131 lines
3.8 KiB
PHP
131 lines
3.8 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers\Auth;
|
|
|
|
use App\Http\Controllers\Controller;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Hash;
|
|
|
|
class TwoFactorController extends Controller
|
|
{
|
|
public function show()
|
|
{
|
|
$user = auth()->user();
|
|
return view('auth.2fa-settings', compact('user'));
|
|
}
|
|
|
|
public function enable(Request $request)
|
|
{
|
|
$user = auth()->user();
|
|
|
|
if ($user->isTwoFactorEnabled()) {
|
|
return redirect()->route('2fa.settings')->with('error', __('auth.2fa_already_enabled'));
|
|
}
|
|
|
|
$google2fa = app('pragmarx.google2fa');
|
|
$secret = $google2fa->generateSecretKey();
|
|
|
|
$qrCodeUrl = $google2fa->getQRCodeUrl(
|
|
config('app.name'),
|
|
$user->email,
|
|
$secret
|
|
);
|
|
|
|
// Generate QR code image
|
|
$qrCode = \BaconQrCode\Renderer\ImageRenderer::class;
|
|
$writer = new \BaconQrCode\Writer(new \BaconQrCode\Renderer\ImageRenderer(
|
|
new \BaconQrCode\Renderer\RendererStyle\RendererStyle(400),
|
|
new \BaconQrCode\Renderer\Image\SvgImageBackEnd()
|
|
));
|
|
$qrCodeSvg = $writer->writeString($qrCodeUrl);
|
|
|
|
session(['2fa_secret' => $secret]);
|
|
|
|
return view('auth.2fa-enable', [
|
|
'secret' => $secret,
|
|
'qrCodeSvg' => $qrCodeSvg,
|
|
]);
|
|
}
|
|
|
|
public function confirm(Request $request)
|
|
{
|
|
$request->validate([
|
|
'code' => ['required', 'string', 'size:6'],
|
|
]);
|
|
|
|
$user = auth()->user();
|
|
$secret = session('2fa_secret');
|
|
|
|
if (!$secret) {
|
|
return redirect()->route('2fa.settings')->with('error', __('auth.2fa_session_expired'));
|
|
}
|
|
|
|
$google2fa = app('pragmarx.google2fa');
|
|
|
|
if (!$google2fa->verifyKey($secret, $request->code)) {
|
|
return back()->withErrors(['code' => __('auth.2fa_invalid')]);
|
|
}
|
|
|
|
// Enable 2FA
|
|
$recoveryCodes = $user->generateRecoveryCodes();
|
|
$user->setTwoFactorSecret($secret);
|
|
$user->two_factor_recovery_codes = $recoveryCodes;
|
|
$user->two_factor_enabled = true;
|
|
$user->save();
|
|
|
|
session()->forget('2fa_secret');
|
|
|
|
return view('auth.2fa-recovery-codes', [
|
|
'recoveryCodes' => $recoveryCodes,
|
|
]);
|
|
}
|
|
|
|
public function disable(Request $request)
|
|
{
|
|
$request->validate([
|
|
'password' => ['required', 'string'],
|
|
'code' => ['nullable', 'string'],
|
|
]);
|
|
|
|
$user = auth()->user();
|
|
|
|
if (!Hash::check($request->password, $user->password)) {
|
|
return back()->withErrors(['password' => __('auth.password_incorrect')]);
|
|
}
|
|
|
|
// If 2FA is enabled, verify the code
|
|
if ($user->isTwoFactorEnabled() && $request->code) {
|
|
$google2fa = app('pragmarx.google2fa');
|
|
$secret = $user->getTwoFactorSecret();
|
|
|
|
if (!$google2fa->verifyKey($secret, $request->code)) {
|
|
return back()->withErrors(['code' => __('auth.2fa_invalid')]);
|
|
}
|
|
}
|
|
|
|
$user->two_factor_secret = null;
|
|
$user->two_factor_recovery_codes = null;
|
|
$user->two_factor_enabled = false;
|
|
$user->save();
|
|
|
|
return redirect()->route('2fa.settings')->with('success', __('auth.2fa_disabled'));
|
|
}
|
|
|
|
public function regenerateRecoveryCodes()
|
|
{
|
|
$user = auth()->user();
|
|
|
|
if (!$user->isTwoFactorEnabled()) {
|
|
return redirect()->route('2fa.settings')->with('error', __('auth.2fa_not_enabled'));
|
|
}
|
|
|
|
$recoveryCodes = $user->generateRecoveryCodes();
|
|
$user->two_factor_recovery_codes = $recoveryCodes;
|
|
$user->save();
|
|
|
|
return view('auth.2fa-recovery-codes', [
|
|
'recoveryCodes' => $recoveryCodes,
|
|
]);
|
|
}
|
|
}
|