From 145fe60f94e73ab4d25f84fbbf2b222e5a102731 Mon Sep 17 00:00:00 2001 From: Christian Scheb Date: Thu, 23 Nov 2023 17:04:04 +0100 Subject: [PATCH] Remove deprecated "window" option --- UPGRADE.md | 17 +++++- app/config/packages/scheb_2fa.yaml | 6 +- doc/configuration.rst | 16 +----- doc/providers/google.rst | 8 +-- doc/providers/totp.rst | 8 +-- doc/troubleshooting.rst | 22 ++------ .../DependencyInjection/Configuration.php | 12 +--- .../SchebTwoFactorExtension.php | 29 ---------- .../config/two_factor_provider_google.php | 1 - .../config/two_factor_provider_totp.php | 1 - .../Provider/Google/GoogleAuthenticator.php | 6 +- .../Provider/Totp/TotpAuthenticator.php | 6 +- .../SchebTwoFactorExtensionTest.php | 55 ++----------------- .../Google/GoogleAuthenticatorTest.php | 34 +----------- .../Provider/Totp/TotpAuthenticatorTest.php | 34 +----------- 15 files changed, 42 insertions(+), 213 deletions(-) diff --git a/UPGRADE.md b/UPGRADE.md index abb5be35..134ddbcb 100644 --- a/UPGRADE.md +++ b/UPGRADE.md @@ -6,7 +6,22 @@ Here's an overview if you have to do any work when upgrading. 6.x to 7.x ---------- -Nothing to be done. Upgrade and enjoy :) +### `scheb/2fa-google-authenticator` and `scheb/2fa-totp` Packages + +The configuration options `scheb_two_factor.google.window` and `scheb_two_factor.totp.window` have been removed. If you +used these, please use `leeway` instead. + +```yaml +# config/packages/scheb_2fa.yaml +scheb_two_factor: + google: + leeway: 10 # Acceptable time drift in seconds, must be less or equal than 30 seconds + + # TOTP authentication config + totp: + leeway: 10 # Acceptable time drift in seconds, must be less or equal than the TOTP period +``` + 5.x to 6.x ---------- diff --git a/app/config/packages/scheb_2fa.yaml b/app/config/packages/scheb_2fa.yaml index bb34b29e..8cae3771 100644 --- a/app/config/packages/scheb_2fa.yaml +++ b/app/config/packages/scheb_2fa.yaml @@ -26,16 +26,14 @@ scheb_two_factor: enabled: true # If Google Authenticator should be enabled, default false server_name: Server Name # Server name used in QR code issuer: Issuer Name # Issuer name used in QR code - window: 1 # How many codes before/after the current one would be accepted as valid - # leeway: 30 + leeway: 15 # Acceptable time drift in seconds template: security/2fa.html.twig # Template used to render the authentication form totp: enabled: true # If TOTP authentication should be enabled, default false server_name: Server Name # Server name used in QR code issuer: Issuer Name # Issuer name used in QR code - window: 1 # How many codes before/after the current one would be accepted as valid - # leeway: 30 + leeway: 15 # Acceptable time drift in seconds parameters: # Additional parameters added in the QR code image: 'https://my-service/img/logo.png' template: security/2fa.html.twig # Template used to render the authentication form diff --git a/doc/configuration.rst b/doc/configuration.rst index b95423bf..7488a7e7 100644 --- a/doc/configuration.rst +++ b/doc/configuration.rst @@ -47,13 +47,7 @@ Bundle Configuration server_name: Server Name # Server name used in QR code issuer: Issuer Name # Issuer name used in QR code digits: 6 # Number of digits in authentication code - window: 1 # [DEPRECATED since v6.11, will be removed in v7] Use "leeway", if possible - # Behavior depends on the version of Spomky-Labs/otphp used: - # - Until v10: How many codes before/after the current one would be accepted - # - From v11: Acceptable time drift in seconds - leeway: 0 # Acceptable time drift in seconds, requires Spomky-Labs/otphp v11 to be used - # Must be less or equal than 30 seconds - # If configured, takes precedence over the "window" option + leeway: 0 # Acceptable time drift in seconds, must be less or equal than 30 seconds template: security/2fa_form.html.twig # Template used to render the authentication form form_renderer: acme.custom_form_renderer # Use a custom form renderer service @@ -62,13 +56,7 @@ Bundle Configuration enabled: true # If TOTP authentication should be enabled, default false server_name: Server Name # Server name used in QR code issuer: Issuer Name # Issuer name used in QR code - window: 1 # [DEPRECATED since v6.11, will be removed in v7] Use "leeway", if possible - # Behavior depends on the version of Spomky-Labs/otphp used: - # - Until v10: How many codes before/after the current one would be accepted - # - From v11: Acceptable time drift in seconds - leeway: 0 # Acceptable time drift in seconds, requires Spomky-Labs/otphp v11 to be used - # Must be less or equal than the TOTP code's period - # If configured, takes precedence over the "window" option + leeway: 0 # Acceptable time drift in seconds, must be less or equal than the TOTP period parameters: # Additional parameters added in the QR code image: 'https://my-service/img/logo.png' template: security/2fa_form.html.twig # Template used to render the authentication form diff --git a/doc/providers/google.rst b/doc/providers/google.rst index f21d7a3c..643288b6 100644 --- a/doc/providers/google.rst +++ b/doc/providers/google.rst @@ -142,13 +142,7 @@ Configuration Reference server_name: Server Name # Server name used in QR code issuer: Issuer Name # Issuer name used in QR code digits: 6 # Number of digits in authentication code - window: 1 # [DEPRECATED since v6.11, will be removed in v7] Use "leeway", if possible - # Behavior depends on the version of Spomky-Labs/otphp used: - # - Until v10: How many codes before/after the current one would be accepted - # - From v11: Acceptable time drift in seconds - leeway: 0 # Acceptable time drift in seconds, requires Spomky-Labs/otphp v11 to be used - # Must be less or equal than 30 seconds - # If configured, takes precedence over the "window" option + leeway: 0 # Acceptable time drift in seconds, must be less or equal than 30 seconds template: security/2fa_form.html.twig # Template used to render the authentication form Custom Authentication Form Template diff --git a/doc/providers/totp.rst b/doc/providers/totp.rst index d946953e..98977fd3 100644 --- a/doc/providers/totp.rst +++ b/doc/providers/totp.rst @@ -143,13 +143,7 @@ Configuration Options enabled: true # If TOTP authentication should be enabled, default false server_name: Server Name # Server name used in QR code issuer: Issuer Name # Issuer name used in QR code - window: 1 # [DEPRECATED since v6.11, will be removed in v7] Use "leeway", if possible - # Behavior depends on the version of Spomky-Labs/otphp used: - # - Until v10: How many codes before/after the current one would be accepted - # - From v11: Acceptable time drift in seconds - leeway: 0 # Acceptable time drift in seconds, requires Spomky-Labs/otphp v11 to be used - # Must be less or equal than the TOTP code's period - # If configured, takes precedence over the "window" option + leeway: 0 # Acceptable time drift in seconds, must be less or equal than the TOTP period parameters: # Additional parameters added in the QR code image: 'https://my-service/img/logo.png' template: security/2fa_form.html.twig # Template used to render the authentication form diff --git a/doc/troubleshooting.rst b/doc/troubleshooting.rst index d8c72214..6a10a0d4 100644 --- a/doc/troubleshooting.rst +++ b/doc/troubleshooting.rst @@ -20,8 +20,8 @@ it depends on your configuration). The bigger the time