Merge pull request #1030 from owlchester/security-2fa-livewire

Security: 2fa migrated to livewire

Author: ilestis

app/Http/Controllers/PasswordSecurityController.php

@@ -2,7 +2,6 @@
 
 namespace App\Http\Controllers;
 
-use App\Http\Requests\Settings\UserEnableTfa;
 use App\Models\PasswordSecurity;
 use App\Models\User;
 use Illuminate\Http\Request;
@@ -40,47 +39,6 @@ public function generate2faSecretCode(Request $request)
         return redirect()->route('settings.account')->with('success', __('settings.account.2fa.success_key'));
     }
 
-    /*
-    * Enables 2fa for the current user.
-    */
-    public function enable2fa(UserEnableTfa $request)
-    {
-        /** @var User $user */
-        $user = $request->user();
-
-        // Enable OTP if the Authenticator code matches secret
-        $otp = new Google2FA;
-        $secret = $request->input('otp');
-        $valid = $otp->verifyKey($user->passwordSecurity->google2fa_secret, $secret);
-
-        // If OTP code is valid enable OTP
-        if ($valid) {
-            $user->passwordSecurity->update(['google2fa_enable' => 1]);
-            // 2FA is enabled, log out the user and ask them to set up.
-            auth()->logout();
-            session()->flush();
-
-            return redirect()->route('login')->with('success', __('settings.account.2fa.success_enable'));
-        }
-
-        return redirect()->route('settings.account')->with('error', __('settings.account.2fa.error_enable'));
-    }
-
-    /*
-    * Disables 2fa for the current user.
-    */
-    public function disable2fa(Request $request)
-    {
-        /** @var User $user */
-        $user = $request->user();
-
-        // Update disabling OTP
-        $user->passwordSecurity->google2fa_enable = 0;
-        $user->passwordSecurity->save();
-
-        return redirect()->route('settings.account')->with('success', __('settings.account.2fa.success_disable'));
-    }
-
     /*
     * Aborts login of user with 2fa enabled.
     */

app/Http/Requests/Settings/UserEnableTfa.php

@@ -0,0 +1,95 @@
+<?php
+
+namespace App\Livewire\Users;
+
+use App\Models\PasswordSecurity;
+use App\Models\User;
+use Livewire\Attributes\Validate;
+use Livewire\Component;
+use PragmaRX\Google2FA\Google2FA;
+
+class Otp extends Component
+{
+    public $duplicates;
+
+    public bool $clickedBefore = false;
+
+    protected $listeners = ['refreshTable' => '$refresh']; // Listen for table refresh event
+
+    #[Validate('required|numeric')]
+    public string $otp = '';
+
+    /*
+    * Generates secret code for 2fa
+    */
+    public function generate2faSecretCode()
+    {
+        /** @var User $user */
+        $user = auth()->user();
+
+        $otp = new Google2FA;
+
+        // Generate a new Google2FA code for User
+        PasswordSecurity::create([
+            'user_id' => $user->id,
+            'google2fa_enable' => 0,
+            'google2fa_secret' => $otp->generateSecretKey(),
+        ]);
+        $this->dispatch('refreshTable');
+    }
+
+    /*
+    * Enables 2fa for the current user.
+    */
+    public function enable2fa()
+    {
+        $this->validate();
+
+        /** @var User $user */
+        $user = auth()->user();
+
+        // Enable OTP if the Authenticator code matches secret
+        $otpModel = new Google2FA;
+        $valid = $otpModel->verifyKey($user->passwordSecurity->google2fa_secret, $this->otp);
+
+        // If OTP code is valid enable OTP
+        if ($valid) {
+            $user->passwordSecurity->update(['google2fa_enable' => 1]);
+            // 2FA is enabled, log out the user and ask them to set up.
+            auth()->logout();
+            session()->flush();
+
+            $this->redirectRoute('login', ['success' => __('settings.account.2fa.success_enable')]);
+        }
+        session()->flash('otp-error', __('settings.account.2fa.error_enable'));
+
+    }
+
+    /*
+    * Disables 2fa for the current user.
+    */
+    public function disable2fa()
+    {
+        if ($this->clickedBefore) {
+            /** @var User $user */
+            $user = auth()->user();
+
+            // Update disabling OTP
+            $user->passwordSecurity->google2fa_enable = 0;
+            $user->passwordSecurity->save();
+            session()->flash('disable-success', __('settings.account.2fa.success_disable'));
+        } else {
+            $this->clickedBefore = true;
+        }
+
+    }
+
+    public function render()
+    {
+
+        /** @var User $user */
+        $user = auth()->user();
+
+        return view('livewire.users.otp', ['user' => $user]);
+    }
+}

