extern/2FAuth
1
0
Fork 0
mirror of https://github.com/Bubka/2FAuth.git synced 2025-03-30 18:26:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Set controllers to use TwoFAccount business service

Browse Source
This commit is contained in:
Bubka 2021-09-18 00:00:39 +02:00
parent 719ea3854f
commit 0d91fb5aa2
6 changed files with 266 additions and 212 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/Http/Controllers/QrCodeController.php
View File

@ -4,16 +4,22 @@
use App\TwoFAccount; use App\TwoFAccount;
use App\Services\QrCodeService; use App\Services\QrCodeService;
use App\Services\TwoFAccountService;
use App\Http\Requests\QrCodeDecodeRequest; use App\Http\Requests\QrCodeDecodeRequest;
class QrCodeController extends Controller class QrCodeController extends Controller
{ {
/** /**
* The TwoFAccount Service instance. * The QR code Service instance.
*/ */
protected $qrcodeService; protected $qrcodeService;
/**
* The TwoFAccount Service instance.
*/
protected $twofaccountService;
/** /**
* Create a new controller instance. * Create a new controller instance.
@ -21,9 +27,10 @@ class QrCodeController extends Controller
* @param QrCodeService $qrcodeService * @param QrCodeService $qrcodeService
* @return void * @return void
*/ */
public function __construct(QrCodeService $qrcodeService) public function __construct(QrCodeService $qrcodeService, TwoFAccountService $twofaccountService)
{ {
$this->qrcodeService = $qrcodeService; $this->qrcodeService = $qrcodeService;
$this->twofaccountService = $twofaccountService;
} }
@ -35,8 +42,9 @@ public function __construct(QrCodeService $qrcodeService)
*/ */
public function show(TwoFAccount $twofaccount) public function show(TwoFAccount $twofaccount)
{ {
$uri = $this->twofaccountService->getURI($twofaccount);
return response()->json(['qrcode' => $this->qrcodeService->encode($twofaccount->uri)], 200); return response()->json(['qrcode' => $this->qrcodeService->encode($uri)], 200);
} }
@ -48,7 +56,6 @@ public function show(TwoFAccount $twofaccount)
*/ */
public function decode(QrCodeDecodeRequest $request) public function decode(QrCodeDecodeRequest $request)
{ {
$file = $request->file('qrcode'); $file = $request->file('qrcode');
return response()->json(['data' => $this->qrcodeService->decode($file)], 200); return response()->json(['data' => $this->qrcodeService->decode($file)], 200);

