Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding an event informing system that Email AuthCode has been validated #245

Open
wants to merge 3 commits into
base: 7.x
Choose a base branch
from

Conversation

mdzwigaladp
Copy link

@mdzwigaladp mdzwigaladp commented Sep 5, 2024

New Feature: Dispatching an Event when Email AuthCode is successfully validated.

Motivation: In the use case we are working on, it would be useful to subscribe to an event that would inform our component that the code that has been sent via an email has been successfully validated.

Why it's a good idea to solve it this way?: Using events is a common practice to solving this kind of problems while maintaining proper separation of concerns and obeying open-closed principle. This event doesn't contain any excess data: Just an email of the validated user and a descriptive name, that's it.

@mdzwigaladp mdzwigaladp mentioned this pull request Sep 5, 2024
@chaours
Copy link

chaours commented Oct 5, 2024

I would like make the same when it's a Backup Code that has been used. Thanks for the example :) I will do a PR like yours.

@scheb
Copy link
Owner

scheb commented Oct 5, 2024

If we add this for the email provider, it would make sense to add it for the Google Authenticator and TOTP provider as well.

But instead of adding an event for each provider, I'd rather add a generic event for code validation, which is dispatched in https://github.com/scheb/2fa/blob/7.x/src/bundle/Security/Http/EventListener/CheckTwoFactorCodeListener.php

For a backup code event, it should be its own event and dispatched here:
https://github.com/scheb/2fa/blob/7.x/src/backup-code/Security/Http/EventListener/CheckBackupCodeListener.php

@chaours
Copy link

chaours commented Oct 5, 2024

Thanks for your tips. I have to fork the repo before send you a PR ?

@scheb
Copy link
Owner

scheb commented Oct 5, 2024

Yes, for making a PR you have to fork first.

@chaours
Copy link

chaours commented Oct 5, 2024 via email

@mdzwigaladp
Copy link
Author

Hey @scheb thank you for your input!
I like the idea to adding this kind of event into the other providers.

About the generic events - I think that it would be better to keep them as a separate events. Various type of providers may contain different metadata (let's say - sms can have information about phone number that can be used) and with explicit events we can have explicit methods providing this information and making use of strong typing - instead of relying for example on some kind of metadata non-typed array. These would be provider-specific events, giving more intel about the process, not like a 'core' event - which are already there.

WDYT?

@scheb
Copy link
Owner

scheb commented Oct 12, 2024

Okay, fair enough, I see the point with different metadata. So from my end, we could go with different event classes. Under these conditions it also makes sense to put the code into the validateAuthenticationCode method, since this is the method all providers have to check their codes.

My main request would be, that we do it for all 2fa providers and not just for a single one :)

In general, I'd add $user and $code as event properties, since these are coming as parameters of the validateAuthenticationCode method, and adding the code would make it is possible to check which code specifically was consumed.

I'd lean towards having an abstract event class on the bundle level, that comes with the default properties for user and code. Then providers can extend from that it to add their own additional properties.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants