Merge pull request #2 from mix-code/bug/multi_device_support

moaalaa · web-flow · commit 6ec2959a9720 · 2025-05-21T20:16:02.000+03:00
Fixing Multi Device Support
diff --git a/src/FilamentMulti2faPlugin.php b/src/FilamentMulti2faPlugin.php
@@ -42,12 +42,7 @@ public function register(Panel $panel): void
     public function boot(Panel $panel): void
     {
         Event::listen(Logout::class, function ($event) {
-            $user = $event->user;
-
-            if ($user) {
-                $user->two_factor_confirmed_at = null;
-                $user->save();
-            }
+            session()->forget('2fa_passed');
         });
     }
 
diff --git a/src/Middleware/CheckTrustedDevice.php b/src/Middleware/CheckTrustedDevice.php
@@ -31,22 +31,17 @@ public function handle(Request $request, Closure $next): Response
 
         $requires2FA = $user->two_factor_type?->value !== TwoFactorAuthType::None->value;
 
-        // If 2FA is enforced globally (e.g., admin setting)
-        if ($is2FAForced) {
-            if (! $requires2FA && ! $request->routeIs(TwoFactorySetup::getRouteName())) {
+        if (($is2FAForced || $requires2FA) && ! $user->hasSetupTwoFactor()) {
+            if (! $request->routeIs(TwoFactorySetup::getRouteName())) {
                 return redirect()->route(TwoFactorySetup::getRouteName());
             }
-
-            if ($requires2FA && ! $user->two_factor_confirmed_at) {
-                if (! $this->checkTrusted($request, $trustDeviceModel, $user)) {
-                    return $this->handleOtpRedirect($request, $next);
-                }
-            }
         }
 
-        // Optional mode: if user enabled 2FA on their own
-        if (! $is2FAForced && $requires2FA && ! $user->two_factor_confirmed_at) {
-            if (! $this->checkTrusted($request, $trustDeviceModel, $user)) {
+        if (($is2FAForced || $requires2FA) && $user->hasSetupTwoFactor()) {
+            $trusted = $this->checkTrusted($request, $trustDeviceModel, $user);
+            $otpSessionConfirmed = $user->isOtpPassed();
+
+            if (! $trusted && ! $otpSessionConfirmed) {
                 return $this->handleOtpRedirect($request, $next);
             }
         }
diff --git a/src/Pages/OTPVerify.php b/src/Pages/OTPVerify.php
@@ -178,10 +178,10 @@ public function save(): void
             $this->user->two_factor_expires_at = null;
             $this->user->save();
 
+            session(['2fa_passed' => true]);
+
             if ($this->shouldTrustDevice()) {
                 $this->user->addTrustedDevice();
-            } else {
-                $this->user->trustedDevices()->delete();
             }
         } catch (Halt $exception) {
             return;
diff --git a/src/Pages/TwoFactorySetup.php b/src/Pages/TwoFactorySetup.php
@@ -345,8 +345,6 @@ public function setup(): void
             $this->user->two_factor_expires_at = null;
             $this->user->save();
 
-            $this->user->trustedDevices()->delete();
-
             session()->forget('trusted_device_validated');
 
             redirect($this->getRedirectUrl());
@@ -372,10 +370,10 @@ public function verifyOTP(): void
                 $this->user->two_factor_confirmed_at = now();
                 $this->user->save();
 
+                session(['2fa_passed' => true]);
+
                 if ($this->shouldTrustDevice()) {
                     $this->user->addTrustedDevice();
-                } else {
-                    $this->user->trustedDevices()->delete();
                 }
             });
         } catch (Halt $exception) {
@@ -405,6 +403,8 @@ public function verifyTOTP(): void
                 $this->user->two_factor_confirmed_at = now();
                 $this->user->save();
 
+                session(['2fa_passed' => true]);
+
                 if ($this->shouldTrustDevice()) {
                     $this->user->addTrustedDevice();
                 }
diff --git a/src/Traits/UsingTwoFA.php b/src/Traits/UsingTwoFA.php
@@ -3,6 +3,7 @@
 namespace MixCode\FilamentMulti2fa\Traits;
 
 use Illuminate\Support\Facades\Notification;
+use MixCode\FilamentMulti2fa\Enums\TwoFactorAuthType;
 use PragmaRX\Google2FA\Google2FA;
 
 trait UsingTwoFA
@@ -67,6 +68,16 @@ public function verifyOTP($code): bool
         return decrypt($this->two_factor_secret) == $code && now()->lt($this->two_factor_expires_at);
     }
 
+    public function hasSetupTwoFactor(): bool
+    {
+        return $this->two_factor_type->value !== TwoFactorAuthType::None->value;
+    }
+
+    public function isOtpPassed(): bool
+    {
+        return session('2fa_passed') === true;
+    }
+
     public function addTrustedDevice()
     {
         $request = request();

Original file line number	Diff line number	Diff line change
`@@ -42,12 +42,7 @@ public function register(Panel $panel): void`
`42`	`42`	`public function boot(Panel $panel): void`
`43`	`43`	`{`
`44`	`44`	`Event::listen(Logout::class, function ($event) {`
`45`		`- $user = $event->user;`
`46`		`-`
`47`		`- if ($user) {`
`48`		`- $user->two_factor_confirmed_at = null;`
`49`		`- $user->save();`
`50`		`- }`
	`45`	`+ session()->forget('2fa_passed');`
`51`	`46`	`});`
`52`	`47`	`}`
`53`	`48`