2FAuth/app/Http/Controllers/TwoFAccountController.php

<?php

namespace App\Http\Controllers;

use App\Group;
use App\TwoFAccount;
use App\Classes\Options;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Storage;

class TwoFAccountController extends Controller
{
    /**
     * Display a listing of the resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function index()
    {
        return response()->json(TwoFAccount::ofGroup(Options::get('activeGroup'))->ordered()->get()->toArray());
    }


    /**
     * Store a newly created resource in storage.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function store(Request $request)
    {

        // see https://github.com/google/google-authenticator/wiki/Key-Uri-Format
        // for otpauth uri format validation

        $this->validate($request, [
            'service' => 'required|string',
            'account' => 'required_without:uri|nullable|string|regex:/^[^:]+$/i',
            'icon' => 'nullable|string',
            'uri' => 'nullable|string|regex:/^otpauth:\/\/[h,t]otp\//i',
            'otpType' => 'required_without:uri|in:totp,hotp',
            'secret' => 'required_without:uri|string',
            'digits' => 'nullable|integer|between:6,10',
            'algorithm' => 'nullable|in:sha1,sha256,sha512,md5',
            'totpPeriod' => 'nullable|integer|min:1',
            'hotpCounter' => 'nullable|integer|min:0',
        ]);

        // Two possible cases :
        // - The most common case, the uri is provided thanks to a QR code live scan or file upload
        //     -> We use this uri to populate the account
        // - The advanced form has been used and provide no uri but all individual parameters
        //     -> We use the parameters collection to populate the account
        $twofaccount = new TwoFAccount;
        $twofaccount->service = $request->service;
        $twofaccount->account = $request->account;
        $twofaccount->icon = $request->icon;

        if( $request->uri ) {
            $twofaccount->uri = $request->uri;
        }
        else {
            $twofaccount->populate($request->all());
        }

        $twofaccount->save();

        // Possible group association
        $groupId = Options::get('defaultGroup') === '-1' ? (int) Options::get('activeGroup') : (int) Options::get('defaultGroup');
        
        // 0 is the pseudo group 'All', only groups with id > 0 are true user groups
        if( $groupId > 0 ) {
            $group = Group::find($groupId);

            if($group) {
                $group->twofaccounts()->save($twofaccount);
            }
        }

        return response()->json($twofaccount, 201);
    }


    /**
     * Display the specified resource.
     *
     * @param  \App\TwoFAccount  $twofaccount
     * @return \Illuminate\Http\Response
     */
    public function show(TwoFAccount $twofaccount)
    {
        return response()->json($twofaccount, 200);
    }


    /**
     * Display the specified resource with all attributes.
     *
     * @param  \App\TwoFAccount  $twofaccount
     * @return \Illuminate\Http\Response
     */
    public function showWithSensitive(TwoFAccount $twofaccount)
    {
        return response()->json($twofaccount->makeVisible(['uri', 'secret', 'algorithm']), 200);
    }


    /**
     * Save new order.
     *
     * @param  \App\TwoFAccount  $twofaccount
     * @return \Illuminate\Http\Response
     */
    public function reorder(Request $request)
    {
        TwoFAccount::setNewOrder($request->orderedIds);
        return response()->json('order saved', 200);
    }


    /**
     * Generate a TOTP
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function generateOTP(Request $request)
    {

        if( $request->id ) {

            // The request data is the Id of an existing account
            $twofaccount = TwoFAccount::FindOrFail($request->id);
        }
        else if( $request->otp['uri'] ) {

            // The request data contain an uri
            $twofaccount = new TwoFAccount;
            $twofaccount->uri = $request->otp['uri'];
        }
        else {

            // The request data should contain all otp parameter
            $twofaccount = new TwoFAccount;
            $twofaccount->populate($request->otp);
        }

        if( $twofaccount->otpType === 'hotp' ) {

            // returned counter & uri will be updated
            $twofaccount->increaseHotpCounter();

            // and the db too
            if( $request->id ) {
                $twofaccount->save();
            }
        }

        if( $request->id ) {
            return response()->json($twofaccount, 200);
        }

        return response()->json($twofaccount->makeVisible(['uri', 'secret', 'algorithm']), 200);
    }


