2fa: Initial setup

Vagrantfile

@@ -18,6 +18,8 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
     vb.customize ['modifyvm', :id, '--memory', '4096']
     vb.customize ['modifyvm', :id, '--natdnsproxy1', 'on']
     vb.customize ['modifyvm', :id, '--natdnshostresolver1', 'on']
+    vb.customize ['guestproperty', 'set', :id,
+      '/VirtualBox/GuestAdd/VBoxService/--timesync-set-threshold', 10000 ]
   end
 
   config.vm.provision :shell, path: "dev/vagrant-config/scripts/nginx.sh"

app/HMS/Auth/Google2FAAuthenticator.php

@@ -0,0 +1,39 @@
+<?php
+
+namespace HMS\Auth;
+
+use PragmaRX\Google2FALaravel\Support\Authenticator;
+
+class Google2FAAuthenticator extends Authenticator
+{
+    /**
+     * Check if it is already logged in or passable without checking for an OTP.
+     *
+     * @return bool
+     */
+    protected function canPassWithoutCheckingOTP()
+    {
+        return ! $this->getUser()->isGoogle2faEnable() ||
+            ! $this->isEnabled() ||
+            $this->noUserIsAuthenticated() ||
+            $this->twoFactorAuthStillValid();
+    }
+
+    /**
+     * Get the user Google2FA secret.
+     *
+     * @throws InvalidSecretKey
+     *
+     * @return mixed
+     */
+    protected function getGoogle2FASecretKey()
+    {
+        $secret = $this->getUser()->getGoogle2faSecret();
+
+        if (is_null($secret) || empty($secret)) {
+            throw new InvalidSecretKey('Secret key cannot be empty.');
+        }
+
+        return $secret;
+    }
+}

app/HMS/Entities/Profile.php

@@ -74,6 +74,13 @@ class Profile
      */
     protected $balance;
 
+    /**
+     * Has the contactNumber been verified.
+     *
+     * @var bool
+     */
+    protected $contactNumberVerified;
+
     /**
      * Profile constructor.
      *
@@ -86,6 +93,7 @@ public function __construct(User $user)
         // setup defaults.
         $this->creditLimit = 0;
         $this->balance = 0;
+        $this->contactNumberVerified = false;
     }
 
     /**
@@ -304,6 +312,7 @@ public function getContactNumber(): ?string
     public function setContactNumber(?string $contactNumber): self
     {
         $this->contactNumber = $contactNumber;
+        $this->contactNumberVerified = false;
 
         return $this;
     }
@@ -363,4 +372,24 @@ public function updateBalanceByAmount(int $amount): self
 
         return $this;
     }
+
+    /**
+     * @return bool
+     */
+    public function isContactNumberVerified(): bool
+    {
+        return $this->contactNumberVerified;
+    }
+
+    /**
+     * @param bool $contactNumberVerified
+     *
+     * @return self
+     */
+    public function setContactNumberVerified(bool $contactNumberVerified): self
+    {
+        $this->contactNumberVerified = $contactNumberVerified;
+
+        return $this;
+    }
 }

app/HMS/Entities/Role.php

@@ -102,6 +102,7 @@ public function __construct($name, $displayName, $description)
         $this->displayName = $displayName;
         $this->description = $description;
         $this->permissions = new ArrayCollection();
+        $this->users = new ArrayCollection();
         $this->retained = false;
     }
 

app/HMS/Entities/User.php

@@ -102,6 +102,23 @@ class User implements
      */
     protected $rfidTags;
 
+    /**
+     * @var bool
+     */
+    protected $google2faEnable;
+
+    /**
+     * @var string|null
+     */
+    protected $google2faSecret;
+
+    /**
+     * Encrypted recovery codes.
+     *
+     * @var string
+     */
+    protected $google2faRecoveryCodes;
+
     /**
      * User constructor.
      *
@@ -123,6 +140,7 @@ public function __construct(
         $this->roles = new ArrayCollection();
         $this->emails = new ArrayCollection();
         $this->rfidTags = new ArrayCollection();
+        $this->google2faEnable = false;
     }
 
