From 10d8b592eabc2397f67d59e65a53f374afdd63e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=8Carodej?= <peterpapp@makingcg.com>
Date: Tue, 5 Apr 2022 09:52:49 +0200
Subject: [PATCH] confirm token in 2fa challenge

---
 composer.json                                 |  2 +-
 composer.lock                                 | 14 +--
 config/fortify.php                            |  6 +-
 config/language-translations.php              |  4 +-
 config/vuefilemanager.php                     |  3 +-
 ..._161750_update_tables_to_v2.0.14_table.php | 34 +++++++
 public/mix-manifest.json                      |  4 +-
 .../js/components/Others/ConfirmPassword.vue  |  2 +-
 .../Others/TwoFactorQrSetupPopup.vue          | 97 +++++++++++--------
 resources/js/store/modules/userAuth.js        |  2 +-
 resources/js/views/User/Password.vue          | 10 +-
 src/App/Users/Resources/UserResource.php      |  5 +-
 .../Controllers/UpgradeSystemController.php   | 10 ++
 13 files changed, 127 insertions(+), 66 deletions(-)
 create mode 100644 database/migrations/2022_04_05_161750_update_tables_to_v2.0.14_table.php

diff --git a/composer.json b/composer.json
index a446c7c7..1eddb6c1 100644
--- a/composer.json
+++ b/composer.json
@@ -21,7 +21,7 @@
         "intervention/image": "^2.7.1",
         "jaybizzle/laravel-crawler-detect": "^1.2",
         "kyslik/column-sortable": "^6.4.1",
-        "laravel/fortify": "^1.10.0",
+        "laravel/fortify": "^1.12.0",
         "laravel/framework": "^9.2",
         "laravel/sanctum": "^2.14.2",
         "laravel/socialite": "^5.5.1",
diff --git a/composer.lock b/composer.lock
index c813cb76..86be86d9 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "669354d19fcd40d6005df2082a0f91c4",
+    "content-hash": "e528b8d32f34a87acd381ac8c3f3cef1",
     "packages": [
         {
             "name": "amphp/amp",
@@ -280,16 +280,16 @@
         },
         {
             "name": "aws/aws-sdk-php",
-            "version": "3.218.1",
+            "version": "3.218.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/aws/aws-sdk-php.git",
-                "reference": "fd902a4766d61afac98f7e7746736ba741d4dcce"
+                "reference": "dd981c2e95fd1dd65d8e05b30e257b8413d63071"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/fd902a4766d61afac98f7e7746736ba741d4dcce",
-                "reference": "fd902a4766d61afac98f7e7746736ba741d4dcce",
+                "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/dd981c2e95fd1dd65d8e05b30e257b8413d63071",
+                "reference": "dd981c2e95fd1dd65d8e05b30e257b8413d63071",
                 "shasum": ""
             },
             "require": {
@@ -365,9 +365,9 @@
             "support": {
                 "forum": "https://forums.aws.amazon.com/forum.jspa?forumID=80",
                 "issues": "https://github.com/aws/aws-sdk-php/issues",
-                "source": "https://github.com/aws/aws-sdk-php/tree/3.218.1"
+                "source": "https://github.com/aws/aws-sdk-php/tree/3.218.2"
             },
-            "time": "2022-04-01T18:14:25+00:00"
+            "time": "2022-04-04T18:18:52+00:00"
         },
         {
             "name": "bacon/bacon-qr-code",
diff --git a/config/fortify.php b/config/fortify.php
index 58ab8ac4..12bd4aac 100644
--- a/config/fortify.php
+++ b/config/fortify.php
@@ -131,12 +131,8 @@ return [
     */
 