336
app/Http/Controllers/TwoFAccountController.php
View File

@ -7,53 +7,83 @@
use App\Classes\Options; use App\Classes\Options;
use App\Http\Requests\TwoFAccountReorderRequest; use App\Http\Requests\TwoFAccountReorderRequest;
use App\Http\Requests\TwoFAccountStoreRequest; use App\Http\Requests\TwoFAccountStoreRequest;
use App\Http\Requests\TwoFAccountEditRequest; use App\Http\Requests\TwoFAccountUpdateRequest;
use Illuminate\Support\Str; use App\Http\Resources\TwoFAccountReadResource;
use App\Http\Resources\TwoFAccountStoreResource;
use App\Http\Requests\TwoFAccountDeleteRequest;
use App\Http\Requests\TwoFAccountUriRequest;
use App\Http\Requests\TwoFAccountDynamicRequest;
use App\Services\TwoFAccountService;
use Illuminate\Support\Arr;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Support\Facades\Storage;
class TwoFAccountController extends Controller class TwoFAccountController extends Controller
{ {
/** /**
* Display a listing of the resource. * The TwoFAccount Service instance.
*
* @return \Illuminate\Http\Response
*/ */
public function index() protected $twofaccountService;
/**
* Create a new controller instance.
*
* @param TwoFAccountService $twofaccountService
* @return void
*/
public function __construct(TwoFAccountService $twofaccountService)
{ {
return response()->json(TwoFAccount::ordered()->get()->toArray()); $this->twofaccountService = $twofaccountService;
}
/**
* List all resources
*
* @return \App\Http\Resources\TwoFAccountReadResource
*/
public function index(Request $request)
{
$request->merge(['withPosition' => true]);
$request->merge(['hideSecret' => true]);
return TwoFAccountReadResource::collection(TwoFAccount::ordered()->get());
}
/**
* Display a resource
*
* @param \App\TwoFAccount $twofaccount
*
* @return \App\Http\Resources\TwoFAccountReadResource
*/
public function show(TwoFAccount $twofaccount)
{
return new TwoFAccountReadResource($twofaccount);
} }
/** /**
* Store a newly created resource in storage. * Store a newly created resource in storage.
* *
* @param \App\Http\Requests\TwoFAccountStoreRequest $request * @param \App\Http\Requests\TwoFAccountDynamicRequest $request
* @return \Illuminate\Http\Response *
* @return \App\Http\Resources\TwoFAccountReadResource
*/ */
public function store(TwoFAccountStoreRequest $request) public function store(TwoFAccountDynamicRequest $request)
{ {
// Two possible cases :
// - The most common case, an URI is provided by the QuickForm, thanks to a QR code live scan or file upload
// -> We use that URI to define the account
// - The advanced form has been used and all individual parameters
// -> We use the parameters array to define the account
$validated = $request->validated(); $validated = $request->validated();
// Two possible cases : $twofaccount = Arr::has($validated, 'uri')
// - The most common case, the uri is provided by the QuickForm, thanks to a QR code live scan or file upload ? $this->twofaccountService->createFromUri($validated['uri'])
// -> We use this uri to populate the account : $this->twofaccountService->createFromParameters($validated);
// - The advanced form has been used and provide no uri but all individual parameters
// -> We use the parameters array to populate the account
$twofaccount = new TwoFAccount;
$twofaccount->service = $validated['service'];
$twofaccount->account = $validated['account'];
$twofaccount->icon = $validated['icon'];
if( $request->uri ) {
$twofaccount->uri = $request->uri;
}
else {
$twofaccount->populate($request->all());
}
$twofaccount->save();
// Possible group association // Possible group association
$groupId = Options::get('defaultGroup') === '-1' ? (int) Options::get('activeGroup') : (int) Options::get('defaultGroup'); $groupId = Options::get('defaultGroup') === '-1' ? (int) Options::get('activeGroup') : (int) Options::get('defaultGroup');
@ -67,149 +97,9 @@ public function store(TwoFAccountStoreRequest $request)
} }
} }
return response()->json($twofaccount, 201); return (new TwoFAccountReadResource($twofaccount))
} ->response()
->setStatusCode(201);
/**
* Display the specified resource.
*
* @param \App\TwoFAccount $twofaccount
* @return \Illuminate\Http\Response
*/
public function show(TwoFAccount $twofaccount)
{
return response()->json($twofaccount, 200);
}
/**
* Display the specified resource with all attributes.
*
* @param \App\TwoFAccount $twofaccount
* @return \Illuminate\Http\Response
*/
public function showWithSensitive(TwoFAccount $twofaccount)
{
return response()->json($twofaccount->makeVisible(['uri', 'secret', 'algorithm']), 200);
}
/**
* Save new order.
*
* @param App\Http\Requests\TwoFAccountReorderRequest $request
* @return \Illuminate\Http\Response
*/
public function reorder(TwoFAccountReorderRequest $request)
{
$validated = $request->validated();
return response()->json('order saved', 200);
}
/**
* Preview account using an uri, without any db moves
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function preview(Request $request)
{
$this->validate($request, [
'uri' => 'required|string|regex:/^otpauth:\/\/[h,t]otp\//i',
]);
$twofaccount = new TwoFAccount;
$twofaccount->uri = $request->uri;
// If present, use the imageLink parameter to prefill the icon field
if( $twofaccount->imageLink ) {
try {
$chunks = explode('.', $twofaccount->imageLink);
$hashFilename = Str::random(40) . '.' . end($chunks);
Storage::disk('local')->put('imagesLink/' . $hashFilename, file_get_contents($twofaccount->imageLink));
if( in_array(Storage::mimeType('imagesLink/' . $hashFilename), ['image/png', 'image/jpeg', 'image/webp', 'image/bmp']) ) {
