invoiceninja/app/Http/Controllers/TwoFactorController.php

<?php
/**
 * Invoice Ninja (https://invoiceninja.com).
 *
 * @link https://github.com/invoiceninja/invoiceninja source repository
 *
 * @copyright Copyright (c) 2023. Invoice Ninja LLC (https://invoiceninja.com)
 *
 * @license https://www.elastic.co/licensing/elastic-license
 */

namespace App\Http\Controllers;

use App\Http\Requests\TwoFactor\EnableTwoFactorRequest;
use App\Models\User;
use App\Transformers\UserTransformer;
use App\Utils\Ninja;
use PragmaRX\Google2FA\Google2FA;

class TwoFactorController extends BaseController
{
    protected $entity_type = User::class;

    protected $entity_transformer = UserTransformer::class;

    public function setupTwoFactor()
    {
        /** @var \App\Models\User $user */
        $user = auth()->user();

        if ($user->google_2fa_secret) {
            return response()->json(['message' => '2FA already enabled'], 400);
        } elseif(Ninja::isSelfHost()) {

        } elseif (! $user->phone) {
            return response()->json(['message' => ctrans('texts.set_phone_for_two_factor')], 400);
        } elseif (! $user->isVerified()) {
            return response()->json(['message' => 'Please confirm your account first'], 400);
        }

        $google2fa = new Google2FA();
        $secret = $google2fa->generateSecretKey();

        $qr_code = $google2fa->getQRCodeUrl(
            config('ninja.app_name'),
            $user->email,
            $secret
        );

        $data = [
            'secret' => $secret,
            'qrCode' => $qr_code,
        ];

        return response()->json(['data' => $data], 200);
    }

    public function enableTwoFactor(EnableTwoFactorRequest $request)
    {
        $google2fa = new Google2FA();

        $user = auth()->user();
        $secret = $request->input('secret');
        $oneTimePassword = $request->input('one_time_password');

        if ($google2fa->verifyKey($secret, $oneTimePassword) && $user->phone && $user->email_verified_at) {
            $user->google_2fa_secret = encrypt($secret);
            $user->save();

            return response()->json(['message' => ctrans('texts.enabled_two_factor')], 200);
        } elseif (! $secret || ! $google2fa->verifyKey($secret, $oneTimePassword)) {
            return response()->json(['message' => ctrans('texts.invalid_one_time_password')], 400);
        }

        return response()->json(['message' => 'No phone record or user is not confirmed'], 400);
    }

    /*
    * @param App\Models\User $user
    * @param App\Models\User auth()->user()
    */

    public function disableTwoFactor()
    {
        $user = auth()->user();
        $user->google_2fa_secret = null;
        $user->save();

        return $this->itemResponse($user);
    }
}
Working on 2FA 2021-02-20 01:45:20 +01:00			`<?php`
			`/**`
			`* Invoice Ninja (https://invoiceninja.com).`
			`*`
			`* @link https://github.com/invoiceninja/invoiceninja source repository`
			`*`
Update copyright year 2023-01-28 23:21:40 +01:00			`* @copyright Copyright (c) 2023. Invoice Ninja LLC (https://invoiceninja.com)`
Working on 2FA 2021-02-20 01:45:20 +01:00			`*`
Update license in codebase 2021-06-16 08:58:16 +02:00			`* @license https://www.elastic.co/licensing/elastic-license`
Working on 2FA 2021-02-20 01:45:20 +01:00			`*/`

			`namespace App\Http\Controllers;`

php cs fixes 2023-10-26 04:57:44 +02:00			`use App\Http\Requests\TwoFactor\EnableTwoFactorRequest;`
Fixes for Two Factor 2021-06-23 06:55:12 +02:00			`use App\Models\User;`
php cs fixes 2023-10-26 04:57:44 +02:00			`use App\Transformers\UserTransformer;`
Do no force self hosters to enter a phone number to enable 2FA 2023-05-30 23:51:48 +02:00			`use App\Utils\Ninja;`
Fixes for Two Factor 2021-06-23 06:55:12 +02:00			`use PragmaRX\Google2FA\Google2FA;`
Working on 2FA 2021-02-20 01:45:20 +01:00
			`class TwoFactorController extends BaseController`
			`{`
Fixes for Two Factor 2021-06-23 06:55:12 +02:00			`protected $entity_type = User::class;`

