new: usr: implement the 2FA authentication (TOTP and backup codes) #4

2026-04-12 17:55:57 +02:00
parent 0144a3953c
commit fb8a54f687
23 changed files with 1603 additions and 266 deletions
--- a/src/Controller/SecurityController.php
+++ b/src/Controller/SecurityController.php
@@ -55,17 +55,17 @@ class SecurityController extends AbstractController
    }

    #[Route('/logout', name: 'MineSeekerBundle_logout', methods: ['POST'])]
-    public function logout(): void
+    public function logout(): never
    {
-        // Intercepted by the security firewall — never executed.
+        throw new \LogicException('This action is intercepted by the security firewall.');
    }

    #[Route('/register', name: 'MineSeekerBundle_register')]
    public function register(
-        Request $request,
+        Request                     $request,
        UserPasswordHasherInterface $hasher,
-        EntityManagerInterface $em,
-        MailerInterface $mailer,
+        EntityManagerInterface      $em,
+        MailerInterface             $mailer,
    ): Response {
        if ($this->getUser()) {
            return $this->redirectToRoute('MineSeekerBundle_homepage');
@@ -114,10 +114,10 @@ class SecurityController extends AbstractController

    #[Route('/forgot-password', name: 'MineSeekerBundle_forgot_password')]
    public function forgotPassword(
-        Request $request,
-        UserRepository $userRepository,
+        Request                $request,
+        UserRepository         $userRepository,
        EntityManagerInterface $em,
-        MailerInterface $mailer,
+        MailerInterface        $mailer,
    ): Response {
        if ($this->getUser()) {
            return $this->redirectToRoute('MineSeekerBundle_homepage');
@@ -128,7 +128,7 @@ class SecurityController extends AbstractController

        if ($form->isSubmitted() && $form->isValid()) {
            $email = $form->get('email')->getData();
-            $user  = $userRepository->findOneByEmail($email);
+            $user = $userRepository->findOneByEmail($email);

            if ($user && $user->isVerified()) {
                $token = bin2hex(random_bytes(32));
@@ -167,10 +167,10 @@ class SecurityController extends AbstractController

    #[Route('/reset-password/{token}', name: 'MineSeekerBundle_reset_password')]
    public function resetPassword(
-        string $token,
-        Request $request,
-        UserRepository $userRepository,
-        EntityManagerInterface $em,
+        string                      $token,
+        Request                     $request,
+        UserRepository              $userRepository,
+        EntityManagerInterface      $em,
        UserPasswordHasherInterface $hasher,
    ): Response {
        $user = $userRepository->findOneByResetToken($token);