difference between server window, the higher the chance that the codes generated on server and from the app don't match up. When the time difference becomes larger than the time window, it becomes impossible to provide the right code. -To counteract the issue of time differences you could increase the ``leeway`` or ``window`` (deprecated) setting, -then more codes around the current time window will be accepted: +To counteract the issue of time differences you could increase the ``leeway`` setting, then more codes around the +current time window will be accepted: .. code-block:: yaml @@ -30,23 +30,13 @@ then more codes around the current time window will be accepted: # For TOTP totp: - window: 1 # [DEPRECATED since v6.11, will be removed in v7] Use "leeway", if possible - # Behavior depends on the version of Spomky-Labs/otphp used: - # - Until v10: How many codes before/after the current one would be accepted - # - From v11: Acceptable time drift in seconds - leeway: 0 # Acceptable time drift in seconds, requires Spomky-Labs/otphp v11 to be used - # Must be less or equal than the TOTP code's period - # If configured, takes precedence over the "window" option + leeway: 0 # Acceptable time drift in seconds, must be less or equal than the TOTP period + # For Google Authenticator google: - window: 1 # [DEPRECATED since v6.11, will be removed in v7] Use "leeway", if possible - # Behavior depends on the version of Spomky-Labs/otphp used: - # - Until v10: How many codes before/after the current one would be accepted - # - From v11: Acceptable time drift in seconds - leeway: 0 # Acceptable time drift in seconds, requires Spomky-Labs/otphp v11 to be used - # Must be less or equal than 30 seconds - # If configured, takes precedence over the "window" option + leeway: 0 # Acceptable time drift in seconds, must be less or equal than 30 seconds + You might want to configure a time synchronization service, such as ``ntpdate`` on your server to make sure your server time is always in sync with UTC. diff --git a/src/bundle/DependencyInjection/Configuration.php b/src/bundle/DependencyInjection/Configuration.php index 2190ff78..b3603b55 100644 --- a/src/bundle/DependencyInjection/Configuration.php +++ b/src/bundle/DependencyInjection/Configuration.php @@ -174,11 +174,7 @@ private function addTotpConfiguration(ArrayNodeDefinition $rootNode): void ->scalarNode('form_renderer')->defaultNull()->end() ->scalarNode('issuer')->defaultNull()->end() ->scalarNode('server_name')->defaultNull()->end() - ->integerNode('window') - ->defaultValue(1)->min(0) - ->setDeprecated('scheb/2fa-totp', '6.11', 'The "%path%.%node%" option is deprecated. Use "leeway" instead, which requires spomky-labs/otphp v11 to be used.') - ->end() - ->integerNode('leeway')->defaultNull()->min(0)->end() + ->integerNode('leeway')->defaultValue(0)->min(0)->end() ->arrayNode('parameters') ->scalarPrototype()->end() ->end() @@ -210,11 +206,7 @@ private function addGoogleAuthenticatorConfiguration(ArrayNodeDefinition $rootNo ->scalarNode('server_name')->defaultNull()->end() ->scalarNode('template')->defaultValue('@SchebTwoFactor/Authentication/form.html.twig')->end() ->integerNode('digits')->defaultValue(6)->min(1)->end() - ->integerNode('window') - ->defaultValue(1)->min(0) - ->setDeprecated('scheb/2fa-google-authenticator', '6.11', 'The "%path%.