Dispatch events when authentication providers process codes, #245

Author: scheb

doc/events.rst

@@ -98,3 +98,111 @@ Constant: ``Scheb\TwoFactorBundle\Security\TwoFactor\Event\BackupCodeEvents::INV
 Event class: ``Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorCodeEvent``
 
 Is dispatched when the code was deemed to be a invalid backup code.
+
+
+Email Authentication Events
+---------------------------
+
+The following events are dispatched when the email code authentication provider is used:
+
+``scheb_two_factor.provider.email.sent``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Constant: ``Scheb\TwoFactorBundle\Security\TwoFactor\Event\EmailCodeEvents::SENT``
+
+Event class: ``Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorCodeEvent``
+
+Is dispatched whenever a code was sent via email to the user.
+
+``scheb_two_factor.provider.email.check``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Constant: ``Scheb\TwoFactorBundle\Security\TwoFactor\Event\EmailCodeEvents::CHECK``
+
+Event class: ``Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorCodeEvent``
+
+Is dispatched whenever a code is checked if it is a valid email code.
+
+``scheb_two_factor.provider.email.valid``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Constant: ``Scheb\TwoFactorBundle\Security\TwoFactor\Event\EmailCodeEvents::VALID``
+
+Event class: ``Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorCodeEvent``
+
+Is dispatched when the code was deemed to be a valid email code.
+
+``scheb_two_factor.provider.email.invalid``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Constant: ``Scheb\TwoFactorBundle\Security\TwoFactor\Event\EmailCodeEvents::INVALID``
+
+Event class: ``Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorCodeEvent``
+
+Is dispatched when the code was deemed to be a invalid email code.
+
+
+Google Authenticator Events
+---------------------------
+
+The following events are dispatched when the Google Authenticator authentication provider is used:
+
+``scheb_two_factor.provider.google.check``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Constant: ``Scheb\TwoFactorBundle\Security\TwoFactor\Event\GoogleAuthenticatorCodeEvents::CHECK``
+
+Event class: ``Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorCodeEvent``
+
+Is dispatched whenever a code is checked if it is a valid Google Authenticator code.
+
+``scheb_two_factor.provider.google.valid``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Constant: ``Scheb\TwoFactorBundle\Security\TwoFactor\Event\GoogleAuthenticatorCodeEvents::VALID``
+
+Event class: ``Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorCodeEvent``
+
+Is dispatched when the code was deemed to be a valid Google Authenticator code.
+
+``scheb_two_factor.provider.google.invalid``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Constant: ``Scheb\TwoFactorBundle\Security\TwoFactor\Event\GoogleAuthenticatorCodeEvents::INVALID``
+
+Event class: ``Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorCodeEvent``
+
+Is dispatched when the code was deemed to be a invalid Google Authenticator code.
+
+
+TOTP Authentication Events
+--------------------------
+
+The following events are dispatched when the TOTP authentication provider is used:
+
+``scheb_two_factor.provider.totp.check``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Constant: ``Scheb\TwoFactorBundle\Security\TwoFactor\Event\TotpCodeEvents::CHECK``
+
+Event class: ``Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorCodeEvent``
+
+Is dispatched whenever a code is checked if it is a valid TOTP code.
+
+``scheb_two_factor.provider.totp.valid``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Constant: ``Scheb\TwoFactorBundle\Security\TwoFactor\Event\TotpCodeEvents::VALID``
+
+Event class: ``Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorCodeEvent``
+
+Is dispatched when the code was deemed to be a valid TOTP code.
+
+``scheb_two_factor.provider.totp.invalid``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Constant: ``Scheb\TwoFactorBundle\Security\TwoFactor\Event\TotpCodeEvents::INVALID``
+
+Event class: ``Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorCodeEvent``
+
+Is dispatched when the code was deemed to be a invalid TOTP code.

doc/providers/email.rst

@@ -273,3 +273,8 @@ Then register it as a service and update your configuration:
    scheb_two_factor:
        email:
            form_renderer: acme.custom_form_renderer_service
+
+Events
+------
+
+See :doc:`Events </events>`

doc/providers/google.rst

@@ -227,3 +227,8 @@ An example how to render the QR code with ``endroid/qr-code`` version 4 can be f
 
     **Security note:** Keep the QR code content within your application. Render the image yourself. Do not pass the
     content to an external service, because this is exposing the secret code to that service.
+
+Events
+------
+
+See :doc:`Events </events>`

doc/providers/totp.rst

@@ -243,3 +243,8 @@ An example how to render the QR code with ``endroid/qr-code`` version 4 can be f
 
     **Security note:** Keep the QR code content within your application. Render the image yourself. Do not pass the
     content to an external service, because this is exposing the secret code to that service.
+
+Events
+------
+
+See :doc:`Events </events>`

src/bundle/Resources/config/two_factor_provider_email.php

@@ -39,6 +39,7 @@
             ->args([
                 service('scheb_two_factor.security.email.code_generator'),
                 service('scheb_two_factor.security.email.form_renderer'),
+                service('event_dispatcher'),
             ])
 
