Added option to always enable the two-factor authentication (for all users) and to disable it.

Author: kim-dongit

src/Providers/BaseProvider.php

@@ -7,13 +7,17 @@
 abstract class BaseProvider
 {
     /**
-     * Check if two-factor authentication is enabled for a user.
+     * Check if two-factor authentication is enabled, dependent on the "enabled" config option.
      *
      * @param  \App\User  $user
      * @return bool
      */
     public function enabled(User $user)
     {
-        return !is_null($user->twoFactorAuth);
+        $conf = config('twofactor-auth.enabled', 'per_user');
+        if ($conf === 'per_user') {
+            return !is_null($user->twoFactorAuth);
+        }
+        return (bool) $conf;
     }
 }

src/TwoFactorAuthenticable.php

@@ -4,6 +4,7 @@
 
 use Illuminate\Database\Eloquent\Relations\HasOne;
 use MichaelDzjap\TwoFactorAuth\TwoFactorAuth;
+use Illuminate\Support\Facades\DB;
 
 trait TwoFactorAuthenticable
 {
@@ -25,7 +26,14 @@ public function twoFactorAuth() : HasOne
      */
     public function setTwoFactorAuthId(string $id) : void
     {
-        $this->twoFactorAuth->update(['id' => $id]);
+        $enabled = config('twofactor-auth.enabled', 'per_user');
+        if ($enabled === 'per_user') {
+            // respect when 2fa is not set for user, never insert
+            $this->twoFactorAuth->update(['id' => $id]);
+        }
+        elseif ($enabled) {
+            $this->upsertTwoFactorAuthId($id);
+        }
     }
 
     /**
@@ -37,4 +45,19 @@ public function getTwoFactorAuthId() : string
     {
         return $this->twoFactorAuth->id;
     }
+
+    /**
+     * @param string $id
+     */
+    private function upsertTwoFactorAuthId(string $id) : void
+    {
+        DB::transaction(function () use ($id) {
+            $attributes = ['id' => $id];
+            if (!$this->twoFactorAuth()->exists()) {
+                $this->twoFactorAuth()->create($attributes);
+            } else {
+                $this->twoFactorAuth->update($attributes);
+            }
+        });
+    }
 }

src/config/twofactor-auth.php

@@ -2,6 +2,21 @@
 
 return [
 
+    /*
+    |--------------------------------------------------------------------------
+    | Enabled
+    |--------------------------------------------------------------------------
+    |
+    | Options:
+    | - true: always require two-factor authentication
+    | - false: never require two-factor authentication
+    | - 'per_user': look if a row exists in the two_factor_auths table for the
+    |   user
+    |
+    */
+
+    'enabled' => 'per_user',
+
     /*
     |--------------------------------------------------------------------------
     | Default Two-Factor Authentication Provider