     'features' => [
-        // Features::registration(),
-        //Features::resetPasswords(),
-        // Features::emailVerification(),
-        Features::updateProfileInformation(),
-        //Features::updatePasswords(),
         Features::twoFactorAuthentication([
+            'confirm'         => true,
             'confirmPassword' => true,
         ]),
     ],
diff --git a/config/language-translations.php b/config/language-translations.php
index 39848c3f..9a55718f 100644
--- a/config/language-translations.php
+++ b/config/language-translations.php
@@ -656,7 +656,6 @@ return [
         'confirm_your_password'                          => 'Confirm Your Password',
         'popup_2fa.help'                                 => 'Scan the image above with the <b class="text-theme dark-text-theme">two-factor authentication app</b> on your phone.',
         'confirm'                                        => 'Confirm',
-        'popup_2fa.disappear_qr'                         => 'Really disappear this QR code?',
         'popup_2fa.toaster_enabled'                      => 'Your 2FA was enabled successfully!',
         'popup_2fa.toaster_disabled'                     => 'Your 2FA was disabled!',
         'popup_2fa.switch_title'                         => 'Enable / Disable Two Factor Authentication',
@@ -938,5 +937,8 @@ return [
         'server_settings'                                => 'Server / Settings',
         'user_features'                                  => 'User Features',
         'upload_settings'                                => 'Upload Settings',
+        'set_up_2fa_app'                                 => 'Set up Your Authenticator App',
+        'confirm_your_code'                              => 'Confirm Your Code',
+        'paste_code_from_2fa_app'                        => 'Paste the latest code from 2fa app...',
     ],
 ];
diff --git a/config/vuefilemanager.php b/config/vuefilemanager.php
index 5c96a264..6f35dc2d 100644
--- a/config/vuefilemanager.php
+++ b/config/vuefilemanager.php
@@ -1,7 +1,7 @@
 <?php
 
 return [
-    'version' => '2.0.13',
+    'version' => '2.0.14',
 
     'is_demo' => env('APP_DEMO', false),
 
@@ -61,5 +61,6 @@ return [
     'updates' => [
         '2_0_10',
         '2_0_13',
+        '2_0_14',
     ],
 ];
diff --git a/database/migrations/2022_04_05_161750_update_tables_to_v2.0.14_table.php b/database/migrations/2022_04_05_161750_update_tables_to_v2.0.14_table.php
new file mode 100644
index 00000000..2a599a53
--- /dev/null
+++ b/database/migrations/2022_04_05_161750_update_tables_to_v2.0.14_table.php
@@ -0,0 +1,34 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->timestamp('two_factor_confirmed_at')
+                ->after('two_factor_recovery_codes')
+                ->nullable();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->dropColumn('two_factor_confirmed_at');
+        });
+    }
+};
diff --git a/public/mix-manifest.json b/public/mix-manifest.json
index ed93d35b..dc01a6cc 100644
--- a/public/mix-manifest.json
+++ b/public/mix-manifest.json
@@ -57,9 +57,9 @@
     "/chunks/sign-up.js": "/chunks/sign-up.js?id=bb92bad614e60d45",
     "/chunks/forgotten-password.js": "/chunks/forgotten-password.js?id=50a1bc5e4ed86ec9",
     "/chunks/create-new-password.js": "/chunks/create-new-password.js?id=f652de052dba55c1",
-    "/chunks/settings.js": "/chunks/settings.js?id=71119613323ea819",
+    "/chunks/settings.js": "/chunks/settings.js?id=1d4093d2045bac71",
     "/chunks/profile.js": "/chunks/profile.js?id=0eca231475e267ab",
-    "/chunks/settings-password.js": "/chunks/settings-password.js?id=11d4331650cac280",
+    "/chunks/settings-password.js": "/chunks/settings-password.js?id=3755d41eaf50a5b1",
     "/chunks/settings-storage.js": "/chunks/settings-storage.js?id=994b669a56fd417b",
     "/chunks/billing.js": "/chunks/billing.js?id=40e758c87bcf6e89",
     "/chunks/platform.js": "/chunks/platform.js?id=490c3586a4dca9fb",
diff --git a/resources/js/components/Others/ConfirmPassword.vue b/resources/js/components/Others/ConfirmPassword.vue
index 70d64fe7..6428bb42 100644
--- a/resources/js/components/Others/ConfirmPassword.vue
+++ b/resources/js/components/Others/ConfirmPassword.vue
@@ -68,7 +68,7 @@ export default {
     data() {
         return {
             isLoading: false,
-            password: '',
+            password: undefined,
             args: undefined,
         }
     },
diff --git a/resources/js/components/Others/TwoFactorQrSetupPopup.vue b/resources/js/components/Others/TwoFactorQrSetupPopup.vue
index 91835cbc..a8662ded 100644
--- a/resources/js/components/Others/TwoFactorQrSetupPopup.vue
+++ b/resources/js/components/Others/TwoFactorQrSetupPopup.vue
@@ -1,6 +1,6 @@
 <template>
     <PopupWrapper name="two-factor-qr-setup">
-        <PopupHeader :title="$t('confirm_your_password')" icon="edit" />
+        <PopupHeader :title="$t('set_up_2fa_app')" icon="edit" />
 