         ->alias(CodeGeneratorInterface::class, 'scheb_two_factor.security.email.code_generator')

src/bundle/Resources/config/two_factor_provider_google.php

@@ -26,6 +26,7 @@
             ->public()
             ->args([
                 service('scheb_two_factor.security.google_totp_factory'),
+                service('event_dispatcher'),
                 '%scheb_two_factor.google.leeway%',
             ])
 

src/bundle/Resources/config/two_factor_provider_totp.php

@@ -27,6 +27,7 @@
             ->public()
             ->args([
                 service('scheb_two_factor.security.totp_factory'),
+                service('event_dispatcher'),
                 '%scheb_two_factor.totp.leeway%',
             ])
 

src/email/Security/TwoFactor/Event/EmailCodeEvents.php

@@ -0,0 +1,31 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Scheb\TwoFactorBundle\Security\TwoFactor\Event;
+
+/**
+ * @final
+ */
+class EmailCodeEvents
+{
+    /**
+     * When a code was sent by the email provider.
+     */
+    public const SENT = 'scheb_two_factor.provider.email.sent';
+
+    /**
+     * When a code is about to be checked by the email provider.
+     */
+    public const CHECK = 'scheb_two_factor.provider.email.check';
+
+    /**
+     * When the code was deemed to be valid by the email provider.
+     */
+    public const VALID = 'scheb_two_factor.provider.email.valid';
+
+    /**
+     * When the code was deemed to be invalid by the email provider.
+     */
+    public const INVALID = 'scheb_two_factor.provider.email.invalid';
+}

src/email/Security/TwoFactor/Provider/Email/EmailTwoFactorProvider.php

@@ -6,9 +6,12 @@
 
 use Scheb\TwoFactorBundle\Model\Email\TwoFactorInterface;
 use Scheb\TwoFactorBundle\Security\TwoFactor\AuthenticationContextInterface;
+use Scheb\TwoFactorBundle\Security\TwoFactor\Event\EmailCodeEvents;
+use Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorCodeEvent;
 use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Email\Generator\CodeGeneratorInterface;
 use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\TwoFactorFormRendererInterface;
 use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\TwoFactorProviderInterface;
+use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
 use function str_replace;
 
 /**
@@ -19,6 +22,7 @@ class EmailTwoFactorProvider implements TwoFactorProviderInterface
     public function __construct(
         private readonly CodeGeneratorInterface $codeGenerator,
         private readonly TwoFactorFormRendererInterface $formRenderer,
+        private readonly EventDispatcherInterface $eventDispatcher,
     ) {
     }
 
@@ -37,6 +41,9 @@ public function prepareAuthentication(object $user): void
         }
 
         $this->codeGenerator->generateAndSend($user);
+
+        $event = new TwoFactorCodeEvent($user, $user->getEmailAuthCode() ?? '');
+        $this->eventDispatcher->dispatch($event, EmailCodeEvents::SENT);
     }
 
     public function validateAuthenticationCode(object $user, string $authenticationCode): bool
@@ -45,10 +52,15 @@ public function validateAuthenticationCode(object $user, string $authenticationC
             return false;
         }
 
+        $event = new TwoFactorCodeEvent($user, $authenticationCode);
+        $this->eventDispatcher->dispatch($event, EmailCodeEvents::CHECK);
+
         // Strip any user added spaces
         $authenticationCode = str_replace(' ', '', $authenticationCode);
+        $isValid = $user->getEmailAuthCode() === $authenticationCode;
+        $this->eventDispatcher->dispatch($event, $isValid ? EmailCodeEvents::VALID : EmailCodeEvents::INVALID);
 
-        return $user->getEmailAuthCode() === $authenticationCode;
+        return $isValid;
     }
 
     public function getFormRenderer(): TwoFactorFormRendererInterface

src/google-authenticator/Security/TwoFactor/Event/GoogleAuthenticatorCodeEvents.php

@@ -0,0 +1,26 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Scheb\TwoFactorBundle\Security\TwoFactor\Event;
+
+/**
+ * @final
+ */
+class GoogleAuthenticatorCodeEvents
+{
+    /**
+     * When a code is about to be checked by the Google Authenticator provider.
+     */
+    public const CHECK = 'scheb_two_factor.provider.google.check';
+
+    /**
+     * When the code was deemed to be valid by the Google Authenticator provider.
+     */
+    public const VALID = 'scheb_two_factor.provider.google.valid';
+
+    /**
+     * When the code was deemed to be invalid by the Google Authenticator provider.
+     */
+    public const INVALID = 'scheb_two_factor.provider.google.invalid';
+}