- added 2fa authentication during login. see resources/js/Pages/Auth/login.vue

- added validate() method inside app/Srvices/TwoFactorProvider.ts - added twoFactorChallenge() method inside app/Controllers/Http/Auth/AuthController.ts for logging in via 2fa-code
2024-02-16 15:32:47 +01:00 · 2024-02-16 15:32:47 +01:00 · f828ca4491
commit f828ca4491
parent b2dce0259a
7 changed files with 233 additions and 84 deletions
--- a/app/Controllers/Http/Auth/AuthController.ts
+++ b/app/Controllers/Http/Auth/AuthController.ts
@ -1,9 +1,13 @@
 import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext';
-// import User from 'App/Models/User';
+import User from 'App/Models/User';
 // import Hash from '@ioc:Adonis/Core/Hash';
 // import InvalidCredentialException from 'App/Exceptions/InvalidCredentialException';
 import AuthValidator from 'App/Validators/AuthValidator';

+import TwoFactorAuthProvider from 'App/Services/TwoFactorAuthProvider';
+// import { LoginState } from 'Contracts/enums';
+// import { StatusCodes } from 'http-status-codes';
+
 export default class AuthController {
    //   login function
    public async login({ request, response, auth, session }: HttpContextContract) {
@ -12,24 +16,30 @@ export default class AuthController {
        // });
        await request.validate(AuthValidator);

-        const plainPassword = await request.input('password');
-        const email = await request.input('email');
+        // const plainPassword = await request.input('password');
+        // const email = await request.input('email');
        // grab uid and password values off request body
-        // const { email, password } = request.only(['email', 'password'])
+        const { email, password } = request.only(['email', 'password']);

        try {
-            // attempt to verify credential and login user
-            await auth.use('web').attempt(email, plainPassword);
+            // // attempt to verify credential and login user
+            // await auth.use('web').attempt(email, plainPassword);

-            // const user = await auth.use('web').verifyCredentials(email, plainPassword);
-            // if (user.isTwoFactorEnabled) {
-            //     // session.put("login.id", user.id);
-            //     // return view.render("pages/two-factor-challenge");
-            // }
+            const user = await auth.use('web').verifyCredentials(email, password);
+            if (user.isTwoFactorEnabled) {
+                // session.put("login.id", user.id);
+                // return view.render("pages/two-factor-challenge");

-            // session.forget('login.id');
-            // session.regenerate();
-            // await auth.login(user);
+                session.flash('user_id', user.id);
+                return response.redirect().back();
+            
+                // let state = LoginState.STATE_VALIDATED;
+                // return response.status(StatusCodes.OK).json({
+                //     state: state,
+                //     new_user_id: user.id,
+                // });
+            }          
+            await auth.login(user);
        } catch (error) {
            // if login fails, return vague form message and redirect back
            session.flash('message', 'Your username, email, or password is incorrect');
@ -40,6 +50,32 @@ export default class AuthController {
        response.redirect('/apps/dashboard');
    }

+    public async twoFactorChallenge({ request, session, auth, response }) {
+        const { code, recoveryCode, login_id } = request.only(['code', 'recoveryCode', 'login_id']);
+        // const user = await User.query().where('id', session.get('login.id')).firstOrFail();
+        const user = await User.query().where('id', login_id).firstOrFail();
+      
+        if (code) {
+            const isValid = await TwoFactorAuthProvider.validate(user, code);
+            if (isValid) {
+                // login user and redirect to dashboard
+                await auth.login(user);
+                response.redirect('/apps/dashboard');
+            } else {
+                session.flash('message', 'Your tow factor code is incorrect');
+                return response.redirect().back();
+            }
+        } else if (recoveryCode) {
+            const codes = user?.twoFactorRecoveryCodes ?? [];
+            if (codes.includes(recoveryCode)) {
+                user.twoFactorRecoveryCodes = codes.filter((c) => c !== recoveryCode);
+                await user.save();
+                await auth.login(user);
+                response.redirect('/apps/dashboard');
+            }
+        }
+    }
+
    //   logout function
    public async logout({ auth, response }: HttpContextContract) {
        // await auth.logout();
--- a/app/Services/TwoFactorAuthProvider.ts
+++ b/app/Services/TwoFactorAuthProvider.ts
@ -105,7 +105,7 @@ class TwoFactorAuthProvider {
    public async enable(user: User, token: string): Promise<boolean> {
        const isValid = verifyToken(user.twoFactorSecret as string, token, 1);
        if (!isValid) {
-        	return false;
+            return false;
        }
        user.state = TotpState.STATE_ENABLED;
        if (await user.save()) {
@ -113,6 +113,14 @@ class TwoFactorAuthProvider {
        }
        return false;
    }
+
+    public async validate(user: User, token: string): Promise<boolean> {
+        const isValid = verifyToken(user.twoFactorSecret as string, token, 1);
+        if (isValid) {
+            return true;
+        }
+        return false;
+    }
 }

 export default new TwoFactorAuthProvider();