Totp code

code_examples/totp/_misc/totp-append-Message.php

@@ -0,0 +1 @@
+public const VALIDATOR_INVALID_CODE = 'Invalid recovery code.'

code_examples/totp/_misc/totp-append-authorization-guards.global.php

@@ -0,0 +1,4 @@
+'admin::validate-totp-form' => ['authenticated'],
+'admin::disable-totp-form'  => ['authenticated'],
+'admin::enable-totp-form'   => ['authenticated'],
+'admin::recovery-form'      => ['authenticated'],

code_examples/totp/src/Admin/src/InputFilter/RecoveryInputFilter.php

@@ -0,0 +1,41 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Admin\Admin\InputFilter;
+
+use Admin\App\InputFilter\Input\CsrfInput;
+use Core\App\InputFilter\AbstractInputFilter;
+
+/**
+ * @phpstan-type RecoveryDataType array{
+ *     code: non-empty-string,
+ *     totpCsrf: non-empty-string,
+ *     submit?: non-empty-string,
+ * }
+ * @extends AbstractInputFilter<RecoveryDataType>
+ */
+class RecoveryInputFilter extends AbstractInputFilter
+{
+    public function init(): void
+    {
+        $this->add([
+            'name'       => 'recoveryCode',
+            'required'   => true,
+            'filters'    => [
+                ['name' => 'StringTrim'],
+            ],
+            'validators' => [
+                [
+                    'name'    => 'Regex',
+                    'options' => [
+                        'pattern' => '/^[A-Z0-9]{5}-[A-Z0-9]{5}$/',
+                        'message' => 'Recovery code must be in format XXXXX-XXXXX using letters A-Z and digits 0-9.',
+                    ],
+                ],
+            ],
+        ]);
+
+        $this->add(new CsrfInput('recoveryCsrf'));
+    }
+}

code_examples/totp/src/Admin/src/InputFilter/TotpInputFilter.php

@@ -0,0 +1,50 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Admin\Admin\InputFilter;
+
+use Admin\App\InputFilter\Input\CsrfInput;
+use Core\App\InputFilter\AbstractInputFilter;
+use Laminas\Validator\Digits;
+use Laminas\Validator\StringLength;
+
+/**
+ * @phpstan-type TotpDataType array{
+ *     code: non-empty-string,
+ *     totpCsrf: non-empty-string,
+ *     submit?: non-empty-string,
+ * }
+ * @extends AbstractInputFilter<TotpDataType>
+ */
+class TotpInputFilter extends AbstractInputFilter
+{
+    public function init(): void
+    {
+        $this->add([
+            'name'       => 'code',
+            'required'   => true,
+            'filters'    => [
+                ['name' => 'StringTrim'],
+            ],
+            'validators' => [
+                [
+                    'name'    => Digits::class,
+                    'options' => [
+                        'message' => 'Code must contain only digits.',
+                    ],
+                ],
+                [
+                    'name'    => StringLength::class,
+                    'options' => [
+                        'min'     => 6,
+                        'max'     => 6,
+                        'message' => 'Code must be exactly 6 digits.',
+                    ],
+                ],
+            ],
+        ]);
+
+        $this->add(new CsrfInput('totpCsrf'));
+    }
+}

code_examples/totp/src/Admin/templates/admin/list-recovery-codes.html.twig

@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <link href="{{ asset('css/app.css') }}" rel="stylesheet">
+</head>
+<body class="app">
+<div class="d-flex justify-content-center align-items-center vh-100">
+    <div class="text-center">
+        <div class="mb-3">
+            <h2 class="mx-3">Recovery codes</h2>
+
+            {% if plainCodes|length > 0 %}
+                <div class="alert alert-info">
+                    <p>Save these recovery codes. Each code can be used only once:</p>
+                    <ul>
+                        {% for code in plainCodes %}
+                            <li>{{ code }}</li>
+                        {% endfor %}
+                    </ul>
+                </div>
+            {% endif %}
+
+            <div class="d-flex flex-column align-items-center mt-3">
+                <a href="{{ path('dashboard::view-dashboard') }}" class="btn btn-secondary mt-2">Ok</a>
+            </div>
+        </div>
+    </div>
+</div>
+</body>
+</html>

docs/book/v7/tutorials/install-dot-totp.md

@@ -23,7 +23,11 @@ If you follow the links from the [main totp integration example](https://github.
 - [src/Admin/src/Handler/Account/PostEnableTotpHandler.php](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/Admin/src/Handler/Account/PostEnableTotpHandler.php)
 - [src/Admin/src/Handler/Account/PostValidateRecoveryHandler.php](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/Admin/src/Handler/Account/PostValidateRecoveryHandler.php)
 - [src/Admin/src/Handler/Account/PostValidateTotpHandler.php](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/Admin/src/Handler/Account/PostValidateTotpHandler.php)
+- [src/Admin/src/InputFilter/RecoveryInputFilter.php](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/Admin/src/InputFilter/RecoveryInputFilter.php)
+- [src/Admin/src/InputFilter/TotpInputFilter.php](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/Admin/src/InputFilter/TotpInputFilter.php)
+- [src/Admin/templates/admin/list-recovery-codes.html.twig](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/Admin/templates/admin/list-recovery-codes.html.twig)
 - [src/Admin/templates/admin/recovery-form.html.twig](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/Admin/templates/admin/recovery-form.html.twig)
+- [src/Admin/templates/admin/validate-totp-form.html.twig](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/Admin/templates/admin/validate-totp-form.html.twig)
 - [src/App/src/Middleware/CancelUrlMiddleware.php](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/App/src/Middleware/CancelUrlMiddleware.php)
 - [src/App/src/Middleware/TotpMiddleware.php](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/App/src/Middleware/TotpMiddleware.php)
 
@@ -37,6 +41,12 @@ There are still some code snippets in the [_misc](https://github.com/dotkernel/a
 - [the routes updates](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/_misc/totp-append-routes.php) must be added in the `src/Admin/src/RoutesDelegator.php` file.
 - [the pipeline updates](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/_misc/totp-append-Pipeline.php) must be added in the `config/pipeline.php` file after `$app->pipe(AuthMiddleware::class);`.
 - [the ConfigProvider updates](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/_misc/totp-append-ConfigProvider.php) must be added in the `src/Admin/src/ConfigProvider.php` file.
+- [append these routes](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/_misc/totp-append-authorization-guards.global.php) to your `authorization-guards.global.php` file.
+- Add the constant below in `src/Core/src/App/src/Message.php` to return an error message when the recovery code is invalid.
+
+```php
+public const VALIDATOR_INVALID_CODE = 'Invalid recovery code.'
+```
 
 ## Dot-totp in Action