Malin/domnitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add two-factor authentication (2FA) support

Browse Source 
Introduces two-factor authentication (2FA) with TOTP, backup codes, and email codes. Adds controllers, services, views, and migration for 2FA setup, verification, and management. Updates user and settings models, email helper, and relevant controllers to support 2FA policy enforcement, configuration, and user flows. Enhances security by allowing admins to require or disable 2FA, and provides backup code generation and management for account recovery.
This commit is contained in:
Hosteroid
2025-10-16 17:25:06 +03:00
parent 1edde3645c
commit 6e8fef9b79
18 changed files with 2072 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
routes/web.php
View File

@@ -15,6 +15,7 @@ use App\Controllers\UserController;
use App\Controllers\InstallerController;
use App\Controllers\NotificationController;
use App\Controllers\ErrorLogController;
use App\Controllers\TwoFactorController;
$router = Application::$router;
@@ -39,6 +40,11 @@ $router->post('/forgot-password', [AuthController::class, 'forgotPassword']);
$router->get('/reset-password', [AuthController::class, 'showResetPassword']);
$router->post('/reset-password', [AuthController::class, 'resetPassword']);
// Two-Factor Authentication routes (public during verification)
$router->get('/2fa/verify', [TwoFactorController::class, 'showVerify']);
$router->post('/2fa/verify', [TwoFactorController::class, 'verify']);
$router->post('/2fa/send-email-code', [TwoFactorController::class, 'sendEmailCode']);
// Debug route (public - remove in production!)
$router->get('/debug/whois', [DebugController::class, 'whois']);
@@ -109,6 +115,7 @@ $router->post('/settings/update', [SettingsController::class, 'update']);
$router->post('/settings/update-app', [SettingsController::class, 'updateApp']);
$router->post('/settings/update-email', [SettingsController::class, 'updateEmail']);
$router->post('/settings/update-captcha', [SettingsController::class, 'updateCaptcha']);
$router->post('/settings/update-two-factor', [SettingsController::class, 'updateTwoFactor']);
$router->post('/settings/test-email', [SettingsController::class, 'testEmail']);
$router->post('/settings/test-cron', [SettingsController::class, 'testCron']);
$router->post('/settings/clear-logs', [SettingsController::class, 'clearLogs']);
@@ -122,6 +129,14 @@ $router->get('/profile/resend-verification', [ProfileController::class, 'resendV
$router->post('/profile/logout-other-sessions', [ProfileController::class, 'logoutOtherSessions']);
$router->post('/profile/logout-session/{sessionId}', [ProfileController::class, 'logoutSession']);
// Two-Factor Authentication management (protected)
$router->get('/2fa/setup', [TwoFactorController::class, 'setup']);
$router->post('/2fa/verify-setup', [TwoFactorController::class, 'verifySetup']);
$router->get('/2fa/cancel-setup', [TwoFactorController::class, 'cancelSetup']);
$router->get('/2fa/backup-codes', [TwoFactorController::class, 'backupCodes']);
$router->post('/2fa/disable', [TwoFactorController::class, 'disable']);
$router->post('/2fa/regenerate-backup-codes', [TwoFactorController::class, 'regenerateBackupCodes']);
// Notifications
$router->get('/notifications', [NotificationController::class, 'index']);
$router->get('/notifications/{id}/mark-read', [NotificationController::class, 'markAsRead']);