feat: 2fa reset notifs

Signed-off-by: miguel456 <me@nogueira.codes>
2022-09-21 05:43:11 +01:00
parent 3122c23eb4
commit f3996bb68c
9 changed files with 141 additions and 10 deletions
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -30,11 +30,13 @@ use App\Http\Requests\ChangePasswordRequest;
 use App\Http\Requests\DeleteUserRequest;
 use App\Http\Requests\FlushSessionsRequest;
 use App\Http\Requests\Remove2FASecretRequest;
+use App\Http\Requests\Reset2FASecretRequest;
 use App\Http\Requests\SearchPlayerRequest;
 use App\Http\Requests\UpdateUserRequest;
 use App\Notifications\ChangedPassword;
 use App\Notifications\EmailChanged;
 use App\Notifications\PasswordAdminResetNotification;
+use App\Notifications\TwoFactorResetNotification;
 use App\Services\AccountSuspensionService;
 use App\Traits\DisablesFeatures;
 use App\Traits\HandlesAccountDeletion;
@@ -446,6 +448,39 @@ class UserController extends Controller
    }


+    /**
+     * Remove the given user's two factor secret key
+     *
+     * @param Reset2FASecretRequest $request
+     * @param User $user
+     * @return \Illuminate\Http\RedirectResponse
+     */
+    public function reset2FASecret(Reset2FASecretRequest $request, User $user) {
+
+        if ($user->has2FA()) {
+            Log::warning('SECURITY: Disabling two factor authentication (admin initiated)', [
+                'initiator' => $request->user()->email,
+                'target' => $user->email,
+                'ip' => $request->ip(),
+            ]);
+
+            $user->twofa_secret = null;
+            $user->password = null;
+            $user->save();
+
+            $user->notify(new TwoFactorResetNotification());
+
+            return redirect()
+                ->back()
+                ->with('success', __('Two factor removed & user notified.'));
+        }
+
+        return redirect()
+            ->back()
+            ->with('error', 'This user does not have two-factor authentication enabled.');
+    }
+
+
    /**
     * Demote the given user's privileges
     *
--- a/app/Http/Requests/Remove2FASecretRequest.php
+++ b/app/Http/Requests/Remove2FASecretRequest.php
@@ -44,7 +44,6 @@ class Remove2FASecretRequest extends FormRequest
    {
        return [
            'currentPassword' => 'required|current_password',
-            'consent' => 'required|accepted',
        ];
    }
 }
--- a/app/Http/Requests/Reset2FASecretRequest.php
+++ b/app/Http/Requests/Reset2FASecretRequest.php
@@ -0,0 +1,20 @@
+<?php
+
+namespace App\Http\Requests;
+
+use Illuminate\Foundation\Http\FormRequest;
+
+class Reset2FASecretRequest extends FormRequest
+{
+    public function rules(): array
+    {
+        return [
+            'currentPassword' => 'required|current_password',
+        ];
+    }
+
+    public function authorize(): bool
+    {
+        return true;
+    }
+}