Added: Delete safe devices option

Author: cannycookie

src/Contracts/TwoFactorAuthenticatable.php

@@ -19,4 +19,9 @@ public function hasTwoFactor(): MorphOne;
      */
     public function getTwoFactorAuth(): TwoFactorTotp;
 
+    /**
+     * Remove safe devices
+     */
+    public function forgetSafeDevices(): bool;
+
 }

src/Filament/Pages/Configure.php

@@ -2,34 +2,32 @@
 
 namespace Visualbuilder\Filament2fa\Filament\Pages;
 
+use Carbon\Carbon;
 use Exception;
-use Filament\Forms\Components\Actions;
-use Filament\Forms\Components\Actions\Action as FormAction;
 use Filament\Actions\Action;
 use Filament\Facades\Filament;
+use Filament\Forms\Components\Actions;
+use Filament\Forms\Components\Actions\Action as FormAction;
 use Filament\Forms\Components\Component;
-use Filament\Forms\Components\DateTimePicker;
+use Filament\Forms\Components\Grid;
 use Filament\Forms\Components\Group;
 use Filament\Forms\Components\Placeholder;
 use Filament\Forms\Components\Section;
 use Filament\Forms\Components\TextInput;
-use Filament\Forms\Components\Toggle;
 use Filament\Forms\Components\ViewField;
 use Filament\Notifications\Notification;
 use Filament\Pages\Auth\EditProfile;
 use Filament\Pages\SubNavigationPosition;
 use Filament\Support\Enums\Alignment;
-use Filament\Support\Facades\FilamentView;
 use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Contracts\Support\Htmlable;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Support\Arr;
 use Illuminate\Support\Collection;
 use Illuminate\Support\HtmlString;
+use Laragear\TwoFactor\Models\TwoFactorAuthentication;
 use Visualbuilder\Filament2fa\Contracts\TwoFactorAuthenticatable;
 
-use function Filament\Support\is_app_url;
-
 
 class Configure extends EditProfile
 {
@@ -47,6 +45,17 @@ public function __construct()
         $this->recoveryCodes = $this->getUser()->hasTwoFactorEnabled() ? $this->getUser()->getRecoveryCodes() : [];
     }
 
+    public function getUser(): Authenticatable & Model
+    {
+        $user = Filament::auth()->user();
+
+        if (!$user instanceof Model || !$user instanceof TwoFactorAuthenticatable) {
+            throw new Exception('The authenticated user must be an Eloquent model implementing TwoFactorAuthenticatable class.');
+        }
+
+        return $user;
+    }
+
     public static function shouldRegisterNavigation(): bool
     {
         return config('filament-2fa.navigation.visible_on_navbar');
@@ -82,31 +91,20 @@ public static function getNavigationSort(): ?int
         return config('filament-2fa.navigation.sort_no');
     }
 
-    public function getSubNavigationPosition(): SubNavigationPosition
+    public static function getRouteName(?string $panel = null): string
     {
-        return config('filament-2fa.navigation.subnav_position');
+        $panel = $panel ? Filament::getPanel($panel) : Filament::getCurrentPanel();
+        return $panel->generateRouteName(static::getRelativeRouteName());
     }
 
     public static function getRelativeRouteName(): string
     {
         return self::$slug;
     }
 
-    public function getUser(): Authenticatable & Model
-    {
-        $user = Filament::auth()->user();
-
-        if (! $user instanceof Model || !$user instanceof TwoFactorAuthenticatable) {
-            throw new Exception('The authenticated user must be an Eloquent model implementing TwoFactorAuthenticatable class.');
-        }
-
-        return $user;
-    }
-
-    public static function getRouteName(?string $panel = null): string
+    public function getSubNavigationPosition(): SubNavigationPosition
     {
-        $panel = $panel ? Filament::getPanel($panel) : Filament::getCurrentPanel();
-        return $panel->generateRouteName(static::getRelativeRouteName());
+        return config('filament-2fa.navigation.subnav_position');
     }
 
     public function getLayout(): string
@@ -124,20 +122,11 @@ public function hasLogo(): bool
         return true;
     }
 
-    public function getFormActionsAlignment(): string | Alignment
+    public function getFormActionsAlignment(): string|Alignment
     {
         return Alignment::End;
     }
 
-    protected function getSaveFormAction(): Action
-    {
-        return Action::make('save')
-            ->label($this->getUser()->hasTwoFactorEnabled() ? __('filament-2fa::two-factor.save_changes') : __('filament-2fa::two-factor.action_label'))
-            ->submit('save')
-            ->visible(fn()=>!$this->getUser()->hasTwoFactorEnabled())
-            ->keyBindings(['mod+s']);
-    }
-
     public function getCancelFormAction(): Action
     {
         return Action::make('back')
@@ -146,6 +135,15 @@ public function getCancelFormAction(): Action
             ->color('gray');
     }
 
