Merge pull request #34 from DarkGhostHunter/master

Minor fix on Confirm Middleware
DarkGhostHunter · Jun 8, 2020 · 1682dac · 1682dac
2 parents c85483f + f4e1a63
commit 1682dac
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 51 deletions.
diff --git a/src/Http/Middleware/ConfirmTwoFactorCode.php b/src/Http/Middleware/ConfirmTwoFactorCode.php
@@ -51,48 +51,27 @@ public function __construct(ResponseFactory $response, UrlGenerator $url, Authen
      * @param  \Illuminate\Http\Request  $request
      * @param  \Closure  $next
      * @param  string  $redirectToRoute
-     * @param  bool  $useSafeDevice
      * @return mixed
      */
-    public function handle($request, Closure $next, $redirectToRoute = '2fa.confirm', $useSafeDevice = false)
+    public function handle($request, Closure $next, $redirectToRoute = '2fa.confirm')
     {
-        if ($this->userHasTwoFactorEnabled()) {
-            if ($this->codeWasValidated($request) || $this->isSafeDevice($request, $useSafeDevice)) {
-                return $next($request);
-            }
-
-            return $request->expectsJson()
-                ? $this->response->json(['message' => trans('laraguard::messages.required')], 403)
-                : $this->response->redirectGuest($this->url->route($redirectToRoute));
+        if ($this->userHasNotEnabledTwoFactorAuth() || $this->codeWasValidated($request)) {
+            return $next($request);
         }
 
-        return $next($request);
+        return $request->expectsJson()
+            ? $this->response->json(['message' => trans('laraguard::messages.required')], 403)
+            : $this->response->redirectGuest($this->url->route($redirectToRoute));
     }
 
     /**
      * Check if the user is using Two Factor Authentication.
      *
      * @return bool
      */
-    protected function userHasTwoFactorEnabled()
+    protected function userHasNotEnabledTwoFactorAuth()
     {
-        return $this->user instanceof TwoFactorAuthenticatable && $this->user->hasTwoFactorEnabled();
-    }
-
-    /**
-     * Check if the current Request was made from a Safe Device.
-     *
-     * @param  \Illuminate\Http\Request  $request
-     * @param  string|bool  $useSafeDevice
-     * @return bool
-     */
-    protected function isSafeDevice($request, $useSafeDevice)
-    {
-        if ($useSafeDevice = filter_var($useSafeDevice, FILTER_VALIDATE_BOOLEAN)) {
-            return false;
-        }
-
-        return $this->user->isSafeDevice($request);
+        return ! ($this->user instanceof TwoFactorAuthenticatable && $this->user->hasTwoFactorEnabled());
     }
 
     /**

diff --git a/tests/Http/Middleware/ConfirmTwoFactorEnabledTest.php b/tests/Http/Middleware/ConfirmTwoFactorEnabledTest.php
@@ -4,7 +4,6 @@
 
 use Tests\Stubs\UserStub;
 use Tests\RegistersPackage;
-use Illuminate\Http\Request;
 use Tests\CreatesTwoFactorUser;
 use Orchestra\Testbench\TestCase;
 use Tests\RunsPublishableMigrations;
@@ -147,25 +146,4 @@ public function test_routes_to_alternate_named_route()
         $this->get('intended_to_foo')
             ->assertRedirect('foo');
     }
-
-    public function test_bypasses_check_if_not_forced_and_using_safe_devices()
-    {
-        Date::setTestNow($now = Date::create(2020, 04, 01, 20, 20));
-
-        $this->app['router']->get('intended_forced', function () {
-            return 'ok';
-        })->name('intended')->middleware('web', 'auth', '2fa.confirm:2fa.confirm,false');
-
-        $this->actingAs($this->user);
-
-        $this->followingRedirects()
-            ->get('intended_forced')
-            ->assertViewIs('laraguard::confirm');
-
-        $this->user->addSafeDevice(new Request());
-
-        $this->followingRedirects()
-            ->get('intended_forced')
-            ->assertSee('ok');
-    }
 }