Adding 2fa initial commit

Author: tnylea

.DS_Store

@@ -0,0 +1,24 @@
+<?php
+
+namespace App\Actions\TwoFactorAuth;
+
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Session;
+
+class CompleteTwoFactorAuthentication
+{
+    /**
+     * Complete the two-factor authentication process.
+     *
+     * @param  mixed  $user The user to authenticate
+     * @return void
+     */
+    public function __invoke($user): void
+    {
+        // Log the user in
+        Auth::login($user);
+
+        // Clear the session that is used to determine if the user can visit the 2fa challenge page
+        Session::forget('login.id');
+    }
+}

app/Actions/TwoFactorAuth/CompleteTwoFactorAuthentication.php

@@ -0,0 +1,21 @@
+<?php
+
+namespace App\Actions\TwoFactorAuth;
+
+class ConfirmTwoFactorAuthentication
+{
+    /**
+     * Confirm two factor authentication for the user.
+     *
+     * @param mixed $user
+     * @return bool
+     */
+    public function __invoke($user)
+    {
+        $user->forceFill([
+            'two_factor_confirmed_at' => now(),
+        ])->save();
+        
+        return true;
+    }
+}

app/Actions/TwoFactorAuth/ConfirmTwoFactorAuthentication.php

@@ -0,0 +1,26 @@
+<?php
+
+namespace App\Actions\TwoFactorAuth;
+
+use App\Models\User;
+
+class DisableTwoFactorAuthentication
+{
+    /**
+     * Disable two factor authentication for the user.
+     *
+     * @return void
+     */
+    public function __invoke($user)
+    {
+        if (! is_null($user->two_factor_secret) ||
+            ! is_null($user->two_factor_recovery_codes) ||
+            ! is_null($user->two_factor_confirmed_at)) {
+            $user->forceFill([
+                'two_factor_secret' => null,
+                'two_factor_recovery_codes' => null,
+                'two_factor_confirmed_at' => null,
+            ])->save();
+        }
+    }
+}

app/Actions/TwoFactorAuth/DisableTwoFactorAuthentication.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace App\Actions\TwoFactorAuth;
+
+use Illuminate\Support\Collection;
+use Illuminate\Support\Str;
+
+class GenerateNewRecoveryCodes
+{
+    /**
+     * Generate new recovery codes for the user.
+     *
+     * @param  mixed  $user
+     * @return void
+     */
+    public function __invoke($user): Collection
+    {
+        return Collection::times(8, function () {
+            return $this->generate();
+        });
+    }
+
+    public function generate()
+    {
+        return Str::random(10).'-'.Str::random(10);
+    }
+}

app/Actions/TwoFactorAuth/GenerateNewRecoveryCodes.php

@@ -0,0 +1,50 @@
+<?php
+
+namespace App\Actions\TwoFactorAuth;
+
+use BaconQrCode\Renderer\Image\SvgImageBackEnd;
+use BaconQrCode\Renderer\ImageRenderer;
+use BaconQrCode\Renderer\RendererStyle\RendererStyle;
+use BaconQrCode\Writer;
+use App\Models\User;
+use PragmaRX\Google2FA\Google2FA;
+
+class GenerateQrCodeAndSecretKey
+{
+    public string $companyName;
+
+    /**
+     * Generate new recovery codes for the user.
+     *
+     * @return array{string, string}
+     */
+    public function __invoke($user): array
+    {
+
+        $google2fa = new Google2FA;
+        $secret_key = $google2fa->generateSecretKey();
+
+        $this->companyName = 'Auth';
+        if (is_string(config('app.name'))) {
+            $this->companyName = config('app.name');
+        }
+
+        $g2faUrl = $google2fa->getQRCodeUrl(
+            $this->companyName,
+            (string) $user->email,
+            $secret_key
+        );
+
+        $writer = new Writer(
+            new ImageRenderer(
+                new RendererStyle(800),
+                new SvgImageBackEnd()
+            )
+        );
+
+        $qrcode_image = base64_encode($writer->writeString($g2faUrl));
+
+        return [$qrcode_image, $secret_key];
+
+    }
+}

app/Actions/TwoFactorAuth/GenerateQrCodeAndSecretKey.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace App\Actions\TwoFactorAuth;
+
+use Illuminate\Support\Facades\Session;
+
+class GetTwoFactorAuthenticatableUser
+{
+    /**
+     * Get the user that is in the process of two-factor authentication.
+     *
+     * @return mixed|null The user model instance or null if not found
+     */
+    public function __invoke()
+    {
+        $userId = Session::get('login.id');
+        
+        if (!$userId) {
+            return null;
+        }
+        
+        // Get the user model from auth config
+        $userModel = app(config('auth.providers.users.model'));
+        
+        return $userModel::find($userId);
+    }
+}

