-
Notifications
You must be signed in to change notification settings - Fork 806
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[2.x] Confirm 2FA when enabling (#992)
* Confirm 2FA in Livewire * Bump fortify * formatting * inertia support * user profile tests * refactoring * fix spacing Co-authored-by: Taylor Otwell <[email protected]>
- Loading branch information
1 parent
709cffa
commit de8020c
Showing
8 changed files
with
395 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
83 changes: 83 additions & 0 deletions
83
src/Http/Controllers/Inertia/Concerns/ConfirmsTwoFactorAuthentication.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,83 @@ | ||
<?php | ||
|
||
namespace Laravel\Jetstream\Http\Controllers\Inertia\Concerns; | ||
|
||
use Illuminate\Http\Request; | ||
use Illuminate\Support\Facades\Auth; | ||
use Laravel\Fortify\Actions\DisableTwoFactorAuthentication; | ||
use Laravel\Fortify\Features; | ||
|
||
trait ConfirmsTwoFactorAuthentication | ||
{ | ||
/** | ||
* Validate the two factor authentication state for the request. | ||
* | ||
* @param \Illuminate\Http\Request | ||
* @return void | ||
*/ | ||
protected function validateTwoFactorAuthenticationState(Request $request) | ||
{ | ||
if (! Features::optionEnabled(Features::twoFactorAuthentication(), 'confirm')) { | ||
return; | ||
} | ||
|
||
$currentTime = time(); | ||
|
||
// Notate totally disabled state in session... | ||
if ($this->twoFactorAuthenticationDisabled($request)) { | ||
$request->session()->put('two_factor_empty_at', $currentTime); | ||
} | ||
|
||
// If was previously totally disabled this session but is now confirming, notate time... | ||
if ($this->hasJustBegunConfirmingTwoFactorAuthentication($request)) { | ||
$request->session()->put('two_factor_confirming_at', $currentTime); | ||
} | ||
|
||
// If the profile is reloaded and is not confirmed but was previously in confirming state, disable... | ||
if ($this->neverFinishedConfirmingTwoFactorAuthentication($request, $currentTime)) { | ||
app(DisableTwoFactorAuthentication::class)(Auth::user()); | ||
|
||
$request->session()->put('two_factor_empty_at', $currentTime); | ||
$request->session()->remove('two_factor_confirming_at'); | ||
} | ||
} | ||
|
||
/** | ||
* Determine if two factor authenticatoin is totally disabled. | ||
* | ||
* @param \Illuminate\Http\Request $request | ||
* @return bool | ||
*/ | ||
protected function twoFactorAuthenticationDisabled(Request $request) | ||
{ | ||
return is_null($request->user()->two_factor_secret) && | ||
is_null($request->user()->two_factor_confirmed_at); | ||
} | ||
|
||
/** | ||
* Determine if two factor authentication is just now being confirmed within the last request cycle. | ||
* | ||
* @param \Illuminate\Http\Request $request | ||
* @return bool | ||
*/ | ||
protected function hasJustBegunConfirmingTwoFactorAuthentication(Request $request) | ||
{ | ||
return ! is_null($request->user()->two_factor_secret) && | ||
is_null($request->user()->two_factor_confirmed_at) && | ||
$request->session()->has('two_factor_empty_at') && | ||
is_null($request->session()->get('two_factor_confirming_at')); | ||
} | ||
|
||
/** | ||
* Determine if two factor authentication was never totally confirmed once confirmation started. | ||
* | ||
* @param \Illuminate\Http\Request $request | ||
* @param int $currentTime | ||
* @return bool | ||
*/ | ||
protected function neverFinishedConfirmingTwoFactorAuthentication(Request $request, $currentTime) | ||
{ | ||
return is_null($request->user()->two_factor_confirmed_at) && | ||
$request->session()->get('two_factor_confirming_at', 0) != $currentTime; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.