temp totp

Author: codedmonkey

migrations/Version20250409225651.php

@@ -0,0 +1,30 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DoctrineMigrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+final class Version20250409225651 extends AbstractMigration
+{
+    public function getDescription(): string
+    {
+        return 'Add TOTP secret';
+    }
+
+    public function up(Schema $schema): void
+    {
+        $this->addSql(<<<'SQL'
+            ALTER TABLE "user" ADD totp_secret VARCHAR(255) DEFAULT NULL
+        SQL);
+    }
+
+    public function down(Schema $schema): void
+    {
+        $this->addSql(<<<'SQL'
+            ALTER TABLE "user" DROP totp_secret
+        SQL);
+    }
+}

src/Controller/Dashboard/DashboardAccountController.php

@@ -7,6 +7,7 @@
 use CodedMonkey\Dirigent\Form\AccountFormType;
 use CodedMonkey\Dirigent\Form\ChangePasswordFormType;
 use EasyCorp\Bundle\EasyAdminBundle\Router\AdminUrlGenerator;
+use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Totp\TotpAuthenticatorInterface;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\Form\FormError;
 use Symfony\Component\HttpFoundation\Request;
@@ -28,6 +29,7 @@ public static function getSubscribedServices(): array
     public function __construct(
         private readonly UserRepository $userRepository,
         private readonly UserPasswordHasherInterface $passwordHasher,
+        private readonly TotpAuthenticatorInterface $totpAuthenticator,
     ) {
     }
 
@@ -36,8 +38,6 @@ public function __construct(
     public function account(Request $request, #[CurrentUser] User $user): Response
     {
         $accountForm = $this->createForm(AccountFormType::class, $user);
-        $passwordForm = $this->createForm(ChangePasswordFormType::class);
-
         $accountForm->handleRequest($request);
 
         if ($accountForm->isSubmitted() && $accountForm->isValid()) {
@@ -50,6 +50,7 @@ public function account(Request $request, #[CurrentUser] User $user): Response
             return $this->redirect($url);
         }
 
+        $passwordForm = $this->createForm(ChangePasswordFormType::class);
         $passwordForm->handleRequest($request);
 
         if ($passwordForm->isSubmitted()) {
@@ -72,9 +73,17 @@ public function account(Request $request, #[CurrentUser] User $user): Response
             }
         }
 
+        $totpSecret = $this->totpAuthenticator->generateSecret();
+
+        $mfaForm = $this->createForm(MfaFormType::class, ['secret' => $totpSecret]);
+        $mfaForm->handleRequest($request);
+
+        $oneTimePassword = $this->totpAuthenticator->checkCode()
+
         return $this->render('dashboard/account.html.twig', [
             'accountForm' => $accountForm,
             'passwordForm' => $passwordForm,
+            'totpSecret' => $totpSecret,
         ]);
     }
 }

src/Doctrine/Entity/User.php

@@ -8,12 +8,15 @@
 use Doctrine\ORM\Mapping\GeneratedValue;
 use Doctrine\ORM\Mapping\Id;
 use Doctrine\ORM\Mapping\Table;
+use Scheb\TwoFactorBundle\Model\Totp\TotpConfiguration;
+use Scheb\TwoFactorBundle\Model\Totp\TotpConfigurationInterface;
+use Scheb\TwoFactorBundle\Model\Totp\TwoFactorInterface;
 use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
 
 #[Entity(repositoryClass: UserRepository::class)]
 #[Table(name: '`user`')]
-class User implements UserInterface, PasswordAuthenticatedUserInterface
+class User implements UserInterface, PasswordAuthenticatedUserInterface, TwoFactorInterface
 {
     #[Column]
     #[GeneratedValue]
@@ -37,6 +40,9 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
 
     private ?string $plainPassword = null;
 
+    #[Column(nullable: true)]
+    private ?string $totpSecret = null;
+
     public function getId(): ?int
     {
         return $this->id;
@@ -108,6 +114,16 @@ public function setPlainPassword(string $password): self
         return $this;
     }
 
+    public function getTotpSecret(): ?string
+    {
+        return $this->totpSecret;
+    }
+
+    public function setTotpSecret(?string $totpSecret): void
+    {
+        $this->totpSecret = $totpSecret;
+    }
+
     public function getUserIdentifier(): string
     {
         return (string) $this->username;
@@ -158,4 +174,19 @@ public function setSuperAdmin(bool $admin): void
             }
         }
     }
+
+    public function isTotpAuthenticationEnabled(): bool
+    {
+        return null !== $this->totpSecret;
+    }
+
+    public function getTotpAuthenticationUsername(): string
+    {
+        return $this->username;
+    }
+
+    public function getTotpAuthenticationConfiguration(): ?TotpConfigurationInterface
+    {
+        return new TotpConfiguration($this->totpSecret, TotpConfiguration::ALGORITHM_SHA1, 20, 8);
+    }
 }

templates/dashboard/account.html.twig

@@ -41,18 +41,20 @@
   <div class="form-fieldset field-form_fieldset">
     <div class="form-fieldset-header with-help">
       <div class="form-fieldset-title">
-        <span class="not-collapsible form-fieldset-title-content">Multi-Factor Authentication</span>
-        <div class="form-fieldset-help">Add an extra layer of security</div>
+        <span class="not-collapsible form-fieldset-title-content">{{ 'Multi-Factor Authentication' }}</span>
+        <div class="form-fieldset-help">{{ 'account.mfa.help'|trans }}</div>
       </div>
     </div>
 
     <div class="form-fieldset-body show">
       <div class="row">
         <div class="col-md-6 col-xxl-5">
-          todo
+          <div class="mb-3">
+            <label for="totp_secret" class="form-label required">{{ 'MFA secret' }}</label>
+            <input id="totp_secret" type="text" value="{{ totpSecret }}" class="form-control">
+          </div>
         </div>
       </div>
     </div>
   </div>
-
 {% endblock %}