         <PopupContent>
             <div v-if="qrCode" class="flex justify-center">
@@ -10,27 +10,42 @@
             <InfoBox style="margin-bottom: 0">
                 <p v-html="$t('popup_2fa.help')"></p>
             </InfoBox>
+
+            <ValidationObserver @submit.prevent="confirm2FaSetup" ref="codeForm" v-slot="{ invalid }" tag="form" class="mt-5">
+                <ValidationProvider tag="div" mode="passive" name="Code" rules="required" v-slot="{ errors }">
+                    <AppInputText :title="$t('confirm')" :error="errors[0]" :is-last="true">
+                        <input
+							v-model="code"
+							:class="{ '!border-rose-600': errors[0] }"
+							type="text"
+							ref="input"
+							class="focus-border-theme input-dark"
+							:placeholder="$t('paste_code_from_2fa_app')"
+						/>
+                    </AppInputText>
+                </ValidationProvider>
+            </ValidationObserver>
+
         </PopupContent>
 
         <PopupActions>
-            <ButtonBase class="w-full" @click.native="closeQrCodePopup" :button-style="closeQrButtonStyle">
-                {{ closeQrButtonText }}
+            <ButtonBase @click.native="confirm2FaSetup" class="w-full" button-style="theme" :loading="isLoading">
+                {{ $t('confirm_your_code') }}
             </ButtonBase>
         </PopupActions>
     </PopupWrapper>
 </template>
 
 <script>
-import AppInputText from '../Admin/AppInputText'
 import { ValidationProvider, ValidationObserver } from 'vee-validate/dist/vee-validate.full'
+import { required } from 'vee-validate/dist/rules'
+import ButtonBase from '../FilesView/ButtonBase'
+import AppInputText from '../Admin/AppInputText'
 import PopupWrapper from './Popup/PopupWrapper'
 import PopupActions from './Popup/PopupActions'
 import PopupContent from './Popup/PopupContent'
 import PopupHeader from './Popup/PopupHeader'
-import ButtonBase from '../FilesView/ButtonBase'
 import InfoBox from './Forms/InfoBox'
-import { required } from 'vee-validate/dist/rules'
-import { mapGetters } from 'vuex'
 import { events } from '../../bus'
 import axios from 'axios'
 
@@ -48,31 +63,49 @@ export default {
         required,
         InfoBox,
     },
-    computed: {
-        ...mapGetters(['user']),
-        closeQrButtonText() {
-            return this.isConfirmedClose ? this.$t('popup_2fa.disappear_qr') : this.$t('awesome_iam_done')
-        },
-        closeQrButtonStyle() {
-            return this.isConfirmedClose ? 'danger' : 'theme'
-        },
-    },
     data() {
         return {
+            qrCode: undefined,
             isLoading: false,
-            qrCode: '',
-            isConfirmedClose: false,
+			code: undefined
         }
     },
     methods: {
+		async confirm2FaSetup() {
+			// Validate fields
+			const isValid = await this.$refs.codeForm.validate()
+
+			if (!isValid) return
+
+			this.isLoading = true
+
+			axios
+				.post('/user/confirmed-two-factor-authentication', {code: this.code})
+				.then(() => {
+					this.$store.commit('CHANGE_TWO_FACTOR_AUTHENTICATION_STATE', true)
+
+					this.$closePopup()
+
+					events.$emit('toaster', {
+						type: 'success',
+						message: this.$t('popup_2fa.toaster_enabled'),
+					})
+				})
+				.catch((error) => {
+					if (error.response.status === 422) {
+						this.$refs.codeForm.setErrors({
+							'Code': error.response.data.errors['code'][0],
+						})
+					}
+				})
+				.finally(() => this.isLoading = false)
+		},
         enable() {
             axios
                 .post('/user/two-factor-authentication')
-                .then(() => {
-                    this.$store.commit('CHANGE_TWO_FACTOR_AUTHENTICATION_STATE', true)
-
-                    this.getQrCode()
-                })
+				.then(() => {
+					this.getQrCode()
+				})
                 .catch(() => {
                     this.$isSomethingWrong()
                 })
@@ -87,28 +120,12 @@ export default {
                     this.$isSomethingWrong()
                 })
         },
-        closeQrCodePopup() {
-            if (!this.isConfirmedClose) {
-                this.isConfirmedClose = true
-            } else {
-                events.$emit('toaster', {
-                    type: 'success',
-                    message: this.$t('popup_2fa.toaster_enabled'),
-                })
-
-                this.qrCode = undefined
-                this.isConfirmedClose = false
-
-                this.$closePopup()
-            }
-        },
     },
     created() {
-        // Show popup
         events.$on('popup:open', (args) => {
             if (args.name !== 'two-factor-qr-setup') return
 
