2FAuth/app/Factories/MigratorFactory.php

<?php

namespace App\Factories;

use App\Exceptions\EncryptedMigrationException;
use App\Exceptions\UnsupportedMigrationException;
use App\Services\Migrators\AegisMigrator;
use App\Services\Migrators\GoogleAuthMigrator;
use App\Services\Migrators\Migrator;
use App\Services\Migrators\PlainTextMigrator;
use App\Services\Migrators\TwoFASMigrator;
use App\Services\Migrators\TwoFAuthMigrator;
use Illuminate\Support\Arr;
use Illuminate\Support\Facades\App;
use Illuminate\Support\Facades\Validator;

class MigratorFactory implements MigratorFactoryInterface
{
    /**
     * Infer the type of migrator needed from a payload and create the migrator
     *
     * @param  string  $migrationPayload  The migration payload used to infer the migrator type
     */
    public function create(string $migrationPayload) : Migrator
    {
        if ($this->isTwoFAuthJSON($migrationPayload)) {
            return App::make(TwoFAuthMigrator::class);
        } elseif ($this->isAegisJSON($migrationPayload)) {
            return App::make(AegisMigrator::class);
        } elseif ($this->is2FASv2($migrationPayload)) {
            return App::make(TwoFASMigrator::class);
        } elseif ($this->isGoogleAuth($migrationPayload)) {
            return App::make(GoogleAuthMigrator::class);
        } elseif ($this->isPlainText($migrationPayload)) {
            return App::make(PlainTextMigrator::class);
        } else {
            throw new UnsupportedMigrationException();
        }
    }

    /**
     * Determine if a payload comes from Google Authenticator
     *
     * @param  string  $migrationPayload  The payload to analyse
     */
    private function isGoogleAuth(string $migrationPayload) : bool
    {
        // - Google Auth migration URI : a string starting with otpauth-migration://offline?data= on a single line

        $lines = preg_split('~\R~', $migrationPayload, -1, PREG_SPLIT_NO_EMPTY);

        if (! $lines || count($lines) != 1) {
            return false;
        }

        return preg_match('/^otpauth-migration:\/\/offline\?data=.+$/', $lines[0]) == 1;
    }

    /**
     * Determine if a payload is a plain text content
     *
     * @param  string  $migrationPayload  The payload to analyse
     */
    private function isPlainText(string $migrationPayload) : bool
    {
        // - Plain text : one or more otpauth URIs (otpauth://(hotp|totp|steam)/...), one per line

        return Validator::make(
            preg_split('~\R~', $migrationPayload, -1, PREG_SPLIT_NO_EMPTY),
            [
                // The regex rule must be embraced with brackets when it cointains a pipe
                '*' => ['regex:/^otpauth:\/\/(?:steam|totp|hotp)\//i'],
            ]
        )->passes();
    }

    /**
     * Determine if a payload comes from 2FAuth in JSON format
     *
     * @param  string  $migrationPayload  The payload to analyse
     */
    private function isTwoFAuthJSON(string $migrationPayload) : bool
    {
        $json = json_decode($migrationPayload, true);

        if (Arr::has($json, 'schema') && (strpos(Arr::get($json, 'app'), '2fauth_') === 0)) {
            return count(Validator::validate(
                $json,
                [
                    'data.*.otp_type'  => 'present',
                    'data.*.service'   => 'present',
                    'data.*.account'   => 'present',
                    'data.*.secret'    => 'present',
                    'data.*.digits'    => 'present',
                    'data.*.algorithm' => 'present',
                    'data.*.period'    => 'present',
                    'data.*.counter'   => 'present',
                ]
            )) > 0;
        }

        return false;
    }

    /**
     * Determine if a payload comes from Aegis Authenticator in JSON format
     *
     * @param  string  $migrationPayload  The payload to analyse
     * @return bool
     */
    private function isAegisJSON(string $migrationPayload) : mixed
    {
        // - Aegis JSON : is a JSON object with the key db.entries full of objects like
        //      {
        //          "type": "totp",
        //          "uuid": "5be1c189-240d-5fe1-930b-a78xb669zd86",
        //          "name": "John DOE",
        //          "issuer": "Facebook",
        //          "note": "",
        //          "icon": null,
        //          "info": {
        //              "secret": "A4GRFTVVRBGY7UIW",
        //              "algo": "SHA1",
        //              "digits": 6,
        //              "period": 30
        //          }
        //      }

