feat: Add TOTP double authentication

thomasage · thomasage · commit 9b51a74e2091 · 2025-03-08T06:53:40.000-05:00
diff --git a/ROADMAP.md b/ROADMAP.md
@@ -4,4 +4,3 @@
 * Add mutation testing
 * Add reset password
 * Upgrade to PHP 8.4
-* Restore 2FA by email (allow TOTP and email)
diff --git a/migrations/Version20250308115237.php b/migrations/Version20250308115237.php
@@ -0,0 +1,16 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DoctrineMigrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+final class Version20250308115237 extends AbstractMigration
+{
+    public function up(Schema $schema): void
+    {
+        $this->addSql('ALTER TABLE user DROP two_factors_authentication_email_enabled, DROP two_factors_authentication_email_code');
+    }
+}
diff --git a/src/Entity/User.php b/src/Entity/User.php
@@ -6,21 +6,19 @@
 
 use App\Repository\UserRepository;
 use Doctrine\ORM\Mapping as ORM;
-use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface as TwoFactorInterfaceEmail;
 use Scheb\TwoFactorBundle\Model\Totp\TotpConfiguration;
 use Scheb\TwoFactorBundle\Model\Totp\TotpConfigurationInterface;
 use Scheb\TwoFactorBundle\Model\Totp\TwoFactorInterface as TwoFactorInterfaceTotp;
 use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Uid\Uuid;
 use DateTimeImmutable;
-use LogicException;
 
 #[ORM\Entity(repositoryClass: UserRepository::class)]
 #[ORM\Table(name: '`user`')]
 #[ORM\UniqueConstraint(name: 'UNIQ_IDENTIFIER_UUID', fields: ['uuid'])]
 #[ORM\UniqueConstraint(name: 'UNIQ_IDENTIFIER_EMAIL', fields: ['email'])]
-class User implements PasswordAuthenticatedUserInterface, TwoFactorInterfaceEmail, TwoFactorInterfaceTotp, UserInterface
+class User implements PasswordAuthenticatedUserInterface, TwoFactorInterfaceTotp, UserInterface
 {
     #[ORM\Id]
     #[ORM\GeneratedValue]
@@ -45,15 +43,9 @@ class User implements PasswordAuthenticatedUserInterface, TwoFactorInterfaceEmai
     #[ORM\Column(nullable: true)]
     private ?DateTimeImmutable $lastLoginAt = null;
 
-    #[ORM\Column]
-    private bool $twoFactorsAuthenticationEmailEnabled = false;
-
     #[ORM\Column]
     private bool $twoFactorsAuthenticationTotpEnabled = false;
 
-    #[ORM\Column(nullable: true)]
-    private ?string $twoFactorsAuthenticationEmailCode = null;
-
     #[ORM\Column(nullable: true)]
     private ?string $twoFactorsAuthenticationTotpSecret = null;
 
@@ -143,15 +135,6 @@ public function setLastLoginAt(): self
         return $this;
     }
 
-    public function getEmailAuthCode(): ?string
-    {
-        if (null === $this->twoFactorsAuthenticationEmailCode) {
-            throw new LogicException('The email authentication code was not set');
-        }
-
-        return $this->twoFactorsAuthenticationEmailCode;
-    }
-
     public function isTotpAuthenticationEnabled(): bool
     {
         return $this->twoFactorsAuthenticationTotpEnabled && null !== $this->twoFactorsAuthenticationTotpSecret;
@@ -176,21 +159,6 @@ public function getTotpAuthenticationConfiguration(): ?TotpConfigurationInterfac
         );
     }
 
-    public function hasTwoFactorsAuthentication(): bool
-    {
-        return $this->twoFactorsAuthenticationEmailEnabled;
-    }
-
-    public function getEmailAuthRecipient(): string
-    {
-        return $this->email;
-    }
-
-    public function setEmailAuthCode(string $authCode): void
-    {
-        $this->twoFactorsAuthenticationEmailCode = $authCode;
-    }
-
     public function setTwoFactorsAuthenticationTotpSecret(?string $secret): self
     {
         $this->twoFactorsAuthenticationTotpSecret = $secret;
@@ -208,9 +176,4 @@ public function enableTwoFactorsAuthenticationTotp(): void
     {
         $this->twoFactorsAuthenticationTotpEnabled = true;
     }
-
-    public function enableTwoFactorsAuthenticationEmail(): void
-    {
-        $this->twoFactorsAuthenticationEmailEnabled = true;
-    }
 }
diff --git a/tests/Entity/UserTest.php b/tests/Entity/UserTest.php
@@ -8,7 +8,6 @@
 use PHPUnit\Framework\Attributes\CoversClass;
 use PHPUnit\Framework\TestCase;
 use Scheb\TwoFactorBundle\Model\Totp\TotpConfiguration;
-use LogicException;
 
 #[CoversClass(User::class)]
 final class UserTest extends TestCase
@@ -32,15 +31,6 @@ public function testShouldSupportUserProperties(): void
         self::assertSame(['ROLE_GUEST', 'ROLE_USER'], $user->getRoles());
     }
 
-    public function testShouldThrowAnExceptionWithoutEmailAuthCode(): void
-    {
-        $user = new User();
-
-        $this->expectException(LogicException::class);
-
-        $user->getEmailAuthCode();
-    }
-
     public function testShouldEnableTwoFactorsAuthenticationTotp(): void
     {
         $user = new User();
@@ -69,16 +59,4 @@ public function testShouldDisableTwoFactorsAuthenticationTotp(): void
         self::assertFalse($user->isTotpAuthenticationEnabled());
         self::assertNull($totpConfiguration);
     }
-
-    public function testShouldEnableTwoFactorsAuthenticationEmail(): void
-    {
-        $user = new User();
-        $user->setEmail('test@test.com');
-        $user->setEmailAuthCode('test');
-        $user->enableTwoFactorsAuthenticationEmail();
-
-        self::assertTrue($user->hasTwoFactorsAuthentication());
-        self::assertSame('test@test.com', $user->getEmailAuthRecipient());
-        self::assertSame('test', $user->getEmailAuthCode());
-    }
 }
