laravel · tnylea · Apr 4, 2025 · Apr 16, 2025 · Apr 17, 2025 · Apr 17, 2025
diff --git a/.gitignore b/.gitignore
@@ -6,6 +6,7 @@
 /storage/*.key
 /storage/pail
 /vendor
+.DS_Store
 .env
 .env.backup
 .env.production

diff --git a/app/Actions/TwoFactorAuth/CompleteTwoFactorAuthentication.php b/app/Actions/TwoFactorAuth/CompleteTwoFactorAuthentication.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace App\Actions\TwoFactorAuth;
+
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Session;
+
+class CompleteTwoFactorAuthentication
+{
+    /**
+     * Complete the two-factor authentication process.
+     *
+     * @param  mixed  $user The user to authenticate
+     * @return void
+     */
+    public function __invoke($user): void
+    {
+        // Get the remember preference from the session (default to false if not set)
+        $remember = Session::pull('login.remember', false);
+
+        // Log the user in with the remember preference
+        Auth::login($user, $remember);
+
+        // Clear the session variables used for the 2FA challenge
+        Session::forget(['login.id']);
+    }
+}
diff --git a/app/Actions/TwoFactorAuth/ConfirmTwoFactorAuthentication.php b/app/Actions/TwoFactorAuth/ConfirmTwoFactorAuthentication.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace App\Actions\TwoFactorAuth;
+
+class ConfirmTwoFactorAuthentication
+{
+    /**
+     * Confirm two factor authentication for the user.
+     *
+     * @param mixed $user
+     * @return bool
+     */
+    public function __invoke($user)
+    {
+        $user->forceFill([
+            'two_factor_confirmed_at' => now(),
+        ])->save();
+
+        return true;
+    }
+}
diff --git a/app/Actions/TwoFactorAuth/DisableTwoFactorAuthentication.php b/app/Actions/TwoFactorAuth/DisableTwoFactorAuthentication.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace App\Actions\TwoFactorAuth;
+
+class DisableTwoFactorAuthentication
+{
+    /**
+     * Disable two factor authentication for the user.
+     *
+     * @return void
+     */
+    public function __invoke($user)
+    {
+        if (
+            ! is_null($user->two_factor_secret) ||
+            ! is_null($user->two_factor_recovery_codes) ||
+            ! is_null($user->two_factor_confirmed_at)
+        ) {
+            $user->forceFill([
+                'two_factor_secret' => null,
+                'two_factor_recovery_codes' => null,
+                'two_factor_confirmed_at' => null,
+            ])->save();
+        }
+    }
+}
diff --git a/app/Actions/TwoFactorAuth/GenerateNewRecoveryCodes.php b/app/Actions/TwoFactorAuth/GenerateNewRecoveryCodes.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace App\Actions\TwoFactorAuth;
+
+use Illuminate\Support\Collection;
+use Illuminate\Support\Str;
+
+class GenerateNewRecoveryCodes
+{
+    /**
+     * Generate new recovery codes for the user.
+     *
+     * @return void
+     */
+    public function __invoke(): Collection
+    {
+        return Collection::times(8, function () {
+            return $this->generate();
+        });
+    }
+
+    public function generate()
+    {
+        return Str::random(10).'-'.Str::random(10);
+    }
+}
diff --git a/app/Actions/TwoFactorAuth/GenerateQrCodeAndSecretKey.php b/app/Actions/TwoFactorAuth/GenerateQrCodeAndSecretKey.php
@@ -0,0 +1,53 @@
+<?php
+
+namespace App\Actions\TwoFactorAuth;
+
+use BaconQrCode\Renderer\Image\SvgImageBackEnd;
+use BaconQrCode\Renderer\ImageRenderer;
+use BaconQrCode\Renderer\RendererStyle\RendererStyle;
+use BaconQrCode\Writer;
+use PragmaRX\Google2FA\Google2FA;
+
+class GenerateQrCodeAndSecretKey
+{
+    /**
+     * The length of the secret key to generate.
+     */
+    private static int $SECRET_KEY_LENGTH = 16;
+
+    public string $companyName;
+
+    /**
+     * Generate a QR code image and secret key for the user.