-            this.enable()
+			this.enable()
         })
     },
 }
diff --git a/resources/js/store/modules/userAuth.js b/resources/js/store/modules/userAuth.js
index 60d5ec06..b6f49155 100644
--- a/resources/js/store/modules/userAuth.js
+++ b/resources/js/store/modules/userAuth.js
@@ -135,7 +135,7 @@ const actions = {
 
 const mutations = {
     CHANGE_TWO_FACTOR_AUTHENTICATION_STATE(state, condition) {
-        state.user.data.attributes.two_factor_authentication = condition
+        state.user.data.attributes.two_factor_confirmed_at = condition
     },
     RETRIEVE_USER(state, user) {
         state.user = user
diff --git a/resources/js/views/User/Password.vue b/resources/js/views/User/Password.vue
index 18915392..14919f5a 100644
--- a/resources/js/views/User/Password.vue
+++ b/resources/js/views/User/Password.vue
@@ -8,18 +8,18 @@
             <AppInputSwitch
                 :title="$t('popup_2fa.switch_title')"
                 :description="$t('popup_2fa.switch_info')"
-                :is-last="!user.data.attributes.two_factor_authentication"
+                :is-last="!user.data.attributes.two_factor_confirmed_at"
             >
                 <SwitchInput
 					@click.native="toggle2Fa"
 					:is-disabled="true"
-                    v-model="user.data.attributes.two_factor_authentication"
+                    v-model="user.data.attributes.two_factor_confirmed_at"
                     class="switch"
-                    :state="user.data.attributes.two_factor_authentication"
+                    :state="user.data.attributes.two_factor_confirmed_at"
                 />
             </AppInputSwitch>
             <AppInputButton
-                v-if="user && user.data.attributes.two_factor_authentication"
+                v-if="user && user.data.attributes.two_factor_confirmed_at"
                 :title="$t('show_recovery_codes')"
                 :description="$t('popup_2fa.codes_info')"
                 :is-last="true"
@@ -184,7 +184,7 @@ export default {
     },
     methods: {
 		toggle2Fa() {
-			this.user.data.attributes.two_factor_authentication ? this.disable2faPopup() : this.enable2faPopup()
+			this.user.data.attributes.two_factor_confirmed_at ? this.disable2faPopup() : this.enable2faPopup()
 		},
         async resetPassword() {
             // Validate fields
diff --git a/src/App/Users/Resources/UserResource.php b/src/App/Users/Resources/UserResource.php
index 853b3bcc..35c7be7c 100644
--- a/src/App/Users/Resources/UserResource.php
+++ b/src/App/Users/Resources/UserResource.php
@@ -36,8 +36,9 @@ class UserResource extends JsonResource
                     'avatar'                    => $this->settings->avatar,
                     'email'                     => is_demo() ? obfuscate_email($this->email) : $this->email,
                     'role'                      => $this->role,
-                    'two_factor_authentication' => (bool) $this->two_factor_secret,
-                    'socialite_account'         => ! (bool) $this->password,
+                    'two_factor_authentication' => (bool)$this->two_factor_secret,
+                    'two_factor_confirmed_at'   => $this->two_factor_confirmed_at,
+                    'socialite_account'         => !(bool)$this->password,
                     'storage'                   => $this->storage,
                     'created_at'                => format_date($this->created_at, 'd. M. Y'),
                     'updated_at'                => format_date($this->updated_at, 'd. M. Y'),
diff --git a/src/Domain/Maintenance/Controllers/UpgradeSystemController.php b/src/Domain/Maintenance/Controllers/UpgradeSystemController.php
index 11158f80..423c2ce0 100644
--- a/src/Domain/Maintenance/Controllers/UpgradeSystemController.php
+++ b/src/Domain/Maintenance/Controllers/UpgradeSystemController.php
@@ -5,6 +5,7 @@ use DB;
 use Schema;
 use Storage;
 use Artisan;
+use App\Users\Models\User;
 use Illuminate\Support\Arr;
 use Illuminate\Http\Request;
 use Domain\Files\Models\File;
@@ -133,4 +134,13 @@ class UpgradeSystemController extends Controller
             Artisan::call('subscription:synchronize-plans');
         }
     }
+
+    private function upgrade_to_2_0_14(): void
+    {
+        ($this->upgradeDatabase)();
+
+        User::whereNotNull('two_factor_secret')
+            ->cursor()
+            ->each(fn ($user) => $user->forceFill(['two_factor_confirmed_at' => now()])->save());
+    }
 }