XalokNext Documentation

Appearance

v7.3+Two factor authentication (2FA)

Activate in new projects

If your repository started from skeleton using v7.3 (or later), uncomment the lines in app/config/misc/scheb_two_factor.yml and adapt server_name and issuer to the project.

Upgrade an existing project

  • make sure you have the latest changes by running
    shell
    composer update wfcms/standard
  • take the migration file Version20241022115148.php from skeleton bundle and run it.
    shell
    git remote add skeleton git@git.xalok.com:HML/skeleton-2021.git
git fetch skeleton
git cherry-pick 5469e5f258540bb6abd4c675a03efe4f6c0f2a63
./app/admin/console doctrine:migrations:migrate
  • add the bundle configuration in app/admin/config/config.yml
    shell
    scheb_two_factor:
    google:
        enabled: true                  # If Google Authenticator should be enabled, default false
        server_name: "xalok.com"       # Server name used in QR code
        issuer: "Xalok"                # Issuer name used in QR code
        digits: 6                      # Number of digits in authentication code
        window: 1                      # How many codes before/after the current one would be accepted as valid
        template: "@WfCmsBaseAdmin/Security2fa/form.html.twig"   # Template used to render the authentication form

- if you're not using [XalokNext's security_base.yml](
  https://git.xalok.com/HML/cms-standard/-/blob/v6.0/Wf/Bundle/CmsBaseAdminBundle/Resources/config/security_base.yml
  ), add the security access control in app/admin/security.yml
  ```shell
    security:
        firewall:
            backend:
                two_factor:
                   auth_form_path: 2fa_login
                   check_path: 2fa_login_check

  • if you're not using XalokNext's security_access_control.yml, add the security access control in app/admin/security_access_control.yml (make sure that are the first lines)

    shell
    security:
    access_control:
        # This makes the logout route accessible during two-factor authentication. Allows the user to
        # cancel two-factor authentication, if they need to.
        - { path: ^/logout, role: IS_AUTHENTICATED_ANONYMOUSLY }
        # This ensures that the form can only be accessed when two-factor authentication is in progress.
        - { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS }
        - { path: ^/security-2fa/activate, role: ROLE_USER }
        - { path: ^/security-2fa/deactivate, role: ROLE_USER }

  • Read more abount bundle configuration here