bert.hausmans
948687f27e
Three verification methods (TOTP authenticator, email code, backup codes), trusted device management with 30-day expiry, role-based enforcement for super_admin and org_admin, admin reset capability, and full test coverage (46 tests). Modifies login flow to support MFA challenge/response with temporary session tokens stored in cache. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
40 lines
1011 B
PHP
40 lines
1011 B
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Http\Controllers\Api\V1\Auth;
|
|
|
|
use App\Http\Controllers\Controller;
|
|
use App\Http\Resources\Api\V1\TrustedDeviceResource;
|
|
use App\Services\MfaService;
|
|
use Illuminate\Http\JsonResponse;
|
|
use Illuminate\Http\Request;
|
|
|
|
final class TrustedDeviceController extends Controller
|
|
{
|
|
public function __construct(
|
|
private MfaService $mfaService,
|
|
) {}
|
|
|
|
public function index(Request $request): JsonResponse
|
|
{
|
|
$devices = $this->mfaService->getTrustedDevices($request->user());
|
|
|
|
return $this->success(TrustedDeviceResource::collection($devices));
|
|
}
|
|
|
|
public function destroy(Request $request, string $device): JsonResponse
|
|
{
|
|
$this->mfaService->revokeDevice($request->user(), $device);
|
|
|
|
return response()->json(null, 204);
|
|
}
|
|
|
|
public function destroyAll(Request $request): JsonResponse
|
|
{
|
|
$this->mfaService->revokeAllDevices($request->user());
|
|
|
|
return response()->json(null, 204);
|
|
}
|
|
}
|