Added role based MFA control

- Added new DB column for control and role updated create/update actions.
- Created new middleware as a start to actual enforcement logic.
- Added indicator to role list of whether MFA is enforced.

app/Auth/Permissions/PermissionsRepo.php

@@ -57,6 +57,7 @@ class PermissionsRepo
     public function saveNewRole(array $roleData): Role
     {
         $role = $this->role->newInstance($roleData);
+        $role->mfa_enforced = ($roleData['mfa_enforced'] ?? 'false') === 'true';
         $role->save();
 
         $permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
@@ -90,6 +91,7 @@ class PermissionsRepo
         $this->assignRolePermissions($role, $permissions);
 
         $role->fill($roleData);
+        $role->mfa_enforced = ($roleData['mfa_enforced'] ?? 'false') === 'true';
         $role->save();
         $this->permissionService->buildJointPermissionForRole($role);
         Activity::add(ActivityType::ROLE_UPDATE, $role);

app/Auth/Role.php

@@ -18,6 +18,7 @@ use Illuminate\Database\Eloquent\Relations\HasMany;
  * @property string $description
  * @property string $external_auth_id
  * @property string $system_name
+ * @property bool   $mfa_enforced
  */
 class Role extends Model implements Loggable
 {

app/Http/Middleware/EnforceMfaRequirements.php

@@ -0,0 +1,24 @@
+<?php
+
+namespace BookStack\Http\Middleware;
+
+use Closure;
+
+class EnforceMfaRequirements
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        $mfaRequired = user()->roles()->where('mfa_enforced', '=', true)->exists();
+        // TODO - Run this after auth (If authenticated)
+        // TODO - Redirect user to setup MFA or verify via MFA.
+        // TODO - Store mfa_pass into session for future requests?
+        return $next($request);
+    }
+}