Updated: updating MFA according to vaahcms 1 commit

Updated: check mfa middleware and user model code synced


Updated: verify auth middleware


Updated: security columns in user table


Updated: multifactor code email template


Updated: mfa condition


Updated: migration merged and issue fixed


Updated: verification completed. research on inside button countdown

Author: wri-abinash-s001

Database/Migrations/2023_04_11_111356_add_security_columns_to_vh_users_table.php

@@ -208,13 +208,12 @@ public function seedSettings()
                 ->where( 'key', $item['key'] )
                 ->first();
 
-            if (!$exist){
-
-                if(isset($item['type']) && $item['type']=='json')
-                {
-                    $item['value']=json_encode($item['value']);
-                }
+            if(isset($item['type']) && $item['type']=='json')
+            {
+                $item['value']=json_encode($item['value']);
+            }
 
+            if (!$exist){
                 \DB::table( 'vh_settings' )->insert( $item );
             } else{
                 \DB::table( 'vh_settings' )

Database/Seeders/VaahCmsTableSeeder.php

@@ -34,6 +34,9 @@
     {"category": "global", "key": "is_new_device_verification_enabled", "value": 0 },
     {"category": "global", "key": "mfa_status", "value": "disable" },
     {"category": "global", "key": "mfa_methods","type":"json", "value": ["email-otp-verification"] },
+    {"category": "global", "key": "is_new_device_verification_enabled", "value": 0 },
+    {"category": "global", "key": "mfa_status", "value": "disable" },
+    {"category": "global", "key": "mfa_methods","type":"json", "value": ["email-otp-verification"] },
     {"category": "sample", "key": "sample", "value": 0 },
     {"category": "user_setting", "label":"field", "type":"json", "key": "display_name", "value": {"is_hidden": false, "to_registration": false} },
     {"category": "user_setting", "label":"field", "type":"json", "key": "title", "value": {"is_hidden": false, "to_registration": false} },

Database/Seeders/json/settings.json

@@ -10,6 +10,7 @@
 use WebReinvent\VaahCms\Models\Language;
 use WebReinvent\VaahCms\Models\Role;
 use WebReinvent\VaahCms\Models\Setting;
+use WebReinvent\VaahCms\Libraries\VaahHelper;
 
 class GeneralController extends Controller
 {

Http/Controllers/Backend/Settings/GeneralController.php

@@ -120,7 +120,7 @@ public function postLogin(Request $request)
         if ( $validator->fails() ) {
 
             $errors             = errorsToArray($validator->errors());
-            $response['success'] = false;
+            $response['status'] = 'failed';
             $response['errors'] = $errors;
             return response()->json($response);
         }
@@ -135,7 +135,7 @@ public function postLogin(Request $request)
             $response = User::login($request, $permission_to_check);
         }
 
-        if(isset($response['success']) && !$response['success'])
+        if(isset($response['status']) && $response['status'] == 'failed')
         {
             return response()->json($response);
         }
@@ -148,12 +148,16 @@ public function postLogin(Request $request)
             $redirect_url = \URL::route('vh.backend');
         }
 
-
+        $check_mfa = Auth::user()->verifySecurityAuthentication();
+        $message = 'Login Successful';
+        if($check_mfa['status'] == 'success'){
+            $message = 'Otp sent';
+        }
 
         $response = [];
 
-        $response['success'] = true;
-        $response['messages'][] = 'Login Successful';
+        $response['status'] = 'success';
+        $response['messages'][] = $message;
         $response['data']['redirect_url'] = $redirect_url;
         $response['data']['verification_response'] = Auth::user()->verifySecurityAuthentication();
 
@@ -163,15 +167,14 @@ public function postLogin(Request $request)
     //----------------------------------------------------------
     public function postVerify(Request $request)
     {
-
         $inputs = [
             'otp_code' => null
         ];
 
-        if(is_array($request->verify_otp))
+        if($request->verification_otp)
         {
             $inputs = [
-                'otp_code' => implode("", $request->verify_otp)
+                'otp_code' => $request->verification_otp
             ];
 
         }
@@ -184,48 +187,48 @@ public function postVerify(Request $request)
         if ( $validator->fails() ) {
 
             $errors             = errorsToArray($validator->errors());
-            $response['success'] = false;
+            $response['status'] = 'failed';
             $response['errors'] = $errors;
             return response()->json($response);
         }
 
 
         $user = auth()->user();
 
-        if($user && !$user->mfa_code && !$user->mfa_code_expired_at){
-            $response['success'] = true;
+        if($user && !$user->security_code && !$user->security_code_expired_at){
+            $response['status'] = 'success';
             $response['messages'][] = 'Login Successful';
             $response['data']['redirect_url'] = route('vh.backend').'#/vaah';
             return $response;
         }
 
-        if($user && $user->mfa_code_expired_at && $user->mfa_code_expired_at->lt(now()))
+        if($user && $user->security_code_expired_at && $user->security_code_expired_at->lt(now()))
         {
-            $user->mfa_code = null;
-            $user->mfa_code_expired_at = null;
+            $user->security_code = null;
+            $user->security_code_expired_at = null;
             $user->save();
             auth()->logout();
 
