wip

pushpak1300 · pushpak1300 · commit ebda2c6a0053 · 2025-08-19T19:32:07.000+05:30
diff --git a/app/Http/Controllers/Auth/AuthenticatedSessionController.php b/app/Http/Controllers/Auth/AuthenticatedSessionController.php
@@ -10,7 +10,7 @@
 use Illuminate\Support\Facades\Route;
 use Inertia\Inertia;
 use Inertia\Response;
-use Laravel\Fortify\Features;
+use Laravel\Fortify\Fortify;
 
 class AuthenticatedSessionController extends Controller
 {
@@ -32,7 +32,7 @@ public function store(LoginRequest $request): RedirectResponse
     {
         $user = $request->validateCredentials();
 
-        if (Features::enabled(Features::twoFactorAuthentication()) && filled($user->two_factor_confirmed_at)) {
+        if (Fortify::confirmsTwoFactorAuthentication() && filled($user->two_factor_confirmed_at)) {
             $request->session()->put([
                 'login.id' => $user->getKey(),
                 'login.remember' => $request->boolean('remember'),
diff --git a/app/Http/Controllers/Concerns/ConfirmsTwoFactorAuthentication.php b/app/Http/Controllers/Concerns/ConfirmsTwoFactorAuthentication.php
@@ -0,0 +1,71 @@
+<?php
+
+namespace App\Http\Controllers\Concerns;
+
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Laravel\Fortify\Actions\DisableTwoFactorAuthentication;
+use Laravel\Fortify\Features;
+
+trait ConfirmsTwoFactorAuthentication
+{
+    /**
+     * Validate the two-factor authentication state for the request.
+     */
+    protected function validateTwoFactorAuthenticationState(Request $request): void
+    {
+        if (! Features::optionEnabled(Features::twoFactorAuthentication(), 'confirm')) {
+            return;
+        }
+
+        $currentTime = time();
+
+        // Notate totally disabled state in session...
+        if ($this->twoFactorAuthenticationDisabled($request)) {
+            $request->session()->put('two_factor_empty_at', $currentTime);
+        }
+
+        // If was previously totally disabled this session but is now confirming, notate time...
+        if ($this->hasJustBegunConfirmingTwoFactorAuthentication($request)) {
+            $request->session()->put('two_factor_confirming_at', $currentTime);
+        }
+
+        // If the profile is reloaded and is not confirmed but was previously in confirming state, disable...
+        if ($this->neverFinishedConfirmingTwoFactorAuthentication($request, $currentTime)) {
+            app(DisableTwoFactorAuthentication::class)(Auth::user());
+
+            $request->session()->put('two_factor_empty_at', $currentTime);
+            $request->session()->remove('two_factor_confirming_at');
+        }
+    }
+
+    /**
+     * Determine if two-factor authentication is totally disabled.
+     */
+    protected function twoFactorAuthenticationDisabled(Request $request): bool
+    {
+        return is_null($request->user()->two_factor_secret) &&
+            is_null($request->user()->two_factor_confirmed_at);
+    }
+
+    /**
+     * Determine if two-factor authentication is just now being confirmed within the last request cycle.
+     */
+    protected function hasJustBegunConfirmingTwoFactorAuthentication(Request $request): bool
+    {
+        return ! is_null($request->user()->two_factor_secret) &&
+            is_null($request->user()->two_factor_confirmed_at) &&
+            $request->session()->has('two_factor_empty_at') &&
+            is_null($request->session()->get('two_factor_confirming_at'));
+    }
+
+    /**
+     * Determine if two-factor authentication was never totally confirmed once confirmation started.
+     */
+    protected function neverFinishedConfirmingTwoFactorAuthentication(Request $request, int $currentTime): bool
+    {
+        return ! array_key_exists('code', $request->session()->getOldInput()) &&
+            is_null($request->user()->two_factor_confirmed_at) &&
+            $request->session()->get('two_factor_confirming_at', 0) != $currentTime;
+    }
+}
diff --git a/app/Http/Controllers/Settings/TwoFactorAuthenticationController.php b/app/Http/Controllers/Settings/TwoFactorAuthenticationController.php
@@ -7,14 +7,19 @@
 use Illuminate\Http\Request;
 use Inertia\Inertia;
 use Inertia\Response;
+use App\Http\Controllers\Concerns\ConfirmsTwoFactorAuthentication;
 
 class TwoFactorAuthenticationController extends Controller
 {
+    use ConfirmsTwoFactorAuthentication;
+
     /**
      * Show the user's two-factor authentication settings page.
      */
     public function show(Request $request): Response
     {
+        $this->validateTwoFactorAuthenticationState($request);
+
         /** @var User $user */
         $user = $request->user();
 
diff --git a/app/Providers/FortifyServiceProvider.php b/app/Providers/FortifyServiceProvider.php
@@ -11,6 +11,14 @@
 
 class FortifyServiceProvider extends ServiceProvider
 {
+    /**
+     * Register any application services.
+     */
+    public function register(): void
+    {
+        //
+    }
+
     /**
      * Bootstrap any application services.
      */
diff --git a/resources/js/pages/settings/TwoFactor.vue b/resources/js/pages/settings/TwoFactor.vue
@@ -77,7 +77,7 @@ const toggleRecoveryCodes = () => {
             <div class="space-y-6">
                 <HeadingSmall title="Two-Factor Authentication" description="Manage your two-factor authentication settings" />
                 <div v-if="!props.confirmed" class="flex flex-col items-start justify-start space-y-5">
-                    <Badge variant="outline" class="border-orange-200 bg-orange-50 text-orange-700 hover:bg-orange-50"> Disabled </Badge>
+                    <Badge variant="destructive"> Disabled </Badge>
                     <p class="-translate-y-1 text-muted-foreground">
                         When you enable 2FA, you'll be prompted for a secure code during login, which can be retrieved from your phone's TOTP
                         supported app.
@@ -245,15 +245,15 @@ const toggleRecoveryCodes = () => {
                 </div>
 
                 <div v-if="props.confirmed" class="flex flex-col items-start justify-start space-y-5">
-                    <Badge variant="outline" class="border-green-200 bg-green-50 text-green-700 hover:bg-green-50"> Enabled </Badge>
+                    <Badge variant="default"> Enabled </Badge>
                     <p class="text-muted-foreground">
                         With two factor authentication enabled, you'll be prompted for a secure, random token during login, which you can retrieve
                         from your TOTP Authenticator app.
                     </p>
 
                     <div>
-                        <div class="flex items-start rounded-t-xl border border-muted p-4">
-                            <LockKeyhole class="mr-2 size-5 text-stone-500" />
+                        <div class="flex items-start rounded-t-xl border border-secondary p-4">
+                            <LockKeyhole class="mr-2 size-5 text-muted-foreground" />
                             <div class="space-y-1">
                                 <h3 class="font-medium">2FA Recovery Codes</h3>
                                 <p class="text-sm text-muted-foreground">
