138 lines
3.8 KiB
PHP
138 lines
3.8 KiB
PHP
<?php
|
|
|
|
namespace Vanguard\Http\Controllers\Web;
|
|
|
|
use Vanguard\Events\User\TwoFactorDisabled;
|
|
use Vanguard\Events\User\TwoFactorEnabled;
|
|
use Vanguard\Events\User\TwoFactorEnabledByAdmin;
|
|
use Vanguard\Http\Controllers\Controller;
|
|
use Vanguard\Http\Requests\TwoFactor\DisableTwoFactorRequest;
|
|
use Vanguard\Http\Requests\TwoFactor\EnableTwoFactorRequest;
|
|
use Vanguard\Http\Requests\TwoFactor\ReSendTwoFactorTokenRequest;
|
|
use Vanguard\Http\Requests\TwoFactor\VerifyTwoFactorTokenRequest;
|
|
use Authy;
|
|
use Vanguard\Repositories\User\UserRepository;
|
|
|
|
/**
|
|
* Class ProfileController
|
|
* @package Vanguard\Http\Controllers
|
|
*/
|
|
class TwoFactorController extends Controller
|
|
{
|
|
public function __construct(UserRepository $users)
|
|
{
|
|
$this->middleware('auth');
|
|
|
|
$this->middleware(function ($request, $next) use ($users) {
|
|
$user = $request->get('user')
|
|
? $users->find($request->get('user'))
|
|
: auth()->user();
|
|
|
|
return Authy::isEnabled($user) ? abort(404) : $next($request);
|
|
})->only('enable', 'verification', 'resend', 'verify');
|
|
}
|
|
|
|
/**
|
|
* Enable 2FA for currently logged user.
|
|
*
|
|
* @param EnableTwoFactorRequest $request
|
|
* @return \Illuminate\Http\RedirectResponse
|
|
*/
|
|
public function enable(EnableTwoFactorRequest $request)
|
|
{
|
|
$user = $request->theUser();
|
|
|
|
$user->setAuthPhoneInformation($request->country_code, $request->phone_number);
|
|
|
|
Authy::register($user);
|
|
|
|
$user->save();
|
|
|
|
Authy::sendTwoFactorVerificationToken($user);
|
|
|
|
return $user->is(auth()->user())
|
|
? redirect()->route('two-factor.verification')
|
|
: redirect()->route('two-factor.verification', ['user' => $user->id]);
|
|
}
|
|
|
|
/**
|
|
* Show the phone verification page.
|
|
*
|
|
* @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
|
|
*/
|
|
public function verification()
|
|
{
|
|
return view('user.two-factor-verification', [
|
|
'user' => request('user')
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* Re-send phone verification token.
|
|
* @param ReSendTwoFactorTokenRequest $request
|
|
*/
|
|
public function resend(ReSendTwoFactorTokenRequest $request)
|
|
{
|
|
Authy::sendTwoFactorVerificationToken($request->theUser());
|
|
}
|
|
|
|
/**
|
|
* Verify 2FA token and enable 2FA if token is valid.
|
|
*
|
|
* @param VerifyTwoFactorTokenRequest $request
|
|
* @return \Illuminate\Http\RedirectResponse
|
|
*/
|
|
public function verify(VerifyTwoFactorTokenRequest $request)
|
|
{
|
|
$user = $request->theUser();
|
|
|
|
if (! Authy::tokenIsValid($user, $request->token)) {
|
|
return redirect()->route('two-factor.verification')
|
|
->withErrors(['token' => 'Invalid 2FA token.']);
|
|
}
|
|
|
|
$user->setTwoFactorAuthProviderOptions(array_merge(
|
|
$user->getTwoFactorAuthProviderOptions(),
|
|
['enabled' => true]
|
|
));
|
|
|
|
$user->save();
|
|
|
|
$message = __('Two-Factor Authentication enabled successfully.');
|
|
|
|
if ($user->is(auth()->user())) {
|
|
event(new TwoFactorEnabled);
|
|
|
|
return redirect()->route('profile')->withSuccess($message);
|
|
}
|
|
|
|
event(new TwoFactorEnabledByAdmin($user));
|
|
|
|
return redirect()->route('users.edit', $user)->withSuccess($message);
|
|
}
|
|
|
|
/**
|
|
* Disable 2FA for currently logged user.
|
|
*
|
|
* @param DisableTwoFactorRequest $request
|
|
* @return \Illuminate\Http\RedirectResponse
|
|
*/
|
|
public function disable(DisableTwoFactorRequest $request)
|
|
{
|
|
$user = $request->theUser();
|
|
|
|
if (! Authy::isEnabled($user)) {
|
|
abort(404);
|
|
}
|
|
|
|
Authy::delete($user);
|
|
|
|
$user->save();
|
|
|
|
event(new TwoFactorDisabled);
|
|
|
|
return redirect()->back()
|
|
->withSuccess(__('Two-Factor Authentication disabled successfully.'));
|
|
}
|
|
}
|