extern/2FAuth
1
0
Fork 0
mirror of https://github.com/Bubka/2FAuth.git synced 2024-11-08 17:34:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Move some TwoFAccount validations to Form Requests

Browse Source
This commit is contained in:
Bubka 2021-09-07 23:10:17 +02:00
parent 3036e534e7
commit f3adb0b5dd
4 changed files with 132 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
app/Http/Controllers/TwoFAccountController.php
View File

@ -5,6 +5,9 @@
use App\Group;
use App\TwoFAccount;
use App\Classes\Options;
use App\Http\Requests\TwoFAccountReorderRequest;
use App\Http\Requests\TwoFAccountStoreRequest;
use App\Http\Requests\TwoFAccountEditRequest;
use Illuminate\Support\Str;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Storage;
@ -25,27 +28,13 @@ public function index()
/**
* Store a newly created resource in storage.
*
* @param \Illuminate\Http\Request $request
* @param \App\Http\Requests\TwoFAccountStoreRequest $request
* @return \Illuminate\Http\Response
*/
public function store(Request $request)
public function store(TwoFAccountStoreRequest $request)
{
// see https://github.com/google/google-authenticator/wiki/Key-Uri-Format
// for otpauth uri format validation
$this->validate($request, [
'service' => 'required|string',
'account' => 'required_without:uri|nullable|string|regex:/^[^:]+$/i',
'icon' => 'nullable|string',
'uri' => 'nullable|string|regex:/^otpauth:\/\/[h,t]otp\//i',
'otpType' => 'required_without:uri|in:totp,hotp',
'secret' => 'required_without:uri|string',
'digits' => 'nullable|integer|between:6,10',
'algorithm' => 'nullable|in:sha1,sha256,sha512,md5',
'totpPeriod' => 'nullable|integer|min:1',
'hotpCounter' => 'nullable|integer|min:0',
]);
$validated = $request->validated();
// Two possible cases :
// - The most common case, the uri is provided by the QuickForm, thanks to a QR code live scan or file upload
@ -53,9 +42,9 @@ public function store(Request $request)
// - The advanced form has been used and provide no uri but all individual parameters
// -> We use the parameters array to populate the account
$twofaccount = new TwoFAccount;
$twofaccount->service = $request->service;
$twofaccount->account = $request->account;
$twofaccount->icon = $request->icon;
$twofaccount->service = $validated['service'];
$twofaccount->account = $validated['account'];
$twofaccount->icon = $validated['icon'];
if( $request->uri ) {
$twofaccount->uri = $request->uri;
@ -109,12 +98,12 @@ public function showWithSensitive(TwoFAccount $twofaccount)
/**
* Save new order.
*
* @param \App\TwoFAccount $twofaccount
* @param App\Http\Requests\TwoFAccountReorderRequest $request
* @return \Illuminate\Http\Response
*/
public function reorder(Request $request)
public function reorder(TwoFAccountReorderRequest $request)
{
TwoFAccount::setNewOrder($request->orderedIds);
$validated = $request->validated();
return response()->json('order saved', 200);
}
@ -228,25 +217,14 @@ public function token(Request $request)
/**
* Update the specified resource in storage.
*
* @param \Illuminate\Http\Request $request
* @param \App\Http\TwoFAccountEditRequest $request
* @param \App\TwoFAccount $twofaccount
* @return \Illuminate\Http\Response
*/
public function update(Request $request, $id)
public function update(TwoFAccountEditRequest $request, $id)
{
$this->validate($request, [
'service' => 'required|string',
'account' => 'required_without:uri|nullable|string|regex:/^[^:]+$/i',
'icon' => 'nullable|string',
'uri' => 'nullable|string|regex:/^otpauth:\/\/[h,t]otp\//i',
'otpType' => 'required_without:uri|in:totp,hotp',
'secret' => 'required_without:uri|string',
'digits' => 'nullable|integer|between:6,10',
'algorithm' => 'nullable|in:sha1,sha256,sha512,md5',
'totpPeriod' => 'required_if:otpType,totp|nullable|integer|min:1',
'hotpCounter' => 'required_if:otpType,hotp|nullable|integer|min:0',
]);
$validated = $request->validated();
// Here we catch a possible missing model exception in order to
// delete orphan submited icon
@ -256,14 +234,14 @@ public function update(Request $request, $id)
} catch (\Illuminate\Database\Eloquent\ModelNotFoundException $e) {
if( $request->icon ) {
Storage::delete('public/icons/' . $request->icon);
if( $validated['icon'] ) {
Storage::delete('public/icons/' . $validated['icon']);
}
throw $e;
}
$twofaccount->populate($request->all());
$twofaccount->populate($validated);
$twofaccount->save();
return response()->json($twofaccount, 200);

42
app/Http/Requests/TwoFAccountEditRequest.php Normal file
View File

@ -0,0 +1,42 @@
<?php
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
class TwoFAccountEditRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return false;
}
/**
* Get the validation rules that apply to the request.
*
* @return array
*/
public function rules()
{
// see https://github.com/google/google-authenticator/wiki/Key-Uri-Format
// for otpauth uri format validation
return [
'service' => 'required_without:uri|string',
'account' => 'required_without:uri|nullable|string|regex:/^[^:]+$/i',
'icon' => 'nullable|string',
'uri' => 'nullable|string|regex:/^otpauth:\/\/[h,t]otp\//i',
'otpType' => 'required_without:uri|in:totp,hotp',
'secret' => 'required_without:uri|string',
'digits' => 'nullable|integer|between:6,10',
'algorithm' => 'nullable|in:sha1,sha256,sha512,md5',
'period' => 'required_if:otpType,totp|nullable|integer|min:1',
'counter' => 'required_if:otpType,hotp|nullable|integer|min:0',
];
}
}

30
app/Http/Requests/TwoFAccountReorderRequest.php Normal file
View File

@ -0,0 +1,30 @@
<?php
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
class TwoFAccountReorderRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return true;
}
/**
* Get the validation rules that apply to the request.
*
* @return array
*/
public function rules()
{
return [
'orderedIds' => 'required|array',
];
}
}

42
app/Http/Requests/TwoFAccountStoreRequest.php Normal file
View File

@ -0,0 +1,42 @@
<?php
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
class TwoFAccountStoreRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return true;
}
/**
* Get the validation rules that apply to the request.
*
* @return array
*/
public function rules()
{
// see https://github.com/google/google-authenticator/wiki/Key-Uri-Format
// for otpauth uri format validation
return [
'service' => 'required_without:uri|string',
'account' => 'required_without:uri|nullable|string|regex:/^[^:]+$/i',
'icon' => 'nullable|string',
'uri' => 'nullable|string|regex:/^otpauth:\/\/[h,t]otp\//i',
'otpType' => 'required_without:uri|in:totp,hotp',
'secret' => 'required_without:uri|string',
'digits' => 'nullable|integer|between:6,10',
'algorithm' => 'nullable|in:sha1,sha256,sha512,md5',
'period' => 'nullable|integer|min:1',
'counter' => 'nullable|integer|min:0',
];
}
}