[WIP] feat: 2FA

app/Http/Controllers/Auth/AuthenticatedSessionController.php

@@ -4,10 +4,7 @@
 
 namespace App\Http\Controllers\Auth;
 
-use App\Http\Requests\Auth\LoginRequest;
-use App\Models\User;
 use Illuminate\Http\RedirectResponse;
-use Illuminate\Http\Request;
 use Illuminate\View\View;
 
 final readonly class AuthenticatedSessionController
@@ -20,22 +17,6 @@ public function create(): View
         return view('auth.login');
     }
 
-    /**
-     * Handle an incoming authentication request.
-     */
-    public function store(LoginRequest $request): RedirectResponse
-    {
-        $request->authenticate();
-
-        session()->regenerate();
-
-        $user = type($request->user())->as(User::class);
-
-        return redirect()->intended(route('profile.show', [
-            'username' => $user->username,
-        ], absolute: false));
-    }
-
     /**
      * Destroy an authenticated session.
      */

app/Livewire/Auth/ConfirmPassword.php

@@ -0,0 +1,58 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Livewire\Auth;
+
+use Illuminate\View\View;
+use Livewire\Attributes\Locked;
+use Livewire\Attributes\On;
+use Livewire\Component;
+
+final class ConfirmPassword extends Component
+{
+    /**
+     * The Password being confirmed.
+     */
+    public string $password;
+
+    /**
+     * The ID to confirm.
+     */
+    #[Locked]
+    public string $idToConfirm;
+
+    /**
+     * Initialize the confirmation.
+     */
+    #[On('confirm-password')]
+    public function initialize(string $idToConfirm): void
+    {
+        $this->idToConfirm = $idToConfirm;
+        $this->password = '';
+        $this->dispatch('open-modal', 'confirm-password');
+    }
+
+    /**
+     * Confirm the password.
+     */
+    public function confirm(): void
+    {
+        $this->validate([
+            'password' => ['required', 'string', 'current_password'],
+        ]);
+
+        session()->put('auth.password_confirmed_at', time());
+        $this->password = '';
+        $this->dispatch('close-modal', 'confirm-password');
+        $this->dispatch('password-confirmed-'.$this->idToConfirm);
+    }
+
+    /**
+     * Render the component.
+     */
+    public function render(): View
+    {
+        return view('livewire.auth.confirm-password');
+    }
+}

app/Livewire/Concerns/ConfirmsPasswords.php

@@ -0,0 +1,32 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Livewire\Concerns;
+
+trait ConfirmsPasswords
+{
+    /**
+     * Ensure that the user's password has been recently confirmed.
+     */
+    protected function ensurePasswordIsConfirmed(string $idToConfirm, ?int $maximumSecondsSinceConfirmation = null): bool
+    {
+        if ($this->passwordIsConfirmed($maximumSecondsSinceConfirmation)) {
+            return true;
+        }
+
+        $this->dispatch('confirm-password', idToConfirm: $idToConfirm);
+
+        return false;
+    }
+
+    /**
+     * Determine if the user's password has been recently confirmed.
+     */
+    protected function passwordIsConfirmed(?int $maximumSecondsSinceConfirmation = null): bool
+    {
+        $maximumSecondsSinceConfirmation = $maximumSecondsSinceConfirmation !== null && $maximumSecondsSinceConfirmation !== 0 ? $maximumSecondsSinceConfirmation : config('auth.password_timeout', 900);
+
+        return (time() - session('auth.password_confirmed_at', 0)) < $maximumSecondsSinceConfirmation;
+    }
+}

