refactor: implement or remove 2FA stub methods in Settings modal #15

New issue

Open

opened 2026-02-20 02:40:30 +00:00 by Clotho · 0 comments

Clotho commented

2026-02-20 02:40:30 +00:00

Member

Issue

5 two-factor authentication methods in src/Website/Hub/View/Modal/Admin/Settings.php are stubs with TODO comments.

Stub Methods

1. enableTwoFactor() (lines 184-187)

public function enableTwoFactor()
{
    // TODO: Implement native 2FA - currently disabled
    $this->dispatch('toast', type: 'info', message: '2FA setup coming soon!');
}

2. confirmTwoFactor() (lines 190-193)

public function confirmTwoFactor()
{
    // TODO: Implement native 2FA - currently disabled
}

3. showRecoveryCodesModal() (lines 196-199)

public function showRecoveryCodesModal()
{
    // TODO: Implement native 2FA - currently disabled
}

4. regenerateRecoveryCodes() (lines 202-205)

public function regenerateRecoveryCodes()
{
    // TODO: Implement native 2FA - currently disabled
}

5. disableTwoFactor() (lines 208-211)

public function disableTwoFactor()
{
    // TODO: Implement native 2FA - currently disabled
}

Decision Required

Option A: Implement 2FA

Use pragmarx/google2fa-laravel or similar
Add two_factor_secret, two_factor_recovery_codes to users table
Implement QR code generation
Add verification flow
Test recovery code flow

Option B: Remove Stubs

If 2FA is handled by external service (Auth0, etc.)
Remove stub methods entirely
Remove 2FA UI from blade template
Document external 2FA approach

Option C: Mark as Planned

Keep stubs but add @todo PHPDoc
Remove from UI until implemented
Document in TODO.md as future feature

Files Affected

src/Website/Hub/View/Modal/Admin/Settings.php (5 methods)
src/Website/Hub/View/Blade/admin/settings.blade.php (2FA UI section)
Migration: add_two_factor_columns_to_users_table.php (if implementing)

Testing Requirements (if implementing)

Test 2FA setup flow
Test verification with valid/invalid codes
Test recovery code generation
Test recovery code usage
Test 2FA disable flow
Test QR code rendering

Priority

High - Dead code in production modal, confusing for users.

Discovered by

Automatic codebase scan (issue #3)

## Issue 5 two-factor authentication methods in `src/Website/Hub/View/Modal/Admin/Settings.php` are stubs with TODO comments. ## Stub Methods ### 1. enableTwoFactor() (lines 184-187) ```php public function enableTwoFactor() { // TODO: Implement native 2FA - currently disabled $this->dispatch('toast', type: 'info', message: '2FA setup coming soon!'); } ``` ### 2. confirmTwoFactor() (lines 190-193) ```php public function confirmTwoFactor() { // TODO: Implement native 2FA - currently disabled } ``` ### 3. showRecoveryCodesModal() (lines 196-199) ```php public function showRecoveryCodesModal() { // TODO: Implement native 2FA - currently disabled } ``` ### 4. regenerateRecoveryCodes() (lines 202-205) ```php public function regenerateRecoveryCodes() { // TODO: Implement native 2FA - currently disabled } ``` ### 5. disableTwoFactor() (lines 208-211) ```php public function disableTwoFactor() { // TODO: Implement native 2FA - currently disabled } ``` ## Decision Required **Option A: Implement 2FA** - Use `pragmarx/google2fa-laravel` or similar - Add `two_factor_secret`, `two_factor_recovery_codes` to users table - Implement QR code generation - Add verification flow - Test recovery code flow **Option B: Remove Stubs** - If 2FA is handled by external service (Auth0, etc.) - Remove stub methods entirely - Remove 2FA UI from blade template - Document external 2FA approach **Option C: Mark as Planned** - Keep stubs but add `@todo` PHPDoc - Remove from UI until implemented - Document in TODO.md as future feature ## Files Affected - `src/Website/Hub/View/Modal/Admin/Settings.php` (5 methods) - `src/Website/Hub/View/Blade/admin/settings.blade.php` (2FA UI section) - Migration: `add_two_factor_columns_to_users_table.php` (if implementing) ## Testing Requirements (if implementing) - Test 2FA setup flow - Test verification with valid/invalid codes - Test recovery code generation - Test recovery code usage - Test 2FA disable flow - Test QR code rendering ## Priority **High** - Dead code in production modal, confusing for users. ## Discovered by Automatic codebase scan (issue #3)