Added incorrect OTP notification

app/Http/Controllers/Auth/TwoFactorAuthController.php

@@ -20,6 +20,11 @@ class TwoFactorAuthController extends Controller
         $this->authenticator = app(Authenticator::class)->boot($request);
     }
 
+    public function index()
+    {
+        return redirect('/');
+    }
+
     public function store(EnableTwoFactorAuthRequest $request)
     {
         if (!$this->twoFactor->verifyKey(user()->two_factor_secret, $request->two_factor_token)) {

app/Listeners/SendIncorrectOtpNotification.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace App\Listeners;
+
+use App\Notifications\IncorrectOtpNotification;
+use Illuminate\Support\Facades\Cache;
+use Illuminate\Support\Facades\Log;
+
+class SendIncorrectOtpNotification
+{
+    /**
+     * Handle the event.
+     *
+     * @param  object  $event
+     * @return void
+     */
+    public function handle($event)
+    {
+        if (! $user = $event->user) {
+            return;
+        }
+
+        if (! Cache::has("user:{$user->id}:failed-otp-notification")) {
+            // Add key to cache
+            Cache::put("user:{$user->id}:failed-otp-notification", now()->toDateTimeString(), now()->addMinutes(5));
+
+            // Log in auth.log
+            Log::channel('auth')->info('Failed OTP Notification sent: ' . $user->username);
+
+            $user->notify(new IncorrectOtpNotification());
+        }
+    }
+}

app/Notifications/IncorrectOtpNotification.php

@@ -0,0 +1,64 @@
+<?php
+
+namespace App\Notifications;
+
+use Illuminate\Bus\Queueable;
+use Illuminate\Contracts\Queue\ShouldBeEncrypted;
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Notifications\Messages\MailMessage;
+use Illuminate\Notifications\Notification;
+use Symfony\Component\Mime\Email;
+
+class IncorrectOtpNotification extends Notification implements ShouldQueue, ShouldBeEncrypted
+{
+    use Queueable;
+
+    /**
+     * Get the notification's delivery channels.
+     *
+     * @param  mixed  $notifiable
+     * @return array
+     */
+    public function via($notifiable)
+    {
+        return ['mail'];
+    }
+
+    /**
+     * Get the mail representation of the notification.
+     *
+     * @param  mixed  $notifiable
+     * @return \Illuminate\Notifications\Messages\MailMessage
+     */
+    public function toMail($notifiable)
+    {
+        $recipient = $notifiable->defaultRecipient;
+        $fingerprint = $recipient->should_encrypt ? $recipient->fingerprint : null;
+
+        return (new MailMessage())
+            ->subject("Failed Two Factor Authentication Login Attempt")
+            ->markdown('mail.failed_login_attempt', [
+                'recipientId' => $recipient->id,
+                'hasVerifiedEmail' => $recipient->hasVerifiedEmail(),
+                'fingerprint' => $fingerprint,
+                'username' => $notifiable->username
+            ])
+            ->withSymfonyMessage(function (Email $message) {
+                $message->getHeaders()
+                        ->addTextHeader('Feedback-ID', 'FLA:anonaddy');
+            });
+    }
+
+    /**
+     * Get the array representation of the notification.
+     *
+     * @param  mixed  $notifiable
+     * @return array
+     */
+    public function toArray($notifiable)
+    {
+        return [
+            //
+        ];
+    }
+}

app/Providers/EventServiceProvider.php

@@ -3,10 +3,12 @@
 namespace App\Providers;
 
 use App\Listeners\CheckIfShouldBlock;
+use App\Listeners\SendIncorrectOtpNotification;
 use Illuminate\Auth\Events\Registered;
 use Illuminate\Auth\Listeners\SendEmailVerificationNotification;
 use Illuminate\Foundation\Support\Providers\EventServiceProvider as ServiceProvider;
 use Illuminate\Mail\Events\MessageSending;
+use PragmaRX\Google2FALaravel\Events\LoginFailed;
 
 class EventServiceProvider extends ServiceProvider
 {
@@ -21,6 +23,9 @@ class EventServiceProvider extends ServiceProvider
         ],
         MessageSending::class => [
             CheckIfShouldBlock::class,
+        ],
+        LoginFailed::class => [
+            SendIncorrectOtpNotification::class
         ]
     ];
 

resources/views/mail/failed_login_attempt.blade.php

@@ -0,0 +1,14 @@
+@component('mail::message')
+
+# Failed two factor authentication login attempt
+
+Someone just entered an incorrect OTP while trying to login to your AnonAddy account. The username (**{{ $username }}**) and password were correct.
+
+The login has been blocked. If this was you, then you can ignore this notification.
+
+If this **was not you** then please login and **change your password immediately**.
+
+@component('mail::button', ['url' => config('app.url').'/settings'])
+Change Password
+@endcomponent
+@endcomponent

routes/web.php

@@ -52,6 +52,7 @@ Route::controller(ForgotUsernameController::class)->group(function () {
     Route::post('/username/email', 'sendReminderEmail')->name('username.email');
 });
 
+Route::get('/login/2fa', [TwoFactorAuthController::class, 'index'])->name('login.2fa.index')->middleware(['2fa', 'auth']);
 Route::post('/login/2fa', [TwoFactorAuthController::class, 'authenticateTwoFactor'])->name('login.2fa')->middleware(['2fa', 'throttle:3,1', 'auth']);
 
 Route::controller(BackupCodeController::class)->group(function () {