From 4a5d7b6aee321f18fbb99bed31689d959ac92bd4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Jaussoin?=
 <timothee.jaussoin@belledonne-communications.com>
Date: Tue, 30 Jan 2024 14:02:14 +0000
Subject: [PATCH] Fix FLEXIAPI-138 Add ip and user_agent columns to all the
 tokens and code...

---
 CHANGELOG.md                                  |  5 +-
 flexiapi/app/Account.php                      | 10 +++
 flexiapi/app/AuthToken.php                    |  3 +-
 flexiapi/app/Consommable.php                  |  7 ++
 .../Account/AuthenticateController.php        |  1 +
 .../Account/RecoveryController.php            |  3 +-
 .../Api/Account/AuthTokenController.php       |  3 +-
 .../Api/Account/CreationTokenController.php   |  2 +
 .../Admin/AccountCreationTokenController.php  |  1 +
 flexiapi/app/RecoveryCode.php                 |  1 -
 flexiapi/app/Services/AccountService.php      |  2 +
 ...d_ip_columns_to_tokens_and_keys_tables.php | 84 +++++++++++++++++++
 .../admin/account/activity/index.blade.php    | 16 ++++
 13 files changed, 130 insertions(+), 8 deletions(-)
 create mode 100644 flexiapi/database/migrations/2024_01_29_144458_add_ip_columns_to_tokens_and_keys_tables.php

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 054408e..3066664 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,8 +2,11 @@
 
 v1.5
 ----
+- Fix FLEXIAPI-138 Add ip and user_agent columns to all the tokens and code tables, fill the values when required and display them in the admin
 - Fix FLEXIAPI-136 Refactor the Web Panel toggle mechanism and move it to a proper Middleware
+- Fix FLEXIAPI-134 Add a system to detect and block abusive accounts
 - Fix FLEXIAPI-133 Use the correct breadcrumb on create and fix a password
+- Fix FLEXIAPI-132 Refactor the Provisioning to remove proxy_default_values
 - Fix #143 Ensure that the ProvisioningToken model behave likes all the other Consommable
 - Fix #141 Add a new hook system for the Account Service
 - Fix #138 Add a dictionary attached to the accounts
@@ -13,8 +16,6 @@ v1.5
 - Fix #133 Make the MySQL connection unstrict
 - Fix #132 Move the provisioning_tokens and recovery_codes to dedicated table
 - Fix #130 Drop the group column in the Accounts table
-- Fix FLEXIAPI-132 Refactor the Provisioning to remove proxy_default_values
-- Fix FLEXIAPI-134 Add a system to detect and block abusive accounts
 
 v1.4.4
 ------
diff --git a/flexiapi/app/Account.php b/flexiapi/app/Account.php
index 9dfc990..99dcf8c 100644
--- a/flexiapi/app/Account.php
+++ b/flexiapi/app/Account.php
@@ -392,6 +392,11 @@ class Account extends Authenticatable
         $recoveryCode = new RecoveryCode;
         $recoveryCode->code = $code ?? generatePin();
         $recoveryCode->account_id = $this->id;
+
+        if (request()) {
+            $recoveryCode->fillRequestInfo(request());
+        }
+
         $recoveryCode->save();
 
         return $recoveryCode->code;
@@ -402,6 +407,11 @@ class Account extends Authenticatable
         $provisioningToken = new ProvisioningToken;
         $provisioningToken->token = $token ?? Str::random(WebAuthenticateController::$emailCodeSize);
         $provisioningToken->account_id = $this->id;
+
+        if (request()) {
+            $provisioningToken->fillRequestInfo(request());
+        }
+
         $provisioningToken->save();
 
         return $provisioningToken->token;
diff --git a/flexiapi/app/AuthToken.php b/flexiapi/app/AuthToken.php
index c5a0ada..3e68850 100644
--- a/flexiapi/app/AuthToken.php
+++ b/flexiapi/app/AuthToken.php
@@ -4,9 +4,8 @@ namespace App;
 
 use Carbon\Carbon;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
-use Illuminate\Database\Eloquent\Model;
 