			`protected $entity_transformer = UserTransformer::class;`
Apply Laravel coding style Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions. You may customize the code style applied by adding a [PHP CS Fixer][1] or [PHP CodeSniffer][2] ruleset to your project root. Feel free to use [Shift's Laravel ruleset][3] to help you get started. For more information on customizing the code style applied by Shift, [watch this short video][4]. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://github.com/squizlabs/PHP_CodeSniffer [3]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 [4]: https://laravelshift.com/videos/shift-code-style 2022-06-21 11:57:17 +02:00
Working on 2FA 2021-02-20 01:45:20 +01:00			`public function setupTwoFactor()`
			`{`
Do no force self hosters to enter a phone number to enable 2FA 2023-05-30 23:51:48 +02:00			`/** @var \App\Models\User $user */`
Working on 2FA 2021-02-20 01:45:20 +01:00			`$user = auth()->user();`

Apply Laravel coding style Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions. You may customize the code style applied by adding a [PHP CS Fixer][1] or [PHP CodeSniffer][2] ruleset to your project root. Feel free to use [Shift's Laravel ruleset][3] to help you get started. For more information on customizing the code style applied by Shift, [watch this short video][4]. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://github.com/squizlabs/PHP_CodeSniffer [3]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 [4]: https://laravelshift.com/videos/shift-code-style 2022-06-21 11:57:17 +02:00			`if ($user->google_2fa_secret) {`
Working on 2FA 2021-02-20 01:45:20 +01:00			`return response()->json(['message' => '2FA already enabled'], 400);`
php cs fixes 2023-10-26 04:57:44 +02:00			`} elseif(Ninja::isSelfHost()) {`
Do no force self hosters to enter a phone number to enable 2FA 2023-05-30 23:51:48 +02:00
php cs fixes 2023-10-26 04:57:44 +02:00			`} elseif (! $user->phone) {`
Working on 2FA 2021-02-20 01:45:20 +01:00			`return response()->json(['message' => ctrans('texts.set_phone_for_two_factor')], 400);`
Apply Laravel coding style Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions. You may customize the code style applied by adding a [PHP CS Fixer][1] or [PHP CodeSniffer][2] ruleset to your project root. Feel free to use [Shift's Laravel ruleset][3] to help you get started. For more information on customizing the code style applied by Shift, [watch this short video][4]. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://github.com/squizlabs/PHP_CodeSniffer [3]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 [4]: https://laravelshift.com/videos/shift-code-style 2022-06-21 11:57:17 +02:00			`} elseif (! $user->isVerified()) {`
Working on 2FA 2021-02-20 01:45:20 +01:00			`return response()->json(['message' => 'Please confirm your account first'], 400);`
Apply Laravel coding style Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions. You may customize the code style applied by adding a [PHP CS Fixer][1] or [PHP CodeSniffer][2] ruleset to your project root. Feel free to use [Shift's Laravel ruleset][3] to help you get started. For more information on customizing the code style applied by Shift, [watch this short video][4]. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://github.com/squizlabs/PHP_CodeSniffer [3]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 [4]: https://laravelshift.com/videos/shift-code-style 2022-06-21 11:57:17 +02:00			`}`
Working on 2FA 2021-02-20 01:45:20 +01:00
			`$google2fa = new Google2FA();`
			`$secret = $google2fa->generateSecretKey();`
Apply Laravel coding style Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions. You may customize the code style applied by adding a [PHP CS Fixer][1] or [PHP CodeSniffer][2] ruleset to your project root. Feel free to use [Shift's Laravel ruleset][3] to help you get started. For more information on customizing the code style applied by Shift, [watch this short video][4]. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://github.com/squizlabs/PHP_CodeSniffer [3]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 [4]: https://laravelshift.com/videos/shift-code-style 2022-06-21 11:57:17 +02:00
Minor fix for 2fa method name 2021-03-08 21:46:30 +01:00			`$qr_code = $google2fa->getQRCodeUrl(`
Bug fix for TwoFactorController 2021-02-24 00:00:51 +01:00			`config('ninja.app_name'),`
Working on 2FA 2021-02-20 01:45:20 +01:00			`$user->email,`
			`$secret`
			`);`

			`$data = [`
			`'secret' => $secret,`
Fixes for qr code" 2021-03-09 11:53:25 +01:00			`'qrCode' => $qr_code,`
Working on 2FA 2021-02-20 01:45:20 +01:00			`];`

