2FAuth/app/Http/Controllers/TwoFAccountController.php

<?php

namespace App\Http\Controllers;

use App\Group;
use App\TwoFAccount;
use App\Classes\OTP;
use App\Classes\Options;
use Illuminate\Http\Request;
use ParagonIE\ConstantTime\Base32;
use Illuminate\Support\Facades\Storage;

class TwoFAccountController extends Controller
{
    /**
     * Display a listing of the resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function index()
    {
        return response()->json(TwoFAccount::ofGroup(Options::get('activeGroup'))->ordered()->get()->toArray());
    }


    /**
     * Store a newly created resource in storage.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function store(Request $request)
    {

        // see https://github.com/google/google-authenticator/wiki/Key-Uri-Format
        // for otpauth uri format validation
        $this->validate($request, [
            'service' => 'required',
            'uri' => 'required|regex:/^otpauth:\/\/[h,t]otp\//i',
        ]);

        OTP::get($request->uri);

        $twofaccount = TwoFAccount::create([
            'service' => $request->service,
            'account' => $request->account,
            'uri' => $request->uri,
            'icon' => $request->icon
        ]);

        // Possible group association
        $groupId = Options::get('defaultGroup') === '-1' ? (int) Options::get('activeGroup') : (int) Options::get('defaultGroup');
        
        // 0 is the pseudo group 'All', only groups with id > 0 are true user groups
        if( $groupId > 0 ) {
            $group = Group::find($groupId);

            if($group) {
                $group->twofaccounts()->save($twofaccount);
            }
        }

        return response()->json($twofaccount, 201);
    }


    /**
     * Display the specified resource.
     *
     * @param  \App\TwoFAccount  $twofaccount
     * @return \Illuminate\Http\Response
     */
    public function show(TwoFAccount $twofaccount)
    {
        return response()->json($twofaccount, 200);
    }


    /**
     * Save new order.
     *
     * @param  \App\TwoFAccount  $twofaccount
     * @return \Illuminate\Http\Response
     */
    public function reorder(Request $request)
    {
        TwoFAccount::setNewOrder($request->orderedIds);
        return response()->json('order saved', 200);
    }


    /**
     * Generate a TOTP
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function generateOTP(Request $request)
    {
        $isPreview = false;

        if( is_int($request->data) ) {
            $twofaccount = TwoFAccount::FindOrFail($request->data);
            $uri = $twofaccount->uri;
        }
        else {
            $uri = $request->data;
            $isPreview = true;
        }

        return response()->json(OTP::generate($uri, $isPreview), 200);
    }


    /**
     * Update the specified resource in storage.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \App\TwoFAccount  $twofaccount
     * @return \Illuminate\Http\Response
     */
    public function update(Request $request, $id)
    {

        $this->validate($request, [
            'service' => 'required',
        ]);


        // Here we catch a possible missing model exception in order to
        // delete orphan submited icon
        try {

            $twofaccount = TwoFAccount::FindOrFail($id);

        } catch (\Illuminate\Database\Eloquent\ModelNotFoundException $e) {

            if( $request->icon ) {
                Storage::delete('public/icons/' . $request->icon);
            }
            
            throw $e;
        }
        

        if( $twofaccount->type === 'hotp' ) {

            // HOTP can be desynchronized from the verification
            // server so we let the user the possibility to force
            // the counter.

            $this->validate($request, [
                'counter' => 'required|integer',
            ]);

            // we set an OTP object to get the its current counter
            // and we update it if a new one has been submited
            $otp = OTP::get($twofaccount->uri);

            if( $otp->getCounter() !== $request->counter ) {
                $otp->setParameter( 'counter', $request->counter );
                $twofaccount->uri = $otp->getProvisioningUri();
            }
        }

        $twofaccount->update([
            'service' => $request->service,
            'account' => $request->account,
            'icon' => $request->icon,
            'uri' => $twofaccount->uri,
        ]);

        return response()->json($twofaccount, 200);

