Adding more refactor

tnylea · tnylea · commit d6ae0069b92c · 2025-04-21T16:46:51.000-04:00
diff --git a/app/Http/Controllers/Settings/TwoFactorAuthController.php b/app/Http/Controllers/Settings/TwoFactorAuthController.php
@@ -20,30 +20,40 @@ class TwoFactorAuthController extends Controller
      * @param  \Illuminate\Http\Request  $request
      * @return \Inertia\Response
      */
-    public function edit(Request $request)
+    public function show(Request $request)
     {
+        $user = $request->user();
+        $confirmed = !is_null($user->two_factor_confirmed_at);
+        
         return Inertia::render('settings/two-factor', [
-            'confirmed' => !is_null($request->user()->two_factor_confirmed_at),
-            'recoveryCodes' => $this->getRecoveryCodes($request->user()),
+            'confirmed' => $confirmed,
+            'recoveryCodes' => $this->getRecoveryCodes($user),
         ]);
     }
 
     /**
      * Enable two factor authentication for the user.
      *
      * @param  \Illuminate\Http\Request  $request
-     * @return \Illuminate\Http\RedirectResponse
+     * @return \Illuminate\Http\JsonResponse
      */
     public function enable(Request $request)
     {
         [$qrCode, $secret] = app(GenerateQrCodeAndSecretKey::class)($request->user());
         
+        $recoveryCodes = $this->generateRecoveryCodes($request->user());
+        
         $request->user()->forceFill([
             'two_factor_secret' => encrypt($secret),
-            'two_factor_recovery_codes' => encrypt(json_encode($this->generateRecoveryCodes($request->user())))
+            'two_factor_recovery_codes' => encrypt(json_encode($recoveryCodes))
         ])->save();
 
-        return back()->with('status', 'two-factor-authentication-enabled');
+        return response()->json([
+            'status' => 'two-factor-authentication-enabled',
+            'svg' => $qrCode,
+            'secret' => $secret,
+            'recovery_codes' => $recoveryCodes
+        ]);
     }
     
     /**
@@ -98,45 +108,6 @@ public function confirm(Request $request)
         return back()->withErrors(['code' => 'The provided two-factor authentication code was invalid.']);
     }
 
-    /**
-     * Get the QR code SVG for the user's two factor authentication.
-     *
-     * @param  \Illuminate\Http\Request  $request
-     * @return \Illuminate\Http\Response
-     */
-    public function qrCode(Request $request)
-    {
-        if (empty($request->user()->two_factor_secret)) {
-            return response('', 404);
-        }
-        
-        // Get the existing secret key instead of generating a new one
-        $secret = decrypt($request->user()->two_factor_secret);
-        
-        // Generate QR code based on the existing secret
-        $google2fa = new \PragmaRX\Google2FA\Google2FA();
-        $companyName = config('app.name', 'Laravel');
-        
-        $g2faUrl = $google2fa->getQRCodeUrl(
-            $companyName,
-            $request->user()->email,
-            $secret
-        );
-        
-        $writer = new \BaconQrCode\Writer(
-            new \BaconQrCode\Renderer\ImageRenderer(
-                new \BaconQrCode\Renderer\RendererStyle\RendererStyle(400),
-                new \BaconQrCode\Renderer\Image\SvgImageBackEnd()
-            )
-        );
-        
-        $qrCode = base64_encode($writer->writeString($g2faUrl));
-        
-        return response()->json([
-            'svg' => $qrCode,
-            'secret' => $secret
-        ]);
-    }
 
     /**
      * Get the recovery codes for the user.
@@ -177,7 +148,7 @@ private function getRecoveryCodes($user)
      * Generate new recovery codes for the user.
      *
      * @param  \Illuminate\Http\Request  $request
-     * @return \Illuminate\Http\RedirectResponse
+     * @return \Illuminate\Http\Response
      */
     public function regenerateRecoveryCodes(Request $request)
     {
@@ -187,6 +158,14 @@ public function regenerateRecoveryCodes(Request $request)
             'two_factor_recovery_codes' => encrypt(json_encode($codes))
         ])->save();
 
+        // Check if this is an AJAX request
+        if ($request->wantsJson() || $request->ajax()) {
+            return response()->json([
+                'status' => 'recovery-codes-generated',
+                'recovery_codes' => $codes
+            ]);
+        }
+        
         return back()->with('status', 'recovery-codes-generated');
     }
 }
diff --git a/resources/js/pages/settings/two-factor.tsx b/resources/js/pages/settings/two-factor.tsx
@@ -1,5 +1,6 @@
 import { useState, useEffect } from 'react';
 import { Head, useForm } from '@inertiajs/react';
+import axios from 'axios';
 import AppLayout from '@/layouts/app-layout';
 import SettingsLayout from '@/layouts/settings/layout';
 import HeadingSmall from '@/components/heading-small';
@@ -59,12 +60,17 @@ export default function TwoFactor({ confirmed: initialConfirmed, recoveryCodes }
         }
     };
 