app/Actions/TwoFactorAuth/GetTwoFactorAuthenticatableUser.php

@@ -0,0 +1,34 @@
+<?php
+
+namespace App\Actions\TwoFactorAuth;
+
+class ProcessRecoveryCode
+{
+    /**
+     * Verify a recovery code and remove it from the list if valid.
+     *
+     * @param  array  $recoveryCodes The array of recovery codes
+     * @param  string  $submittedCode The code submitted by the user
+     * @return array|false Returns the updated array of recovery codes if valid, or false if invalid
+     */
+    public function __invoke(array $recoveryCodes, string $submittedCode)
+    {
+        // Clean the submitted code
+        $submittedCode = trim($submittedCode);
+        
+        // If the user has entered multiple codes, only validate the first one
+        $submittedCode = explode(" ", $submittedCode)[0];
+        
+        // Check if the code is valid
+        if (!in_array($submittedCode, $recoveryCodes)) {
+            return false;
+        }
+        
+        // Remove the used recovery code from the list
+        $updatedCodes = array_values(array_filter($recoveryCodes, function($code) use ($submittedCode) {
+            return $code !== $submittedCode;
+        }));
+        
+        return $updatedCodes;
+    }
+}

app/Actions/TwoFactorAuth/ProcessRecoveryCode.php

@@ -0,0 +1,21 @@
+<?php
+
+namespace App\Actions\TwoFactorAuth;
+
+use PragmaRX\Google2FA\Google2FA;
+
+class VerifyTwoFactorCode
+{
+    /**
+     * Verify a two-factor authentication code.
+     *
+     * @param  string  $secret The decrypted secret key
+     * @param  string  $code The code to verify
+     * @return bool
+     */
+    public function __invoke(string $secret, string $code): bool
+    {
+        $google2fa = new Google2FA();
+        return $google2fa->verifyKey($secret, $code);
+    }
+}

app/Actions/TwoFactorAuth/VerifyTwoFactorCode.php

@@ -0,0 +1,84 @@
+<?php
+
+namespace App\Http\Controllers\Auth;
+
+use App\Http\Controllers\Controller;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Inertia\Inertia;
+use Laravel\Fortify\Actions\ConfirmTwoFactorAuthentication;
+use Laravel\Fortify\Actions\DisableTwoFactorAuthentication;
+use Laravel\Fortify\Actions\EnableTwoFactorAuthentication;
+use Laravel\Fortify\Actions\GenerateNewRecoveryCodes;
+use Laravel\Fortify\Features;
+
+class TwoFactorAuthenticatedSessionController extends Controller
+{
+    /**
+     * Display the two factor authentication challenge view.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Inertia\Response
+     */
+    public function create(Request $request)
+    {
+        if (! $request->session()->has('auth.two_factor_user_id')) {
+            return redirect()->route('login');
+        }
+
+        return Inertia::render('auth/two-factor-challenge');
+    }
+
+    /**
+     * Attempt to authenticate a new session using the two factor authentication code.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return mixed
+     */
+    public function store(Request $request)
+    {
+        $request->validate([
+            'code' => 'nullable|string',
+            'recovery_code' => 'nullable|string',
+        ]);
+
+        $user = Auth::loginUsingId($request->session()->pull('auth.two_factor_user_id'));
+
+        if ($request->filled('code')) {
+            $request->session()->put([
+                'login.id' => $user->getKey(),
+                'login.remember' => $request->session()->pull('auth.two_factor_remember'),
+            ]);
+
+            $result = app(ConfirmTwoFactorAuthentication::class)(
+                $request->user(),
+                $request->code
+            );
+
+            if ($result) {
+                $request->session()->forget('login');
+                return redirect()->intended(route('dashboard'));
+            }
+
+            return back()->withErrors(['code' => __('The provided two factor authentication code was invalid.')]);
+        }
+
+        if ($request->filled('recovery_code')) {
+            $recovery = collect($user->recoveryCodes())->first(function ($code) use ($request) {
+                return hash_equals($code, $request->recovery_code);
+            });
+
+            if (! $recovery) {
+                return back()->withErrors(['recovery_code' => __('The provided two factor authentication recovery code was invalid.')]);
+            }
+
+            $user->replaceRecoveryCode($recovery);
+
+            $request->session()->forget('login');
+
+            return redirect()->intended(route('dashboard'));
+        }
+
+        return back()->withErrors(['code' => __('Please provide a valid two factor authentication code.')]);
+    }
+}