app/Livewire/Users/Otp.php

@@ -4,8 +4,9 @@
     'account'       => [
         '2fa'               => [
             'actions'               => [
-                'disable'   => 'Disable two-factor authentication',
-                'finish'    => 'Finish setup and log in',
+                'disable'         => 'Disable two-factor authentication',
+                'disable-confirm' => 'Click again to confirm',
+                'finish'          => 'Finish setup and log in',
             ],
             'activation_helper'     => 'To finish setting up your account\'s two-factor authentication, please follow these instructions.',
             'disable'               => [

lang/en/settings.php

@@ -0,0 +1,67 @@
+<div>
+<x-box class="mb-12 rounded-2xl">
+    <x-slot name="title">
+        {{ __('settings.account.2fa.title') }}
+    </x-slot>
+
+    @if (session()->has('disable-success'))
+        <span class="text-green-600">
+            {{ session('disable-success') }}
+        </span>
+    @endif
+
+    @if ($user->passwordSecurity?->google2fa_enable)
+        <p class="hep-block">{{ __('settings.account.2fa.enabled') }}</p>
+
+        <div class="text-right">
+            <button wire:click="disable2fa" class="btn2 btn-error"> @if ($clickedBefore) {{ __('settings.account.2fa.actions.disable-confirm') }} @else {{ __('settings.account.2fa.actions.disable') }} @endif  </button>
+        </div>
+    @else
+        @if(auth()->user()->isSocialLogin())
+                <p>{{ __('settings.account.2fa.social') }}</p>
+        @elseif(empty($user->passwordSecurity))
+                <p>
+                    {{ __('settings.account.2fa.helper') }} <a href="https://docs.kanka.io/en/latest/account/security/two-factor-authentication.html">{{ __('settings.account.2fa.learn_more') }}</a>
+                </p>
+
+                <p>{!! __('settings.account.2fa.enable_instructions', [
+                    'android' => '<a target="_blank" href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2">Android</a>',
+                    'ios' => '<a target="_blank" href="https://apps.apple.com/us/app/google-authenticator/id388497605">iOS</a>',
+                ]) !!}</p>
+
+                <div class="text-right">
+                    <button wire:click="generate2faSecretCode" class="btn2 btn-primary"> {{ __('settings.account.2fa.generate_qr') }} </button>
+                </div>
+        @elseif(!$user->passwordSecurity->google2fa_enable)
+                <div>
+                    <x-grid type="1/1">
+                        <p>{{ __('settings.account.2fa.activation_helper') }}</p>
+
+                        <x-forms.field field="qr-code" required :label="__('settings.account.2fa.fields.qrcode')">
+                            {!! $user->passwordSecurity->getGoogleQR() !!}
+                        </x-forms.field>
+                    </x-grid>
+                    <div class="flex flex-wrap gap-2 justify-between items-end">
+                        <div class="field field-name">
+                            <label>{{__('settings.account.2fa.fields.otp')}}</label>
+
+                            <input type="password" wire:model="otp" name="otp" maxlength="12" class="input rounded text-dark  w-full p-2" />
+                            <div>
+                                @error('otp') <span class="text-error">{{ $message }}</span> @enderror
+                            </div>
+                            @if (session()->has('otp-error'))
+                                <span class="text-error">
+                                    {{ session('otp-error') }}
+                                </span>
+                            @endif
+                        </div>
+                        <div class="text-right">
+                            <button wire:click="enable2fa" class="btn2 btn-primary"> {{ __('settings.account.2fa.actions.finish') }} </button>
+                        </div>
+                    </div>
+                </div>
+       @endif
+  @endif
+</x-box>
+</div>
+

resources/views/livewire/users/otp.blade.php

@@ -53,8 +53,9 @@
             </div>
         </div>
     </x-box>
-
-    @includeWhen(config('google2fa.enabled'), 'settings._tfa')
+    @if (config('google2fa.enabled'))
+        @livewire('users.otp')
+    @endif
 
     <x-box class="border-error border rounded-2xl">
         <x-slot name="title">

resources/views/settings/account.blade.php

@@ -136,14 +136,6 @@
 Route::post('/security/generate2faSecret', [PasswordSecurityController::class, 'generate2faSecretCode'])
     ->name('settings.security.generate-2fa');
 
-// Enable 2FA for User
-Route::post('/security/enable2fa', [PasswordSecurityController::class, 'enable2fa'])
-    ->name('settings.security.enable-2fa');
-
-// Disable 2FA for User
-Route::post('/security/disable2fa', [PasswordSecurityController::class, 'disable2fa'])
-    ->name('settings.security.disable-2fa');
-
 // Verify 2FA if User has it enabled
 Route::post('/security/verify2fa', function () {
     return redirect()->route('home');