-class AuthToken extends Model
+class AuthToken extends Consommable
 {
     use HasFactory;
 
diff --git a/flexiapi/app/Consommable.php b/flexiapi/app/Consommable.php
index 69e3711..13f9bfe 100644
--- a/flexiapi/app/Consommable.php
+++ b/flexiapi/app/Consommable.php
@@ -3,6 +3,7 @@
 namespace App;
 
 use Illuminate\Database\Eloquent\Model;
+use Illuminate\Http\Request;
 
 abstract class Consommable extends Model
 {
@@ -14,6 +15,12 @@ abstract class Consommable extends Model
         $this->save();
     }
 
+    public function fillRequestInfo(Request $request)
+    {
+        $this->ip = $request->ip();
+        $this->user_agent = $request->userAgent();
+    }
+
     public function consumed(): bool
     {
         return $this->{$this->consommableAttribute} == null;
diff --git a/flexiapi/app/Http/Controllers/Account/AuthenticateController.php b/flexiapi/app/Http/Controllers/Account/AuthenticateController.php
index c289b73..7c9d507 100644
--- a/flexiapi/app/Http/Controllers/Account/AuthenticateController.php
+++ b/flexiapi/app/Http/Controllers/Account/AuthenticateController.php
@@ -91,6 +91,7 @@ class AuthenticateController extends Controller
         if ($authToken == null) {
             $authToken = new AuthToken;
             $authToken->token = Str::random(32);
+            $authToken->fillRequestInfo($request);
             $authToken->save();
 
             return redirect()->route('account.authenticate.auth_token', ['token' => $authToken->token]);
diff --git a/flexiapi/app/Http/Controllers/Account/RecoveryController.php b/flexiapi/app/Http/Controllers/Account/RecoveryController.php
index 9605011..01e6bc7 100644
--- a/flexiapi/app/Http/Controllers/Account/RecoveryController.php
+++ b/flexiapi/app/Http/Controllers/Account/RecoveryController.php
@@ -137,8 +137,7 @@ class RecoveryController extends Controller
             ]);
         }
 
-        $account->recovery_code = null;
-        $account->save();
+        $account->currentRecoveryCode->consume();
 
         Auth::login($account);
         return redirect()->route('account.password.update');
diff --git a/flexiapi/app/Http/Controllers/Api/Account/AuthTokenController.php b/flexiapi/app/Http/Controllers/Api/Account/AuthTokenController.php
index 1cf8415..ea2d77f 100644
--- a/flexiapi/app/Http/Controllers/Api/Account/AuthTokenController.php
+++ b/flexiapi/app/Http/Controllers/Api/Account/AuthTokenController.php
@@ -26,10 +26,11 @@ use Illuminate\Support\Str;
 
 class AuthTokenController extends Controller
 {
-    public function store()
+    public function store(Request $request)
     {
         $authToken = new AuthToken;
         $authToken->token = Str::random(32);
+        $authToken->fillRequestInfo($request);
         $authToken->save();
 
         return $authToken;
diff --git a/flexiapi/app/Http/Controllers/Api/Account/CreationTokenController.php b/flexiapi/app/Http/Controllers/Api/Account/CreationTokenController.php
index 396ac7e..45ea3cc 100644
--- a/flexiapi/app/Http/Controllers/Api/Account/CreationTokenController.php
+++ b/flexiapi/app/Http/Controllers/Api/Account/CreationTokenController.php
@@ -59,6 +59,7 @@ class CreationTokenController extends Controller
         $token->pn_provider = $request->get('pn_provider');
         $token->pn_param = $request->get('pn_param');
         $token->pn_prid = $request->get('pn_prid');
+        $token->fillRequestInfo($request);
 
         // Send the token to the device via Push Notification
         $fp = new FlexisipPusherConnector($token->pn_provider, $token->pn_param, $token->pn_prid);
@@ -88,6 +89,7 @@ class CreationTokenController extends Controller
         if ($creationRequestToken && $creationRequestToken->validated_at != null) {
             $accountCreationToken = new AccountCreationToken;
             $accountCreationToken->token = Str::random(WebAuthenticateController::$emailCodeSize);
+            $accountCreationToken->fillRequestInfo($request);
             $accountCreationToken->save();
 