    }


    /**
     * Remove the specified resource from storage.
     *
     * @param  \App\TwoFAccount  $twofaccount
     * @return \Illuminate\Http\Response
     */
    public function destroy(TwoFAccount $twofaccount)
    {
        $twofaccount->delete();

        return response()->json(null, 204);
    }


    /**
     * Remove the specified resources from storage.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function batchDestroy(Request $request)
    {
        $ids = $request->all();
        
        TwoFAccount::destroy($ids);

        return response()->json(null, 204);
    }

}
initial commit 2019-05-20 07:37:41 +02:00			`<?php`

			`namespace App\Http\Controllers;`

Add Default group option in Settings 2020-11-02 22:41:40 +01:00			`use App\Group;`
Account refactored and better json responses 2019-05-24 14:44:41 +02:00			`use App\TwoFAccount;`
Full support of HOTP 2020-01-24 22:37:48 +01:00			`use App\Classes\OTP;`
Add Group scope to TwoFAccount model 2020-10-25 23:51:50 +01:00			`use App\Classes\Options;`
initial commit 2019-05-20 07:37:41 +02:00			`use Illuminate\Http\Request;`
TOTP integration 2019-05-26 16:42:09 +02:00			`use ParagonIE\ConstantTime\Base32;`
Remove softDelete on 2FAccounts 2020-01-07 16:46:50 +01:00			`use Illuminate\Support\Facades\Storage;`
initial commit 2019-05-20 07:37:41 +02:00
Account refactored and better json responses 2019-05-24 14:44:41 +02:00			`class TwoFAccountController extends Controller`
initial commit 2019-05-20 07:37:41 +02:00			`{`
			`/**`
			`* Display a listing of the resource.`
			`*`
			`* @return \Illuminate\Http\Response`
			`*/`
			`public function index()`
			`{`
Set persisted ordering back 2020-11-02 15:32:09 +01:00			`return response()->json(TwoFAccount::ofGroup(Options::get('activeGroup'))->ordered()->get()->toArray());`
initial commit 2019-05-20 07:37:41 +02:00			`}`


			`/**`
			`* Store a newly created resource in storage.`
			`*`
			`* @param \Illuminate\Http\Request $request`
			`* @return \Illuminate\Http\Response`
			`*/`
			`public function store(Request $request)`
			`{`
Validate 2FAccount create form only with backend 2020-01-09 16:33:32 +01:00
			`// see https://github.com/google/google-authenticator/wiki/Key-Uri-Format`
			`// for otpauth uri format validation`
Use and handle default Laravel validation errors response 2020-01-19 23:02:20 +01:00			`$this->validate($request, [`
Validate 2FAccount create form only with backend 2020-01-09 16:33:32 +01:00			`'service' => 'required',`
Add HOTP counter field to Edit form 2020-01-24 12:56:38 +01:00			`'uri' => 'required\|regex:/^otpauth:\/\/[h,t]otp\//i',`
All hardcoded strings replaced by i18n translation 2020-01-12 19:55:17 +01:00			`]);`
Validate 2FAccount create form only with backend 2020-01-09 16:33:32 +01:00
Refactoring 2020-01-25 18:22:45 +01:00			`OTP::get($request->uri);`
Check OTP validity before creation 2020-01-25 00:01:30 +01:00
Account refactored and better json responses 2019-05-24 14:44:41 +02:00			`$twofaccount = TwoFAccount::create([`
refactoring de Name & Email vers Service & Account 2020-01-06 21:45:14 +01:00			`'service' => $request->service,`
			`'account' => $request->account,`
Create and Edit update with icon field 2020-01-02 00:09:19 +01:00			`'uri' => $request->uri,`
			`'icon' => $request->icon`
initial commit 2019-05-20 07:37:41 +02:00			`]);`

Add Default group option in Settings 2020-11-02 22:41:40 +01:00			`// Possible group association`
			`$groupId = Options::get('defaultGroup') === '-1' ? (int) Options::get('activeGroup') : (int) Options::get('defaultGroup');`

			`// 0 is the pseudo group 'All', only groups with id > 0 are true user groups`
			`if( $groupId > 0 ) {`
			`$group = Group::find($groupId);`

