154 lines
4.2 KiB
PHP
154 lines
4.2 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers\Api;
|
|
|
|
use App\Http\Controllers\Controller;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Validator;
|
|
|
|
class TwoFactorController extends Controller
|
|
{
|
|
public function status(Request $request)
|
|
{
|
|
$user = $request->user();
|
|
|
|
return response()->json([
|
|
'enabled' => $user->isTwoFactorEnabled(),
|
|
]);
|
|
}
|
|
|
|
public function enable(Request $request)
|
|
{
|
|
$user = $request->user();
|
|
|
|
if ($user->isTwoFactorEnabled()) {
|
|
return response()->json([
|
|
'message' => __('auth.2fa_already_enabled'),
|
|
], 400);
|
|
}
|
|
|
|
$google2fa = app('pragmarx.google2fa');
|
|
$secret = $google2fa->generateSecretKey();
|
|
|
|
// Generate QR code URL
|
|
$qrCodeUrl = $google2fa->getQRCodeUrl(
|
|
config('app.name'),
|
|
$user->email,
|
|
$secret
|
|
);
|
|
|
|
// Store secret temporarily (not enabled until confirmed)
|
|
session(['2fa_secret' => $secret]);
|
|
|
|
return response()->json([
|
|
'secret' => $secret,
|
|
'qr_code_url' => $qrCodeUrl,
|
|
]);
|
|
}
|
|
|
|
public function confirm(Request $request)
|
|
{
|
|
$validator = Validator::make($request->all(), [
|
|
'code' => ['required', 'string', 'size:6'],
|
|
]);
|
|
|
|
if ($validator->fails()) {
|
|
return response()->json(['errors' => $validator->errors()], 422);
|
|
}
|
|
|
|
$user = $request->user();
|
|
$secret = session('2fa_secret');
|
|
|
|
if (!$secret) {
|
|
return response()->json([
|
|
'message' => __('auth.2fa_session_expired'),
|
|
], 400);
|
|
}
|
|
|
|
$google2fa = app('pragmarx.google2fa');
|
|
|
|
if (!$google2fa->verifyKey($secret, $request->code)) {
|
|
return response()->json([
|
|
'message' => __('auth.2fa_invalid'),
|
|
], 401);
|
|
}
|
|
|
|
// Enable 2FA
|
|
$recoveryCodes = $user->generateRecoveryCodes();
|
|
$user->setTwoFactorSecret($secret);
|
|
$user->two_factor_recovery_codes = $recoveryCodes;
|
|
$user->two_factor_enabled = true;
|
|
$user->save();
|
|
|
|
session()->forget('2fa_secret');
|
|
|
|
return response()->json([
|
|
'message' => __('auth.2fa_enabled'),
|
|
'recovery_codes' => $recoveryCodes,
|
|
]);
|
|
}
|
|
|
|
public function disable(Request $request)
|
|
{
|
|
$validator = Validator::make($request->all(), [
|
|
'password' => ['required', 'string'],
|
|
'code' => ['nullable', 'string'],
|
|
]);
|
|
|
|
if ($validator->fails()) {
|
|
return response()->json(['errors' => $validator->errors()], 422);
|
|
}
|
|
|
|
$user = $request->user();
|
|
|
|
// Verify password
|
|
if (!\Hash::check($request->password, $user->password)) {
|
|
return response()->json([
|
|
'message' => __('auth.password_incorrect'),
|
|
], 401);
|
|
}
|
|
|
|
// If 2FA is enabled, verify the code
|
|
if ($user->isTwoFactorEnabled() && $request->code) {
|
|
$google2fa = app('pragmarx.google2fa');
|
|
$secret = $user->getTwoFactorSecret();
|
|
|
|
if (!$google2fa->verifyKey($secret, $request->code)) {
|
|
return response()->json([
|
|
'message' => __('auth.2fa_invalid'),
|
|
], 401);
|
|
}
|
|
}
|
|
|
|
// Disable 2FA
|
|
$user->two_factor_secret = null;
|
|
$user->two_factor_recovery_codes = null;
|
|
$user->two_factor_enabled = false;
|
|
$user->save();
|
|
|
|
return response()->json([
|
|
'message' => __('auth.2fa_disabled'),
|
|
]);
|
|
}
|
|
|
|
public function regenerateRecoveryCodes(Request $request)
|
|
{
|
|
$user = $request->user();
|
|
|
|
if (!$user->isTwoFactorEnabled()) {
|
|
return response()->json([
|
|
'message' => __('auth.2fa_not_enabled'),
|
|
], 400);
|
|
}
|
|
|
|
$recoveryCodes = $user->generateRecoveryCodes();
|
|
$user->two_factor_recovery_codes = $recoveryCodes;
|
|
$user->save();
|
|
|
|
return response()->json([
|
|
'message' => __('auth.recovery_codes_regenerated'),
|
|
'recovery_codes' => $recoveryCodes,
|
|
]);
|
|
}
|
|
}
|