        $json = json_decode($migrationPayload, true);

        if (Arr::has($json, 'db')) {
            if (is_string($json['db']) && is_array(Arr::get($json, 'header.slots'))) {
                throw new EncryptedMigrationException();
            } else {
                return count(Validator::validate(
                    $json,
                    [
                        'db.entries.*.type'   => 'present',
                        'db.entries.*.name'   => 'present',
                        'db.entries.*.issuer' => 'present',
                        'db.entries.*.info'   => 'present',
                    ]
                )) > 0;
            }
        }

        return false;
    }

    /**
     * Determine if a payload comes from 2FAS Authenticator
     *
     * @param  string  $migrationPayload  The payload to analyse
     * @return bool
     */
    private function is2FASv2(string $migrationPayload) : mixed
    {
        // - 2FAS JSON : is a JSON object with a 'schemaVersion' key and a key 'services' full of objects like
        // {
        //     "secret": "A4GRFTVVRBGY7UIW",
        //     ...
        //     "otp":
        //     {
        //         "account": "John DOE",
        //         "digits": 6,
        //         "counter": 0,
        //         "period": 30,
        //         "algorithm": "SHA1",
        //         "tokenType": "TOTP"
        //     },
        //     "type": "ManuallyAdded",
        //     "name": "Facebook",
        //     "icon":
        //     {
        //         ...
        //     }
        // }

        $json = json_decode($migrationPayload, true);

        if (Arr::has($json, 'schemaVersion') && (Arr::has($json, 'services') || Arr::has($json, 'servicesEncrypted'))) {
            if (Arr::has($json, 'servicesEncrypted')) {
                throw new EncryptedMigrationException();
            } else {
                return count(Validator::validate(
                    $json,
                    [
                        'services.*.secret' => 'present',
                        'services.*.name'   => 'present',
                        'services.*.otp'    => 'present',
                    ]
                )) > 0;
            }
        }

        return false;
    }
}
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`<?php`

			`namespace App\Factories;`

Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`use App\Exceptions\EncryptedMigrationException;`
			`use App\Exceptions\UnsupportedMigrationException;`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`use App\Services\Migrators\AegisMigrator;`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`use App\Services\Migrators\GoogleAuthMigrator;`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`use App\Services\Migrators\Migrator;`
			`use App\Services\Migrators\PlainTextMigrator;`
Add support for 2FAS Auth export and fix some issues with migrators 2022-10-11 11:20:07 +02:00			`use App\Services\Migrators\TwoFASMigrator;`
Add support for 2FAuth json migration 2022-12-14 22:20:03 +01:00			`use App\Services\Migrators\TwoFAuthMigrator;`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`use Illuminate\Support\Arr;`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`use Illuminate\Support\Facades\App;`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`use Illuminate\Support\Facades\Validator;`

			`class MigratorFactory implements MigratorFactoryInterface`
			`{`
			`/**`
			`* Infer the type of migrator needed from a payload and create the migrator`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`*`
Fix phpstan & pint issues 2024-04-20 19:03:44 +02:00			`* @param string $migrationPayload The migration payload used to infer the migrator type`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`*/`
Fix issues detected by static code analysis 2022-10-12 11:13:13 +02:00			`public function create(string $migrationPayload) : Migrator`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`{`
Add support for 2FAuth json migration 2022-12-14 22:20:03 +01:00			`if ($this->isTwoFAuthJSON($migrationPayload)) {`
			`return App::make(TwoFAuthMigrator::class);`
			`} elseif ($this->isAegisJSON($migrationPayload)) {`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`return App::make(AegisMigrator::class);`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`} elseif ($this->is2FASv2($migrationPayload)) {`
Add support for 2FAS Auth export and fix some issues with migrators 2022-10-11 11:20:07 +02:00			`return App::make(TwoFASMigrator::class);`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`} elseif ($this->isGoogleAuth($migrationPayload)) {`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`return App::make(GoogleAuthMigrator::class);`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`} elseif ($this->isPlainText($migrationPayload)) {`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`return App::make(PlainTextMigrator::class);`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`} else {`
			`throw new UnsupportedMigrationException();`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`}`
			`}`

