scheb / two-factor-bundle

[ABANDONED] Two-factor authentication for Symfony 2 & 3 applications 🔐. Please use the newer versions from https://github.com/scheb/2fa.
https://github.com/scheb/2fa
MIT License
385 stars 111 forks source link

Resent email authentication code #284

Closed faizan944 closed 4 years ago

faizan944 commented 4 years ago

@scheb I am using your two step verification package. Can you please tell me is there any way to resend email authentication code? Suppose I am on /2fa page and I make a button called "resend code" Is these any way to integrate that feature. I am using symfony 3.4

scheb commented 4 years ago

The current email authentication code is persisted on your user entity. Build a controller action that reads it from the user entity and sends another email.

faizan944 commented 4 years ago

@scheb Thank you for your prompt response. I want to resend the new code not the generated one. And when I try to make controller and import twofactorinterface class in constructor it show me an error "that object is null" Can you please tell me how to regenerate code? How can I access the current user in controller

scheb commented 4 years ago

Why would you want to generate a new authentication code? It won't be any better than the code that has already been sent, the one that's persisted on the user entity.

I mean, we could definitly do it somehow, but it would be much more complex than just sending the code that's currently valid.

How to get the current user: https://symfony.com/doc/current/security.html#retrieving-the-user-object

faizan944 commented 4 years ago

Thank you @scheb I already tried to get user using $this->getUser() but it return empty object. I think the reason is we get user only after full authentication but on /2fa we are partially authenticated so is there any alternate way to get user? Do I need to configure firewall?

scheb commented 4 years ago

Yea, could be the reason that Symfony internals are somehow blocking the unauthenticated user being returned. The other thing you can do is injecting TokenStorageInterface, fetch the security token from that service and then fetch the user from that service. Should definitly work, because the bundle internally is also doing this.

faizan944 commented 4 years ago

Thank you @scheb it works One more thing is there any way to expired the code after 30 minutes? Or do I need to handle this manually?

scheb commented 4 years ago

You'd need to handle that somehow manually.

faizan944 commented 4 years ago

Thank you @scheb for your great support.