PHP code example of astrotomic / laravel-auth-recovery-codes

    
        
<?php
require_once('vendor/autoload.php');

/* Start to develop here. Best regards https://php-download.com/ */

    

astrotomic / laravel-auth-recovery-codes example snippets

use Illuminate\Database\Eloquent\Model;
use Astrotomic\AuthRecoveryCodes\Recoverable;

class User extends Model
{
    use Recoverable;

    protected $casts = [
        'recovery_codes' => 'array',
    ];
}

class User extends Model
{
    use Recoverable;

    protected string $recoveryCodesName = 'mfa_recovery_codes';

    protected $casts = [
        'mfa_recovery_codes' => 'array',
    ];
}

$codes = User::generateRecoveryCodes();

$user->setRecoveryCodes($codes)->save();

return response()->json($codes);

use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;

class AddRecoveryCodesToUsersTable extends Migration
{
    public function up(): void
    {
        Schema::table('users', static function (Blueprint $table): void {
            $table->json('recovery_codes')->nullable();
        });
    }

    public function down(): void
    {
        Schema::table('users', static function (Blueprint $table): void {
            $table->dropColumn('recovery_codes');
        });
    }
}

use Astrotomic\AuthRecoveryCodes\Recoverable;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Symfony\Component\HttpFoundation\Response;

class RecoverController
{
    public function __invoke(Request $request)
    {
        /** @var Model|Recoverable $user */
        $user = User::whereEmail($request->email)->firstOrFail();

        abort_unless(Hash::check($request->password, $user->password), Response::HTTP_NOT_FOUND);

        abort_unless($user->isValidRecoveryCode($request->recovery_code), Response::HTTP_NOT_FOUND);

        // do something to allow the user to recover the account
        // - log them in and redirect to account/security settings
        // - disable 2FA
        // - send an email with a signed link to do something

        $user->useRecoveryCode($request->recovery_code)->save();

        // you should check if user has remaining recovery codes
        // if not you should re-generate some and tell the user
        // for sure you can trigger this before all codes are used
        // or remind the user on regular login to generate new ones
        // if he's running out of remaining ones
        if(empty($user->getRecoveryCodes())) {
            $codes = User::generateRecoveryCodes();

            $user->setRecoveryCodes($codes)->save();

            return response()->json($codes);
        }
    }
}

bash
php artisan vendor:publish --provider="Astrotomic\AuthRecoveryCodes\AuthRecoveryCodesServiceProvider" --tag=config