Check OTP validity before creation

2024-11-22 08:13:11 +01:00 · 2020-01-25 00:01:30 +01:00 · 2020-01-25 00:01:30 +01:00 · ffaef86909
commit ffaef86909
parent 24e643ff87
1 changed files with 25 additions and 0 deletions
--- a/app/Http/Controllers/TwoFAccountController.php
+++ b/app/Http/Controllers/TwoFAccountController.php
@ -37,6 +37,8 @@ public function store(Request $request)
            'uri' => 'required|regex:/^otpauth:\/\/[h,t]otp\//i',
        ]);

+        $this->validateOTP($request->uri);
+
        $twofaccount = TwoFAccount::create([
            'service' => $request->service,
            'account' => $request->account,
@ -140,4 +142,27 @@ public function destroy($id)
        }
    }

+
+    /**
+     * check if the provided uri is a valid OTP uri
+     *
+     * @param  \App\TwoFAccount  $twofaccount
+     * @return \Illuminate\Http\Response
+     */
+    private function validateOTP(String $uri) {
+
+        try {
+            $otp = \OTPHP\Factory::loadFromProvisioningUri($uri);
+            return true;
+        }
+        catch (\Assert\AssertionFailedException $exception) {
+            $error = \Illuminate\Validation\ValidationException::withMessages([
+                'qrcode' => __('errors.response.no_valid_totp')
+            ]);
+
+            throw $error;
+        }
+
+    }
+
 }