-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding an event informing system that Email AuthCode has been validated #245
base: 7.x
Are you sure you want to change the base?
Conversation
2c44403
to
4ba8156
Compare
I would like make the same when it's a Backup Code that has been used. Thanks for the example :) I will do a PR like yours. |
If we add this for the email provider, it would make sense to add it for the Google Authenticator and TOTP provider as well. But instead of adding an event for each provider, I'd rather add a generic event for code validation, which is dispatched in https://github.com/scheb/2fa/blob/7.x/src/bundle/Security/Http/EventListener/CheckTwoFactorCodeListener.php For a backup code event, it should be its own event and dispatched here: |
Thanks for your tips. I have to fork the repo before send you a PR ? |
Yes, for making a PR you have to fork first. |
Ok. I will do it in hours. Thanks !
|
Hey @scheb thank you for your input! About the generic events - I think that it would be better to keep them as a separate events. Various type of providers may contain different metadata (let's say - sms can have information about phone number that can be used) and with explicit events we can have explicit methods providing this information and making use of strong typing - instead of relying for example on some kind of WDYT? |
Okay, fair enough, I see the point with different metadata. So from my end, we could go with different event classes. Under these conditions it also makes sense to put the code into the My main request would be, that we do it for all 2fa providers and not just for a single one :) In general, I'd add I'd lean towards having an abstract event class on the bundle level, that comes with the default properties for user and code. Then providers can extend from that it to add their own additional properties. |
New Feature: Dispatching an Event when Email AuthCode is successfully validated.
Motivation: In the use case we are working on, it would be useful to subscribe to an event that would inform our component that the code that has been sent via an email has been successfully validated.
Why it's a good idea to solve it this way?: Using events is a common practice to solving this kind of problems while maintaining proper separation of concerns and obeying open-closed principle. This event doesn't contain any excess data: Just an email of the validated user and a descriptive name, that's it.