abenmada / sylius-multi-factor-authentication-plugin
Multi factor authentication plugin for ShopUser and AdminUser.
Installs: 5
Dependents: 0
Suggesters: 0
Security: 0
Stars: 7
Watchers: 1
Forks: 0
Open Issues: 0
Type:sylius-plugin
Requires
- php: ^8.0
- scheb/2fa-bundle: ^v5.13
- scheb/2fa-google-authenticator: ^5.13
- scheb/2fa-qr-code: ^5.13
- sylius/sylius: ^1.12
Requires (Dev)
- behat/behat: ^3.6.1
- behat/mink-selenium2-driver: ^1.4
- dmore/behat-chrome-extension: ^1.3
- dmore/chrome-mink-driver: ^2.7
- friends-of-behat/mink: ^1.8
- friends-of-behat/mink-browserkit-driver: ^1.4
- friends-of-behat/mink-debug-extension: ^2.0.0
- friends-of-behat/mink-extension: ^2.4
- friends-of-behat/page-object-extension: ^0.3
- friends-of-behat/suite-settings-extension: ^1.0
- friends-of-behat/symfony-extension: ^2.1
- friends-of-behat/variadic-extension: ^1.3
- friendsofphp/php-cs-fixer: ^3.9
- phpspec/phpspec: ^7.2
- phpstan/extension-installer: ^1.0
- phpstan/phpstan: ^1.8.1
- phpstan/phpstan-doctrine: 1.3.40
- phpstan/phpstan-strict-rules: ^1.3.0
- phpstan/phpstan-webmozart-assert: ^1.2.0
- phpunit/phpunit: ^9.5
- polishsymfonycommunity/symfony-mocker-container: ^1.0
- sylius-labs/coding-standard: ^4.2
- symfony/browser-kit: ^5.4 || ^6.0
- symfony/debug-bundle: ^5.4 || ^6.0
- symfony/dotenv: ^5.4 || ^6.0
- symfony/flex: ^2.2.2
- symfony/intl: ^5.4 || ^6.0
- symfony/web-profiler-bundle: ^5.4 || ^6.0
- vimeo/psalm: 4.30.0
README
Multi factor authentication plugin for ShopUser and AdminUser
Details
MFA activation on the eshop
MFA verification after login on the eshop
MFA activation on the backoffice
MFA verification after login on the backoffice
Installation
Require plugin with composer :
composer require abenmada/sylius-multi-factor-authentication-plugin
⚠️ Please delete the automatically generated files config/packages/scheb_2fa.yaml and config/routes/scheb_2fa.yaml.
Change your config/bundles.php
file to add the line for the plugin :
<?php return [ //.. Abenmada\MultiFactorAuthenticationPlugin\MultiFactorAuthenticationPlugin::class => ['all' => true], Scheb\TwoFactorBundle\SchebTwoFactorBundle::class => ['all' => true], ];
Then create the config file in config/packages/abenmada_multi_factor_authentication_plugin.yaml
:
imports: - { resource: "@MultiFactorAuthenticationPlugin/Resources/config/services.yaml" }
Then import the routes in config/routes/abenmada_multi_factor_authentication_plugin.yaml
:
abenmada_multi_factor_authentication_plugin_shop_routing: resource: "@MultiFactorAuthenticationPlugin/Resources/config/routes/sylius_shop.yaml" prefix: /{_locale} abenmada_multi_factor_authentication_plugin_admin_routing: resource: "@MultiFactorAuthenticationPlugin/Resources/config/routes/sylius_admin.yaml" prefix: /%sylius_admin.path_name%
Change your config/services.yaml
file :
parameters: abenmada_multi_factor_authentication_plugin_issuer: "Fashion Web Store" # Issuer name used in QR code
Change your config/packages/security.yaml
file :
security: firewalls: admin: two_factor: auth_form_path: abenmada_multi_factor_authentication_plugin_admin_user_login check_path: abenmada_multi_factor_authentication_plugin_admin_user_login_check shop: two_factor: auth_form_path: abenmada_multi_factor_authentication_plugin_shop_user_login check_path: abenmada_multi_factor_authentication_plugin_shop_user_login_check access_control: # This makes the logout route accessible during two-factor authentication. Allows the user to cancel two-factor authentication, if they need to. - { path: ^/logout, role: IS_AUTHENTICATED_ANONYMOUSLY } # This ensures that the form can only be accessed when two-factor authentication is in progress. - { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS }
Add a new tab in templates/bundles/SyliusAdminBundle/Layout/_security.html.twig
file (if it doesn't exist, customize it) :
<a href="{{ path('abenmada_multi_factor_authentication_plugin_admin_user_enable', {'id': app.user.id}) }}" class="item"> <i class="shield icon"></i> {{ 'abenmada_multi_factor_authentication_plugin.ui.multi_factor_authentication'|trans }} </a>
Customize the account menu :
<?php declare(strict_types=1); namespace App\Menu\Listener; use Sylius\Bundle\UiBundle\Menu\Event\MenuBuilderEvent; final class AccountMenuListener { public function invoke(MenuBuilderEvent $event): void { $menu = $event->getMenu(); $menu ->addChild('multiFactorAuthentication', ['route' => 'sylius_shop_account_abenmada_multi_factor_authentication_plugin_shop_user_enable']) ->setLabel('abenmada_multi_factor_authentication_plugin.ui.multi_factor_authentication') ->setLabelAttribute('icon', 'shield'); } }
services: app.listener.account_menu: class: App\Menu\Listener\AccountMenuListener tags: - { name: kernel.event_listener, event: sylius.menu.shop.account, method: invoke }
Update the entity src/Entity/User/AdminUser.php
:
<?php declare(strict_types=1); namespace App\Entity\User; use Abenmada\MultiFactorAuthenticationPlugin\Model\MultiFactorAuthenticationTrait; use Doctrine\ORM\Mapping as ORM; use Scheb\TwoFactorBundle\Model\Google\TwoFactorInterface; use Sylius\Component\Core\Model\AdminUser as BaseAdminUser; /** * @ORM\Entity * @ORM\Table(name="sylius_admin_user") */ #[ORM\Entity] #[ORM\Table(name: 'sylius_admin_user')] class AdminUser extends BaseAdminUser implements TwoFactorInterface { use MultiFactorAuthenticationTrait; public function getGoogleAuthenticatorUsername(): string { return $this->getEmail() ?: ''; } }
Update the entity src/Entity/User/ShopUser.php
:
<?php declare(strict_types=1); namespace App\Entity\User; use Abenmada\MultiFactorAuthenticationPlugin\Model\MultiFactorAuthenticationTrait; use Doctrine\ORM\Mapping as ORM; use Scheb\TwoFactorBundle\Model\Google\TwoFactorInterface; use Sylius\Component\Core\Model\ShopUser as BaseShopUser; /** * @ORM\Entity * @ORM\Table(name="sylius_shop_user") */ #[ORM\Entity] #[ORM\Table(name: 'sylius_shop_user')] class ShopUser extends BaseShopUser implements TwoFactorInterface { use MultiFactorAuthenticationTrait; public function getGoogleAuthenticatorUsername(): string { return $this->getEmail() ?: ''; } }
Run the migration :
bin/console doctrine:migrations:migrate
Install the assets :
bin/console assets:install --ansi