Update frontend files and readme

Author: matdave

README.md

@@ -1,6 +1,10 @@
-# Twilio
+# Twilio Verify
 
-## Sample Registration page
+Twilio is a verification service that allows you to send a code to a user's phone or use a time-based one time password to verify their identity. You can find more information on Twilio at [https://www.twilio.com/](https://www.twilio.com/). This is not a free service, so you will need to sign up for a Twilio account. Each successful verification will cost you $0.05, so this is something to consider before implementing.
+
+## Phone Verification 
+
+###  Sample Registration page
 
 ```html
 <link
@@ -66,7 +70,7 @@
 </script>
 ```
 
-## Sample Activation Page (&twilioActivationResourceId)
+### Sample Activation Page (&twilioActivationResourceId)
 
 ```html
 [[!TwilioGetPhone]]
@@ -107,4 +111,68 @@ Phone: [[!+twilio.phone]]
         <input type="submit" name="verify" value="Validate my phone" />
     </div>
 </form>
-```
+```
+
+## Time-based One Time Password
+
+### Sample Challenge Page
+
+Create a challenge page and set the system setting `twilio.totp_challenge_page` to the page ID.
+
+```html
+[[!FormIt?
+    &hooks=`TwilioTOTPChallenge,TwilioVerify`
+    &twilioRedirect=`4` // ID of the page to redirect to after verification
+    &twilioFactorType=`totp`
+    &validate=`code:required`
+]]
+<form method="post">
+    <label>
+        Enter 2FA Code
+        <input name="code" value="" />
+    </label>
+    <button type="submit">Submit</button>
+</form>
+```
+
+### Sample Create/Reset Token Page
+
+Create a page with the following content:
+
+```html
+[[TwilioTOTPCreate?twilioRedirect=`4`]]
+```
+
+### Sample Profile Page
+
+```html
+[[!TwilioTOTPqr]]
+
+[[!+twilio.qr:ne=``:then=`
+    <img src="[[!+twilio.qr]]" />
+    <p>Secret [[!+twilio.secret]]</p>
+    [[!+twilio.status:is=`unverified`:then=`
+        <p><a href="[[~5]]"><strong>Verify 2FA Code Before Next Login</strong></a></p> <!-- link to challenge page -->
+    `:else=``]]
+    <p><a href="[[~6]]">Refresh 2FA</a><br /> <!-- link to create / refresh page -->
+    <a href="[[~6?status=`disable_totp`]]">Disable 2FA</a></p>
+`:else=`
+    <a href="[[~6]]">Enable 2FA</a>
+`]]
+```
+
+## System Settings
+
+| key | description                                                                                                |
+| --- |------------------------------------------------------------------------------------------------------------|
+| twilio.account_sid | Twilio Account SID - Found under Account Info here https://console.twilio.com/                             |
+| twilio.account_token | Twilio Auth Token - Found under Account Info here https://console.twilio.com/                              |
+| twilio.service_id | Twilio Service ID - Found under Services Page here https://console.twilio.com/us1/develop/verify/services  |
+| twilio.totp_enforce | Enforce 2FA for all users                                                                                  |
+| twilio.totp_email_on_login | Email a code to the user when they login                                                                   |
+| twilio.totp_challenge_page | Page ID of the challenge page                                                                              |
+
+## Manager Page
+
+Twilio 2FA Verification can be enabled in the manager login as well. You can view the status of Twilio 2FA for each user in the menu under 
+"Extras -> User Authentication"

_build/config.json

@@ -36,8 +36,16 @@
           "file": "TwilioValidatePhone.php"
         },
         {
-          "name": "TwilioCreateTOTP",
-          "file": "TwilioCreateTOTP.php"
+          "name": "TwilioTOTPChallenge",
+          "file": "TwilioTOTPChallenge.php"
+        },
+        {
+          "name": "TwilioTOTPCreate",
+          "file": "TwilioTOTPCreate.php"
+        },
+        {
+          "name": "TwilioTOTPqr",
+          "file": "TwilioTOTPqr.php"
         }
       ],
       "plugins": [
@@ -77,7 +85,7 @@
       },
       {