			`if($group) {`
			`$group->twofaccounts()->save($twofaccount);`
			`}`
			`}`

Better API responses without envelope 2019-05-25 23:51:20 +02:00			`return response()->json($twofaccount, 201);`
initial commit 2019-05-20 07:37:41 +02:00			`}`

Account refactored and better json responses 2019-05-24 14:44:41 +02:00
initial commit 2019-05-20 07:37:41 +02:00			`/**`
			`* Display the specified resource.`
			`*`
Account refactored and better json responses 2019-05-24 14:44:41 +02:00			`* @param \App\TwoFAccount $twofaccount`
initial commit 2019-05-20 07:37:41 +02:00			`* @return \Illuminate\Http\Response`
			`*/`
Remove useless check in controller 2020-02-02 20:46:41 +01:00			`public function show(TwoFAccount $twofaccount)`
initial commit 2019-05-20 07:37:41 +02:00			`{`
Remove unnecessary try\|catch 2020-01-26 21:49:39 +01:00			`return response()->json($twofaccount, 200);`
initial commit 2019-05-20 07:37:41 +02:00			`}`


Make the accounts sortable and persist new order. Deactivate Pull-to-refresh feature to prevent side effects 2020-03-27 22:36:01 +01:00			`/**`
			`* Save new order.`
			`*`
			`* @param \App\TwoFAccount $twofaccount`
			`* @return \Illuminate\Http\Response`
			`*/`
			`public function reorder(Request $request)`
			`{`
			`TwoFAccount::setNewOrder($request->orderedIds);`
			`return response()->json('order saved', 200);`
			`}`


TOTP integration 2019-05-26 16:42:09 +02:00			`/**`
			`* Generate a TOTP`
			`*`
New creation process for a better UX 2020-02-04 17:06:11 +01:00			`* @param \Illuminate\Http\Request $request`
TOTP integration 2019-05-26 16:42:09 +02:00			`* @return \Illuminate\Http\Response`
			`*/`
New creation process for a better UX 2020-02-04 17:06:11 +01:00			`public function generateOTP(Request $request)`
TOTP integration 2019-05-26 16:42:09 +02:00			`{`
Handle correctly counter update in case of HOTP preview 2020-02-06 12:24:18 +01:00			`$isPreview = false;`

New creation process for a better UX 2020-02-04 17:06:11 +01:00			`if( is_int($request->data) ) {`
			`$twofaccount = TwoFAccount::FindOrFail($request->data);`
			`$uri = $twofaccount->uri;`
			`}`
			`else {`
			`$uri = $request->data;`
Handle correctly counter update in case of HOTP preview 2020-02-06 12:24:18 +01:00			`$isPreview = true;`
New creation process for a better UX 2020-02-04 17:06:11 +01:00			`}`

Handle correctly counter update in case of HOTP preview 2020-02-06 12:24:18 +01:00			`return response()->json(OTP::generate($uri, $isPreview), 200);`
TOTP integration 2019-05-26 16:42:09 +02:00			`}`


initial commit 2019-05-20 07:37:41 +02:00			`/**`
			`* Update the specified resource in storage.`
			`*`
			`* @param \Illuminate\Http\Request $request`
Account refactored and better json responses 2019-05-24 14:44:41 +02:00			`* @param \App\TwoFAccount $twofaccount`
initial commit 2019-05-20 07:37:41 +02:00			`* @return \Illuminate\Http\Response`
			`*/`
Handle missing 2FAccount when updating 2020-01-10 08:35:15 +01:00			`public function update(Request $request, $id)`
initial commit 2019-05-20 07:37:41 +02:00			`{`
Validate 2FAccount edit form only with backend 2020-01-09 21:04:30 +01:00
Use and handle default Laravel validation errors response 2020-01-19 23:02:20 +01:00			`$this->validate($request, [`
Validate 2FAccount edit form only with backend 2020-01-09 21:04:30 +01:00			`'service' => 'required',`
			`]);`

Delete possible orphan icon when updating a twofaccount 2020-01-27 13:56:19 +01:00
			`// Here we catch a possible missing model exception in order to`
			`// delete orphan submited icon`
			`try {`

