Merge pull request #1 from yeebase/major-rework

!!! Major Rework

Author: Bastian Waidelich

.gitignore

@@ -0,0 +1,57 @@
+<?php
+declare(strict_types=1);
+namespace Yeebase\TwoFactorAuthentication\Domain\ValueObjects;
+
+use BaconQrCode\Renderer\Image\SvgImageBackEnd;
+use BaconQrCode\Renderer\ImageRenderer;
+use BaconQrCode\Renderer\RendererStyle\RendererStyle;
+use BaconQrCode\Writer;
+use Neos\Flow\Annotations as Flow;
+
+/**
+ * A QR Code that encodes a given secret and can be used to activate 2FA with an authenticator app
+ *
+ * @Flow\Proxy(false)
+ */
+final class ActivationQrCode
+{
+    /**
+     * @var Secret
+     */
+    private $secret;
+
+    /**
+     * @var string
+     */
+    private $qrCodeUrl;
+
+    private function __construct(Secret $secret, string $qrCodeUrl)
+    {
+        $this->secret = $secret;
+        $this->qrCodeUrl = $qrCodeUrl;
+    }
+
+    public static function fromSecretAndUrl(Secret $secret, string $qrCodeUrl): self
+    {
+        return new static($secret, $qrCodeUrl);
+    }
+
+    public function getSecret(): Secret
+    {
+        return $this->secret;
+    }
+
+    public function renderSvg(int $width): string
+    {
+        $renderer = new ImageRenderer(
+            new RendererStyle($width),
+            new SvgImageBackEnd()
+        );
+        $bacon = new Writer($renderer);
+        return $bacon->writeString(
+            $this->qrCodeUrl,
+            'utf-8'
+        );
+    }
+
+}

Classes/Controller/AbstractTwoFactorAuthenticationController.php

@@ -0,0 +1,40 @@
+<?php
+declare(strict_types=1);
+namespace Yeebase\TwoFactorAuthentication\Domain\ValueObjects;
+
+use Neos\Flow\Annotations as Flow;
+
+/**
+ * A Code (aka OTP) returned from an 2FA device or app
+ *
+ * @Flow\Proxy(false)
+ */
+final class OneTimePassword
+{
+    /**
+     * @var string
+     */
+    private $value;
+
+    /**
+     * @internal This constructor is only public so that this VO can be property-mapped
+     */
+    public function __construct(string $otp)
+    {
+        if (preg_match('/^\d{6}$/', $otp) !== 1) {
+            throw new \InvalidArgumentException('OTP must consist of 6 digits', 1549978113);
+        }
+        $this->value = $otp;
+    }
+
+    public static function fromString(string $otp): self
+    {
+        return new static($otp);
+    }
+
+    public function toString(): string
+    {
+        return $this->value;
+    }
+
+}

Classes/Controller/AbstractTwoFactorAuthenticationManagementController.php

@@ -0,0 +1,38 @@
+<?php
+declare(strict_types=1);
+namespace Yeebase\TwoFactorAuthentication\Domain\ValueObjects;
+
+use Neos\Flow\Annotations as Flow;
+
+/**
+ * The user specific 2FA secret
+ *
+ * @Flow\Proxy(false)
+ */
+final class Secret
+{
+    /**
+     * @var string
+     */
+    private $value;
+
+    private function __construct(string $secret)
+    {
+        $secret = trim($secret);
+        if ($secret === '') {
+            throw new \InvalidArgumentException('Secret must not be empty', 1549978555);
+        }
+        $this->value = $secret;
+    }
+
+    public static function fromString(string $secret): self
+    {
+        return new static($secret);
+    }
+
+    public function toString(): string
+    {
+        return $this->value;
+    }
+
+}

Classes/Domain/Dto/TwoFactorAuthenticationCredentialsSource.php

@@ -0,0 +1,68 @@
+<?php
+declare(strict_types=1);
+namespace Yeebase\TwoFactorAuthentication\Domain\ValueObjects;
+
+use Neos\Flow\Annotations as Flow;
+use Neos\Flow\Security\Cryptography\HashService;
+use Neos\Flow\Security\Exception\InvalidArgumentForHashGenerationException;
+use Neos\Flow\Security\Exception\InvalidHashException;
+
+/**
+ * The user specific 2FA secret - with an appended HMAC
+ *
+ * @Flow\Proxy(false)
+ */
+final class SecretWithHmac
+{
+    /**
+     * @var Secret
+     */
+    private $secret;
+
+    /**
+     * @var string
+     */
+    private $hmac;
+
+    /**
+     * @internal This constructor is only public so that this VO can be property-mapped
+     * @throws InvalidArgumentForHashGenerationException | InvalidHashException
+     */
+    public function __construct(string $secretWithHmac)
+    {
+        $hashService = new HashService();
+        $this->secret = Secret::fromString($hashService->validateAndStripHmac($secretWithHmac));
+        $this->hmac = substr($secretWithHmac, -40);
+    }
+
+    /**
+     * @throws InvalidArgumentForHashGenerationException | InvalidHashException
+     */
+    public static function fromString(string $secretWithHmac): self
+    {
+        return new static($secretWithHmac);
+    }
+
+    public static function fromSecret(Secret $secret): self
+    {
+        $hashService = new HashService();
+        $secretWithHmac = $hashService->appendHmac($secret->toString());
+        return new static($secretWithHmac);
+    }
+
+    public function getSecret(): Secret
+    {
+        return $this->secret;
+    }
+
+    public function toString(): string
+    {
+        return $this->secret->toString() . $this->hmac;
+    }
+
+    public function __toString(): string
+    {
+        return $this->toString();
+    }
+
+}

Classes/Domain/ValueObjects/ActivationQrCode.php

@@ -0,0 +1,8 @@
+<?php
+declare(strict_types=1);
+namespace Yeebase\TwoFactorAuthentication\Exception;
+
+final class InvalidOtpException extends \Exception
+{
+
+}