TRF Certest first commit

app/Http/Controllers/Api/Users/TwoFactorController.php

@@ -0,0 +1,78 @@
+<?php
+
+namespace Vanguard\Http\Controllers\Api\Users;
+
+use Illuminate\Http\JsonResponse;
+use Illuminate\Validation\ValidationException;
+use Laravel\Fortify\Actions\ConfirmTwoFactorAuthentication;
+use Laravel\Fortify\Actions\EnableTwoFactorAuthentication;
+use Vanguard\Events\User\TwoFactorDisabledByAdmin;
+use Vanguard\Events\User\TwoFactorEnabledByAdmin;
+use Vanguard\Http\Controllers\Api\ApiController;
+use Vanguard\Http\Requests\TwoFactor\VerifyTwoFactorTokenRequest;
+use Vanguard\Http\Resources\UserResource;
+use Vanguard\User;
+
+class TwoFactorController extends ApiController
+{
+    public function __construct()
+    {
+        $this->middleware('permission:users.manage');
+    }
+
+    /**
+     * Enable 2FA for the specified user.
+     */
+    public function update(User $user, EnableTwoFactorAuthentication $enable): JsonResponse
+    {
+        if ($user->twoFactorEnabled()) {
+            return $this->setStatusCode(422)
+                ->respondWithError(trans('auth.2fa.already_enabled'));
+        }
+
+        $enable($user, false);
+
+        return $this->respondWithArray([
+            'message' => trans('auth.2fa.token_sent'),
+            'qrcode' => $user->twoFactorQrCodeSvg(),
+        ]);
+    }
+
+    /**
+     * Verify provided 2FA token.
+     */
+    public function verify(VerifyTwoFactorTokenRequest $request, User $user, ConfirmTwoFactorAuthentication $confirm): UserResource|JsonResponse
+    {
+        try {
+            $confirm($user, $request->input('code'));
+        } catch (ValidationException $e) {
+            return $this->setStatusCode(422)
+                ->respondWithError(trans('auth.2fa.invalid_token'));
+        }
+
+        event(new TwoFactorEnabledByAdmin($user));
+
+        return new UserResource($user);
+    }
+
+    /**
+     * Disable 2FA for specified user.
+     */
+    public function destroy(User $user): UserResource|JsonResponse
+    {
+        if (!$user->twoFactorEnabled()) {
+            return $this->setStatusCode(422)
+                ->respondWithError(trans('auth.2fa.not_enabled'));
+        }
+
+        $user->forceFill([
+            'two_factor_secret' => null,
+            'two_factor_recovery_codes' => null,
+            'two_factor_confirmed_at' => null,
+        ])->save();
+
+        event(new TwoFactorDisabledByAdmin($user));
+
+        return new UserResource($user);
+    }
+}