			`/**`
Fix issues detected by static code analysis 2022-10-12 11:13:13 +02:00			`* Determine if a payload comes from Google Authenticator`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`*`
Fix phpstan & pint issues 2024-04-20 19:03:44 +02:00			`* @param string $migrationPayload The payload to analyse`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`*/`
Fix issues detected by static code analysis 2022-10-12 11:13:13 +02:00			`private function isGoogleAuth(string $migrationPayload) : bool`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`{`
			`// - Google Auth migration URI : a string starting with otpauth-migration://offline?data= on a single line`

Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`$lines = preg_split('~\R~', $migrationPayload, -1, PREG_SPLIT_NO_EMPTY);`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`if (! $lines \|\| count($lines) != 1) {`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`return false;`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`}`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00
			`return preg_match('/^otpauth-migration:\/\/offline\?data=.+$/', $lines[0]) == 1;`
			`}`

			`/**`
Fix issues detected by static code analysis 2022-10-12 11:13:13 +02:00			`* Determine if a payload is a plain text content`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`*`
Fix phpstan & pint issues 2024-04-20 19:03:44 +02:00			`* @param string $migrationPayload The payload to analyse`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`*/`
Fix issues detected by static code analysis 2022-10-12 11:13:13 +02:00			`private function isPlainText(string $migrationPayload) : bool`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`{`
Fix #160 : Steam otpauth URIs are rejected by the Import feature 2023-01-25 13:12:03 +01:00			`// - Plain text : one or more otpauth URIs (otpauth://(hotp\|totp\|steam)/...), one per line`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00
			`return Validator::make(`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`preg_split('~\R~', $migrationPayload, -1, PREG_SPLIT_NO_EMPTY),`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`[`
Fix #160 : Steam otpauth URIs are rejected by the Import feature 2023-01-25 13:12:03 +01:00			`// The regex rule must be embraced with brackets when it cointains a pipe`
			`'*' => ['regex:/^otpauth:\/\/(?:steam\|totp\|hotp)\//i'],`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`]`
			`)->passes();`
			`}`

Add support for 2FAuth json migration 2022-12-14 22:20:03 +01:00			`/**`
			`* Determine if a payload comes from 2FAuth in JSON format`
			`*`
Fix phpstan & pint issues 2024-04-20 19:03:44 +02:00			`* @param string $migrationPayload The payload to analyse`
Add support for 2FAuth json migration 2022-12-14 22:20:03 +01:00			`*/`
			`private function isTwoFAuthJSON(string $migrationPayload) : bool`
			`{`
			`$json = json_decode($migrationPayload, true);`

			`if (Arr::has($json, 'schema') && (strpos(Arr::get($json, 'app'), '2fauth_') === 0)) {`
			`return count(Validator::validate(`
			`$json,`
			`[`
Let the Import feature accept migrations with missing data 2023-06-07 17:47:14 +02:00			`'data.*.otp_type' => 'present',`
			`'data.*.service' => 'present',`
			`'data.*.account' => 'present',`
			`'data.*.secret' => 'present',`
			`'data.*.digits' => 'present',`
			`'data.*.algorithm' => 'present',`
Add support for 2FAuth json migration 2022-12-14 22:20:03 +01:00			`'data.*.period' => 'present',`
			`'data.*.counter' => 'present',`
			`]`
			`)) > 0;`
			`}`

			`return false;`
			`}`

Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`/**`
Fix issues detected by static code analysis 2022-10-12 11:13:13 +02:00			`* Determine if a payload comes from Aegis Authenticator in JSON format`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`*`
Fix phpstan & pint issues 2024-04-20 19:03:44 +02:00			`* @param string $migrationPayload The payload to analyse`
Fix issues detected by static code analysis 2022-10-12 11:13:13 +02:00			`* @return bool`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`*/`
Fix issues detected by static code analysis 2022-10-12 11:13:13 +02:00			`private function isAegisJSON(string $migrationPayload) : mixed`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`{`
			`// - Aegis JSON : is a JSON object with the key db.entries full of objects like`
			`// {`
			`// "type": "totp",`
			`// "uuid": "5be1c189-240d-5fe1-930b-a78xb669zd86",`
			`// "name": "John DOE",`
			`// "issuer": "Facebook",`
			`// "note": "",`
			`// "icon": null,`
			`// "info": {`
			`// "secret": "A4GRFTVVRBGY7UIW",`
			`// "algo": "SHA1",`
			`// "digits": 6,`
			`// "period": 30`
			`// }`
			`// }`

