1 | <?php |
||
2 | |||
3 | namespace App\Http\Middleware; |
||
4 | |||
5 | use App\Support\Google2FAAuthenticator; |
||
6 | use Closure; |
||
7 | use Illuminate\Http\Request; |
||
8 | use Symfony\Component\HttpFoundation\Response; |
||
9 | |||
10 | class Google2FAMiddleware |
||
11 | { |
||
12 | /** |
||
13 | * Handle an incoming request. |
||
14 | */ |
||
15 | public function handle(Request $request, Closure $next): Response |
||
16 | { |
||
17 | // Direct check for trusted device cookie |
||
18 | $trustedCookie = $request->cookie('2fa_trusted_device'); |
||
19 | |||
20 | if ($trustedCookie && auth()->check()) { |
||
21 | try { |
||
22 | $cookieData = json_decode($trustedCookie, true); |
||
0 ignored issues
–
show
Bug
introduced
by
![]() |
|||
23 | |||
24 | if (json_last_error() === JSON_ERROR_NONE) { |
||
25 | // Check if all required fields exist |
||
26 | if (isset($cookieData['user_id'], $cookieData['token'], $cookieData['expires_at'])) { |
||
27 | // Check if cookie user ID matches authenticated user |
||
28 | if ((int) $cookieData['user_id'] === (int) auth()->id()) { |
||
29 | // Check if cookie is not expired |
||
30 | if (time() <= $cookieData['expires_at']) { |
||
31 | // Set the session variables for 2FA authentication |
||
32 | session([config('google2fa.session_var') => true]); |
||
33 | session([config('google2fa.session_var').'.auth.passed_at' => time()]); |
||
34 | |||
35 | // IMMEDIATELY allow the request to proceed - bypass all other checks |
||
36 | return $next($request); |
||
37 | } |
||
38 | } |
||
39 | } |
||
40 | } |
||
41 | } catch (\Exception $e) { |
||
42 | // Silently handle any exceptions |
||
43 | } |
||
44 | } |
||
45 | |||
46 | // Continue with normal 2FA flow if we reach this point |
||
47 | $authenticator = app(Google2FAAuthenticator::class)->boot($request); |
||
48 | |||
49 | if ($authenticator->isAuthenticated()) { |
||
50 | return $next($request); |
||
51 | } |
||
52 | |||
53 | return $authenticator->makeRequestOneTimePasswordResponse(); |
||
54 | } |
||
55 | } |
||
56 |