Merge pull request #32 from ConnectHolland/add_configuration

add configuration options to remember device

.gitignore

@@ -1,6 +1,7 @@
 composer.phar
-.php_cs.cache
+.php-cs-fixer.cache
 /vendor/
+.idea
 
 # Commit your application's lock file https://getcomposer.org/doc/01-basic-usage.md#commit-your-composer-lock-file-to-version-control
 # You may choose to ignore a library lock file http://getcomposer.org/doc/02-libraries.md#lock-file

.php_cs.dist → .php-cs-fixer.dist.php

@@ -1,22 +1,23 @@
 <?php
-return PhpCsFixer\Config::create()
+$config = new PhpCsFixer\Config();
+$config
     ->setRules([
         '@Symfony'               => true,
         'ordered_imports'        => true,
-        'psr0'                   => false,
         'yoda_style'             => true,
         'phpdoc_order'           => true,
         'array_syntax'           => [
             'syntax' => 'short',
         ],
-        'binary_operator_spaces' => [
-            'align_equals'       => true,
-            'align_double_arrow' => true,
-        ],
-        'header_comment'         => [
+        'binary_operator_spaces' =>
+            ['operators' => [
+                '=>' => 'align_single_space_minimal',
+                '=' => 'align_single_space_minimal'
+            ]],
+        'header_comment' => [
             'header' => <<<EOH
 This file is part of the Connect Holland Secure JWT package and distributed under the terms of the MIT License.
-Copyright (c) 2020 Connect Holland.
+Copyright (c) 2020-2021 Connect Holland.
 EOH
                 ,
             ]
@@ -27,3 +28,5 @@
             __DIR__.'/tests'
         ]
     ));
+
+return $config;

README.md

@@ -217,5 +217,28 @@ If correct you'll receive:
 
 The response headers will include a secure cookie containing the JWT token to allow future authenticated calls.
 
+## 2FA Remember this device
+
+The remember device functionality allows users to skip the 2fa for a configurable amount of days. The default configuration is set to false, which means it doesn't set a REMEMBER_DEVICE cookie after logging in.
+The default amount of days is set to 30.
+
+To configure:
+
+
+In the config/packages folder of the root project create a new file called:
+`connect_holland_secure_jwt.yaml`
+
+In this file the configuration can be set:
+
+```yaml
+connect_holland_secure_jwt:
+  is_remembered: true
+  expiry_days: 14
+```
+
+As mentioned before, after logging in a REMEMBER_DEVICE cookie will be set. It will contain a unix expiry time and the email of the user.
+
+Besides placing the cookie it will be persisted in the: `secure_jwt_remember_device_token` table. This entity can be found in `src/Entity/RememberDeviceToken.php`
+
 ## Recover codes
 You can retrieve recovery codes for 2FA which allow you to reset 2FA. If a valid recovery code is entered as `challenge`, 2FA will be reset and you'll get a QR code response. 

Resources/config/services.yaml

@@ -9,9 +9,22 @@ services:
 
     ConnectHolland\SecureJWTBundle\:
         resource: '../../src/{EventSubscriber,Handler,Security}'
-        exclude: '../../src/Security/Http/Authentication/Authentication{Failure,Success}Handler.php'
+        exclude: '../../src/Security/Http/Authentication/AuthenticationFailureHandler.php'
 
     ConnectHolland\SecureJWTBundle\Swagger\LoginDecorator:
         decorates: 'api_platform.swagger.normalizer.api_gateway'
         arguments: [ '@ConnectHolland\SecureJWTBundle\Swagger\LoginDecorator.inner' ]
         autoconfigure: false
+
+    ConnectHolland\SecureJWTBundle\Security\Http\Authentication\AuthenticationSuccessHandler:
+        arguments:
+            $sameSite: '%env(default:cookie_same_site_default:JWT_COOKIE_SAMESITE)%'
+            $successHandler: '@Lexik\Bundle\JWTAuthenticationBundle\Security\Http\Authentication\AuthenticationSuccessHandler'
+            $rememberDeviceResolver: '@ConnectHolland\SecureJWTBundle\Resolver\RememberDeviceResolver'
+
+
+    ConnectHolland\SecureJWTBundle\Resolver\RememberDeviceResolver:
+        public: true
+        arguments:
+            $configuration: []
+

Resources/config/services_security.yaml

@@ -2,28 +2,28 @@ parameters:
   cookie_same_site_default: 'strict'
 
 services:
-    ConnectHolland\SecureJWTBundle\Security\Http\Authentication\AuthenticationFailureHandler:
-        decorates: 'lexik_jwt_authentication.handler.authentication_failure'
-        arguments:
-            $failureHandler: '@ConnectHolland\SecureJWTBundle\Security\Http\Authentication\AuthenticationFailureHandler.inner'
-            $dispatcher: '@event_dispatcher'
-        autoconfigure: false
-        autowire: false
+  ConnectHolland\SecureJWTBundle\Security\Http\Authentication\AuthenticationFailureHandler:
+    decorates: 'lexik_jwt_authentication.handler.authentication_failure'
+    arguments:
+      $failureHandler: '@ConnectHolland\SecureJWTBundle\Security\Http\Authentication\AuthenticationFailureHandler.inner'
+      $dispatcher: '@event_dispatcher'
+    autoconfigure: false
+    autowire: false
 