         "key": "totp_challenge_page",
-        "value": "0",
+        "value": ""
       }
     ]
   },

core/components/twilio/model/twilio/src/Snippet/Snippet.php

@@ -54,8 +54,8 @@ public function base64urlDecode($str) {
 
     protected function redirect()
     {
-        $redirect = (int)$this->getOption('twilioRedirect', 0);
-        if (!empty($redirect)) {
+        $redirect = (int)$this->getOption('twilioRedirect', null);
+        if ($redirect > 0) {
             $this->modx->sendRedirect($this->modx->makeUrl($redirect));
         }
     }

core/components/twilio/model/twilio/src/Snippet/TotpChallenge.php

@@ -31,6 +31,9 @@ public function process()
         $profile = $user->getOne('Profile');
         $extended = $profile->get('extended');
         $userTwilio = $extended['twilio_totp'];
+        if ($userTwilio['status'] !== 'verified') {
+            return true;
+        }
         try {
             $twilio = new Client($this->sid, $this->token);
             $verification_check = $twilio->verify->v2->services($this->service)

core/components/twilio/model/twilio/src/Snippet/TotpCreate.php

@@ -11,16 +11,36 @@ public function process()
         $sid = $this->modx->getOption('twilio.account_sid');
         $token = $this->modx->getOption('twilio.account_token');
         $service = $this->getOption('twilioServiceId', $this->modx->getOption('twilio.service_id'));
+        $status = ($this->modx->getOption('status', $_REQUEST, null) === 'disable_totp') ? 0 : 1;
 
         if (empty($sid) || empty($token) || empty($service)) {
             $this->modx->sendErrorPage();
             return false;
         }
         $user = $this->modx->user;
         if (!$user || $user->id === 0) {
+            $this->modx->sendErrorPage();
             return false;
         }
 
+        $setting = $this->modx->getObject('modUserSetting', array('user' => $user->id, 'key' => 'twilio.totp'));
+        if (!$setting) {
+            $setting = $this->modx->newObject('modUserSetting');
+            $setting->set('user', $user->id);
+            $setting->set('key', 'twilio.totp');
+            $setting->set('xtype', 'combo-boolean');
+        }
+        $this->modx->log(\xPDO::LOG_LEVEL_ERROR, "[Twilio Create TOTP] setting = ".$status." REQUEST = ".$_REQUEST['status']);
+        if ($status === 0) {
+            $setting->set('value', $status);
+            if (!$setting->save()) {
+                $this->modx->log(\xPDO::LOG_LEVEL_ERROR, "[Twilio Create TOTP] Failed to save user setting");
+                return false;
+            }
+            $this->redirect();
+            return true;
+        }
+
         try {
             $twilio = new Client($sid, $token);
             $site = $this->modx->getOption('site_name');
@@ -47,6 +67,12 @@ public function process()
                     $this->modx->log(\xPDO::LOG_LEVEL_ERROR, "[Twilio Create TOTP] Failed to save profile");
                     return false;
                 }
+                $setting->set('value', $status);
+                if (!$setting->save()) {
+                    $this->modx->log(\xPDO::LOG_LEVEL_ERROR, "[Twilio Create TOTP] Failed to save user setting");
+                    return false;
+                }
+                $_SESSION['twilio_totp_verified'] = true;
                 $this->redirect();
                 return true;
             }

core/components/twilio/model/twilio/src/Snippet/TotpQR.php

@@ -17,8 +17,9 @@ public function process()
             $userTwilio = $extended['twilio_totp'];
             $uri = $userTwilio['binding']['uri'];
             $qr = 'https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl=' . urlencode($uri);
-            $this->modx->setPlaceholder('twilio.secret', $userTwilio['binding']['secret']);
             $this->modx->setPlaceholder('twilio.qr', $qr);
+            $this->modx->setPlaceholder('twilio.secret', $userTwilio['binding']['secret']);
+            $this->modx->setPlaceholder('twilio.status', $userTwilio['status']);
         }
     }
 }