    /**
     * Update the specified resource in storage.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \App\TwoFAccount  $twofaccount
     * @return \Illuminate\Http\Response
     */
    public function update(Request $request, $id)
    {

        $this->validate($request, [
            'service' => 'required|string',
            'account' => 'required_without:uri|nullable|string|regex:/^[^:]+$/i',
            'icon' => 'nullable|string',
            'uri' => 'nullable|string|regex:/^otpauth:\/\/[h,t]otp\//i',
            'otpType' => 'required_without:uri|in:totp,hotp',
            'secret' => 'required_without:uri|string',
            'digits' => 'nullable|integer|between:6,10',
            'algorithm' => 'nullable|in:sha1,sha256,sha512,md5',
            'totpPeriod' => 'required_if:otpType,totp|nullable|integer|min:1',
            'hotpCounter' => 'required_if:otpType,hotp|nullable|integer|min:0',
        ]);

        // Here we catch a possible missing model exception in order to
        // delete orphan submited icon
        try {

            $twofaccount = TwoFAccount::FindOrFail($id);

        } catch (\Illuminate\Database\Eloquent\ModelNotFoundException $e) {

            if( $request->icon ) {
                Storage::delete('public/icons/' . $request->icon);
            }
            
            throw $e;
        }

        $twofaccount->populate($request->all());
        $twofaccount->save();

        return response()->json($twofaccount, 200);

    }


    /**
     * Remove the specified resource from storage.
     *
     * @param  \App\TwoFAccount  $twofaccount
     * @return \Illuminate\Http\Response
     */
    public function destroy(TwoFAccount $twofaccount)
    {
        $twofaccount->delete();

        return response()->json(null, 204);
    }


    /**
     * Remove the specified resources from storage.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function batchDestroy(Request $request)
    {
        $ids = $request->all();
        
        TwoFAccount::destroy($ids);

        return response()->json(null, 204);
    }

}
initial commit 2019-05-20 07:37:41 +02:00			`<?php`

			`namespace App\Http\Controllers;`

Add Default group option in Settings 2020-11-02 22:41:40 +01:00			`use App\Group;`
Account refactored and better json responses 2019-05-24 14:44:41 +02:00			`use App\TwoFAccount;`
Add Group scope to TwoFAccount model 2020-10-25 23:51:50 +01:00			`use App\Classes\Options;`
initial commit 2019-05-20 07:37:41 +02:00			`use Illuminate\Http\Request;`
Remove softDelete on 2FAccounts 2020-01-07 16:46:50 +01:00			`use Illuminate\Support\Facades\Storage;`
initial commit 2019-05-20 07:37:41 +02:00
Account refactored and better json responses 2019-05-24 14:44:41 +02:00			`class TwoFAccountController extends Controller`
initial commit 2019-05-20 07:37:41 +02:00			`{`
			`/**`
			`* Display a listing of the resource.`
			`*`
			`* @return \Illuminate\Http\Response`
			`*/`
			`public function index()`
			`{`
Revert unwanted previous change 2020-11-17 21:39:02 +01:00			`return response()->json(TwoFAccount::ofGroup(Options::get('activeGroup'))->ordered()->get()->toArray());`
initial commit 2019-05-20 07:37:41 +02:00			`}`


