abenmada/sylius-multi-factor-authentication-plugin

Multi factor authentication plugin for ShopUser and AdminUser.

Maintainers

Details

github.com/ayman-benmada/Sylius-Multi-Factor-Authentication-Plugin

Source

Issues

Installs: 0

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

Type:sylius-plugin

v1.0.1 2024-05-12 19:23 UTC

Requires

Requires (Dev)

MIT 78f446abd59e969e16ffadc6b25ce555c1dc9b83

  • Ayman BENMADA

symfonye-commercesyliussylius-pluginMulti-Factor-Authentification

This package is auto-updated.

Last update: 2024-05-12 19:33:02 UTC

README

Multi factor authentication plugin for ShopUser and AdminUser

Details

MFA activation on the eshop

presentation photo

MFA verification after login on the eshop

presentation photo

MFA activation on the backoffice

presentation photo

MFA verification after login on the backoffice

presentation photo

Installation

Require plugin with composer :

composer require abenmada/sylius-multi-factor-authentication-plugin

⚠️ Please delete the automatically generated files config/packages/scheb_2fa.yaml and config/routes/scheb_2fa.yaml.

Change your config/bundles.php file to add the line for the plugin :

<?php

return [
    //..
    Abenmada\MultiFactorAuthenticationPlugin\MultiFactorAuthenticationPlugin::class => ['all' => true],
    Scheb\TwoFactorBundle\SchebTwoFactorBundle::class => ['all' => true],
];

Then create the config file in config/packages/abenmada_multi_factor_authentication_plugin.yaml :

imports:
    - { resource: "@MultiFactorAuthenticationPlugin/Resources/config/services.yaml" }

Then import the routes in config/routes/abenmada_multi_factor_authentication_plugin.yaml :

abenmada_multi_factor_authentication_plugin_shop_routing:
    resource: "@MultiFactorAuthenticationPlugin/Resources/config/routes/sylius_shop.yaml"
    prefix: /{_locale}

abenmada_multi_factor_authentication_plugin_admin_routing:
    resource: "@MultiFactorAuthenticationPlugin/Resources/config/routes/sylius_admin.yaml"
    prefix: /%sylius_admin.path_name%

Change your config/services.yaml file :

parameters:
    abenmada_multi_factor_authentication_plugin_issuer: "Fashion Web Store" # Issuer name used in QR code

Change your config/packages/security.yaml file :

security:
    firewalls:
        admin:
            two_factor:
                auth_form_path: abenmada_multi_factor_authentication_plugin_admin_user_login
                check_path: abenmada_multi_factor_authentication_plugin_admin_user_login_check

        shop:
            two_factor:
                auth_form_path: abenmada_multi_factor_authentication_plugin_shop_user_login
                check_path: abenmada_multi_factor_authentication_plugin_shop_user_login_check

    access_control:
        # This makes the logout route accessible during two-factor authentication. Allows the user to cancel two-factor authentication, if they need to.
        - { path: ^/logout, role: IS_AUTHENTICATED_ANONYMOUSLY }

        # This ensures that the form can only be accessed when two-factor authentication is in progress.
        - { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS }

Add a new tab in templates/bundles/SyliusAdminBundle/Layout/_security.html.twig file (if it doesn't exist, customize it) :

<a href="{{ path('abenmada_multi_factor_authentication_plugin_admin_user_enable', {'id': app.user.id}) }}" class="item">
    <i class="shield icon"></i>
    {{ 'abenmada_multi_factor_authentication_plugin.ui.multi_factor_authentication'|trans }}
</a>

Customize the account menu :

<?php

declare(strict_types=1);

namespace App\Menu\Listener;

use Sylius\Bundle\UiBundle\Menu\Event\MenuBuilderEvent;

final class AccountMenuListener
{
    public function invoke(MenuBuilderEvent $event): void
    {
        $menu = $event->getMenu();

        $menu
            ->addChild('multiFactorAuthentication', ['route' => 'sylius_shop_account_abenmada_multi_factor_authentication_plugin_shop_user_enable'])
            ->setLabel('abenmada_multi_factor_authentication_plugin.ui.multi_factor_authentication')
            ->setLabelAttribute('icon', 'shield');
    }
}
services:
    app.listener.account_menu:
        class: App\Menu\Listener\AccountMenuListener
        tags:
            - { name: kernel.event_listener, event: sylius.menu.shop.account, method: invoke }

Update the entity src/Entity/User/AdminUser.php :

<?php

declare(strict_types=1);

namespace App\Entity\User;

use Abenmada\MultiFactorAuthenticationPlugin\Model\MultiFactorAuthenticationTrait;
use Doctrine\ORM\Mapping as ORM;
use Scheb\TwoFactorBundle\Model\Google\TwoFactorInterface;
use Sylius\Component\Core\Model\AdminUser as BaseAdminUser;

/**
 * @ORM\Entity
 * @ORM\Table(name="sylius_admin_user")
 */
#[ORM\Entity]
#[ORM\Table(name: 'sylius_admin_user')]
class AdminUser extends BaseAdminUser implements TwoFactorInterface
{
    use MultiFactorAuthenticationTrait;

    public function getGoogleAuthenticatorUsername(): string
    {
        return $this->getEmail() ?: '';
    }
}

Update the entity src/Entity/User/ShopUser.php :

<?php

declare(strict_types=1);

namespace App\Entity\User;

use Abenmada\MultiFactorAuthenticationPlugin\Model\MultiFactorAuthenticationTrait;
use Doctrine\ORM\Mapping as ORM;
use Scheb\TwoFactorBundle\Model\Google\TwoFactorInterface;
use Sylius\Component\Core\Model\ShopUser as BaseShopUser;

/**
 * @ORM\Entity
 * @ORM\Table(name="sylius_shop_user")
 */
#[ORM\Entity]
#[ORM\Table(name: 'sylius_shop_user')]
class ShopUser extends BaseShopUser implements TwoFactorInterface
{
    use MultiFactorAuthenticationTrait;

    public function getGoogleAuthenticatorUsername(): string
    {
        return $this->getEmail() ?: '';
    }
}

Run the migration :

bin/console doctrine:migrations:migrate

Install the assets :

bin/console assets:install --ansi