+    protected function getSaveFormAction(): Action
+    {
+        return Action::make('save')
+            ->label($this->getUser()->hasTwoFactorEnabled() ? __('filament-2fa::two-factor.save_changes') : __('filament-2fa::two-factor.action_label'))
+            ->submit('save')
+            ->visible(fn() => !$this->getUser()->hasTwoFactorEnabled())
+            ->keyBindings(['mod+s']);
+    }
+
     protected function afterSave(): void
     {
         if (isset($this->data['disable_two_factor_auth']) && $this->data['disable_two_factor_auth'] === true) {
@@ -162,11 +160,11 @@ protected function afterSave(): void
                     ->title(__('filament-2fa::two-factor.enabled'))
                     ->success()
                     ->send();
-                /**
-                 * Todo Redirect back to this page or refresh?
-                 */
-                $redirectUrl = self::$slug;
-                $this->redirect($redirectUrl, navigate: FilamentView::hasSpaMode() && is_app_url($redirectUrl));
+//                /**
+//                 * Todo Redirect back to this page or refresh?
+//                 */
+//                $redirectUrl = self::$slug;
+//                $this->redirect($redirectUrl, navigate: FilamentView::hasSpaMode() && is_app_url($redirectUrl));
             } else {
                 Notification::make()
                     ->title(__('filament-2fa::two-factor.fail_confirm'))
@@ -211,8 +209,8 @@ protected function enable2FactorAuthGroupComponent(): Component
             ->schema([
                 Placeholder::make('2fa_info')
                     ->label(__('filament-2fa::two-factor.setup_title'))
-                    ->content(new HtmlString('<p class="text-justify">' . __('filament-2fa::two-factor.setup_message_1', ['interval' => config('two-factor.totp.seconds')]) . '</p>
-                <p class="text-justify">' . __('filament-2fa::two-factor.setup_message_2') . '</p>')),
+                    ->content(new HtmlString('<p class="text-justify">'.__('filament-2fa::two-factor.setup_message_1', ['interval' => config('two-factor.totp.seconds')]).'</p>
+                <p class="text-justify">'.__('filament-2fa::two-factor.setup_message_2').'</p>')),
 
                 Group::make()
                     ->schema([
@@ -221,7 +219,7 @@ protected function enable2FactorAuthGroupComponent(): Component
                             ->schema([
                                 Placeholder::make('step1')
                                     ->label(false)
-                                    ->content(fn () => new HtmlString('<h3 class="text-lg font-bold text-primary">' . __('filament-2fa::two-factor.setup_step_1') . '</h3>')),
+                                    ->content(fn() => new HtmlString('<h3 class="text-lg font-bold text-primary">'.__('filament-2fa::two-factor.setup_step_1').'</h3>')),
                                 ViewField::make('2fa_auth')
                                     ->view('filament-2fa::forms.components.2fa-settings')
                                     ->viewData($this->prepareTwoFactor()),
@@ -236,15 +234,15 @@ protected function enable2FactorAuthGroupComponent(): Component
                             ->schema([
                                 Placeholder::make('step2')
                                     ->label(false)
-                                    ->content(fn () => new HtmlString('<h3 class="text-lg font-bold text-primary">' . __('filament-2fa::two-factor.setup_step_2') . '</h3>')),
+                                    ->content(fn() => new HtmlString('<h3 class="text-lg font-bold text-primary">'.__('filament-2fa::two-factor.setup_step_2').'</h3>')),
                                 TextInput::make('2fa_code')
                                     ->label(__('filament-2fa::two-factor.confirm'))
                                     ->autofocus()
                                     ->required(!$this->getUser()->hasTwoFactorEnabled())
                                     ->length(config('two-factor.totp.digits'))
                                     ->autocomplete(false)
                                     ->live()
-                                    ->extraInputAttributes(['class'=>'text-center','style'=>'font-size:3em; letter-spacing:1rem'])
+                                    ->extraInputAttributes(['class' => 'text-center', 'style' => 'font-size:3em; letter-spacing:1rem'])
                                     ->afterStateUpdated(function ($state) {
                                         $requiredLength = config('two-factor.totp.digits');
                                         if (strlen($state) == $requiredLength) {
@@ -278,12 +276,32 @@ protected function prepareTwoFactor(): array
 