			`$json = json_decode($migrationPayload, true);`

			`if (Arr::has($json, 'db')) {`
			`if (is_string($json['db']) && is_array(Arr::get($json, 'header.slots'))) {`
			`throw new EncryptedMigrationException();`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`} else {`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`return count(Validator::validate(`
			`$json,`
			`[`
Let the Import feature accept migrations with missing data 2023-06-07 17:47:14 +02:00			`'db.entries.*.type' => 'present',`
			`'db.entries.*.name' => 'present',`
			`'db.entries.*.issuer' => 'present',`
			`'db.entries.*.info' => 'present',`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`]`
Fix issues detected by static code analysis 2022-10-12 11:13:13 +02:00			`)) > 0;`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`}`
			`}`

			`return false;`
			`}`

Add support for 2FAS Auth export and fix some issues with migrators 2022-10-11 11:20:07 +02:00			`/**`
Fix issues detected by static code analysis 2022-10-12 11:13:13 +02:00			`* Determine if a payload comes from 2FAS Authenticator`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`*`
Fix phpstan & pint issues 2024-04-20 19:03:44 +02:00			`* @param string $migrationPayload The payload to analyse`
Fix issues detected by static code analysis 2022-10-12 11:13:13 +02:00			`* @return bool`
Add support for 2FAS Auth export and fix some issues with migrators 2022-10-11 11:20:07 +02:00			`*/`
Fix issues detected by static code analysis 2022-10-12 11:13:13 +02:00			`private function is2FASv2(string $migrationPayload) : mixed`
Add support for 2FAS Auth export and fix some issues with migrators 2022-10-11 11:20:07 +02:00			`{`
Soften 2FAs migrations detection by ignoring schema version - Fixes #253 2023-12-11 14:10:51 +01:00			`// - 2FAS JSON : is a JSON object with a 'schemaVersion' key and a key 'services' full of objects like`
Add support for 2FAS Auth export and fix some issues with migrators 2022-10-11 11:20:07 +02:00			`// {`
			`// "secret": "A4GRFTVVRBGY7UIW",`
			`// ...`
			`// "otp":`
			`// {`
			`// "account": "John DOE",`
			`// "digits": 6,`
			`// "counter": 0,`
			`// "period": 30,`
			`// "algorithm": "SHA1",`
			`// "tokenType": "TOTP"`
			`// },`
			`// "type": "ManuallyAdded",`
			`// "name": "Facebook",`
			`// "icon":`
			`// {`
			`// ...`
			`// }`
			`// }`

			`$json = json_decode($migrationPayload, true);`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00
Soften 2FAs migrations detection by ignoring schema version - Fixes #253 2023-12-11 14:10:51 +01:00			`if (Arr::has($json, 'schemaVersion') && (Arr::has($json, 'services') \|\| Arr::has($json, 'servicesEncrypted'))) {`
Add support for 2FAS Auth export and fix some issues with migrators 2022-10-11 11:20:07 +02:00			`if (Arr::has($json, 'servicesEncrypted')) {`
			`throw new EncryptedMigrationException();`
Apply Laravel Pint fixes 2022-11-22 15:15:52 +01:00			`} else {`
Add support for 2FAS Auth export and fix some issues with migrators 2022-10-11 11:20:07 +02:00			`return count(Validator::validate(`
			`$json,`
			`[`
Let the Import feature accept migrations with missing data 2023-06-07 17:47:14 +02:00			`'services.*.secret' => 'present',`
			`'services.*.name' => 'present',`
			`'services.*.otp' => 'present',`
Add support for 2FAS Auth export and fix some issues with migrators 2022-10-11 11:20:07 +02:00			`]`
Fix issues detected by static code analysis 2022-10-12 11:13:13 +02:00			`)) > 0;`
Add support for 2FAS Auth export and fix some issues with migrators 2022-10-11 11:20:07 +02:00			`}`
			`}`

			`return false;`
			`}`
Refactor and finalize the Import feature for G.Auth, Aegis & Plain Text 2022-10-07 18:58:48 +02:00			`}`