From c5a893a6d97cea020d6c72d98bafe04871bb930e Mon Sep 17 00:00:00 2001
From: bidi <bidi@apidemia.com>
Date: Thu, 23 Apr 2026 17:27:19 +0300
Subject: [PATCH 1/4] updated totp tutorial

Signed-off-by: bidi <bidi@apidemia.com>
---
 .../totp/_misc/totp-append-Message.php        |  1 +
 ...otp-append-authorization-guards.global.php |  4 ++
 .../src/InputFilter/RecoveryInputFilter.php   | 41 +++++++++++++++
 .../Admin/src/InputFilter/TotpInputFilter.php | 50 +++++++++++++++++++
 .../admin/list-recovery-codes.html.twig       | 30 +++++++++++
 docs/book/v7/tutorials/install-dot-totp.md    |  8 +++
 6 files changed, 134 insertions(+)
 create mode 100644 code_examples/totp/_misc/totp-append-Message.php
 create mode 100644 code_examples/totp/_misc/totp-append-authorization-guards.global.php
 create mode 100644 code_examples/totp/src/Admin/src/InputFilter/RecoveryInputFilter.php
 create mode 100644 code_examples/totp/src/Admin/src/InputFilter/TotpInputFilter.php
 create mode 100644 code_examples/totp/src/Admin/templates/admin/list-recovery-codes.html.twig

