thecodework · Vikzdimension · Jul 27, 2020
diff --git a/resources/views/setup.blade.php b/resources/views/setup.blade.php
@@ -19,7 +19,19 @@
                         <div class="form-group text-center">
                         @if(! $user->is_two_factor_enabled)
                         <p>Please scan this barcode using <strong>Google Authenticator</strong> or <strong>Authy</strong> client Application and Click Enable Button</p>
-                            <img src="{{ $barcode }}" />
+                            <img id="barcode" src="{{ $barcode }}" />
+                        <div>
+                            <input type="number" id='pass_code' name="pass_code" autocomplete="off" class="form-control" placeholder="Enter Authy Code" required>
+                        @if ($errors->any())
+                            <div class="alert alert-danger">
+                                <ul>
+                                    @foreach ($errors->all() as $error)
+                                        <li>{{ $error }}</li>
+                                    @endforeach
+                                </ul>
+                            </div>
+                        @endif
+                        </div>
                         @endif
                         </div>
                         <div class="form-group text-center">

diff --git a/src/AuthenticatesUsersWith2FA.php b/src/AuthenticatesUsersWith2FA.php
@@ -62,7 +62,6 @@ public function verifyToken(Request $request)
         // Impllicitly adding an validation rule to check if token is valid or not.
         Validator::extendImplicit('valid_token', function ($attribute, $value) {
             $totp = Factory::loadFromProvisioningUri($this->user->two_factor_provisioned_uri);
-
             return $totp->verify($value);
         });
 

diff --git a/src/Http/Controllers/TwoFactorAuthenticationController.php b/src/Http/Controllers/TwoFactorAuthenticationController.php
@@ -11,6 +11,7 @@
 use Thecodework\TwoFactorAuthentication\Contracts\TwoFactorAuthenticationInterface;
 use Thecodework\TwoFactorAuthentication\Exceptions\TwoFactorAuthenticationExceptions;
 use Thecodework\TwoFactorAuthentication\TwoFactorAuthenticationServiceProvider;
+use Session;
 
 class TwoFactorAuthenticationController extends Controller implements TwoFactorAuthenticationInterface
 {
@@ -55,6 +56,7 @@ public function setupTwoFactorAuthentication(Request $request)
             config('2fa-config.digest_algorithm'),
             config('2fa-config.number_of_digits')
         );
+        session(['totp' => $totp]);
         $totp->setLabel(config('2fa-config.account_name'));
         $this->updateUserWithProvisionedUri($totp->getProvisioningUri());
 
@@ -77,20 +79,26 @@ public function setupTwoFactorAuthentication(Request $request)
      */
     public function enableTwoFactorAuthentication(Request $request)
     {
-        $user = $this->getUser();
-        $user->is_two_factor_enabled = 1;
-        $user->update();
-
-        if ($request->ajax()) {
-            return [
-                'data' => [
-                    'message'     => 'success',
-                    'description' => '2FA Enabled',
-                ],
-            ];
+        $GOTP = $request->session()->get('totp');
+        $UOTP = $request->input('pass_code');
+
+        if (isset($GOTP) && $GOTP->verify($UOTP)) {
+            $user = $this->getUser();
+            $user->is_two_factor_enabled = 1;
+            $user->update();
+
+            if ($request->ajax()) {
+                return [
+                    'data' => [
+                        'message'     => 'success',
+                        'description' => '2FA Enabled',
+                    ],
+                ];
+            }
+            return redirect(config('2fa-config.redirect_to'));
+        }else{
+            return redirect('setup-2fa');
         }
-
-        return redirect(config('2fa-config.redirect_to'));
     }
 
     /**