php LexikJWT和Schab 2FA -进程身份验证密钥出现问题

vs91vp4v  于 2022-11-21  发布在  PHP
关注(0)|答案(1)|浏览(156)

我使用LexikJWT和Schab2FA Bundle,我配置了我的安全如下:

firewalls:
  login:
    pattern: ^/login
    stateless: true
    provider: fos_userbundle
    json_login:
      check_path: /login_check
      username_path: _username
      password_path: _password
      success_handler: App\Application\Module\User\EventHandler\Security\AuthenticationSuccessHandler
      failure_handler: App\Application\Module\User\EventHandler\Security\AuthenticationFailureHandler
    user_checker: App\Application\Module\User\EventListener\Security\UserChecker
    two_factor:
      prepare_on_login: true
  main:
    pattern: ^/
    provider: fos_userbundle
    stateless: true
    guard:
      authenticators:
        - lexik_jwt_authentication.jwt_token_authenticator
    two_factor:
      check_path: 2fa_login_check
      auth_code_parameter_name: _auth_code
      authentication_required_handler: App\Application\Module\User\EventHandler\Security\TwoFactorAuthenticationRequiredHandler
      failure_handler: App\Application\Module\User\EventHandler\Security\TwoFactorAuthenticationFailureHandler
      success_handler: App\Application\Module\User\EventHandler\Security\TwoFactorAuthenticationSuccessHandler

方案_2fa:

# See the configuration reference at https://symfony.com/bundles/SchebTwoFactorBundle/6.x/configuration.html
scheb_two_factor:
    security_tokens:
        - Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken
    email:
        enabled: true
        digits: 6
        mailer: App\Application\Module\User\Service\Auth\AuthCodeMailer

lexik_jwt_身份验证:

lexik_jwt_authentication:
    private_key_path: '%jwt_private_key_path%'
    public_key_path:  '%jwt_public_key_path%'
    pass_phrase:      '%jwt_key_pass_phrase%'
    token_ttl:        '%jwt_token_ttl%'
    token_extractors:
        cookie:
            enabled: true
            name: shbee

问题是,因为当我想确认我的授权码时,我得到了一个错误,如:

User is not in a two-factor authentication process.

因为对象令牌是

Lexik\Bundle\JWTAuthenticationBundle\Security\Authentication\Token\JWTUserToken

不适用

use Scheb\TwoFactorBundle\Security\Authentication\Token\TwoFactorTokenInterface;

我转储了对象令牌类,我试图更改2schab的配置。可能我必须配置一些通过令牌授权用户的东西,但我真的不知道是什么

s5a0g9ez

s5a0g9ez1#

我有同样的问题,我修复了它,这是我的代码
我的防火墙

login:
    pattern:  ^/api/user/login
    stateless: false
    anonymous: true
        two_factor:
            prepare_on_login: true
            prepare_on_access_denied: true
            auth_form_path: 2fa_login    # /api/user/login/2fa
            check_path: 2fa_login_check # /api/user/login/2fa_check
            post_only: true 
            authentication_required_handler: app.two_factor_authentication_handler_required
            success_handler: app.two_factor_authentication_success_handler
            failure_handler: app.two_factor_authentication_failure_handler
            auth_code_parameter_name: data.authCode
        json_login:
            username_path:   email
            check_path:      api_login_check  ## /api/user/login/login_check
            success_handler: app.jwt_authentication_success_handler
            #success_handler: lexik_jwt_authentication.handler.authentication_success
            failure_handler: lexik_jwt_authentication.handler.authentication_failure

2fa_check和api_login_check必须与您的模式匹配。
接下来,您将自定义lexik身份验证处理程序success,以中断登录过程。

<?php 
namespace App\Security;
use Scheb\TwoFactorBundle\Security\Authentication\Token\TwoFactorTokenInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Lexik\Bundle\JWTAuthenticationBundle\Security\Http\Authentication\AuthenticationSuccessHandler; 

class JWTAuthenticationSuccessHandler extends AuthenticationSuccessHandler
{
    public function onAuthenticationSuccess(Request $request, TokenInterface $token): Response
    {
        if ($token instanceof TwoFactorTokenInterface) {
            // Return the response to tell the client two-factor authentication is required.
            return new Response('{"login": "success", "success" : false,  "message" : "Complete 2FA Verification to proceed", "code" : 410}');
        }
        return $this->handleAuthenticationSuccess($token->getUser());

   }
}

最后,自定义双因素身份验证处理程序success以在2fa完成时返回令牌。

<?php

namespace App\Security;

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Lexik\Bundle\JWTAuthenticationBundle\Security\Http\Authentication\AuthenticationSuccessHandler; 

class TwoFactorAuthenticationSuccessHandler extends AuthenticationSuccessHandler
{
    public function onAuthenticationSuccess(Request $request, TokenInterface $token): Response
    {
        // Return the response to tell the client that authentication including two-factor
        // authentication is complete now.
        return $this->handleAuthenticationSuccess($token->getUser());
    }
}

更多信息请阅读scheb two factor Api integration文档

相关问题