-            $response['success'] = false;
+            $response['status'] = 'failed';
             $response['errors'][] = 'The code has expired. Please login again.';
             $response['data']['redirect_url'] = route('vh.backend');
 
             return response()->json($response);
         }
 
 
-        if($user && $inputs['otp_code'] == $user->mfa_code)
+        if($user && $inputs['otp_code'] == $user->security_code)
         {
-            $user->mfa_code = null;
-            $user->mfa_code_expired_at = null;
+            $user->security_code = null;
+            $user->security_code_expired_at = null;
             $user->save();
 
-            $response['success'] = true;
+            $response['status'] = 'success';
             $response['messages'][] = 'Login Successful';
             $response['data']['redirect_url'] = route('vh.backend').'#/vaah';
 
         }else{
-            $response['success'] = false;
+            $response['status'] = 'failed';
             $response['errors'][] = 'Code is not correct.';
         }
 
@@ -235,6 +238,19 @@ public function postVerify(Request $request)
 
     }
     //----------------------------------------------------------
+    public function signinResendSecurityOtp(Request $request)
+    {
+
+        Auth::user()->verifySecurityAuthentication();
+
+        $response = [];
+
+        $response['status'] = 'success';
+        $response['data'] = '{}';
+
+        return response()->json($response);
+    }
+    //----------------------------------------------------------
     public function postSendResetCode(Request $request)
     {
         $response = User::sendResetPasswordEmail($request, 'can-login-in-backend');

Http/Controllers/PublicController.php

@@ -0,0 +1,66 @@
+<?php
+
+namespace WebReinvent\VaahCms\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Session;
+use Illuminate\Support\Facades\Auth;
+use WebReinvent\VaahCms\Entities\Theme;
+
+class VerifyAuth
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle(Request $request, Closure $next)
+    {
+
+        if(auth()->check()){
+
+            $user = auth()->user();
+
+
+            if($user->mfa_code)
+            {
+
+                if($user->mfa_code_expired_at->lt(now()))
+                {
+
+                    auth()->logout();
+
+                    return redirect()->route('vh.backend');
+                }
+
+                if(config('settings.global.mfa_status') !== 'disable'){
+
+                    if(config('settings.global.mfa_status') == 'all-users'){
+
+                        auth()->logout();
+
+                        return redirect()->route('vh.backend');
+                    }
+
+                    if(config('settings.global.mfa_status') == 'user-will-have-option'
+                        && is_array($user->mfa_methods) && count($user->mfa_methods) >= 0){
+
+                        auth()->logout();
+
+                        return redirect()->route('vh.backend');
+
+                    }
+
+                }
+
+            }
+
+        }
+
+        return $next($request);
+
+    }
+}

Http/Middleware/CheckMfa.php

@@ -6,7 +6,7 @@
 use Illuminate\Http\Request;
 use Session;
 use Illuminate\Support\Facades\Auth;
-use WebReinvent\VaahCms\Models\Theme;
+use WebReinvent\VaahCms\Entities\Theme;
 
 class VerifyAuth
 {
@@ -25,10 +25,10 @@ public function handle(Request $request, Closure $next)
             $user = auth()->user();
 
 
-            if($user->mfa_code)
+            if($user->security_code)
             {
 
-                if($user->mfa_code_expired_at->lt(now()))
+                if($user->security_code_expired_at->lt(now()))
                 {
 
                     auth()->logout();

Http/Middleware/VerifyAuth.php

@@ -0,0 +1,45 @@
+<?php
+
+namespace WebReinvent\VaahCms\Jobs;
+
+use Illuminate\Bus\Batchable;
+use Illuminate\Bus\Queueable;
+use Illuminate\Contracts\Queue\ShouldBeUnique;
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Foundation\Bus\Dispatchable;
+use Illuminate\Http\Request;
+use Illuminate\Queue\InteractsWithQueue;
+use Illuminate\Queue\SerializesModels;
+use Throwable;
+use WebReinvent\VaahCms\Entities\Notification;
+use WebReinvent\VaahCms\Entities\User;
+use WebReinvent\VaahCms\Mail\SecurityOtpMail;
+
+class SecurityOtpJob implements ShouldQueue
+{
+    use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
+
+    protected $details;
+
+    /**
+     * Create a new job instance.
+     *
+     * @return void
+     */
+    public function __construct($details)
+    {
+        $this->details = $details;
+    }
+
+    /**
+     * Execute the job.
+     *
+     * @return void
+     */
+    public function handle()
+    {
+        $email = new SecurityOtpMail($this->details);
+        \Mail::to($this->details['email'])->send($email);
+    }
+
+}

Jobs/SecurityOtpJob.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace WebReinvent\VaahCms\Mail;
+
+use Illuminate\Bus\Queueable;
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Mail\Mailable;
+use Illuminate\Queue\SerializesModels;
+
+class SecurityOtpMail extends Mailable
+{
+    use Queueable, SerializesModels;
+
+    public $content;
+
+    /**
+     * Create a new message instance.
+     *
+     * @return void
+     */
+    public function __construct($content)
+    {
+        $this->content = $content;
+    }
+
+    /**
+     * Build the message.
+     *
+     * @return $this
+     */
+    public function build()
+    {
+        return $this->subject(config('app.name').': Two Step Authentication')
+            ->view('vaahcms::mails.security-otp');
+    }
+}