if( getimagesize(storage_path() . '/app/imagesLink/' . $hashFilename) ) {
Storage::move('imagesLink/' . $hashFilename, 'public/icons/' . $hashFilename);
$twofaccount->icon = $hashFilename;
}
}
}
catch( \Exception $e ) {
// do nothing
}
}
return response()->json($twofaccount->makeVisible(['uri', 'secret', 'algorithm']), 200);
}
/**
* Generate an OTP token
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function token(Request $request)
{
// When the method is called during the process of creating/editing an HOTP account the
// sensitive data have to be returned, because of the hotpCounter increment
$shouldResponseWithSensitiveData = false;
if( $request->id ) {
// The request data is the Id of an existing account
$twofaccount = TwoFAccount::FindOrFail($request->id);
}
else if( $request->otp['uri'] ) {
// The request data contain an uri
$twofaccount = new TwoFAccount;
$twofaccount->uri = $request->otp['uri'];
$shouldResponseWithSensitiveData = true;
}
else {
// The request data should contain all otp parameter
$twofaccount = new TwoFAccount;
$twofaccount->populate($request->otp);
$shouldResponseWithSensitiveData = true;
}
$response = [
'token' => $twofaccount->token,
];
if( $twofaccount->otpType === 'hotp' ) {
// returned counter & uri will be updated
$twofaccount->increaseHotpCounter();
// and the db too
if( $request->id ) {
$twofaccount->save();
}
if( $shouldResponseWithSensitiveData ) {
$response['hotpCounter'] = $twofaccount->hotpCounter;
$response['uri'] = $twofaccount->uri;
}
}
else {
$response['totpPeriod'] = $twofaccount->totpPeriod;
$response['totpTimestamp'] = $twofaccount->totpTimestamp;
}
return response()->json($response, 200);
} }
@ -217,38 +107,90 @@ public function token(Request $request)
/** /**
* Update the specified resource in storage. * Update the specified resource in storage.
* *
* @param \App\Http\TwoFAccountEditRequest $request * @param \App\Http\TwoFAccountUpdateRequest $request
* @param \App\TwoFAccount $twofaccount * @param \App\TwoFAccount $twofaccount
* @return \Illuminate\Http\Response * @return \Illuminate\Http\Response
*/ */
public function update(TwoFAccountEditRequest $request, $id) public function update(TwoFAccountUpdateRequest $request, TwoFAccount $twofaccount)
{ {
$validated = $request->validated(); $validated = $request->validated();
// Here we catch a possible missing model exception in order to $this->twofaccountService->update($twofaccount, $validated);
// delete orphan submited icon
try {
$twofaccount = TwoFAccount::FindOrFail($id);
} catch (\Illuminate\Database\Eloquent\ModelNotFoundException $e) {
if( $validated['icon'] ) {
Storage::delete('public/icons/' . $validated['icon']);
}
throw $e;
}
$twofaccount->populate($validated);
$twofaccount->save();
return response()->json($twofaccount, 200); return response()->json($twofaccount, 200);
} }
/**
* Set new order.
*
* @param App\Http\Requests\TwoFAccountReorderRequest $request
* @return \Illuminate\Http\Response
*/
public function reorder(TwoFAccountReorderRequest $request)
{
$validated = $request->validated();
TwoFAccount::setNewOrder($validated['orderedIds']);
return response()->json(['message' => 'order saved'], 200);
}
/**
* Preview account using an uri, without any db moves
*
* @param \App\Http\Requests\TwoFAccountUriRequest $request
*
* @return \App\Http\Resources\TwoFAccountStoreResource
*/
public function preview(TwoFAccountUriRequest $request)
{
$twofaccount = $this->twofaccountService->createFromUri($request->uri, $saveToDB = false);
return new TwoFAccountStoreResource($twofaccount);
}
/**
* Get a One-Time Password
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function otp(Request $request, $id = null)
{
$inputs = $request->all();
// The request input is the ID of an existing account
if ( $id ) {
$otp = $this->twofaccountService->getOTP((int) $id);
}
// The request input is an uri
else if ( count($inputs) === 1 && $request->has('uri') ) {
$validatedData = $request->validate((new TwoFAccountUriRequest)->rules());
$otp = $this->twofaccountService->getOTP($validatedData['uri']);
}
else if ( count($inputs) > 1 && $request->has('uri')) {
return response()->json([
'message' => 'bad request',
'reason' => ['uri' => __('validation.single', ['attribute' => 'uri'])]
], 400);
}
// The request inputs should define an account
else {
$validatedData = $request->validate((new TwoFAccountStoreRequest)->rules());
$otp = $this->twofaccountService->getOTP($validatedData);
}
return response()->json($otp, 200);
}
/** /**
* A simple and light method to get the account count. * A simple and light method to get the account count.
* *
@ -269,7 +211,7 @@ public function count(Request $request)
*/ */
public function destroy(TwoFAccount $twofaccount) public function destroy(TwoFAccount $twofaccount)
{ {
$twofaccount->delete(); $this->twofaccountService->delete($twofaccount->id);
return response()->json(null, 204); return response()->json(null, 204);
} }
@ -278,14 +220,12 @@ public function destroy(TwoFAccount $twofaccount)
/** /**
* Remove the specified resources from storage. * Remove the specified resources from storage.
* *
* @param \Illuminate\Http\Request $request * @param \App\Http\Requests\TwoFAccountDeleteRequest $request
* @return \Illuminate\Http\Response * @return \Illuminate\Http\Response
*/ */
public function batchDestroy(Request $request) public function batchDestroy(TwoFAccountDeleteRequest $request)
{ {
$ids = $request->all(); $this->twofaccountService->delete($request->ids);
TwoFAccount::destroy($ids);
return response()->json(null, 204); return response()->json(null, 204);
} }

