Added user property to enforce 2fa or not

Layout/default/User/Form.php

@@ -112,7 +112,17 @@
                 <label for="password2">Repeat Password:</label>
                 <input type="password" id="password2" name="password2" class="form-control" value="" />
               </div>
-
+              
+              <hr />
+              
+              <div class="form-group">
+                <label for="twofactorrequired">2FA erzwingen:</label>
+                <select name="twofactorrequired" id="twofactorrequired" class="form-control">
+                  <option value="false" <?=(isset($user) && !$user->twofactorrequired) ? "selected='selected'" : ""?>>No</option>
+                  <option value="true" <?=( (!isset($user) || !$user->id) || (isset($user) && $user->twofactorrequired)) ? "selected='selected'" : ""?>>Yes</option>
+                </select>
+              </div>
+              
               <hr />
               
               <h4 class="card-title mb-3">Beschränkungen</h4>

application/User/UserController.php

@@ -166,6 +166,13 @@ class UserController extends mfBaseController
             } else {
               $user->address_id = null;
             }
+            
+            // 2fa required
+            if($r->twofactorrequired == "true") {
+              $user->twofactorrequired = 1;
+            } else {
+              $user->twofactorrequired = 0;
+            }
         }
 
         if ($r->password) {
@@ -262,6 +269,8 @@ class UserController extends mfBaseController
               $enum->delete();
             }
             
+            
+            
         }
 
         $this->layout()->setFlash("Benutzer gespeichert.", "success");

application/User/UserModel.php

@@ -7,6 +7,10 @@ class UserModel
     public $password = null;
     public $name = null;
     public $email = null;
+    public $mobile;
+    public $twofactor;
+    public $twofactorcode;
+    public $twofactortimestamp;
     public $apikey = null;
     public $ip = null;
     public $sessionid = null;
@@ -67,7 +71,7 @@ class UserModel
 
     }
 
-    public static function search($filter)
+    public static function search($filter = [])
     {
         $items = [];
         $db = FronkDB::singleton();

db/migrations/20240209165524_worker_add_twofactorrequired.php

@@ -0,0 +1,31 @@
+<?php
+declare(strict_types=1);
+
+use Phinx\Migration\AbstractMigration;
+
+final class WorkerAddTwofactorrequired extends AbstractMigration
+{
+    public function up(): void
+    {
+        if($this->getEnvironment() == "thetool") {
+          $table = $this->table("Worker");
+          $table->addColumn("twofactorrequired", "integer", ["null" => false, "default" => 1, "after" => "twofactortimestamp"]);
+          $table->update();
+        }
+        
+        if($this->getEnvironment() == "addressdb") {
+          
+        }
+    }
+
+    public function down(): void
+    {
+        if($this->getEnvironment() == "thetool") {
+          $this->table("Worker")->removeColumn("twofactorrequired")->save();
+        }
+        
+        if($this->getEnvironment() == "addressdb") {
+          
+        }
+    }
+}

lib/mvcfronk/mfRouter/mfRouter.php

@@ -216,7 +216,7 @@ class mfRouter {
         $user = new User();
         $user->loadMe();
 
-        if($user->twofactor < 1 && $classname != "mfLoginController" && $classname != "UserProfileController" && $this->action != "logout" && $this->action != "Logout") {
+        if($user->twofactorrequired && $user->twofactor < 1 && $classname != "mfLoginController" && $classname != "UserProfileController" && $this->action != "logout" && $this->action != "Logout") {
           // redirect to UserProfile
           if(MFUSEFANCYURLS) {
             header("Location: $baseurl/UserProfile");