app/Livewire/Profile/TwoFactorAuthenticationForm.php

@@ -0,0 +1,155 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Livewire\Profile;
+
+use App\Livewire\Concerns\ConfirmsPasswords;
+use App\Models\User;
+use Illuminate\View\View;
+use Laravel\Fortify\Actions\ConfirmTwoFactorAuthentication;
+use Laravel\Fortify\Actions\DisableTwoFactorAuthentication;
+use Laravel\Fortify\Actions\EnableTwoFactorAuthentication;
+use Laravel\Fortify\Actions\GenerateNewRecoveryCodes;
+use Livewire\Attributes\Locked;
+use Livewire\Attributes\On;
+use Livewire\Component;
+
+final class TwoFactorAuthenticationForm extends Component
+{
+    use ConfirmsPasswords;
+
+    /**
+     * Indicates if two factor authentication QR code is being displayed.
+     */
+    #[Locked]
+    public bool $showingQrCode = false;
+
+    /**
+     * Indicates if two factor authentication recovery codes are being displayed.
+     */
+    #[Locked]
+    public bool $showingRecoveryCodes = false;
+
+    /**
+     * Indicates if the two factor authentication confirmation input and button are being displayed.
+     */
+    #[Locked]
+    public bool $showingConfirmation = false;
+
+    /**
+     * Determine if two factor authentication is enabled.
+     */
+    #[Locked]
+    public bool $enabled = false;
+
+    /**
+     * The OTP code for confirming two factor authentication.
+     */
+    public ?string $code = null;
+
+    /**
+     * Mount the component.
+     */
+    public function mount(): void
+    {
+        $user = type(auth()->user())->as(User::class);
+        $this->enabled = $user->hasEnabledTwoFactorAuthentication();
+    }
+
+    /**
+     * Enable two factor authentication for the user.
+     */
+    #[On('password-confirmed-enable-two-factor-authentication')]
+    public function enableTwoFactorAuthentication(EnableTwoFactorAuthentication $enable): void
+    {
+        if (! $this->ensurePasswordIsConfirmed('enable-two-factor-authentication')) {
+            return;
+        }
+
+        $enable(auth()->user());
+        $this->showingQrCode = true;
+        $this->showingConfirmation = true;
+        $this->enabled = true;
+    }
+
+    /**
+     * Confirm two factor authentication for the user.
+     */
+    public function confirmTwoFactorAuthentication(ConfirmTwoFactorAuthentication $confirm): void
+    {
+        $confirm(auth()->user(), $this->pull('code'));
+
+        $this->showingQrCode = false;
+        $this->showingConfirmation = false;
+        $this->showingRecoveryCodes = true;
+    }
+
+    /**
+     * Display the user's recovery codes.
+     */
+    #[On('password-confirmed-show-recovery-codes')]
+    public function showRecoveryCodes(): void
+    {
+        if (! $this->enabled) {
+            return;
+        }
+
+        if (! $this->ensurePasswordIsConfirmed('show-recovery-codes')) {
+            return;
+        }
+
+        $this->showingRecoveryCodes = true;
+    }
+
+    /**
+     * Generate new recovery codes for the user.
+     */
+    #[On('password-confirmed-generate-new-recovery-codes')]
+    public function regenerateRecoveryCodes(GenerateNewRecoveryCodes $generate): void
+    {
+        if (! $this->enabled) {
+            return;
+        }
+
+        if (! $this->ensurePasswordIsConfirmed('generate-new-recovery-codes')) {
+            return;
+        }
+
+        $generate(auth()->user());
+
+        $this->showingRecoveryCodes = true;
+    }
+
+    /**
+     * Disable two factor authentication for the user.
+     */
+    #[On('password-confirmed-disable-two-factor-authentication')]
+    public function disableTwoFactorAuthentication(DisableTwoFactorAuthentication $disable): void
+    {
+        if (! $this->enabled) {
+            return;
+        }
+
+        if (! $this->ensurePasswordIsConfirmed('disable-two-factor-authentication')) {
+            return;
+        }
+
+        $disable(auth()->user());
+
+        $this->showingQrCode = false;
+        $this->showingRecoveryCodes = false;
+        $this->enabled = false;
+        $this->code = null;
+    }
+
+    /**
+     * Render the component.
+     */
+    public function render(): View
+    {
+        return view('livewire.profile.two-factor-authentication-form', [
+            'user' => auth()->user(),
+        ]);
+    }
+}