%node%" option is deprecated. Use "leeway" instead, which requires spomky-labs/otphp v11 to be used.') - ->end() - ->integerNode('leeway')->defaultNull()->min(0)->end() + ->integerNode('leeway')->defaultValue(0)->min(0)->end() ->end() ->end() ->end(); diff --git a/src/bundle/DependencyInjection/SchebTwoFactorExtension.php b/src/bundle/DependencyInjection/SchebTwoFactorExtension.php index 092c032d..3153e81d 100644 --- a/src/bundle/DependencyInjection/SchebTwoFactorExtension.php +++ b/src/bundle/DependencyInjection/SchebTwoFactorExtension.php @@ -4,9 +4,6 @@ namespace Scheb\TwoFactorBundle\DependencyInjection; -use OTPHP\TOTP; -use ReflectionMethod; -use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException; use Symfony\Component\Config\FileLocator; use Symfony\Component\DependencyInjection\Argument\IteratorArgument; use Symfony\Component\DependencyInjection\ContainerBuilder; @@ -14,8 +11,6 @@ use Symfony\Component\DependencyInjection\Reference; use Symfony\Component\HttpKernel\DependencyInjection\Extension; use function assert; -use function class_exists; -use function count; use function is_bool; use function is_string; use function trim; @@ -193,11 +188,6 @@ private function configureEmailAuthenticationProvider(ContainerBuilder $containe */ private function configureGoogleAuthenticationProvider(ContainerBuilder $container, array $config): void { - // Migration path for the "leeway" option, to be fully migrated in bundle version 7 - if (null !== $config['google']['leeway'] && !$this->isSpomkyOtphpVersion11Used()) { - throw new InvalidConfigurationException('The "leeway" option can only be set when spomky-labs/otphp v11 is used.'); - } - $loader = new Loader\PhpFileLoader($container, new FileLocator(__DIR__.'/../Resources/config')); $loader->load('two_factor_provider_google.php'); @@ -205,7 +195,6 @@ private function configureGoogleAuthenticationProvider(ContainerBuilder $contain $container->setParameter('scheb_two_factor.google.issuer', $config['google']['issuer']); $container->setParameter('scheb_two_factor.google.template', $config['google']['template']); $container->setParameter('scheb_two_factor.google.digits', $config['google']['digits']); - $container->setParameter('scheb_two_factor.google.window', $config['google']['window']); $container->setParameter('scheb_two_factor.google.leeway', $config['google']['leeway']); if (null === $config['google']['form_renderer']) { @@ -220,17 +209,11 @@ private function configureGoogleAuthenticationProvider(ContainerBuilder $contain */ private function configureTotpAuthenticationProvider(ContainerBuilder $container, array $config): void { - // Migration path for the "leeway" option, to be fully migrated in bundle version 7 - if (null !== $config['totp']['leeway'] && !$this->isSpomkyOtphpVersion11Used()) { - throw new InvalidConfigurationException('The "leeway" option can only be set when spomky-labs/otphp v11 is used.'); - } - $loader = new Loader\PhpFileLoader($container, new FileLocator(__DIR__.'/../Resources/config')); $loader->load('two_factor_provider_totp.php'); $container->setParameter('scheb_two_factor.totp.issuer', $config['totp']['issuer']); $container->setParameter('scheb_two_factor.totp.server_name', $config['totp']['server_name']); - $container->setParameter('scheb_two_factor.totp.window', $config['totp']['window']); $container->setParameter('scheb_two_factor.totp.parameters', $config['totp']['parameters']); $container->setParameter('scheb_two_factor.totp.template', $config['totp']['template']); $container->setParameter('scheb_two_factor.totp.leeway', $config['totp']['leeway']); @@ -242,18 +225,6 @@ private function configureTotpAuthenticationProvider(ContainerBuilder $container $container->setAlias('scheb_two_factor.security.totp.form_renderer', $config['totp']['form_renderer']); } - private function isSpomkyOtphpVersion11Used(): bool - { - if (!class_exists(TOTP::class)) { - return false; - } - - $parameters = (new ReflectionMethod(TOTP::class, 