4 years ago · 7a32998b4c
--- a/app/Http/Controllers/TwoFAccountController.php
+++ b/app/Http/Controllers/TwoFAccountController.php
@@ -164,13 +164,16 @@ class TwoFAccountController extends Controller
 
				 
			
 
				 
			
 
				     /**
			
 
				-     * Generate a TOTP
			
 
				+     * Generate an OTP token
			
 
				      *
			
 
				      * @param  \Illuminate\Http\Request  $request
			
 
				      * @return \Illuminate\Http\Response
			
 
				      */
			
 
				-    public function generateOTP(Request $request)
			
 
				+    public function token(Request $request)
			
 
				     {
			
 
				+        // When the method is called during the process of creating/editing an HOTP account the 
			
 
				+        // sensitive data have to be returned, because of the hotpCounter increment
			
 
				+        $shouldResponseWithSensitiveData = false;
			
 
				 
			
 
				         if( $request->id ) {
			
 
				 
			
@@ -182,14 +185,20 @@ class TwoFAccountController extends Controller
 
				             // The request data contain an uri
			
 
				             $twofaccount = new TwoFAccount;
			
 
				             $twofaccount->uri = $request->otp['uri'];
			
 
				+            $shouldResponseWithSensitiveData = true;
			
 
				         }
			
 
				         else {
			
 
				 
			
 
				             // The request data should contain all otp parameter
			
 
				             $twofaccount = new TwoFAccount;
			
 
				             $twofaccount->populate($request->otp);
			
 
				+            $shouldResponseWithSensitiveData = true;
			
 
				         }
			
 
				 
			
 
				+        $response = [
			
 
				+            'token' => $twofaccount->token,
			
 
				+        ];
			
 
				+
			
 
				         if( $twofaccount->otpType === 'hotp' ) {
			
 
				 
			
 
				             // returned counter & uri will be updated
			
@@ -199,13 +208,19 @@ class TwoFAccountController extends Controller
 
				             if( $request->id ) {
			
 
				                 $twofaccount->save();
			
 
				             }
			
 
				+
			
 
				+            if( $shouldResponseWithSensitiveData ) {
			
 
				+                $response['hotpCounter'] = $twofaccount->hotpCounter;
			
 
				+                $response['uri'] = $twofaccount->uri;
			
 
				+            }
			
 
				         }
			
 
				+        else {
			
 
				 
			
 
				-        if( $request->id ) {
			
 
				-            return response()->json($twofaccount, 200);
			
 
				+            $response['totpPeriod'] = $twofaccount->totpPeriod;
			
 
				+            $response['totpTimestamp'] = $twofaccount->totpTimestamp;
			
 
				         }
			
 
				 
			
 
				-        return response()->json($twofaccount->makeVisible(['uri', 'secret', 'algorithm']), 200);
			
 
				+        return response()->json($response, 200);
			
 
				     }
			
 
				 
			
 
				 
			
--- a/app/TwoFAccount.php
+++ b/app/TwoFAccount.php
@@ -49,7 +49,7 @@ class TwoFAccount extends Model implements Sortable
 
				      *
			
 
				      * @var array
			
 
				      */
			
 
				-    protected $hidden = ['uri', 'secret', 'algorithm', 'created_at', 'updated_at'];
			
 
				+    protected $hidden = ['token', 'uri', 'secret', 'algorithm', 'created_at', 'updated_at'];
			
 
				 
			
 
				 
			
 
				     /**
			
--- a/resources/js/components/TokenDisplayer.vue
+++ b/resources/js/components/TokenDisplayer.vue
@@ -125,7 +125,7 @@
 
				 
			
 
				                 this.dotToDotCounter = 0
			
 
				 
			
 
				-                this.axios.post('/api/twofaccounts/otp', { id: this.id, otp: this.$props }).then(response => {
			
 
				+                this.axios.post('/api/twofaccounts/token', { id: this.id, otp: this.$props }).then(response => {
			
 
				 
			
 
				                     let spacePosition = Math.ceil(response.data.token.length / 2);
			
 
				                     
			
@@ -188,7 +188,7 @@
 
				 
			
 
				             getHOTP: function() {
			
 
				 
			
 
				-                this.axios.post('/api/twofaccounts/otp', { id: this.id, otp: this.$props }).then(response => {
			
 
				+                this.axios.post('/api/twofaccounts/token', { id: this.id, otp: this.$props }).then(response => {
			
 
				                     let spacePosition = Math.ceil(response.data.token.length / 2);
			
 
				                     
			
 
				                     this.token = response.data.token.substr(0, spacePosition) + " " + response.data.token.substr(spacePosition)
			
--- a/routes/api.php
+++ b/routes/api.php
@@ -41,10 +41,10 @@ Route::group(['middleware' => 'auth:api'], function() {
 
				     Route::post('twofaccounts/preview', 'TwoFAccountController@preview');
			
 
				     Route::get('twofaccounts/{twofaccount}/withSensitive', 'TwoFAccountController@showWithSensitive');
			
 
				     Route::get('twofaccounts/count', 'TwoFAccountController@count');
			
 
				+    Route::post('twofaccounts/token', 'TwoFAccountController@token');
			
 
				     Route::apiResource('twofaccounts', 'TwoFAccountController');
			
 
				     Route::patch('group/accounts', 'GroupController@associateAccounts');
			
 
				     Route::apiResource('groups', 'GroupController');
			
 
				-    Route::post('twofaccounts/otp', 'TwoFAccountController@generateOTP')->name('twofaccounts.generateOTP');
			
 
				     Route::post('qrcode/decode', 'QrCodeController@decode');
			
 
				     Route::get('qrcode/{twofaccount}', 'QrCodeController@show');
			
 
				     Route::post('icon/upload', 'IconController@upload');