24
app/Http/Resources/TwoFAccountReadResource.php Normal file
View File

@ -0,0 +1,24 @@
<?php
namespace App\Http\Resources;
class TwoFAccountReadResource extends TwoFAccountStoreResource
{
/**
* Transform the resource into an array.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function toArray($request)
{
return array_merge(
[
'id' => $this->id,
'group_id' => $this->group_id,
'position' => $this->when($request->input('withPosition'), $this->order_column),
],
parent::toArray($request)
);
}
}

29
app/Http/Resources/TwoFAccountStoreResource.php Normal file
View File

@ -0,0 +1,29 @@
<?php
namespace App\Http\Resources;
use Illuminate\Http\Resources\Json\JsonResource;
class TwoFAccountStoreResource extends JsonResource
{
/**
* Transform the resource into an array.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function toArray($request)
{
return [
'otp_type' => $this->otp_type,
'account' => $this->account,
'service' => $this->service,
'icon' => $this->icon,
'secret' => $this->when((int) filter_var($request->input('hideSecret'), FILTER_VALIDATE_BOOLEAN) == 0, $this->secret),
'digits' => $this->digits,
'algorithm' => $this->algorithm,
'period' => $this->period,
'counter' => $this->counter
];
}
}

47
app/Rules/IsBase32Encoded.php Normal file
View File

@ -0,0 +1,47 @@
<?php
namespace App\Rules;
use Illuminate\Contracts\Validation\Rule;
use ParagonIE\ConstantTime\Base32;
class IsBase32Encoded implements Rule
{
/**
* Create a new rule instance.
*
* @return void
*/
public function __construct()
{
//
}
/**
* Determine if the validation rule passes.
*
* @param string $attribute
* @param mixed $value
* @return bool
*/
public function passes($attribute, $value)
{
try {
$secret = Base32::decodeUpper($value);
} catch (\Exception $e) {
return false;
}
return true;
}
/**
* Get the validation error message.
*
* @return string
*/
public function message()
{
return trans('validation.custom.secret.isBase32Encoded');
}
}

27
resources/lang/en/validation.php
View File

@ -118,6 +118,8 @@
'url' => 'The :attribute must be a valid url.', 'url' => 'The :attribute must be a valid url.',
'uuid' => 'The :attribute must be a valid UUID.', 'uuid' => 'The :attribute must be a valid UUID.',
'single' => 'When using :attribute it must be the only parameter in this request body',
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| Custom Validation Language Lines | Custom Validation Language Lines
@ -131,26 +133,31 @@
'custom' => [ 'custom' => [
'icon' => [ 'icon' => [
'image' => 'Supported format are jpeg, png, bmp, gif, svg, or webp', 'image' => 'Supported format are jpeg, png, bmp, gif, svg, or webp.',
], ],
'qrcode' => [ 'qrcode' => [
'image' => 'Supported format are jpeg, png, bmp, gif, svg, or webp', 'image' => 'Supported format are jpeg, png, bmp, gif, svg, or webp.',
], ],
'uri' => [ 'uri' => [
'starts_with' => 'Only valid OTP uri are supported', 'regex' => 'The :attribute is not a valid otpauth uri.',
],
'otp_type' => [
'in' => 'The :attribute is not supported.',
], ],
'email' => [ 'email' => [
'exists' => 'No account found using this email', 'exists' => 'No account found using this email.',
],
'otpType' => [
'required_without' => 'The :attribute field is required.',
], ],
'secret' => [ 'secret' => [
'required_without' => 'The :attribute field is required.', 'isBase32Encoded' => 'The :attribute must be a base32 encoded string.',
], ],
'account' => [ 'account' => [
'required_without' => 'The :attribute field is required.', 'regex' => 'The :attribute must not contain colon.',
'regex' => 'The :attribute field must not contain colon.', ],
'service' => [
'regex' => 'The :attribute must not contain colon.',
],
'label' => [
'required' => 'The uri must have a label.',
], ],
], ],