			`/**`
			`* Store a newly created resource in storage.`
			`*`
			`* @param \Illuminate\Http\Request $request`
			`* @return \Illuminate\Http\Response`
			`*/`
			`public function store(Request $request)`
			`{`
Validate 2FAccount create form only with backend 2020-01-09 16:33:32 +01:00
			`// see https://github.com/google/google-authenticator/wiki/Key-Uri-Format`
			`// for otpauth uri format validation`
Convert the standard Create form to an advanced form 2020-11-13 15:45:17 +01:00
Use and handle default Laravel validation errors response 2020-01-19 23:02:20 +01:00			`$this->validate($request, [`
Convert the standard Create form to an advanced form 2020-11-13 15:45:17 +01:00			`'service' => 'required\|string',`
Enforce Create form validation 2020-11-14 18:48:27 +01:00			`'account' => 'required_without:uri\|nullable\|string\|regex:/^[^:]+$/i',`
Convert the standard Create form to an advanced form 2020-11-13 15:45:17 +01:00			`'icon' => 'nullable\|string',`
			`'uri' => 'nullable\|string\|regex:/^otpauth:\/\/[h,t]otp\//i',`
Update Edit form to match with the new TwoFAccount model 2020-11-16 14:45:24 +01:00			`'otpType' => 'required_without:uri\|in:totp,hotp',`
Convert the standard Create form to an advanced form 2020-11-13 15:45:17 +01:00			`'secret' => 'required_without:uri\|string',`
			`'digits' => 'nullable\|integer\|between:6,10',`
			`'algorithm' => 'nullable\|in:sha1,sha256,sha512,md5',`
			`'totpPeriod' => 'nullable\|integer\|min:1',`
			`'hotpCounter' => 'nullable\|integer\|min:0',`
All hardcoded strings replaced by i18n translation 2020-01-12 19:55:17 +01:00			`]);`
Validate 2FAccount create form only with backend 2020-01-09 16:33:32 +01:00
Convert the standard Create form to an advanced form 2020-11-13 15:45:17 +01:00			`// Two possible cases :`
			`// - The most common case, the uri is provided thanks to a QR code live scan or file upload`
			`// -> We use this uri to populate the account`
			`// - The advanced form has been used and provide no uri but all individual parameters`
			`// -> We use the parameters collection to populate the account`
			`$twofaccount = new TwoFAccount;`
Fix missing attributes during store 2020-11-17 15:45:01 +01:00			`$twofaccount->service = $request->service;`
			`$twofaccount->account = $request->account;`
			`$twofaccount->icon = $request->icon;`
Check OTP validity before creation 2020-01-25 00:01:30 +01:00
Convert the standard Create form to an advanced form 2020-11-13 15:45:17 +01:00			`if( $request->uri ) {`
Run populateFromUri() from uri setter instead of external call 2020-11-17 15:30:50 +01:00			`$twofaccount->uri = $request->uri;`
Convert the standard Create form to an advanced form 2020-11-13 15:45:17 +01:00			`}`
			`else {`
			`$twofaccount->populate($request->all());`
			`}`

			`$twofaccount->save();`
initial commit 2019-05-20 07:37:41 +02:00
Add Default group option in Settings 2020-11-02 22:41:40 +01:00			`// Possible group association`
			`$groupId = Options::get('defaultGroup') === '-1' ? (int) Options::get('activeGroup') : (int) Options::get('defaultGroup');`

			`// 0 is the pseudo group 'All', only groups with id > 0 are true user groups`
			`if( $groupId > 0 ) {`
			`$group = Group::find($groupId);`

			`if($group) {`
			`$group->twofaccounts()->save($twofaccount);`
			`}`
			`}`

Better API responses without envelope 2019-05-25 23:51:20 +02:00			`return response()->json($twofaccount, 201);`
initial commit 2019-05-20 07:37:41 +02:00			`}`

Account refactored and better json responses 2019-05-24 14:44:41 +02:00
initial commit 2019-05-20 07:37:41 +02:00			`/**`
			`* Display the specified resource.`
			`*`
Account refactored and better json responses 2019-05-24 14:44:41 +02:00			`* @param \App\TwoFAccount $twofaccount`
initial commit 2019-05-20 07:37:41 +02:00			`* @return \Illuminate\Http\Response`
			`*/`
Remove useless check in controller 2020-02-02 20:46:41 +01:00			`public function show(TwoFAccount $twofaccount)`
initial commit 2019-05-20 07:37:41 +02:00			`{`
Remove unnecessary try\|catch 2020-01-26 21:49:39 +01:00			`return response()->json($twofaccount, 200);`
initial commit 2019-05-20 07:37:41 +02:00			`}`


Add route to get TwoFAccount with sensitive data 2020-11-16 14:10:54 +01:00			`/**`
			`* Display the specified resource with all attributes.`
			`*`
			`* @param \App\TwoFAccount $twofaccount`
			`* @return \Illuminate\Http\Response`
			`*/`
			`public function showWithSensitive(TwoFAccount $twofaccount)`
			`{`
			`return response()->json($twofaccount->makeVisible(['uri', 'secret', 'algorithm']), 200);`
			`}`


