App\Support\Google2FAAuthenticator

Complexity

Total Complexity

14

Size/Duplication

Total Lines	66
Duplicated Lines	0 %

Importance

Changes	1
Bugs	1	Features	0

3 Methods

Rating	Name	Duplication	Size	Complexity
A	isDeviceTrusted()	0	30	6
A	getGoogle2FASecretKey()	0	9	2
A	canPassWithoutCheckingOTP()	0	12	6

<?php

namespace App\Support;

use PragmaRX\Google2FALaravel\Exceptions\InvalidSecretKey;
use PragmaRX\Google2FALaravel\Support\Authenticator;

class Google2FAAuthenticator extends Authenticator
{
    protected function canPassWithoutCheckingOTP(): bool
    {
        if (! $this->getUser()->passwordSecurity) {
            return true;
        }

        return
            ! $this->getUser()->passwordSecurity->google2fa_enable ||
            ! $this->isEnabled() ||
            $this->noUserIsAuthenticated() ||
            $this->twoFactorAuthStillValid() ||
            $this->isDeviceTrusted();
    }

    /**
     * Check if current device is trusted
     */
    protected function isDeviceTrusted(): bool
    {
        $cookie = request()->cookie('2fa_trusted_device');

        if (! $cookie) {
            return false;
        }

        try {
            $data = json_decode($cookie, true);

It seems like $cookie can also be of type array; however, parameter $json of json_decode() does only seem to accept string, maybe add an additional type check?

            // Check if cookie contains the required data
            if (! isset($data['user_id'], $data['token'], $data['expires_at'])) {
                return false;
            }

            // Check if the token belongs to the current user
            if ((int) $data['user_id'] !== (int) $this->getUser()->id) {
                return false;
            }

            // Check if the token is expired
            if (time() > $data['expires_at']) {
                return false;
            }

            // Device is trusted and token is valid
            return true;
        } catch (\Exception $e) {
            return false;
        }
    }

    /**
     * @return mixed
     *
     * @throws InvalidSecretKey
     */
    protected function getGoogle2FASecretKey()
    {
        $secret = $this->getUser()->passwordSecurity->{$this->config('otp_secret_column')};

        if (empty($secret)) {
            throw new InvalidSecretKey('Secret key cannot be empty.');
        }

        return $secret;
    }
}