			`return response()->json(['data' => $data], 200);`
			`}`

Add form request for enable two factor 2022-12-01 05:33:40 +01:00			`public function enableTwoFactor(EnableTwoFactorRequest $request)`
Working on 2FA 2021-02-20 01:45:20 +01:00			`{`
Fixes for 2FA 2021-03-14 22:40:07 +01:00			`$google2fa = new Google2FA();`

Working on 2FA 2021-02-20 01:45:20 +01:00			`$user = auth()->user();`
Add form request for enable two factor 2022-12-01 05:33:40 +01:00			`$secret = $request->input('secret');`
			`$oneTimePassword = $request->input('one_time_password');`
Working on 2FA 2021-02-20 01:45:20 +01:00
Apply Laravel coding style Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions. You may customize the code style applied by adding a [PHP CS Fixer][1] or [PHP CodeSniffer][2] ruleset to your project root. Feel free to use [Shift's Laravel ruleset][3] to help you get started. For more information on customizing the code style applied by Shift, [watch this short video][4]. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://github.com/squizlabs/PHP_CodeSniffer [3]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 [4]: https://laravelshift.com/videos/shift-code-style 2022-06-21 11:57:17 +02:00			`if ($google2fa->verifyKey($secret, $oneTimePassword) && $user->phone && $user->email_verified_at) {`
Working on 2FA 2021-02-20 01:45:20 +01:00			`$user->google_2fa_secret = encrypt($secret);`
			`$user->save();`
Fixes for 2FA 2021-03-15 23:33:55 +01:00
Apply Laravel coding style Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions. You may customize the code style applied by adding a [PHP CS Fixer][1] or [PHP CodeSniffer][2] ruleset to your project root. Feel free to use [Shift's Laravel ruleset][3] to help you get started. For more information on customizing the code style applied by Shift, [watch this short video][4]. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://github.com/squizlabs/PHP_CodeSniffer [3]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 [4]: https://laravelshift.com/videos/shift-code-style 2022-06-21 11:57:17 +02:00			`return response()->json(['message' => ctrans('texts.enabled_two_factor')], 200);`
Fixes for 2FA 2021-03-15 23:33:55 +01:00			`} elseif (! $secret \|\| ! $google2fa->verifyKey($secret, $oneTimePassword)) {`
Throw 400's on incorrect 2FA data 2021-03-16 14:40:58 +01:00			`return response()->json(['message' => ctrans('texts.invalid_one_time_password')], 400);`
Apply Laravel coding style Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions. You may customize the code style applied by adding a [PHP CS Fixer][1] or [PHP CodeSniffer][2] ruleset to your project root. Feel free to use [Shift's Laravel ruleset][3] to help you get started. For more information on customizing the code style applied by Shift, [watch this short video][4]. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://github.com/squizlabs/PHP_CodeSniffer [3]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 [4]: https://laravelshift.com/videos/shift-code-style 2022-06-21 11:57:17 +02:00			`}`
Fixes for 2FA 2021-03-15 23:33:55 +01:00
Throw 400's on incorrect 2FA data 2021-03-16 14:40:58 +01:00			`return response()->json(['message' => 'No phone record or user is not confirmed'], 400);`
Working on 2FA 2021-02-20 01:45:20 +01:00			`}`
Apply Laravel coding style Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions. You may customize the code style applied by adding a [PHP CS Fixer][1] or [PHP CodeSniffer][2] ruleset to your project root. Feel free to use [Shift's Laravel ruleset][3] to help you get started. For more information on customizing the code style applied by Shift, [watch this short video][4]. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://github.com/squizlabs/PHP_CodeSniffer [3]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 [4]: https://laravelshift.com/videos/shift-code-style 2022-06-21 11:57:17 +02:00
Add form request for enable two factor 2022-12-01 05:33:40 +01:00			`/*`
			`* @param App\Models\User $user`
			`* @param App\Models\User auth()->user()`
			`*/`

Add specific route for disabling 2FA 2021-06-06 11:21:05 +02:00			`public function disableTwoFactor()`
			`{`
			`$user = auth()->user();`
			`$user->google_2fa_secret = null;`
			`$user->save();`

			`return $this->itemResponse($user);`
			`}`
Working on 2FA 2021-02-20 01:45:20 +01:00			`}`