-    ConnectHolland\SecureJWTBundle\Security\Http\Authentication\AuthenticationSuccessHandler:
-        decorates: 'lexik_jwt_authentication.handler.authentication_success'
-        arguments:
-            $successHandler: '@ConnectHolland\SecureJWTBundle\Security\Http\Authentication\AuthenticationSuccessHandler.inner'
-            $jwtEncoder: '@Lexik\Bundle\JWTAuthenticationBundle\Encoder\JWTEncoderInterface'
-            $sameSite: '%env(default:cookie_same_site_default:JWT_COOKIE_SAMESITE)%'
-        autoconfigure: false
-        autowire: false
+  ConnectHolland\SecureJWTBundle\Security\Http\Authentication\AuthenticationSuccessHandler:
+    decorates: 'lexik_jwt_authentication.handler.authentication_success'
+    arguments:
+      $successHandler: '@ConnectHolland\SecureJWTBundle\Security\Http\Authentication\AuthenticationSuccessHandler.inner'
+      $jwtEncoder: '@Lexik\Bundle\JWTAuthenticationBundle\Encoder\JWTEncoderInterface'
+      $sameSite: '%env(default:cookie_same_site_default:JWT_COOKIE_SAMESITE)%'
+    autoconfigure: false
+    autowire: false
 
-    connectholland.secure_jwt.two_factor_jwt.listener:
-        class: ConnectHolland\SecureJWTBundle\Security\Firewall\TwoFactorJWTListener
-        parent: security.authentication.listener.abstract
-        abstract: true
+  connectholland.secure_jwt.two_factor_jwt.listener:
+    class: ConnectHolland\SecureJWTBundle\Security\Firewall\TwoFactorJWTListener
+    parent: security.authentication.listener.abstract
+    abstract: true
 
-    connectholland.secure_jwt.two_factor_jwt.provider:
-        class: ConnectHolland\SecureJWTBundle\Security\Http\Authentication\Provider\TwoFactorJWTProvider
-        autowire: true
+  connectholland.secure_jwt.two_factor_jwt.provider:
+    class: ConnectHolland\SecureJWTBundle\Security\Http\Authentication\Provider\TwoFactorJWTProvider
+    autowire: true

composer.json

@@ -13,7 +13,8 @@
         "api-platform/core": "^2.5",
         "scheb/two-factor-bundle": "^4.16",
         "endroid/qr-code-bundle": "^3.4",
-        "friendsofsymfony/rest-bundle": "^3.0"
+        "friendsofsymfony/rest-bundle": "^3.0",
+        "laminas/laminas-zendframework-bridge": "^1.4"
     },
     "autoload": {
         "psr-4": {

src/ConnectHollandSecureJWTBundle.php

@@ -2,7 +2,7 @@
 
 /*
  * This file is part of the Connect Holland Secure JWT package and distributed under the terms of the MIT License.
- * Copyright (c) 2020 Connect Holland.
+ * Copyright (c) 2020-2021 Connect Holland.
  */
 
 namespace ConnectHolland\SecureJWTBundle;

src/DTO/GeneratedCodes.php

@@ -2,7 +2,7 @@
 
 /*
  * This file is part of the Connect Holland Secure JWT package and distributed under the terms of the MIT License.
- * Copyright (c) 2020 Connect Holland.
+ * Copyright (c) 2020-2021 Connect Holland.
  */
 
 namespace ConnectHolland\SecureJWTBundle\DTO;

src/DependencyInjection/Configuration.php

@@ -0,0 +1,37 @@
+<?php
+
+/*
+ * This file is part of the Connect Holland Secure JWT package and distributed under the terms of the MIT License.
+ * Copyright (c) 2020-2021 Connect Holland.
+ */
+
+namespace ConnectHolland\SecureJWTBundle\DependencyInjection;
+
+use Symfony\Component\Config\Definition\Builder\TreeBuilder;
+use Symfony\Component\Config\Definition\ConfigurationInterface;
+
+class Configuration implements ConfigurationInterface
+{
+    public const CONFIG_ROOT_KEY = 'connect_holland_secure_jwt';
+
+    public function getConfigTreeBuilder(): TreeBuilder
+    {
+        $treeBuilder = new TreeBuilder(self::CONFIG_ROOT_KEY);
+        $rootNode    = $treeBuilder->getRootNode();
+
+        $rootNode
+            ->children()
+                ->booleanNode('is_remembered')
+                    ->defaultFalse()
+                ->end()
+                ->integerNode('expiry_days')
+                    ->min(0)
+                    ->defaultValue(30)
+                ->end()
+            ->end()
+            ->end()
+        ;
+
+        return $treeBuilder;
+    }
+}

src/DependencyInjection/ConnectHollandSecureJWTExtension.php

@@ -2,11 +2,12 @@
 
 /*
  * This file is part of the Connect Holland Secure JWT package and distributed under the terms of the MIT License.
- * Copyright (c) 2020 Connect Holland.
+ * Copyright (c) 2020-2021 Connect Holland.
  */
 
 namespace ConnectHolland\SecureJWTBundle\DependencyInjection;
 
+use ConnectHolland\SecureJWTBundle\Resolver\RememberDeviceResolver;
 use Symfony\Component\Config\FileLocator;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Extension\Extension;
@@ -16,10 +17,16 @@ class ConnectHollandSecureJWTExtension extends Extension
 {
     public function load(array $configs, ContainerBuilder $container): void
     {
+        $configuration = new Configuration();
+        $config        = $this->processConfiguration($configuration, $configs);
+
         $loader = new YamlFileLoader(
             $container,
             new FileLocator(__DIR__.'/../../Resources/config')
         );
         $loader->load('services.yaml');
+
+        $rememberDeviceResolver = $container->getDefinition(RememberDeviceResolver::class);
+        $rememberDeviceResolver->replaceArgument('$configuration', $config);
     }
 }