             $creationRequestToken->consume();
diff --git a/flexiapi/app/Http/Controllers/Api/Admin/AccountCreationTokenController.php b/flexiapi/app/Http/Controllers/Api/Admin/AccountCreationTokenController.php
index bbdc76e..477e354 100644
--- a/flexiapi/app/Http/Controllers/Api/Admin/AccountCreationTokenController.php
+++ b/flexiapi/app/Http/Controllers/Api/Admin/AccountCreationTokenController.php
@@ -32,6 +32,7 @@ class AccountCreationTokenController extends Controller
     {
         $token = new AccountCreationToken;
         $token->token = Str::random(WebAuthenticateController::$emailCodeSize);
+        $token->fillRequestInfo($request);
         $token->save();
 
         return $token;
diff --git a/flexiapi/app/RecoveryCode.php b/flexiapi/app/RecoveryCode.php
index 01935a9..4a154f3 100644
--- a/flexiapi/app/RecoveryCode.php
+++ b/flexiapi/app/RecoveryCode.php
@@ -3,7 +3,6 @@
 namespace App;
 
 use Illuminate\Database\Eloquent\Factories\HasFactory;
-use Illuminate\Database\Eloquent\Model;
 
 class RecoveryCode extends Consommable
 {
diff --git a/flexiapi/app/Services/AccountService.php b/flexiapi/app/Services/AccountService.php
index 3bb0449..5817d11 100644
--- a/flexiapi/app/Services/AccountService.php
+++ b/flexiapi/app/Services/AccountService.php
@@ -122,6 +122,7 @@ class AccountService
         $phoneChangeCode->account_id = $account->id;
         $phoneChangeCode->phone = $request->get('phone');
         $phoneChangeCode->code = generatePin();
+        $phoneChangeCode->fillRequestInfo($request);
         $phoneChangeCode->save();
 
         Log::channel('events')->info('Account Service: Account phone change requested by SMS', ['id' => $account->identifier]);
@@ -197,6 +198,7 @@ class AccountService
         $emailChangeCode->account_id = $account->id;
         $emailChangeCode->email = $request->get('email');
         $emailChangeCode->code = generatePin();
+        $emailChangeCode->fillRequestInfo($request);
         $emailChangeCode->save();
 