'verify'))->getParameters(); - - // Third parameter must be named "leeway" - return count($parameters) >= 3 && 'leeway' === $parameters[2]->getName(); - } - private function resolveFeatureFlag(ContainerBuilder $container, bool|string $value): bool { $retValue = $container->resolveEnvPlaceholders($value, true); diff --git a/src/bundle/Resources/config/two_factor_provider_google.php b/src/bundle/Resources/config/two_factor_provider_google.php index 0aa99d0d..84fad478 100644 --- a/src/bundle/Resources/config/two_factor_provider_google.php +++ b/src/bundle/Resources/config/two_factor_provider_google.php @@ -24,7 +24,6 @@ ->public() ->args([ service('scheb_two_factor.security.google_totp_factory'), - '%scheb_two_factor.google.window%', '%scheb_two_factor.google.leeway%', ]) diff --git a/src/bundle/Resources/config/two_factor_provider_totp.php b/src/bundle/Resources/config/two_factor_provider_totp.php index 92c6bb2d..febf34d6 100644 --- a/src/bundle/Resources/config/two_factor_provider_totp.php +++ b/src/bundle/Resources/config/two_factor_provider_totp.php @@ -25,7 +25,6 @@ ->public() ->args([ service('scheb_two_factor.security.totp_factory'), - '%scheb_two_factor.totp.window%', '%scheb_two_factor.totp.leeway%', ]) diff --git a/src/google-authenticator/Security/TwoFactor/Provider/Google/GoogleAuthenticator.php b/src/google-authenticator/Security/TwoFactor/Provider/Google/GoogleAuthenticator.php index 8ee5c8e5..ec4d427e 100644 --- a/src/google-authenticator/Security/TwoFactor/Provider/Google/GoogleAuthenticator.php +++ b/src/google-authenticator/Security/TwoFactor/Provider/Google/GoogleAuthenticator.php @@ -18,9 +18,7 @@ class GoogleAuthenticator implements GoogleAuthenticatorInterface public function __construct( private readonly GoogleTotpFactory $totpFactory, /** @var 0|positive-int */ - private readonly int $window, - /** @var 0|positive-int|null */ - private readonly null|int $leeway, + private readonly int $leeway, ) { } @@ -33,7 +31,7 @@ public function checkCode(TwoFactorInterface $user, string $code): bool } /** @var non-empty-string $code */ - return $this->totpFactory->createTotpForUser($user)->verify($code, null, $this->leeway ?? $this->window); + return $this->totpFactory->createTotpForUser($user)->verify($code, null, $this->leeway); } public function getQRContent(TwoFactorInterface $user): string diff --git a/src/totp/Security/TwoFactor/Provider/Totp/TotpAuthenticator.php b/src/totp/Security/TwoFactor/Provider/Totp/TotpAuthenticator.php index d78e2fec..466ee4bb 100644 --- a/src/totp/Security/TwoFactor/Provider/Totp/TotpAuthenticator.php +++ b/src/totp/Security/TwoFactor/Provider/Totp/TotpAuthenticator.php @@ -18,9 +18,7 @@ class TotpAuthenticator implements TotpAuthenticatorInterface public function __construct( private readonly TotpFactory $totpFactory, /** @var 0|positive-int */ - private readonly int $window, - /** @var 0|positive-int|null */ - private readonly null|int $leeway, + private readonly int $leeway, ) { } @@ -33,7 +31,7 @@ public function checkCode(TwoFactorInterface $user, string $code): bool } /** @var non-empty-string $code */ - return $this->totpFactory->createTotpForUser($user)->verify($code, null, $this->leeway ?? $this->window); + return $this->totpFactory->createTotpForUser($user)->verify($code, null, $this->leeway); } public function getQRContent(TwoFactorInterface $user): string diff --git a/tests/DependencyInjection/SchebTwoFactorExtensionTest.php b/tests/DependencyInjection/SchebTwoFactorExtensionTest.php index 8f3f87c4..efe13be7 100644 --- a/tests/DependencyInjection/SchebTwoFactorExtensionTest.php +++ b/tests/DependencyInjection/SchebTwoFactorExtensionTest.php @@ -6,7 +6,6 @@ use Scheb\TwoFactorBundle\DependencyInjection\SchebTwoFactorExtension; use Scheb\TwoFactorBundle\Tests\TestCase; -use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException; use Symfony\Component\DependencyInjection\Argument\IteratorArgument; use Symfony\Component\DependencyInjection\ContainerBuilder; use Symfony\Component\DependencyInjection\Definition; @@ -48,11 +47,9 @@ public function load_emptyConfig_setDefaultValues(): void $this->assertHasNotParameter('scheb_two_factor.google.issuer'); $this->assertHasNotParameter('scheb_two_factor.google.template'); $this->assertHasNotParameter('scheb_two_factor.google.digits'); - $this->assertHasNotParameter('scheb_two_factor.google.window'); $this->assertHasNotParameter('scheb_two_factor.google.leeway'); $this->assertHasNotParameter('scheb_two_factor.totp.issuer'); $this->assertHasNotParameter('scheb_two_factor.totp.server_name'); - $this->assertHasNotParameter('scheb_two_factor.totp.window'); $this->assertHasNotParameter('scheb_two_factor.totp.leeway'); $this->assertHasNotParameter('scheb_two_factor.totp.parameters'); $this->assertHasNotParameter('scheb_two_factor.totp.template'); @@ -87,12 +84,10 @@ public function load_fullConfig_setConfigValues(): void $this->assertHasParameter('Issuer Google', 'scheb_two_factor.google.issuer'); $this->assertHasParameter('AcmeTestBundle:Authentication:googleForm.html.twig', 'scheb_two_factor.google.template'); $this->assertHasParameter(8, 'scheb_two_factor.google.digits'); - $this->assertHasParameter(2, 'scheb_two_factor.google.window'); - $this->assertHasParameter(null, 'scheb_two_factor.google.leeway'); + $this->assertHasParameter(20, 'scheb_two_factor.google.leeway'); $this->assertHasParameter('Issuer TOTP', 'scheb_two_factor.totp.issuer'); $this->assertHasParameter('Server Name TOTP', 'scheb_two_factor.totp.server_name'); - $this->assertHasParameter(3, 'scheb_two_factor.totp.window'); - $this->assertHasParameter(null, 'scheb_two_factor.totp.leeway'); + $this->assertHasParameter(30, 'scheb_two_factor.totp.leeway'); $this->assertHasParameter(['image' => 'http://foo/bar.png'], 'scheb_two_factor.totp.parameters'); $this->assertHasParameter('AcmeTestBundle:Authentication:totpForm.html.twig', 'scheb_two_factor.totp.template'); $this->assertHasParameter(true, 'scheb_two_factor.trusted_device.enabled'); @@ -107,48 +102,6 @@ public function load_fullConfig_setConfigValues(): void $this->assertHasParameter(['127.0.0.1'], 'scheb_two_factor.ip_whitelist'); } - /** - * @test - */ - public function load_fullConfigWithGoogleLeeway_setConfigValuesOrException(): void - { - $config = $this->getFullConfig(); - $config['google']['leeway'] = 20; - - try { - $this->extension->load([$config], $this->container); - } catch (InvalidConfigurationException $e) { - // When the option is not supported, an exception is thrown instead - $this->expectException(InvalidConfigurationException::class); - $this->expectExceptionMessage('The "leeway" option can only be set'); - - throw $e; - } - - $this->assertHasParameter(20, 'scheb_two_factor.google.leeway'); - } - - /** - * @test - */ - public function load_fullConfigWithTotpLeeway_setConfigValuesOrException(): void - { - $config = $this->getFullConfig(); - $config['totp']['leeway'] = 30; - - try { - $this->extension->load([$config], $this->container); - } catch (InvalidConfigurationException $e) { - // When the option is not supported, an exception is thrown instead - $this->expectException(InvalidConfigurationException::class); - $this->expectExceptionMessage('The "leeway" option can only be set'); - - throw $e; - } - - $this->assertHasParameter(30, 