Merge pull request #79 from stephenjude/main

Improvements: Switch 2FA challenge from hash validation to decrypt validation and Cleanup translation usage.

Author: stephenjude

resources/lang/en/actions.php

@@ -1,6 +1,5 @@
 <?php
 
-// translations for Stephenjude/FilamentTwoFactorAuthentication
 return [
     'confirm_two_factor_authentication' => [
         'wrong_code' => 'The provided two factor authentication code was invalid.',

resources/lang/en/pages.php

@@ -3,13 +3,13 @@
 return [
     'subheading' => 'Or',
     'challenge' => [
-        'action_label' => 'use a recovery code',
+        'action_label' => 'Use a recovery code',
         'confirm' => 'Please confirm access to your account by entering the authentication code provided by your authenticator application.',
         'code' => 'Code',
         'error' => 'The provided two factor authentication code was invalid.',
     ],
     'recovery' => [
-        'action_label' => 'use an authentication code',
+        'action_label' => 'Use an authentication code',
         'form_hint' => 'Please confirm access to your account by entering one of your emergency recovery codes.',
         'error' => 'The provided two factor authentication code was invalid.',
         'title' => 'Recovery Code',

resources/views/components/logout.blade.php

@@ -1,7 +1,7 @@
 <div class="flex justify-center w-full">
     <form method="POST" action="{{ filament()->getCurrentOrDefaultPanel()->getLogoutUrl() }}">
         @csrf
-        <x-filament::link tag="button" type="submit" weight="semibold">
+        <x-filament::link style="align-center" tag="button" type="submit" weight="semibold">
             {{__('filament-two-factor-authentication::components.logout.button')}}
         </x-filament::link>
     </form>

src/Pages/Challenge.php

@@ -44,11 +44,7 @@ public function recoveryAction(): Action
         return Action::make('recovery')
             ->link()
             ->label(__('filament-two-factor-authentication::pages.challenge.action_label'))
-            ->url(
-                filament()->getCurrentOrDefaultPanel()->route(
-                    'two-factor.recovery'
-                )
-            );
+            ->url(filament()->getCurrentOrDefaultPanel()->route('two-factor.recovery'));
     }
 
     public function authenticate()
@@ -86,7 +82,6 @@ public function form(Schema $schema): Schema
                     ->autocomplete()
                     ->rules([
                         fn () => function (string $attribute, $value, $fail) {
-
                             $user = Filament::auth()->user();
                             if (is_null($user)) {
                                 $fail(__('filament-two-factor-authentication::pages.challenge.error'));
@@ -122,7 +117,7 @@ public function getFormActions(): array
     protected function getAuthenticateFormAction(): Action
     {
         return Action::make('authenticate')
-            ->label(__('filament-panels::pages/auth/login.form.actions.authenticate.label'))
+            ->label(__('filament-panels::auth/pages/login.form.actions.authenticate.label'))
             ->submit('authenticate');
     }
 

src/Pages/Recovery.php

@@ -66,11 +66,7 @@ public function form(Schema $schema): Schema
             ->schema([
                 TextInput::make('recovery_code')
                     ->hiddenLabel()
-                    ->hint(
-                        __(
-                            'filament-two-factor-authentication::pages.recovery.form_hint'
-                        )
-                    )
+                    ->hint(__('filament-two-factor-authentication::pages.recovery.form_hint'))
                     ->required()
                     ->autocomplete()
                     ->autofocus()
@@ -101,7 +97,7 @@ public function getFormActions(): array
     protected function getAuthenticateFormAction(): Action
     {
         return Action::make('authenticate')
-            ->label(__('filament-panels::pages/auth/login.form.actions.authenticate.label'))
+            ->label(__('filament-panels::auth/pages/login.form.actions.authenticate.label'))
             ->submit('authenticate');
     }
 

src/TwoFactorAuthenticatable.php

@@ -9,7 +9,6 @@
 use BaconQrCode\Renderer\RendererStyle\RendererStyle;
 use BaconQrCode\Writer;
 use Illuminate\Support\Facades\Cache;
-use Illuminate\Support\Facades\Hash;
 use Spatie\LaravelPasskeys\Models\Concerns\InteractsWithPasskeys;
 use Stephenjude\FilamentTwoFactorAuthentication\Events\RecoveryCodeReplaced;
 
@@ -44,17 +43,16 @@ public function passkeyAuthenticated(): bool
 
     public function isTwoFactorChallengePassed(): bool
     {
-        $sessionKey = 'login_2fa_challenge_passed_' . $this->id;
+        if ($twoFactorSecretFromSession = session()->get("login:challenge:secret:$this->id")) {
+            return decrypt($this->two_factor_secret) === decrypt($twoFactorSecretFromSession);
+        }
 
-        return Hash::check($this->two_factor_secret, session()->get($sessionKey));
+        return false;
     }
 
     public function setTwoFactorChallengePassed(): void
     {
-        $sessionKey = 'login_2fa_challenge_passed_' . $this->id;
-        $sessionValue = Hash::make($this->two_factor_secret);
-
-        session()->put($sessionKey, $sessionValue);
+        session()->put("login:challenge:secret:$this->id", $this->two_factor_secret);
     }
 
     /**