src/Controller/SecurityController.php line 31

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Controller;
  7. use Doctrine\ORM\EntityManagerInterface;
  8. use Endroid\QrCode\Builder\Builder;
  9. use Endroid\QrCode\Encoding\Encoding;
  10. use Endroid\QrCode\ErrorCorrectionLevel\ErrorCorrectionLevelHigh;
  11. use Endroid\QrCode\RoundBlockSizeMode\RoundBlockSizeModeMargin;
  12. use Endroid\QrCode\Writer\PngWriter;
  13. use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Totp\TotpAuthenticatorInterface;
  14. use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
  15. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  16. use Symfony\Component\HttpFoundation\ParameterBag;
  17. use Symfony\Component\HttpFoundation\RedirectResponse;
  18. use Symfony\Component\HttpFoundation\Request;
  19. use Symfony\Component\HttpFoundation\Response;
  20. use Symfony\Component\HttpFoundation\Session\Session;
  21. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  22. use Symfony\Component\Routing\Annotation\Route;
  23. use Symfony\Component\Routing\RouterInterface;
  24. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  25. use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
  26. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  28. class SecurityController extends AbstractController
  29. {
  30.     #[Route('/login'name'app_login')]
  31.     public function index(AuthenticationUtils $authenticationUtils): Response
  32.     {
  33.         // get the login error if there is one
  34.         $error $authenticationUtils->getLastAuthenticationError();
  36.         // last username entered by the user
  37.         $lastUsername $authenticationUtils->getLastUsername();
  39.         return $this->render('login/index.html.twig', [
  40.             'last_username' => $lastUsername,
  41.             'error'         => $error,
  42.         ]);
  43.     }
  45.     #[Route('/logout'name'app_logout'methods: ['GET'])]
  46.     public function logout()
  47.     {
  48.     }
  50.     #[Route('/authentication/2fa/enable'name'app_2fa_enable')]
  51.     #[IsGranted('ROLE_ADMIN')]
  52.     public function enable2fa(TotpAuthenticatorInterface $totpAuthenticator)
  53.     {
  54.         $user $this->getUser();
  55.         if (null === $user) {
  56.             throw new AuthenticationException('Access denied.');
  57.         }
  58.         if (!$user->isTotpAuthenticationEnabled()) {
  59.             $totpSecret $totpAuthenticator->generateSecret();
  60.             $user->setTotpSecret($totpSecret);
  61.         }
  63.         return $this->render('security/2fa_form.html.twig', [
  64.             'qrContent' => base64_encode($totpAuthenticator->getQRContent($user)),
  65.             'secret' => base64_encode($totpSecret),
  66.         ]);
  67.     }
  69.     #[Route('/authentication/2fa/save'name'app_2fa_save'methods: ['POST'])]
  70.     #[IsGranted('ROLE_ADMIN')]
  71.     public function save2fa(
  72.         Request $request,
  73.         TotpAuthenticatorInterface $totpAuthenticator,
  74.         EntityManagerInterface $entityManager,
  75.         RouterInterface $router,
  76.         SessionInterface $session,
  77.     ) {
  78.         $user $this->getUser();
  79.         if (null === $user) {
  80.             return new RedirectResponse($router->generate('app_login'));
  81.         }
  82.         $code $request->request->get('code');
  83.         $secret base64_decode($request->request->get('totp-secret'));
  84.         $user->setTotpSecret($secret);
  86.         if ($totpAuthenticator->checkCode($user$code)) {
  87.             $entityManager->flush();
  88.             $session->getFlashBag()->add('success''2FA Authorization Enabled');
  89.             return new RedirectResponse($router->generate('app_login'));
  90.         }
  92.         return new RedirectResponse($router->generate('app_2fa_enable'));
  93.     }
  95.     #[Route('/authentication/2fa/generate'name'app_2fa_generate')]
  96.     #[IsGranted('ROLE_ADMIN')]
  97.     public function generate2fa(Request $request)
  98.     {
  99.         $result Builder::create()
  100.             ->writer(new PngWriter())
  101.             ->writerOptions([])
  102.             ->data(base64_decode($request->get('qrContent')))
  103.             ->encoding(new Encoding('UTF-8'))
  104.             ->errorCorrectionLevel(new ErrorCorrectionLevelHigh())
  105.             ->size(300)
  106.             ->margin(0)
  107.             ->roundBlockSizeMode(new RoundBlockSizeModeMargin())
  108.             ->build();
  110.         return new Response($result->getString(), 200, ['Content-Type' => 'image/png']);
  111.     }
  112. }