			`$twofaccount = TwoFAccount::FindOrFail($id);`

			`} catch (\Illuminate\Database\Eloquent\ModelNotFoundException $e) {`

			`if( $request->icon ) {`
			`Storage::delete('public/icons/' . $request->icon);`
			`}`

			`throw $e;`
			`}`

Add logic to force HOTP counter 2020-01-25 18:44:24 +01:00
Remove unnecessary try\|catch 2020-01-26 21:49:39 +01:00			`if( $twofaccount->type === 'hotp' ) {`
Add logic to force HOTP counter 2020-01-25 18:44:24 +01:00
Remove unnecessary try\|catch 2020-01-26 21:49:39 +01:00			`// HOTP can be desynchronized from the verification`
			`// server so we let the user the possibility to force`
			`// the counter.`
Add logic to force HOTP counter 2020-01-25 18:44:24 +01:00
Remove unnecessary try\|catch 2020-01-26 21:49:39 +01:00			`$this->validate($request, [`
			`'counter' => 'required\|integer',`
Add logic to force HOTP counter 2020-01-25 18:44:24 +01:00			`]);`
Handle missing 2FAccount when updating 2020-01-10 08:35:15 +01:00
Remove unnecessary try\|catch 2020-01-26 21:49:39 +01:00			`// we set an OTP object to get the its current counter`
			`// and we update it if a new one has been submited`
			`$otp = OTP::get($twofaccount->uri);`
Handle missing 2FAccount when updating 2020-01-10 08:35:15 +01:00
Remove unnecessary try\|catch 2020-01-26 21:49:39 +01:00			`if( $otp->getCounter() !== $request->counter ) {`
			`$otp->setParameter( 'counter', $request->counter );`
			`$twofaccount->uri = $otp->getProvisioningUri();`
			`}`
Handle missing 2FAccount when updating 2020-01-10 08:35:15 +01:00			`}`

Remove unnecessary try\|catch 2020-01-26 21:49:39 +01:00			`$twofaccount->update([`
			`'service' => $request->service,`
			`'account' => $request->account,`
			`'icon' => $request->icon,`
			`'uri' => $twofaccount->uri,`
			`]);`

			`return response()->json($twofaccount, 200);`
Handle missing 2FAccount when updating 2020-01-10 08:35:15 +01:00
initial commit 2019-05-20 07:37:41 +02:00			`}`

Account refactored and better json responses 2019-05-24 14:44:41 +02:00
initial commit 2019-05-20 07:37:41 +02:00			`/**`
			`* Remove the specified resource from storage.`
			`*`
Account refactored and better json responses 2019-05-24 14:44:41 +02:00			`* @param \App\TwoFAccount $twofaccount`
initial commit 2019-05-20 07:37:41 +02:00			`* @return \Illuminate\Http\Response`
			`*/`
Rework the Delete feature to support batch-delete 2020-01-31 23:05:06 +01:00			`public function destroy(TwoFAccount $twofaccount)`
initial commit 2019-05-20 07:37:41 +02:00			`{`
Rework the Delete feature to support batch-delete 2020-01-31 23:05:06 +01:00			`$twofaccount->delete();`
Handle missing 2FAccount when deleting 2020-01-10 00:22:45 +01:00
Rework the Delete feature to support batch-delete 2020-01-31 23:05:06 +01:00			`return response()->json(null, 204);`
			`}`
Handle missing 2FAccount when deleting 2020-01-10 00:22:45 +01:00
Account refactored and better json responses 2019-05-24 14:44:41 +02:00
Rework the Delete feature to support batch-delete 2020-01-31 23:05:06 +01:00			`/**`
			`* Remove the specified resources from storage.`
			`*`
			`* @param \Illuminate\Http\Request $request`
			`* @return \Illuminate\Http\Response`
			`*/`
			`public function batchDestroy(Request $request)`
			`{`
			`$ids = $request->all();`

			`TwoFAccount::destroy($ids);`
Account refactored and better json responses 2019-05-24 14:44:41 +02:00
Remove unnecessary try\|catch 2020-01-26 21:49:39 +01:00			`return response()->json(null, 204);`
Account refactored and better json responses 2019-05-24 14:44:41 +02:00			`}`

initial commit 2019-05-20 07:37:41 +02:00			`}`