-    const fetchRecoveryCodes = async () => {
-        const response = await fetch(route('two-factor.recovery-codes'));
-        const data = await response.json();
-        setRecoveryCodesList(data.recoveryCodes);
+    // Use recovery codes that are already in the props
+    const showRecoveryCodes = () => {
         setShowingRecoveryCodes(true);
     };
+    
+    // Only fetch new recovery codes when needed (after confirmation)
+    const fetchRecoveryCodes = async () => {
+        // After confirming 2FA, we need to get the latest recovery codes
+        // The codes are already included in the props, so we just need to show them
+        showRecoveryCodes();
+    };
 
     const verifyTwoFactorCode = () => {
         if (!data.code || data.code.length !== 6) {
@@ -84,7 +90,7 @@ export default function TwoFactor({ confirmed: initialConfirmed, recoveryCodes }
                 setShowModal(false);
                 setVerifyStep(false);
                 reset();
-                fetchRecoveryCodes();
+                showRecoveryCodes();
             },
             onError: (errors) => {
                 if (errors.code) {
@@ -100,12 +106,27 @@ export default function TwoFactor({ confirmed: initialConfirmed, recoveryCodes }
         setTimeout(() => setCopied(false), 1500);
     };
 
+    interface RecoveryCodesResponse {
+        status: string;
+        recovery_codes: string[];
+    }
+
     const regenerateRecoveryCodes = () => {
-        post(route('two-factor.regenerate-recovery-codes'), {
-            preserveScroll: true,
-            onSuccess: () => {
-                fetchRecoveryCodes();
-            },
+        // Use Axios directly which will handle CSRF tokens automatically
+        // Laravel sets up Axios with CSRF protection in resources/js/bootstrap.js
+        axios.post<RecoveryCodesResponse>(route('two-factor.regenerate-recovery-codes'), {}, {
+            headers: {
+                'X-Requested-With': 'XMLHttpRequest',
+                'Accept': 'application/json'
+            }
+        })
+        .then((response) => {
+            if (response.data && response.data.recovery_codes) {
+                setRecoveryCodesList(response.data.recovery_codes);
+            }
+        })
+        .catch((error) => {
+            console.error('Error regenerating recovery codes:', error);
         });
     };
 
diff --git a/routes/settings.php b/routes/settings.php
@@ -16,13 +16,11 @@
     Route::get('settings/password', [PasswordController::class, 'edit'])->name('password.edit');
     Route::put('settings/password', [PasswordController::class, 'update'])->name('password.update');
 
-    Route::get('settings/two-factor', [TwoFactorAuthController::class, 'edit'])->name('two-factor.edit');
+    Route::get('settings/two-factor', [TwoFactorAuthController::class, 'show'])->name('two-factor.show');
     Route::post('settings/two-factor', [TwoFactorAuthController::class, 'enable'])->name('two-factor.enable');
     Route::post('settings/two-factor/confirm', [TwoFactorAuthController::class, 'confirm'])->name('two-factor.confirm');
-    Route::delete('settings/two-factor', [TwoFactorAuthController::class, 'disable'])->name('two-factor.disable');
-    Route::get('settings/two-factor/qr-code', [TwoFactorAuthController::class, 'qrCode'])->name('two-factor.qr-code');
-    Route::get('settings/two-factor/recovery-codes', [TwoFactorAuthController::class, 'recoveryCodes'])->name('two-factor.recovery-codes');
     Route::post('settings/two-factor/recovery-codes', [TwoFactorAuthController::class, 'regenerateRecoveryCodes'])->name('two-factor.regenerate-recovery-codes');
+    Route::delete('settings/two-factor', [TwoFactorAuthController::class, 'disable'])->name('two-factor.disable');
 
     Route::get('settings/appearance', function () {
         return Inertia::render('settings/appearance');
diff --git a/tests/Feature/Auth/TwoFactorAuthTest.php b/tests/Feature/Auth/TwoFactorAuthTest.php
@@ -44,7 +44,17 @@ public function test_can_enable_two_factor_authentication()
 
         // Simulate enabling 2FA via POST
         $response = $this->post('/settings/two-factor');
-        $response->assertRedirect(); // Should redirect after enabling
+        
+        // Assert JSON response with expected structure
+        $response->assertStatus(200)
+                 ->assertJson([
+                     'status' => 'two-factor-authentication-enabled'
+                 ])
+                 ->assertJsonStructure([
+                     'svg',
+                     'secret',
+                     'recovery_codes'
+                 ]);
 
         $user->refresh();
         $this->assertNotNull($user->two_factor_secret);