diff --git a/code_examples/totp/_misc/totp-append-Message.php b/code_examples/totp/_misc/totp-append-Message.php
new file mode 100644
index 0000000..7e85aae
--- /dev/null
+++ b/code_examples/totp/_misc/totp-append-Message.php
@@ -0,0 +1 @@
+public const VALIDATOR_INVALID_CODE = 'Invalid recovery code.'
\ No newline at end of file
diff --git a/code_examples/totp/_misc/totp-append-authorization-guards.global.php b/code_examples/totp/_misc/totp-append-authorization-guards.global.php
new file mode 100644
index 0000000..285133a
--- /dev/null
+++ b/code_examples/totp/_misc/totp-append-authorization-guards.global.php
@@ -0,0 +1,4 @@
+'admin::validate-totp-form' => ['authenticated'],
+'admin::disable-totp-form'  => ['authenticated'],
+'admin::enable-totp-form'   => ['authenticated'],
+'admin::recovery-form'      => ['authenticated'],
\ No newline at end of file
diff --git a/code_examples/totp/src/Admin/src/InputFilter/RecoveryInputFilter.php b/code_examples/totp/src/Admin/src/InputFilter/RecoveryInputFilter.php
new file mode 100644
index 0000000..43e2a66
--- /dev/null
+++ b/code_examples/totp/src/Admin/src/InputFilter/RecoveryInputFilter.php
@@ -0,0 +1,41 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Admin\Admin\InputFilter;
+
+use Admin\App\InputFilter\Input\CsrfInput;
+use Core\App\InputFilter\AbstractInputFilter;
+
+/**
+ * @phpstan-type RecoveryDataType array{
+ *     code: non-empty-string,
+ *     totpCsrf: non-empty-string,
+ *     submit?: non-empty-string,
+ * }
+ * @extends AbstractInputFilter<RecoveryDataType>
+ */
+class RecoveryInputFilter extends AbstractInputFilter
+{
+    public function init(): void
+    {
+        $this->add([
+            'name'       => 'recoveryCode',
+            'required'   => true,
+            'filters'    => [
+                ['name' => 'StringTrim'],
+            ],
+            'validators' => [
+                [
+                    'name'    => 'Regex',
+                    'options' => [
+                        'pattern' => '/^[A-Z0-9]{5}-[A-Z0-9]{5}$/',
+                        'message' => 'Recovery code must be in format XXXXX-XXXXX using letters A-Z and digits 0-9.',
+                    ],
+                ],
+            ],
+        ]);
+
+        $this->add(new CsrfInput('recoveryCsrf'));
+    }
+}
diff --git a/code_examples/totp/src/Admin/src/InputFilter/TotpInputFilter.php b/code_examples/totp/src/Admin/src/InputFilter/TotpInputFilter.php
new file mode 100644
index 0000000..7f467f9
--- /dev/null
+++ b/code_examples/totp/src/Admin/src/InputFilter/TotpInputFilter.php
@@ -0,0 +1,50 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Admin\Admin\InputFilter;
+
+use Admin\App\InputFilter\Input\CsrfInput;
+use Core\App\InputFilter\AbstractInputFilter;
+use Laminas\Validator\Digits;
+use Laminas\Validator\StringLength;
+
+/**
+ * @phpstan-type TotpDataType array{
+ *     code: non-empty-string,
+ *     totpCsrf: non-empty-string,
+ *     submit?: non-empty-string,
+ * }
+ * @extends AbstractInputFilter<TotpDataType>
+ */
+class TotpInputFilter extends AbstractInputFilter
+{
+    public function init(): void
+    {
+        $this->add([
+            'name'       => 'code',
+            'required'   => true,
+            'filters'    => [
+                ['name' => 'StringTrim'],
+            ],
+            'validators' => [
+                [
+                    'name'    => Digits::class,
+                    'options' => [
+                        'message' => 'Code must contain only digits.',
+                    ],
+                ],
+                [
+                    'name'    => StringLength::class,
+                    'options' => [
+                        'min'     => 6,
+                        'max'     => 6,
+                        'message' => 'Code must be exactly 6 digits.',
+                    ],
+                ],
+            ],
+        ]);
+
+        $this->add(new CsrfInput('totpCsrf'));
+    }
+}
diff --git a/code_examples/totp/src/Admin/templates/admin/list-recovery-codes.html.twig b/code_examples/totp/src/Admin/templates/admin/list-recovery-codes.html.twig
new file mode 100644
index 0000000..dc672bc
--- /dev/null
+++ b/code_examples/totp/src/Admin/templates/admin/list-recovery-codes.html.twig
@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <link href="{{ asset('css/app.css') }}" rel="stylesheet">
+</head>
+<body class="app">
+<div class="d-flex justify-content-center align-items-center vh-100">
+    <div class="text-center">
+        <div class="mb-3">
+            <h2 class="mx-3">Recovery codes</h2>
+
+            {% if plainCodes|length > 0 %}
+                <div class="alert alert-info">
+                    <p>Save these recovery codes. Each code can be used only once:</p>
+                    <ul>
+                        {% for code in plainCodes %}
+                            <li>{{ code }}</li>
+                        {% endfor %}
+                    </ul>
+                </div>
+            {% endif %}
+
+            <div class="d-flex flex-column align-items-center mt-3">
+                <a href="{{ path('dashboard::view-dashboard') }}" class="btn btn-secondary mt-2">Ok</a>
+            </div>
+        </div>
+    </div>
+</div>
+</body>
+</html>
diff --git a/docs/book/v7/tutorials/install-dot-totp.md b/docs/book/v7/tutorials/install-dot-totp.md
index ca1ae73..6d1d2dc 100644
--- a/docs/book/v7/tutorials/install-dot-totp.md
+++ b/docs/book/v7/tutorials/install-dot-totp.md
@@ -23,6 +23,8 @@ If you follow the links from the [main totp integration example](https://github.
 - [src/Admin/src/Handler/Account/PostEnableTotpHandler.php](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/Admin/src/Handler/Account/PostEnableTotpHandler.php)
 - [src/Admin/src/Handler/Account/PostValidateRecoveryHandler.php](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/Admin/src/Handler/Account/PostValidateRecoveryHandler.php)
 - [src/Admin/src/Handler/Account/PostValidateTotpHandler.php](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/Admin/src/Handler/Account/PostValidateTotpHandler.php)
+- [src/Admin/src/InputFilter/RecoveryInputFilter.php](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/Admin/src/InputFilter/RecoveryInputFilter.php)
+- [src/Admin/src/InputFilter/TotpInputFilter.php](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/Admin/src/InputFilter/TotpInputFilter.php)
 - [src/Admin/templates/admin/recovery-form.html.twig](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/Admin/templates/admin/recovery-form.html.twig)
 - [src/App/src/Middleware/CancelUrlMiddleware.php](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/App/src/Middleware/CancelUrlMiddleware.php)
 - [src/App/src/Middleware/TotpMiddleware.php](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/App/src/Middleware/TotpMiddleware.php)
@@ -37,6 +39,12 @@ There are still some code snippets in the [_misc](https://github.com/dotkernel/a
 - [the routes updates](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/_misc/totp-append-routes.php) must be added in the `src/Admin/src/RoutesDelegator.php` file.
 - [the pipeline updates](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/_misc/totp-append-Pipeline.php) must be added in the `config/pipeline.php` file after `$app->pipe(AuthMiddleware::class);`.
 - [the ConfigProvider updates](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/_misc/totp-append-ConfigProvider.php) must be added in the `src/Admin/src/ConfigProvider.php` file.
+- [append these routes](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/_misc/totp-append-authorization-guards.global.php) to your `authorization-guards.global.php` file.
+- Add the constant below in `src/Core/src/App/src/Message.php` to return an error message when the recovery code is invalid.
+
+```php
+public const VALIDATOR_INVALID_CODE = 'Invalid recovery code.'
+``` 
 
