feat: 2fa reset notifs

Signed-off-by: miguel456 <me@nogueira.codes>

app/Http/Controllers/UserController.php

@@ -30,11 +30,13 @@ use App\Http\Requests\ChangePasswordRequest;
 use App\Http\Requests\DeleteUserRequest;
 use App\Http\Requests\FlushSessionsRequest;
 use App\Http\Requests\Remove2FASecretRequest;
+use App\Http\Requests\Reset2FASecretRequest;
 use App\Http\Requests\SearchPlayerRequest;
 use App\Http\Requests\UpdateUserRequest;
 use App\Notifications\ChangedPassword;
 use App\Notifications\EmailChanged;
 use App\Notifications\PasswordAdminResetNotification;
+use App\Notifications\TwoFactorResetNotification;
 use App\Services\AccountSuspensionService;
 use App\Traits\DisablesFeatures;
 use App\Traits\HandlesAccountDeletion;
@@ -446,6 +448,39 @@ class UserController extends Controller
     }
 
 
+    /**
+     * Remove the given user's two factor secret key
+     *
+     * @param Reset2FASecretRequest $request
+     * @param User $user
+     * @return \Illuminate\Http\RedirectResponse
+     */
+    public function reset2FASecret(Reset2FASecretRequest $request, User $user) {
+
+        if ($user->has2FA()) {
+            Log::warning('SECURITY: Disabling two factor authentication (admin initiated)', [
+                'initiator' => $request->user()->email,
+                'target' => $user->email,
+                'ip' => $request->ip(),
+            ]);
+
+            $user->twofa_secret = null;
+            $user->password = null;
+            $user->save();
+
+            $user->notify(new TwoFactorResetNotification());
+
+            return redirect()
+                ->back()
+                ->with('success', __('Two factor removed & user notified.'));
+        }
+
+        return redirect()
+            ->back()
+            ->with('error', 'This user does not have two-factor authentication enabled.');
+    }
+
+
     /**
      * Demote the given user's privileges
      *

app/Http/Requests/Remove2FASecretRequest.php

@@ -44,7 +44,6 @@ class Remove2FASecretRequest extends FormRequest
     {
         return [
             'currentPassword' => 'required|current_password',
-            'consent' => 'required|accepted',
         ];
     }
 }

app/Http/Requests/Reset2FASecretRequest.php

@@ -0,0 +1,20 @@
+<?php
+
+namespace App\Http\Requests;
+
+use Illuminate\Foundation\Http\FormRequest;
+
+class Reset2FASecretRequest extends FormRequest
+{
+    public function rules(): array
+    {
+        return [
+            'currentPassword' => 'required|current_password',
+        ];
+    }
+
+    public function authorize(): bool
+    {
+        return true;
+    }
+}

app/Notifications/TwoFactorResetNotification.php

@@ -0,0 +1,35 @@
+<?php
+
+namespace App\Notifications;
+
+use Illuminate\Bus\Queueable;
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Notifications\Messages\MailMessage;
+use Illuminate\Notifications\Notification;
+
+class TwoFactorResetNotification extends Notification implements ShouldQueue
+{
+    use Queueable;
+
+    public function __construct()
+    {
+    }
+
+    public function via($notifiable): array
+    {
+        return ['mail'];
+    }
+
+    public function toMail($notifiable): MailMessage
+    {
+        return (new MailMessage)
+            ->from(config('notification.sender.address'), config('notification.sender.name'))
+            ->subject(config('app.name').' - your second factor has been reset')
+            ->markdown('mail.two-factor-reset', ['name' => $notifiable->name]);
+    }
+
+    public function toArray($notifiable): array
+    {
+        return [];
+    }
+}