Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bypass 2FA for Passwordless Login Link Authentication #260

Open
Niels-R opened this issue Jan 16, 2025 · 1 comment
Open

Bypass 2FA for Passwordless Login Link Authentication #260

Niels-R opened this issue Jan 16, 2025 · 1 comment
Labels

Comments

@Niels-R
Copy link

Niels-R commented Jan 16, 2025

Bundle version: 7.6.0
Symfony version: 7.0
PHP version: 8.3

Description

When using a passwordless login link (magic link) the user is redirected to the 2FA page. How do you avoid this and make sure the user is logged in without providing the 2FA code?

  1. Setting the FLAG_2FA_COMPLETE attribute in the token in the LoginLink success handler (AuthenticationSuccessHandlerInterface) of the passwordless login link provider does not work.
final readonly class LoginLinkAuthenticationSuccessHandler implements AuthenticationSuccessHandlerInterface
{
    public function __construct(private UrlGeneratorInterface $router)
    {
    }

    public function onAuthenticationSuccess(Request $request, TokenInterface $token): ?Response
    {
        $token->setAttribute(TwoFactorAuthenticator::FLAG_2FA_COMPLETE, true);

        return new RedirectResponse($request->query->get('redirectUrl') ?? $this->router->generate('app.home'));
    }
}
  1. Extending Symfony\Component\Security\Http\Authenticator\LoginLinkAuthenticator is also not an option because it is declared final.

  2. Duplicating the code within LoginLinkAuthenticator as a custom authenticator and extending as per the example in the documentation might work, but it's not a nice solution.

Any help would be appreciated.

Additional Context
N/A

@scheb
Copy link
Owner

scheb commented Jan 16, 2025

Please see: #139 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants