From 471e503fb70a9e4b8031373d1f814e6e4ab8c2fb Mon Sep 17 00:00:00 2001 From: Sadiq Date: Sat, 27 Jul 2024 22:21:52 +0100 Subject: [PATCH] add Otp Hashing --- src/Otp.php | 36 +++++++++++++++++++++++++----------- src/OtpServiceProvider.php | 9 ++++++++- src/config/otp.php | 16 ++++++++++++++++ 3 files changed, 49 insertions(+), 12 deletions(-) create mode 100644 src/config/otp.php diff --git a/src/Otp.php b/src/Otp.php index d823753..543e81d 100644 --- a/src/Otp.php +++ b/src/Otp.php @@ -5,6 +5,7 @@ use Carbon\Carbon; use Exception; use Ichtrojan\Otp\Models\Otp as Model; +use Illuminate\Support\Facades\Hash; class Otp { @@ -31,9 +32,11 @@ public function generate(string $identifier, string $type, int $length = 4, int throw new Exception("{$type} is not a supported type"); } + $useHashing = config('otp.use_hashing', false); + Model::create([ 'identifier' => $identifier, - 'token' => $token, + 'token' => $useHashing ? Hash::make($token) : $token, 'validity' => $validity ]); @@ -51,42 +54,53 @@ public function generate(string $identifier, string $type, int $length = 4, int */ public function validate(string $identifier, string $token): object { - $otp = Model::where('identifier', $identifier)->where('token', $token)->first(); + $otp = Model::where('identifier', $identifier) + ->where('valid', true) + ->latest('created_at') + ->first(); if ($otp instanceof Model) { if ($otp->valid) { $now = Carbon::now(); $validity = $otp->created_at->addMinutes($otp->validity); - $otp->update(['valid' => false]); - if (strtotime($validity) < strtotime($now)) { + $otp->update(['valid' => false]); return (object)[ 'status' => false, 'message' => 'OTP Expired' ]; } + $useHashing = config('otp.use_hashing', false); + $isValid = $useHashing ? Hash::check($token, $otp->token) : $token === $otp->token; + + if (!$isValid) { + return (object)[ + 'status' => false, + 'message' => 'OTP is not valid' + ]; + } + $otp->update(['valid' => false]); return (object)[ 'status' => true, 'message' => 'OTP is valid' ]; - } - $otp->update(['valid' => false]); + } return (object)[ 'status' => false, 'message' => 'OTP is not valid' ]; - } else { - return (object)[ - 'status' => false, - 'message' => 'OTP does not exist' - ]; } + + return (object)[ + 'status' => false, + 'message' => 'OTP not found' + ]; } /** diff --git a/src/OtpServiceProvider.php b/src/OtpServiceProvider.php index e5a896a..cbfe5c0 100644 --- a/src/OtpServiceProvider.php +++ b/src/OtpServiceProvider.php @@ -13,6 +13,9 @@ class OtpServiceProvider extends ServiceProvider */ public function register() { + $this->mergeConfigFrom( + __DIR__.'/config/otp.php', 'otp' + ); } /** @@ -22,8 +25,12 @@ public function register() */ public function boot() { - $this->loadMigrationsFrom(__DIR__ . '/database/migrations'); + $this->publishes([ + __DIR__.'/config/otp.php' => config_path('otp.php'), + ], 'otp-config'); + $this->loadMigrationsFrom(__DIR__ . '/database/migrations'); + $this->commands([ \Ichtrojan\Otp\Commands\CleanOtps::class, ]); diff --git a/src/config/otp.php b/src/config/otp.php new file mode 100644 index 0000000..cb21c42 --- /dev/null +++ b/src/config/otp.php @@ -0,0 +1,16 @@ + env('OTP_USE_HASHING', false), +];