     /**
@@ -393,4 +411,76 @@ public function setRfidTags($rfidTags)
 
         return $this;
     }
+
+    /**
+     * @return bool
+     */
+    public function isGoogle2faEnable()
+    {
+        return $this->google2faEnable;
+    }
+
+    /**
+     * @param bool $google2faEnable
+     *
+     * @return self
+     */
+    public function setGoogle2faEnable(bool $google2faEnable)
+    {
+        $this->google2faEnable = $google2faEnable;
+
+        return $this;
+    }
+
+    /**
+     * @return string|null
+     */
+    public function getGoogle2faSecret()
+    {
+        return $this->google2faSecret;
+    }
+
+    /**
+     * @param string|null $google2faSecret
+     *
+     * @return self
+     */
+    public function setGoogle2faSecret($google2faSecret)
+    {
+        $this->google2faSecret = $google2faSecret;
+
+        return $this;
+    }
+
+    /**
+     * @return string
+     */
+    public function getGoogle2faRecoveryCodes()
+    {
+        return $this->google2faRecoveryCodes;
+    }
+
+    /**
+     * @param string $google2faRecoveryCodes
+     *
+     * @return self
+     */
+    public function setGoogle2faRecoveryCodes($google2faRecoveryCodes)
+    {
+        $this->google2faRecoveryCodes = $google2faRecoveryCodes;
+
+        return $this;
+    }
+
+    /**
+     * Route notifications for the Nexmo channel.
+     *
+     * @param \Illuminate\Notifications\Notification $notification
+     *
+     * @return string
+     */
+    public function routeNotificationForNexmo($notification)
+    {
+        return $this->profile->getContactNumber();
+    }
 }

app/HMS/Mappings/HMS.Entities.Profile.dcm.yml

@@ -58,6 +58,11 @@ HMS\Entities\Profile:
       column: contact_number
       length: 50
       nullable: true
+    contactNumberVerified:
+      type: boolean
+      nullable: false
+      options:
+          default: false
     dateOfBirth:
       type: date
       column: date_of_birth

app/HMS/Mappings/HMS.Entities.User.dcm.yml

@@ -38,6 +38,16 @@ HMS\Entities\User:
       column: email_verified_at
       type: datetime
       nullable: true
+    google2faEnable:
+      type: boolean
+      options:
+        default: 0
+    google2faSecret:
+      type: string
+      nullable: true
+    google2faRecoveryCodes:
+      type: string
+      nullable: true
     deletedAt:
       type: datetime
       nullable: true

app/HMS/User/ProfileManager.php

@@ -5,9 +5,11 @@
 use Carbon\Carbon;
 use HMS\Entities\User;
 use HMS\Entities\Profile;
+use libphonenumber\RegionCode;
 use HMS\Repositories\MetaRepository;
 use HMS\Repositories\UserRepository;
 use HMS\Repositories\ProfileRepository;
+use Propaganistas\LaravelPhone\PhoneNumber;
 
 class ProfileManager
 {
@@ -84,7 +86,8 @@ public function create(
         $profile->setAddressCity($addressCity);
         $profile->setAddressCounty($addressCounty);
         $profile->setAddressPostcode($addressPostcode);
-        $profile->setContactNumber($contactNumber);
+        $e164 = PhoneNumber::make($contactNumber, RegionCode::GB)->formatE164();
+        $profile->setContactNumber($e164);
 
         if (! empty($dateOfBirth)) {
             $profile->setDateOfBirth(new Carbon($dateOfBirth));
@@ -141,7 +144,8 @@ public function updateUserProfileFromRequest(User $user, array $request)
         }
 
         if (isset($request['contactNumber'])) {
-            $profile->setContactNumber($request['contactNumber']);
+            $e164 = PhoneNumber::make($request['contactNumber'], RegionCode::GB)->formatE164();
+            $profile->setContactNumber($e164);
         }
 
         // Nullable field

app/Http/Controllers/Api/SearchController.php

@@ -63,6 +63,7 @@ public function users(string $searchQuery = null, Request $request)
                 'email' => $user->getEmail(),
                 'accountId' => $user->getAccount() ? $user->getAccount()->getId() : null,
                 'paymentRef' => $user->getAccount() ? $user->getAccount()->getPaymentRef() : '',
+                'google2fa' => $user->isGoogle2faEnable(),
             ];
 
             if (\Gate::allows('profile.view.all')) {

app/Http/Controllers/Auth/RegisterController.php

@@ -86,7 +86,7 @@ protected function validator(array $data)
             'addressCity' => 'required|max:100',
             'addressCounty' => 'required|max:100',
             'addressPostcode' => 'required|max:10',
-            'contactNumber' => 'required|max:50',
+            'contactNumber' => 'required|max:50|phone:GB',
             'dateOfBirth' => 'nullable|date_format:Y-m-d',
         ]);
     }