Use the newer scheb/2fa bundle instead of scheb/two_factor_bundle

Currently the U2F auth is broken, as there is no plugin supporting it in the new system
2025-12-26 21:09:31 +00:00 · 2022-08-13 23:33:05 +02:00 · 2022-08-13 23:33:05 +02:00 · 600119276c
commit 600119276c
parent 8e58ad3441
14 changed files with 241 additions and 307 deletions
--- a/config/bundles.php
+++ b/config/bundles.php
@ -19,10 +19,9 @@ return [
    DAMA\DoctrineTestBundle\DAMADoctrineTestBundle::class => ['test' => true],
    Twig\Extra\TwigExtraBundle\TwigExtraBundle::class => ['all' => true],
    Gregwar\CaptchaBundle\GregwarCaptchaBundle::class => ['all' => true],
-    Scheb\TwoFactorBundle\SchebTwoFactorBundle::class => ['all' => true],
-    R\U2FTwoFactorBundle\RU2FTwoFactorBundle::class => ['all' => true],
    Translation\Bundle\TranslationBundle::class => ['all' => true],
    Florianv\SwapBundle\FlorianvSwapBundle::class => ['all' => true],
    Nelmio\SecurityBundle\NelmioSecurityBundle::class => ['all' => true],
    Symfony\UX\Turbo\TurboBundle::class => ['all' => true],
+    Scheb\TwoFactorBundle\SchebTwoFactorBundle::class => ['all' => true],
 ];
--- a/config/packages/r_u2f_two_factor.yaml
+++ b/config/packages/r_u2f_two_factor.yaml
@ -1,4 +1,4 @@
-ru2_f_two_factor:
-  formTemplate: "/security/U2F/u2f_login.html.twig"
-  registerTemplate: "/security/U2F/u2f_register.html.twig"
-  authCodeParameter: _auth_code
+#ru2_f_two_factor:
+#  formTemplate: "/security/U2F/u2f_login.html.twig"
+#  registerTemplate: "/security/U2F/u2f_register.html.twig"
+#  authCodeParameter: _auth_code
--- a/config/packages/scheb_2fa.yaml
+++ b/config/packages/scheb_2fa.yaml
@ -0,0 +1,19 @@
+# See the configuration reference at https://symfony.com/bundles/SchebTwoFactorBundle/5.x/configuration.html
+scheb_two_factor:
+
+    google:
+        enabled: true
+        template: security/2fa_form.html.twig
+
+    backup_codes:
+        enabled: true
+
+    trusted_device:
+        enabled: true
+
+    security_tokens:
+        - Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken
+        # If you're using guard-based authentication, you have to use this one:
+        # - Symfony\Component\Security\Guard\Token\PostAuthenticationGuardToken
+        # If you're using authenticator-based security (introduced in Symfony 5.1), you have to use this one:
+        # - Symfony\Component\Security\Http\Authenticator\Token\PostAuthenticationToken
--- a/config/packages/scheb_two_factor.yaml
+++ b/config/packages/scheb_two_factor.yaml
@ -1,25 +0,0 @@
-# See the configuration reference at https://github.com/scheb/two-factor-bundle/blob/master/Resources/doc/configuration.md
-scheb_two_factor:
-    security_tokens:
-        - Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken
-        # If you're using guard-based authentication, you have to use this one:
-        # - Symfony\Component\Security\Guard\Token\PostAuthenticationGuardToken
-
-    google:
-        enabled: true                   # If Google Authenticator should be enabled, default false
-        server_name: '%partdb.title%'   # Server name used in QR code
-        issuer: 'Part-DB'               # Issuer name used in QR code
-        digits: 6                       # Number of digits in authentication code
-        window: 1                       # How many codes before/after the current one would be accepted as valid
-        template: security/2fa_form.html.twig
-
-    backup_codes:
-        enabled: true  # If the backup code feature should be enabled
-
-    trusted_device:
-        enabled: true                  # If the trusted device feature should be enabled
-        lifetime: 5184000              # Lifetime of the trusted device token
-        extend_lifetime: false         # Automatically extend lifetime of the trusted cookie on re-login
-        cookie_name: trusted_device    # Name of the trusted device cookie
-        cookie_secure: false           # Set the 'Secure' (HTTPS Only) flag on the trusted device cookie
-        cookie_same_site: "lax"        # The same-site option of the cookie, can be "lax" or "strict"
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@ -23,7 +23,7 @@ security:
            two_factor:
                auth_form_path: 2fa_login
                check_path: 2fa_login_check
-                csrf_token_generator: security.csrf.token_manager
+                enable_csrf: true

              # activate different ways to authenticate

--- a/config/routes/scheb_2fa.yaml
+++ b/config/routes/scheb_2fa.yaml
@ -0,0 +1,7 @@
+2fa_login:
+    path: /{_locale}/2fa
+    defaults:
+        _controller: "scheb_two_factor.form_controller::form"
+
+2fa_login_check:
+    path: /{_locale}/2fa_check
--- a/config/routes/scheb_two_factor.yaml
+++ b/config/routes/scheb_two_factor.yaml
@ -1,11 +0,0 @@
-2fa_login:
-    path: /{_locale}/2fa
-    defaults:
-        _controller: "scheb_two_factor.form_controller:form"
-
-2fa_login_check:
-    path: /{_locale}/2fa_check
-
-r_u2f_register:
-    resource: "@RU2FTwoFactorBundle/Resources/config/routing.yml"
-    prefix: /{_locale}/user