         Log::channel('events')->info('Account Service: Account email change requested by email', ['id' => $account->identifier]);
diff --git a/flexiapi/database/migrations/2024_01_29_144458_add_ip_columns_to_tokens_and_keys_tables.php b/flexiapi/database/migrations/2024_01_29_144458_add_ip_columns_to_tokens_and_keys_tables.php
new file mode 100644
index 0000000..3b2c87b
--- /dev/null
+++ b/flexiapi/database/migrations/2024_01_29_144458_add_ip_columns_to_tokens_and_keys_tables.php
@@ -0,0 +1,84 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    public function up()
+    {
+        Schema::table('recovery_codes', function (Blueprint $table) {
+            $table->string('ip')->nullable();
+            $table->string('user_agent')->nullable();
+        });
+
+        Schema::table('phone_change_codes', function (Blueprint $table) {
+            $table->string('ip')->nullable();
+            $table->string('user_agent')->nullable();
+        });
+
+        Schema::table('email_change_codes', function (Blueprint $table) {
+            $table->string('ip')->nullable();
+            $table->string('user_agent')->nullable();
+        });
+
+        Schema::table('provisioning_tokens', function (Blueprint $table) {
+            $table->string('ip')->nullable();
+            $table->string('user_agent')->nullable();
+        });
+
+        Schema::table('auth_tokens', function (Blueprint $table) {
+            $table->string('ip')->nullable();
+            $table->string('user_agent')->nullable();
+        });
+
+        Schema::table('account_creation_tokens', function (Blueprint $table) {
+            $table->string('ip')->nullable();
+            $table->string('user_agent')->nullable();
+        });
+
+        Schema::table('account_creation_request_tokens', function (Blueprint $table) {
+            $table->string('ip')->nullable();
+            $table->string('user_agent')->nullable();
+        });
+    }
+
+    public function down()
+    {
+        Schema::table('recovery_codes', function (Blueprint $table) {
+            $table->dropColumn('ip');
+            $table->dropColumn('user_agent');
+        });
+
+        Schema::table('phone_change_codes', function (Blueprint $table) {
+            $table->dropColumn('ip');
+            $table->dropColumn('user_agent');
+        });
+
+        Schema::table('email_change_codes', function (Blueprint $table) {
+            $table->dropColumn('ip');
+            $table->dropColumn('user_agent');
+        });
+
+        Schema::table('provisioning_tokens', function (Blueprint $table) {
+            $table->dropColumn('ip');
+            $table->dropColumn('user_agent');
+        });
+
+        Schema::table('auth_tokens', function (Blueprint $table) {
+            $table->dropColumn('ip');
+            $table->dropColumn('user_agent');
+        });
+
+        Schema::table('account_creation_tokens', function (Blueprint $table) {
+            $table->dropColumn('ip');
+            $table->dropColumn('user_agent');
+        });
+
+        Schema::table('account_creation_request_tokens', function (Blueprint $table) {
+            $table->dropColumn('ip');
+            $table->dropColumn('user_agent');
+        });
+    }
+};
diff --git a/flexiapi/resources/views/admin/account/activity/index.blade.php b/flexiapi/resources/views/admin/account/activity/index.blade.php
index 449e9a4..a66173b 100644
--- a/flexiapi/resources/views/admin/account/activity/index.blade.php
+++ b/flexiapi/resources/views/admin/account/activity/index.blade.php
@@ -21,6 +21,7 @@
                 <th>Recovery Codes</th>
                 <th>Created</th>
                 <th>Used</th>
+                <th>IP</th>
             </tr>
         </thead>
         <tbody>
@@ -33,6 +34,9 @@
                     <td>
                         {{ $recoveryCode->created_at != $recoveryCode->updated_at ? $recoveryCode->updated_at : '-' }}
                     </td>
+                    <td title="{{ $recoveryCode->user_agent }}">
+                        {{ $recoveryCode->ip ? $recoveryCode->ip : '-' }}
+                    </td>
                 </tr>
             @endforeach
         </tbody>
@@ -46,6 +50,7 @@
                 <th>Phone Change requests</th>
                 <th>Created</th>
                 <th>Used</th>
+                <th>IP</th>
             </tr>
         </thead>
         <tbody>
@@ -58,6 +63,9 @@
                     <td>
                         {{ $phoneChangeCode->created_at != $phoneChangeCode->updated_at ? $phoneChangeCode->updated_at : '-' }}
                     </td>
+                    <td title="{{ $phoneChangeCode->user_agent }}">
+                        {{ $phoneChangeCode->ip ? $phoneChangeCode->ip : '-' }}
+                    </td>
                 </tr>
             @endforeach
         </tbody>
@@ -71,6 +79,7 @@
                 <th>Email Change requests</th>
                 <th>Created</th>
                 <th>Used</th>
+                <th>IP</th>
             </tr>
         </thead>
         <tbody>
@@ -83,6 +92,9 @@
                     <td>
                         {{ $emailChangeCode->created_at != $emailChangeCode->updated_at ? $emailChangeCode->updated_at : '-' }}
                     </td>
+                    <td title="{{ $emailChangeCode->user_agent }}">
+                        {{ $emailChangeCode->ip ? $emailChangeCode->ip : '-' }}
+                    </td>
                 </tr>
             @endforeach
         </tbody>
@@ -96,6 +108,7 @@
                 <th>Provisioning Tokens</th>
                 <th>Created</th>
                 <th>Used</th>
+                <th>IP</th>
             </tr>
         </thead>
         <tbody>
@@ -108,6 +121,9 @@
                     <td>
                         {{ $provisioningToken->consumed() ? $provisioningToken->updated_at : '-' }}
                     </td>
+                    <td title="{{ $provisioningToken->user_agent }}">
+                        {{ $provisioningToken->ip ? $provisioningToken->ip : '-' }}
+                    </td>
                 </tr>
             @endforeach
         </tbody>