new: usr: implement the 2FA authentication (TOTP and backup codes) #4

2026-04-12 17:55:57 +02:00
parent 0144a3953c
commit fb8a54f687
23 changed files with 1603 additions and 266 deletions
--- a/src/Security/PasskeyToken.php
+++ b/src/Security/PasskeyToken.php
@@ -0,0 +1,54 @@
+<?php declare(strict_types=1);
+/**
+ * This file is part of the SplendidBear Websites' projects.
+ *
+ * Copyright (c) 2026 @ www.splendidbear.org
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace App\Security;
+
+use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+/**
+ * Token used for passkey (WebAuthn) authentication.
+ * Intentionally not listed in scheb/2fa security_tokens so passkey logins
+ * bypass the TOTP 2FA challenge — passkeys are already a strong second factor.
+ *
+ * @package  App\Security
+ * @author   Lang <https://www.splendidbear.org>
+ * @category Class
+ * @license  https://www.gnu.org/licenses/lgpl-3.0.en.html GNU Lesser General Public License
+ * @link     www.splendidbear.org
+ * @since    2026. 04. 12.
+ */
+final class PasskeyToken extends AbstractToken
+{
+    public function __construct(
+        UserInterface $user,
+        private readonly string $firewallName,
+        array $roles = [],
+    ) {
+        parent::__construct($roles);
+        $this->setUser($user);
+    }
+
+    public function getFirewallName(): string
+    {
+        return $this->firewallName;
+    }
+
+    public function __serialize(): array
+    {
+        return [$this->firewallName, parent::__serialize()];
+    }
+
+    public function __unserialize(array $data): void
+    {
+        [$this->firewallName, $parentData] = $data;
+        parent::__unserialize($parentData);
+    }
+}