+     *
+     * @return array{string, string}
+     */
+    public function __invoke($user): array
+    {
+        $google2fa = new Google2FA;
+        $secret_key = $google2fa->generateSecretKey(self::$SECRET_KEY_LENGTH);
+
+        $this->companyName = 'Auth';
+
+        if (is_string(config('app.name'))) {
+            $this->companyName = config('app.name');
+        }
+
+        $g2faUrl = $google2fa->getQRCodeUrl(
+            $this->companyName,
+            (string) $user->email,
+            $secret_key
+        );
+
+        $writer = new Writer(
+            new ImageRenderer(
+                new RendererStyle(400),
+                new SvgImageBackEnd()
+            )
+        );
+
+        $qrcode_image = base64_encode($writer->writeString($g2faUrl));
+
+        return [$qrcode_image, $secret_key];
+    }
+}
diff --git a/app/Actions/TwoFactorAuth/GetTwoFactorAuthenticatableUser.php b/app/Actions/TwoFactorAuth/GetTwoFactorAuthenticatableUser.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace App\Actions\TwoFactorAuth;
+
+use Illuminate\Support\Facades\Session;
+
+class GetTwoFactorAuthenticatableUser
+{
+    /**
+     * Get the user that is in the process of two-factor authentication.
+     *
+     * @return mixed|null The user model instance or null if not found
+     */
+    public function __invoke()
+    {
+        $userId = Session::get('login.id');
+
+        if (!$userId) {
+            return null;
+        }
+
+        // Get the user model from auth config
+        $userModel = app(config('auth.providers.users.model'));
+
+        return $userModel::find($userId);
+    }
+}
diff --git a/app/Actions/TwoFactorAuth/ProcessRecoveryCode.php b/app/Actions/TwoFactorAuth/ProcessRecoveryCode.php
@@ -0,0 +1,36 @@
+<?php
+
+namespace App\Actions\TwoFactorAuth;
+
+class ProcessRecoveryCode
+{
+    /**
+     * Verify a recovery code and remove it from the list if valid.
+     *
+     * @param  array  $recoveryCodes The array of recovery codes
+     * @param  string  $submittedCode The code submitted by the user
+     * @return array|false Returns the updated array of recovery codes if valid, or false if invalid
+     */
+    public function __invoke(
+        #[\SensitiveParameter] array $recoveryCodes, 
+        #[\SensitiveParameter] string $submittedCode
+    ) {
+        // Clean the submitted code
+        $submittedCode = trim($submittedCode);
+
+        // If the user has entered multiple codes, only validate the first one
+        $submittedCode = explode(" ", $submittedCode)[0];
+
+        // Check if the code is valid
+        if (!in_array($submittedCode, $recoveryCodes)) {
+            return false;
+        }
+
+        // Remove the used recovery code from the list
+        $updatedCodes = array_values(array_filter($recoveryCodes, function($code) use ($submittedCode) {
+            return !hash_equals($code, $submittedCode);
+        }));
+
+        return $updatedCodes;
+    }
+}
diff --git a/app/Actions/TwoFactorAuth/VerifyTwoFactorCode.php b/app/Actions/TwoFactorAuth/VerifyTwoFactorCode.php
@@ -0,0 +1,23 @@
+<?php
+
+namespace App\Actions\TwoFactorAuth;
+
+use PragmaRX\Google2FA\Google2FA;
+
+class VerifyTwoFactorCode
+{
+    /**
+     * Verify a two-factor authentication code.
+     *
+     * @param  string  $secret The decrypted secret key
+     * @param  string  $code The code to verify
+     * @return bool
+     */
+    public function __invoke(
+        #[\SensitiveParameter] string $secret, 
+        #[\SensitiveParameter] string $code
+    ): bool {
+        $google2fa = new Google2FA();
+        return $google2fa->verifyKey($secret, $code);
+    }
+}
diff --git a/composer.json b/composer.json
@@ -10,10 +10,12 @@
     "license": "MIT",
     "require": {
         "php": "^8.2",
+        "bacon/bacon-qr-code": "^3.0",
         "laravel/framework": "^12.0",
         "laravel/tinker": "^2.10.1",
         "livewire/flux": "^2.1.1",
-        "livewire/volt": "^1.7.0"
+        "livewire/volt": "^1.7.0",
+        "pragmarx/google2fa": "^8.0"
     },
     "require-dev": {
         "fakerphp/faker": "^1.23",