双因素身份验证的自定义条件

编辑此页

在您的应用中，当执行双因素身份验证时，您可能需要超出 bundle 自动执行操作的额外要求。在这种情况下，您需要实现 \Scheb\TwoFactorBundle\Security\TwoFactor\Condition\TwoFactorConditionInterface

        1
2
3
4
5
6
7
8
9
10
11
12
        <?php

use Scheb\TwoFactorBundle\Security\TwoFactor\AuthenticationContextInterface;
use Scheb\TwoFactorBundle\Security\TwoFactor\Condition\TwoFactorConditionInterface;

class MyTwoFactorCondition implements TwoFactorConditionInterface
{
    public function shouldPerformTwoFactorAuthentication(AuthenticationContextInterface $context): bool
    {
        // Your conditions here
    }
}
    

将其注册为服务并配置服务名称

        1
2
3
        # config/packages/scheb_2fa.yaml
scheb_two_factor:
    two_factor_condition: acme.custom_two_factor_condition
    

绕过双因素身份验证

如果您只是希望为特定的身份验证器绕过 2fa，则在安全令牌上设置 TwoFactorAuthenticator::FLAG_2FA_COMPLETE 属性即可实现此目的。

例如，如果您正在构建自定义身份验证器，则当使用该身份验证器时，这将绕过 2fa

        1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
        <?php

namespace Acme\Demo;

use Scheb\TwoFactorBundle\Security\Http\Authenticator\TwoFactorAuthenticator;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
use Symfony\Component\Security\Http\Authenticator\Passport\Passport;

class MyAuthenticator extends AbstractAuthenticator
{
    public function createToken(Passport $passport, string $firewallName): TokenInterface
    {
        $token = parent::createAuthenticatedToken($passport, $firewallName);

        // Set this to bypass 2fa for this authenticator
        $token->setAttribute(TwoFactorAuthenticator::FLAG_2FA_COMPLETE, true);

        return $token;
    }

    // ...
}
    

这项工作，包括代码示例，根据 Creative Commons BY-SA 3.0 许可获得许可。

版本