bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: enterprise MFA with TOTP, email codes, backup codes, and trusted devices

Browse Source 
Three verification methods (TOTP authenticator, email code, backup codes),
trusted device management with 30-day expiry, role-based enforcement for
super_admin and org_admin, admin reset capability, and full test coverage
(46 tests). Modifies login flow to support MFA challenge/response with
temporary session tokens stored in cache.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
bert.hausmans
2026-04-15 20:45:55 +02:00
parent df68aa8aef
commit 948687f27e
32 changed files with 2563 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
api/app/Models/User.php
View File

@@ -32,6 +32,11 @@ final class User extends Authenticatable
'timezone',
'locale',
'avatar',
'mfa_enabled',
'mfa_method',
'mfa_secret',
'mfa_confirmed_at',
'mfa_enforced',
];
public function getFullNameAttribute(): string
@@ -47,6 +52,7 @@ final class User extends Authenticatable
protected $hidden = [
'password',
'remember_token',
'mfa_secret',
];
protected function casts(): array
@@ -55,6 +61,9 @@ final class User extends Authenticatable
'date_of_birth' => 'date',
'email_verified_at' => 'datetime',
'password' => 'hashed',
'mfa_enabled' => 'boolean',
'mfa_confirmed_at' => 'datetime',
'mfa_enforced' => 'boolean',
];
}
@@ -92,6 +101,21 @@ final class User extends Authenticatable
return $this->hasMany(UserOrganisationTag::class);
}
public function mfaBackupCodes(): HasMany
{
return $this->hasMany(MfaBackupCode::class);
}
public function mfaEmailCodes(): HasMany
{
return $this->hasMany(MfaEmailCode::class);
}
public function trustedDevices(): HasMany
{
return $this->hasMany(TrustedDevice::class);
}
public function tagsForOrganisation(string $organisationId): HasMany
{
return $this->organisationTags()->where('organisation_id', $organisationId);