'scheb_two_factor.totp.leeway'); - } - /** * @test */ @@ -716,12 +669,12 @@ private function getFullConfig(): array template: AcmeTestBundle:Authentication:googleForm.html.twig form_renderer: acme_test.google_form_renderer digits: 8 - window: 2 + leeway: 20 totp: enabled: true issuer: Issuer TOTP server_name: Server Name TOTP - window: 3 + leeway: 30 parameters: image: http://foo/bar.png template: AcmeTestBundle:Authentication:totpForm.html.twig diff --git a/tests/Security/TwoFactor/Provider/Google/GoogleAuthenticatorTest.php b/tests/Security/TwoFactor/Provider/Google/GoogleAuthenticatorTest.php index 9f1dc95b..f4c03303 100644 --- a/tests/Security/TwoFactor/Provider/Google/GoogleAuthenticatorTest.php +++ b/tests/Security/TwoFactor/Provider/Google/GoogleAuthenticatorTest.php @@ -32,7 +32,7 @@ protected function setUp(): void ->with($this->user) ->willReturn($this->totp); - $this->authenticator = new GoogleAuthenticator($this->totpFactory, 123, 42); + $this->authenticator = new GoogleAuthenticator($this->totpFactory, 123); } /** @@ -62,36 +62,6 @@ public static function provideCheckCodeData(): array ]; } - /** - * @test - */ - public function checkCode_leewayGiven_leewayValueUsed(): void - { - $this->authenticator = new GoogleAuthenticator($this->totpFactory, 123, 42); - - $this->totp - ->expects($this->once()) - ->method('verify') - ->with('code', null, 42); - - $this->authenticator->checkCode($this->user, 'code'); - } - - /** - * @test - */ - public function checkCode_onlyWindowValueGiven_windowValueUsed(): void - { - $this->authenticator = new GoogleAuthenticator($this->totpFactory, 123, null); - - $this->totp - ->expects($this->once()) - ->method('verify') - ->with('code', null, 123); - - $this->authenticator->checkCode($this->user, 'code'); - } - /** * @test */ @@ -100,7 +70,7 @@ public function checkCode_codeWithSpaces_stripSpacesBeforeCheck(): void $this->totp ->expects($this->once()) ->method('verify') - ->with('123456', null, 42) + ->with('123456', null, 123) ->willReturn(true); $this->authenticator->checkCode($this->user, ' 123 456 '); diff --git a/tests/Security/TwoFactor/Provider/Totp/TotpAuthenticatorTest.php b/tests/Security/TwoFactor/Provider/Totp/TotpAuthenticatorTest.php index 13075d8c..ba74c411 100644 --- a/tests/Security/TwoFactor/Provider/Totp/TotpAuthenticatorTest.php +++ b/tests/Security/TwoFactor/Provider/Totp/TotpAuthenticatorTest.php @@ -32,7 +32,7 @@ protected function setUp(): void ->with($this->user) ->willReturn($this->totp); - $this->authenticator = new TotpAuthenticator($this->totpFactory, 123, 42); + $this->authenticator = new TotpAuthenticator($this->totpFactory, 123); } /** @@ -62,36 +62,6 @@ public static function provideCheckCodeData(): array ]; } - /** - * @test - */ - public function checkCode_leewayGiven_leewayValueUsed(): void - { - $this->authenticator = new TotpAuthenticator($this->totpFactory, 123, 42); - - $this->totp - ->expects($this->once()) - ->method('verify') - ->with('code', null, 42); - - $this->authenticator->checkCode($this->user, 'code'); - } - - /** - * @test - */ - public function checkCode_onlyWindowValueGiven_windowValueUsed(): void - { - $this->authenticator = new TotpAuthenticator($this->totpFactory, 123, null); - - $this->totp - ->expects($this->once()) - ->method('verify') - ->with('code', null, 123); - - $this->authenticator->checkCode($this->user, 'code'); - } - /** * @test */ @@ -100,7 +70,7 @@ public function checkCode_codeWithSpaces_stripSpacesBeforeCheck(): void $this->totp ->expects($this->once()) ->method('verify') - ->with('123456', null, 42) + ->with('123456', null, 123) ->willReturn(true); $this->authenticator->checkCode($this->user, ' 123 456 ');