 ## Dot-totp in Action
 

From 3096008967f27a05ea009e73803cc74399d32503 Mon Sep 17 00:00:00 2001
From: bidi <bidi@apidemia.com>
Date: Thu, 23 Apr 2026 17:28:45 +0300
Subject: [PATCH 2/4] linting fixes

Signed-off-by: bidi <bidi@apidemia.com>
---
 code_examples/totp/_misc/totp-append-Message.php                | 2 +-
 .../totp/_misc/totp-append-authorization-guards.global.php      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/code_examples/totp/_misc/totp-append-Message.php b/code_examples/totp/_misc/totp-append-Message.php
index 7e85aae..caf434d 100644
--- a/code_examples/totp/_misc/totp-append-Message.php
+++ b/code_examples/totp/_misc/totp-append-Message.php
@@ -1 +1 @@
-public const VALIDATOR_INVALID_CODE = 'Invalid recovery code.'
\ No newline at end of file
+public const VALIDATOR_INVALID_CODE = 'Invalid recovery code.'
diff --git a/code_examples/totp/_misc/totp-append-authorization-guards.global.php b/code_examples/totp/_misc/totp-append-authorization-guards.global.php
index 285133a..5d34e89 100644
--- a/code_examples/totp/_misc/totp-append-authorization-guards.global.php
+++ b/code_examples/totp/_misc/totp-append-authorization-guards.global.php
@@ -1,4 +1,4 @@
 'admin::validate-totp-form' => ['authenticated'],
 'admin::disable-totp-form'  => ['authenticated'],
 'admin::enable-totp-form'   => ['authenticated'],
-'admin::recovery-form'      => ['authenticated'],
\ No newline at end of file
+'admin::recovery-form'      => ['authenticated'],

From 7e2351200b5b594668e64dba56bd9c276a73e568 Mon Sep 17 00:00:00 2001
From: bidi <bidi@apidemia.com>
Date: Thu, 23 Apr 2026 17:31:37 +0300
Subject: [PATCH 3/4] added missing links to example files

Signed-off-by: bidi <bidi@apidemia.com>
---
 docs/book/v7/tutorials/install-dot-totp.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/book/v7/tutorials/install-dot-totp.md b/docs/book/v7/tutorials/install-dot-totp.md
index 6d1d2dc..d5f4672 100644
--- a/docs/book/v7/tutorials/install-dot-totp.md
+++ b/docs/book/v7/tutorials/install-dot-totp.md
@@ -25,7 +25,9 @@ If you follow the links from the [main totp integration example](https://github.
 - [src/Admin/src/Handler/Account/PostValidateTotpHandler.php](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/Admin/src/Handler/Account/PostValidateTotpHandler.php)
 - [src/Admin/src/InputFilter/RecoveryInputFilter.php](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/Admin/src/InputFilter/RecoveryInputFilter.php)
 - [src/Admin/src/InputFilter/TotpInputFilter.php](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/Admin/src/InputFilter/TotpInputFilter.php)
+- [src/Admin/templates/admin/list-recovery-codes.html.twig](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/Admin/templates/admin/list-recovery-codes.html.twig)
 - [src/Admin/templates/admin/recovery-form.html.twig](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/Admin/templates/admin/recovery-form.html.twig)
+- [src/Admin/templates/admin/validate-totp-form.html.twig](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/Admin/templates/admin/validate-totp-form.html.twig)
 - [src/App/src/Middleware/CancelUrlMiddleware.php](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/App/src/Middleware/CancelUrlMiddleware.php)
 - [src/App/src/Middleware/TotpMiddleware.php](https://github.com/dotkernel/admin-documentation/tree/main/code_examples/totp/src/App/src/Middleware/TotpMiddleware.php)
 

From 0877e058c5867dc2458ffac342168b62dc420eff Mon Sep 17 00:00:00 2001
From: bidi <bidi@apidemia.com>
Date: Thu, 23 Apr 2026 17:43:02 +0300
Subject: [PATCH 4/4] linting fixes

Signed-off-by: bidi <bidi@apidemia.com>
---
 docs/book/v7/tutorials/install-dot-totp.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/book/v7/tutorials/install-dot-totp.md b/docs/book/v7/tutorials/install-dot-totp.md
index d5f4672..ff2ce4e 100644
--- a/docs/book/v7/tutorials/install-dot-totp.md
+++ b/docs/book/v7/tutorials/install-dot-totp.md
@@ -46,7 +46,7 @@ There are still some code snippets in the [_misc](https://github.com/dotkernel/a
 
 ```php
 public const VALIDATOR_INVALID_CODE = 'Invalid recovery code.'
-``` 
+```
 
 ## Dot-totp in Action