Make the accounts sortable and persist new order. Deactivate Pull-to-refresh feature to prevent side effects 2020-03-27 22:36:01 +01:00			`/**`
			`* Save new order.`
			`*`
			`* @param \App\TwoFAccount $twofaccount`
			`* @return \Illuminate\Http\Response`
			`*/`
			`public function reorder(Request $request)`
			`{`
			`TwoFAccount::setNewOrder($request->orderedIds);`
			`return response()->json('order saved', 200);`
			`}`


TOTP integration 2019-05-26 16:42:09 +02:00			`/**`
			`* Generate a TOTP`
			`*`
New creation process for a better UX 2020-02-04 17:06:11 +01:00			`* @param \Illuminate\Http\Request $request`
TOTP integration 2019-05-26 16:42:09 +02:00			`* @return \Illuminate\Http\Response`
			`*/`
New creation process for a better UX 2020-02-04 17:06:11 +01:00			`public function generateOTP(Request $request)`
TOTP integration 2019-05-26 16:42:09 +02:00			`{`
Handle correctly counter update in case of HOTP preview 2020-02-06 12:24:18 +01:00
Update OTP generation to work with new TwoFAccount model 2020-11-12 00:15:55 +01:00			`if( $request->id ) {`
Move token generation from dedicated class to TwoFAccount model class 2020-11-14 18:55:10 +01:00
			`// The request data is the Id of an existing account`
Update OTP generation to work with new TwoFAccount model 2020-11-12 00:15:55 +01:00			`$twofaccount = TwoFAccount::FindOrFail($request->id);`
New creation process for a better UX 2020-02-04 17:06:11 +01:00			`}`
Convert the standard Create form to an advanced form 2020-11-13 15:45:17 +01:00			`else if( $request->otp['uri'] ) {`
Move token generation from dedicated class to TwoFAccount model class 2020-11-14 18:55:10 +01:00
Convert the standard Create form to an advanced form 2020-11-13 15:45:17 +01:00			`// The request data contain an uri`
			`$twofaccount = new TwoFAccount;`
Run populateFromUri() from uri setter instead of external call 2020-11-17 15:30:50 +01:00			`$twofaccount->uri = $request->otp['uri'];`
Convert the standard Create form to an advanced form 2020-11-13 15:45:17 +01:00			`}`
New creation process for a better UX 2020-02-04 17:06:11 +01:00			`else {`
Move token generation from dedicated class to TwoFAccount model class 2020-11-14 18:55:10 +01:00
Convert the standard Create form to an advanced form 2020-11-13 15:45:17 +01:00			`// The request data should contain all otp parameter`
Update OTP generation to work with new TwoFAccount model 2020-11-12 00:15:55 +01:00			`$twofaccount = new TwoFAccount;`
Convert the standard Create form to an advanced form 2020-11-13 15:45:17 +01:00			`$twofaccount->populate($request->otp);`
Move token generation from dedicated class to TwoFAccount model class 2020-11-14 18:55:10 +01:00			`}`

			`if( $twofaccount->otpType === 'hotp' ) {`
Update OTP generation to work with new TwoFAccount model 2020-11-12 00:15:55 +01:00
Move token generation from dedicated class to TwoFAccount model class 2020-11-14 18:55:10 +01:00			`// returned counter & uri will be updated`
			`$twofaccount->increaseHotpCounter();`

			`// and the db too`
			`if( $request->id ) {`
			`$twofaccount->save();`
			`}`
			`}`

			`if( $request->id ) {`
			`return response()->json($twofaccount, 200);`
New creation process for a better UX 2020-02-04 17:06:11 +01:00			`}`

Move token generation from dedicated class to TwoFAccount model class 2020-11-14 18:55:10 +01:00			`return response()->json($twofaccount->makeVisible(['uri', 'secret', 'algorithm']), 200);`
TOTP integration 2019-05-26 16:42:09 +02:00			`}`


