Skip to content

Commit

Permalink
Wire clock for totp factories
Browse files Browse the repository at this point in the history
Not passing the clock is deprecated
  • Loading branch information
norkunas authored and scheb committed Jun 18, 2024
1 parent 43051f8 commit 45b730b
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 9 deletions.
2 changes: 2 additions & 0 deletions src/bundle/Resources/config/two_factor_provider_google.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Google\GoogleAuthenticatorTwoFactorProvider;
use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Google\GoogleTotpFactory;
use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
use Symfony\Component\DependencyInjection\Loader\Configurator\ReferenceConfigurator;
use function Symfony\Component\DependencyInjection\Loader\Configurator\service;

return static function (ContainerConfigurator $container): void {
Expand All @@ -18,6 +19,7 @@
'%scheb_two_factor.google.server_name%',
'%scheb_two_factor.google.issuer%',
'%scheb_two_factor.google.digits%',
(new ReferenceConfigurator('clock'))->nullOnInvalid(),
])

->set('scheb_two_factor.security.google_authenticator', GoogleAuthenticator::class)
Expand Down
2 changes: 2 additions & 0 deletions src/bundle/Resources/config/two_factor_provider_totp.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Totp\TotpAuthenticatorTwoFactorProvider;
use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Totp\TotpFactory;
use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
use Symfony\Component\DependencyInjection\Loader\Configurator\ReferenceConfigurator;
use function Symfony\Component\DependencyInjection\Loader\Configurator\service;

return static function (ContainerConfigurator $container): void {
Expand All @@ -19,6 +20,7 @@
'%scheb_two_factor.totp.server_name%',
'%scheb_two_factor.totp.issuer%',
'%scheb_two_factor.totp.parameters%',
(new ReferenceConfigurator('clock'))->nullOnInvalid(),
])

->set('scheb_two_factor.security.totp_authenticator', TotpAuthenticator::class)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@

use OTPHP\TOTP;
use OTPHP\TOTPInterface;
use Psr\Clock\ClockInterface;
use ReflectionClass;
use Scheb\TwoFactorBundle\Model\Google\TwoFactorInterface;
use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Exception\TwoFactorProviderLogicException;
use function strlen;
Expand All @@ -19,6 +21,7 @@ public function __construct(
private readonly string|null $server,
private readonly string|null $issuer,
private readonly int $digits,
private readonly ClockInterface|null $clock = null,
) {
}

Expand All @@ -29,8 +32,13 @@ public function createTotpForUser(TwoFactorInterface $user): TOTPInterface
throw new TwoFactorProviderLogicException('Cannot initialize TOTP, no secret code provided.');
}

/** @psalm-suppress ArgumentTypeCoercion */
$totp = TOTP::create($secret, 30, 'sha1', $this->digits);
if ((new ReflectionClass(TOTP::class))->hasProperty('clock')) {
/** @psalm-suppress ArgumentTypeCoercion */
$totp = TOTP::create($secret, 30, 'sha1', $this->digits, clock: $this->clock);
} else {
/** @psalm-suppress ArgumentTypeCoercion */
$totp = TOTP::create($secret, 30, 'sha1', $this->digits);
}

$userAndHost = $user->getGoogleAuthenticatorUsername().(null !== $this->server && $this->server ? '@'.$this->server : '');
$totp->setLabel($userAndHost);
Expand Down
28 changes: 21 additions & 7 deletions src/totp/Security/TwoFactor/Provider/Totp/TotpFactory.php
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@

use OTPHP\TOTP;
use OTPHP\TOTPInterface;
use Psr\Clock\ClockInterface;
use ReflectionClass;
use Scheb\TwoFactorBundle\Model\Totp\TwoFactorInterface;
use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Exception\TwoFactorProviderLogicException;
use function strlen;
Expand All @@ -22,6 +24,7 @@ public function __construct(
private readonly string|null $server,
private readonly string|null $issuer,
private readonly array $customParameters,
private readonly ClockInterface|null $clock = null,
) {
}

Expand All @@ -37,13 +40,24 @@ public function createTotpForUser(TwoFactorInterface $user): TOTPInterface
throw new TwoFactorProviderLogicException('Cannot initialize TOTP, no secret code provided.');
}

/** @psalm-suppress ArgumentTypeCoercion */
$totp = TOTP::create(
$secret,
$totpConfiguration->getPeriod(),
$totpConfiguration->getAlgorithm(),
$totpConfiguration->getDigits(),
);
if ((new ReflectionClass(TOTP::class))->hasProperty('clock')) {
/** @psalm-suppress ArgumentTypeCoercion */
$totp = TOTP::create(
$secret,
$totpConfiguration->getPeriod(),
$totpConfiguration->getAlgorithm(),
$totpConfiguration->getDigits(),
clock: $this->clock,
);
} else {
/** @psalm-suppress ArgumentTypeCoercion */
$totp = TOTP::create(
$secret,
$totpConfiguration->getPeriod(),
$totpConfiguration->getAlgorithm(),
$totpConfiguration->getDigits(),
);
}

$userAndHost = $user->getTotpAuthenticationUsername().(null !== $this->server && $this->server ? '@'.$this->server : '');
$totp->setLabel($userAndHost);
Expand Down

0 comments on commit 45b730b

Please sign in to comment.