Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tweaks and Upgrades #34

Open
wants to merge 13 commits into
base: master
Choose a base branch
from
Open

Tweaks and Upgrades #34

wants to merge 13 commits into from

Conversation

tonysm
Copy link

@tonysm tonysm commented Jan 23, 2022
edited
Loading

Changed

  • BC: Bumped all dependencies to the latest versions
  • BC: Bumped the PHP minimum version to 8.0
  • BC: Use encryption instead of hashing the recovery codes (more in line with Fortify)
  • BC: Replace the used recovery code and grant them access to the app instead of forcing the user to reconfigure the authenticator app (again, more in line with Fortify)
  • Tweaked the inputs so it matches Nova's UI (rounded corners and stuff)
  • Added a new tool to view the Recovery Codes inside Nova itself

Hey, there. I had the need to implement in Nova for an app, tried installing your package but found some roadblocks (my project uses PHP >8.0), so I made the necessary changes to make it work and figured I could contribute here.

While I was testing it, I noticed that the recovery flow wasn't working, so I fixed that. And then I noticed I had to reconfigure the authenticator app after using a recovery code (it generated a new secret and new codes), but that doesn't seem necessary. Fortify just replaces the used code with a new one, so that should do the trick, right?

These are all breaking changes, so you may need a major version bump. Since I'm working on a new project, I didn't need to migrate existing users, and I don't think it's possible (because of the hashing to encryption change), so if you're interested in a migration path for users of the package, we can bring back the hashing stuff implement a configuration that allows users to choose between encryption/hashing for the recovery codes.

I changed from hashing to encryption to allow users to view their recovery codes again once they are inside the app (since recovery codes change - when you use one, that one gets cycled and a new one takes its place).

tonysm added 13 commits January 22, 2022 19:06
@tonysm
Bump to Google2fa Laravel 1.0.0
d6307cb
@tonysm
Bump to use google2fa-laravel ^2.0.1 and generate QR code using googl…
22aeb30 
…e2fa-qrcode ^3.0
@tonysm
Adds the missing bacon/bacon-qr-code, turns out its required
7bcd5aa
@tonysm
Fix recovery codes not being hashed before storing the first time
ed0bda1
@tonysm
Replace the used recovery code instead of forcing the user to reconfi…
42c9d7c 
…gure everything.
@tonysm
Replace hashing with encryption (closer to the Jetstream/Fortify impl…
0e69bfe 
…ementation)
@tonysm
Tweaks the authentication UI
6a57a1c
@tonysm
Use translation for placeholders
8c969b4
@tonysm
Undo the config changes, no need to change them since we can override…
9f70ae8 
… in the application
@tonysm
Extract inline JS to functions
abbfb77
@tonysm
Tweak wordings
45e0684
@tonysm
Adds the recovery code tool so users can view their recovery codes
bbb48e2
@tonysm
Remove unused use statements
24ec680
@tonysm tonysm mentioned this pull request Jan 27, 2022
Open
@interpegasus
Copy link

Great work! Does it support Nova 4?

@tonysm
Copy link
Author

tonysm commented Jun 7, 2022

@interpegasus nope. These changes were made before Nova 4, unfortunately.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tonysm @interpegasus