     protected function manage2FactorAuthGroupComponent(): Component
     {
-        return Group::make()
+        return Grid::make()
             ->schema([
                 Placeholder::make('2fa_info')
-                    ->label(fn($record) =>
-                    __('filament-2fa::two-factor.enabled_message',
-                        ['date'=>$record->enabled_at?->format(config('filament-2fa.defaultDateTimeDisplayFormat'))])),
+                    ->inlineLabel(false)
+                    ->label(fn(TwoFactorAuthentication $record) => __('filament-2fa::two-factor.enabled_message',
+                        ['date' => $record->enabled_at?->format(config('filament-2fa.defaultDateTimeDisplayFormat'))])),
+
+                Placeholder::make('trusted_devices')
+                    ->inlineLabel(false)
+                    ->label('Trusted devices')
+                    ->content(function (TwoFactorAuthentication $record) {
+                        $devices = $record->safe_devices;
+                        $items = '';
+
+                        // Iterate over each device and create an <li> element
+                        foreach ($devices as $device) {
+                            $formattedDate = Carbon::parse($device['added_at'])->format(config('filament-2fa.defaultDateTimeDisplayFormat'));
+                            $items .= "<li>{$device['ip']} added on {$formattedDate}</li>";
+                        }
+                        return new HtmlString("<ul>{$items}</ul>");
+                    })->visible(fn($record) =>
+                        $record->safe_devices
+                        && $record->safe_devices instanceof Collection
+                        && $record->safe_devices->isNotEmpty()
+                    ),
+
                 Actions::make([
                     FormAction::make('ShowRecoveryCode')
                         ->color('success')
@@ -301,6 +319,19 @@ protected function manage2FactorAuthGroupComponent(): Component
                         })
                         ->visible($this->showRecoveryCodes)
                         ->requiresConfirmation(),
+                    FormAction::make('clearSafeDevices')
+                        ->label('Forget safe devices')
+                        ->color('warning')
+                        ->requiresConfirmation()
+                        ->icon('heroicon-m-shield-exclamation')
+                        ->modalDescription('These devices will require 2FA at next login')
+                        ->visible(fn($record) => $record->safe_devices
+                            && $record->safe_devices instanceof Collection
+                            && $record->safe_devices->isNotEmpty())
+                        ->action(function () {
+                            $this->getUser()->forgetSafeDevices();
+                            $this->js('$wire.$refresh()');
+                        }),
                     FormAction::make('disableTwoFactorAuth')
                         ->label(__('filament-2fa::two-factor.disable_2fa'))
                         ->color('danger')
@@ -319,17 +350,19 @@ protected function manage2FactorAuthGroupComponent(): Component
                     ->visible($this->showRecoveryCodes),
 
             ])
+            ->columns(1)
             ->visible($this->getUser()->hasTwoFactorEnabled());
     }
 
     public function prepareRecoveryCodes(): HtmlString
     {
         $recoveryCodesArray = Arr::pluck($this->recoveryCodes, 'code');
-        $recoveryCodes = "<p>" . __('filament-2fa::two-factor.recovery_instruction') . "</p><ul>";
+        $recoveryCodes = "<p>".__('filament-2fa::two-factor.recovery_instruction')."</p><ul>";
         foreach ($recoveryCodesArray as $code) {
             $recoveryCodes .= "<li>$code</li>";
         }
         $recoveryCodes .= '</ul>';
         return new HtmlString($recoveryCodes);
     }
+
 }

src/Filament/Pages/Login.php

@@ -37,7 +37,7 @@ public function authenticate(): null|TwoFactorAuthResponse|LoginResponse
             $this->storeCredentials($credentials, $remember);
             Filament::auth()->logout();
             // Regenerate session to prevent fixation
-            //session()->regenerate();
+            session()->regenerate();
             return app(TwoFactorAuthResponse::class);
         }
 
@@ -59,12 +59,9 @@ protected function handleRateLimiting(): void
         try {
             $this->rateLimit(5);
         } catch (TooManyRequestsException $exception) {
-            // Optionally send a notification (can be omitted if not needed)
             $this->getRateLimitedNotification($exception)?->send();
-
             // Use the available property to get the number of seconds
             $this->addError('email', __('auth.throttle', ['seconds' => $exception->secondsUntilAvailable]));
-
             // Stop further execution by returning early
             return;
         }

src/Http/Middleware/EnsureTwoFactorSession.php

@@ -3,6 +3,7 @@
 namespace Visualbuilder\Filament2fa\Http\Middleware;
 
 use Closure;
+use Filament\Facades\Filament;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Config;
 
@@ -20,7 +21,7 @@ public function handle(Request $request, Closure $next)
         $hasPanelId = $request->session()->has("{$sessionKey}.panel_id");
 
         if (!$hasCredentials || !$hasPanelId) {
-            return redirect()->route('filament.login');
+            return redirect()->back();
         }
 
         return $next($request);

src/Livewire/Confirm2Fa.php

@@ -50,7 +50,7 @@ public function mount()
         // Initialize the form with default values
         $this->form->fill([
             'totp_code' => '',
-            'safe_device_enable' => true,
+            'safe_device_enable' => false,
         ]);
     }
 
@@ -95,7 +95,7 @@ public function submit(): void
                     ->icon('heroicon-o-check-circle')
                     ->color('success')
                     ->send();
-                
+
                 session()->forget("{$sessionKey}.credentials");
                 session()->forget("{$sessionKey}.remember");
                 session()->forget("{$sessionKey}.panel_id");

src/Traits/TwoFactorAuthentication.php

@@ -29,4 +29,9 @@ public function getTwoFactorAuth(): TwoFactorTotp
     {
         return $this->twoFactorAuth;
     }
+
+    public function forgetSafeDevices(): bool
+    {
+        return $this->twoFactorAuth->forceFill(['safe_devices' => []])->save();
+    }
 }