Move token generation from dedicated class to TwoFAccount model class 2020-11-14 18:55:10 +01:00
initial commit 2019-05-20 07:37:41 +02:00			`/**`
			`* Update the specified resource in storage.`
			`*`
			`* @param \Illuminate\Http\Request $request`
Account refactored and better json responses 2019-05-24 14:44:41 +02:00			`* @param \App\TwoFAccount $twofaccount`
initial commit 2019-05-20 07:37:41 +02:00			`* @return \Illuminate\Http\Response`
			`*/`
Handle missing 2FAccount when updating 2020-01-10 08:35:15 +01:00			`public function update(Request $request, $id)`
initial commit 2019-05-20 07:37:41 +02:00			`{`
Validate 2FAccount edit form only with backend 2020-01-09 21:04:30 +01:00
Use and handle default Laravel validation errors response 2020-01-19 23:02:20 +01:00			`$this->validate($request, [`
Update Edit form to match with the new TwoFAccount model 2020-11-16 14:45:24 +01:00			`'service' => 'required\|string',`
			`'account' => 'required_without:uri\|nullable\|string\|regex:/^[^:]+$/i',`
			`'icon' => 'nullable\|string',`
			`'uri' => 'nullable\|string\|regex:/^otpauth:\/\/[h,t]otp\//i',`
			`'otpType' => 'required_without:uri\|in:totp,hotp',`
			`'secret' => 'required_without:uri\|string',`
			`'digits' => 'nullable\|integer\|between:6,10',`
			`'algorithm' => 'nullable\|in:sha1,sha256,sha512,md5',`
			`'totpPeriod' => 'required_if:otpType,totp\|nullable\|integer\|min:1',`
			`'hotpCounter' => 'required_if:otpType,hotp\|nullable\|integer\|min:0',`
Validate 2FAccount edit form only with backend 2020-01-09 21:04:30 +01:00			`]);`

Delete possible orphan icon when updating a twofaccount 2020-01-27 13:56:19 +01:00			`// Here we catch a possible missing model exception in order to`
			`// delete orphan submited icon`
			`try {`

			`$twofaccount = TwoFAccount::FindOrFail($id);`

			`} catch (\Illuminate\Database\Eloquent\ModelNotFoundException $e) {`

			`if( $request->icon ) {`
			`Storage::delete('public/icons/' . $request->icon);`
			`}`

			`throw $e;`
			`}`
Handle missing 2FAccount when updating 2020-01-10 08:35:15 +01:00
Update Edit form to match with the new TwoFAccount model 2020-11-16 14:45:24 +01:00			`$twofaccount->populate($request->all());`
			`$twofaccount->save();`
Remove unnecessary try\|catch 2020-01-26 21:49:39 +01:00
			`return response()->json($twofaccount, 200);`
Handle missing 2FAccount when updating 2020-01-10 08:35:15 +01:00
initial commit 2019-05-20 07:37:41 +02:00			`}`

Account refactored and better json responses 2019-05-24 14:44:41 +02:00
initial commit 2019-05-20 07:37:41 +02:00			`/**`
			`* Remove the specified resource from storage.`
			`*`
Account refactored and better json responses 2019-05-24 14:44:41 +02:00			`* @param \App\TwoFAccount $twofaccount`
initial commit 2019-05-20 07:37:41 +02:00			`* @return \Illuminate\Http\Response`
			`*/`
Rework the Delete feature to support batch-delete 2020-01-31 23:05:06 +01:00			`public function destroy(TwoFAccount $twofaccount)`
initial commit 2019-05-20 07:37:41 +02:00			`{`
Rework the Delete feature to support batch-delete 2020-01-31 23:05:06 +01:00			`$twofaccount->delete();`
Handle missing 2FAccount when deleting 2020-01-10 00:22:45 +01:00
Rework the Delete feature to support batch-delete 2020-01-31 23:05:06 +01:00			`return response()->json(null, 204);`
			`}`
Handle missing 2FAccount when deleting 2020-01-10 00:22:45 +01:00
Account refactored and better json responses 2019-05-24 14:44:41 +02:00
Rework the Delete feature to support batch-delete 2020-01-31 23:05:06 +01:00			`/**`
			`* Remove the specified resources from storage.`
			`*`
			`* @param \Illuminate\Http\Request $request`
			`* @return \Illuminate\Http\Response`
			`*/`
			`public function batchDestroy(Request $request)`
			`{`
			`$ids = $request->all();`

			`TwoFAccount::destroy($ids);`
Account refactored and better json responses 2019-05-24 14:44:41 +02:00
Remove unnecessary try\|catch 2020-01-26 21:49:39 +01:00			`return response()->json(null, 204);`
Account refactored and better json responses 2019-05-24 14:44:41 +02:00			`}`

initial commit 2019-05-20 07:37:41 +02:00			`}`