->getAlgorithm(),
$totpConfiguration->getDigits(),
);
if ((new ReflectionClass(TOTP::class))->hasProperty('clock')) {
/** @psalm-suppress ArgumentTypeCoercion */
$totp = TOTP::create(
$secret,
$totpConfiguration->getPeriod(),
$totpConfiguration->getAlgorithm(),
$totpConfiguration->getDigits(),
clock: $this->clock,
);
} else {
/** @psalm-suppress ArgumentTypeCoercion */
$totp = TOTP::create(
$secret,
$totpConfiguration->getPeriod(),
$totpConfiguration->getAlgorithm(),
$totpConfiguration->getDigits(),
);
}

$userAndHost = $user->getTotpAuthenticationUsername().(null !== $this->server && $this->server ? '@'.$this->server : '');
$totp->setLabel($userAndHost);
Expand Down
Loading