feat: Make email and SMS channels configurable via environment variables

- Add MFA_EMAIL_ENABLED and MFA_SMS_ENABLED environment variables
- Update config/mfa.php to use env() for enabled settings
- Modify registerDefaultChannels() to respect enabled configuration
- Add reRegisterDefaultChannels() method for runtime re-registration
- Add clear() method to ChannelRegistry for clearing channels
- Update README.md to document new environment variables
- Add comprehensive test coverage for enabled/disabled channel behavior
- Update facade annotations with new reRegisterDefaultChannels method

This addresses the inconsistency where email and SMS channels were
hardcoded to enabled=true while other features (remember, recovery)
were properly configurable via environment variables.

Now users can disable email or SMS channels via:
- MFA_EMAIL_ENABLED=false
- MFA_SMS_ENABLED=false

Channels can be re-registered at runtime to pick up config changes.

Author: anwarx4u

README.md

@@ -162,11 +162,13 @@ Configuration
 
 Environment variables (examples)
 ```
+MFA_EMAIL_ENABLED=true
 MFA_EMAIL_FROM_ADDRESS="no-reply@example.com"
 MFA_EMAIL_FROM_NAME="Example App"
 MFA_EMAIL_SUBJECT="Your verification code"
 MFA_EMAIL_CHANNEL="App\Channels\CustomEmailChannel"
 
+MFA_SMS_ENABLED=true
 MFA_SMS_DRIVER=log
 MFA_SMS_FROM="ExampleApp"
 MFA_SMS_CHANNEL="App\Channels\CustomSmsChannel"

config/mfa.php

@@ -5,15 +5,15 @@
     'code_ttl_seconds' => 300,
 
     'email' => [
-        'enabled'      => true,
+        'enabled'      => env('MFA_EMAIL_ENABLED', true),
         'from_address' => env('MFA_EMAIL_FROM_ADDRESS', env('MAIL_FROM_ADDRESS')),
         'from_name'    => env('MFA_EMAIL_FROM_NAME', env('MAIL_FROM_NAME', 'Laravel')),
         'subject'      => env('MFA_EMAIL_SUBJECT', 'Your verification code'),
         'channel'      => env('MFA_EMAIL_CHANNEL', \CodingLibs\MFA\Channels\EmailChannel::class),
     ],
 
     'sms' => [
-        'enabled' => true,
+        'enabled' => env('MFA_SMS_ENABLED', true),
         'driver'  => env('MFA_SMS_DRIVER', 'log'), // log|null
         'from'    => env('MFA_SMS_FROM', ''),
         'channel' => env('MFA_SMS_CHANNEL', \CodingLibs\MFA\Channels\SmsChannel::class),

src/ChannelRegistry.php

@@ -29,5 +29,10 @@ public function all(): array
     {
         return $this->channels;
     }
+
+    public function clear(): void
+    {
+        $this->channels = [];
+    }
 }
 

src/Facades/MFA.php

@@ -16,6 +16,7 @@
  * @method static ?\CodingLibs\MFA\Models\MfaChallenge generateChallenge(\Illuminate\Contracts\Auth\Authenticatable $user, string $method)
  * @method static void registerChannel(\CodingLibs\MFA\Contracts\MfaChannel $channel)
  * @method static void registerChannelFromConfig(string $type, array $config)
+ * @method static void reRegisterDefaultChannels()
  * @method static ?\CodingLibs\MFA\Contracts\MfaChannel getChannel(string $name)
  * @method static ?string generateTotpQrCodeBase64(\Illuminate\Contracts\Auth\Authenticatable $user, ?string $issuer = null, ?string $label = null, int $size = 200)
  * @method static ?string generateTotpQrCodeSvg(\Illuminate\Contracts\Auth\Authenticatable $user, ?string $issuer = null, ?string $label = null, int $size = 200)

src/MFA.php

@@ -32,8 +32,15 @@ public function __construct(array $config)
 
     protected function registerDefaultChannels(): void
     {
-        $this->registry->register($this->createChannel('email', $this->config['email'] ?? []));
-        $this->registry->register($this->createChannel('sms', $this->config['sms'] ?? []));
+        // Register email channel if enabled
+        if (Arr::get($this->config, 'email.enabled', true)) {
+            $this->registry->register($this->createChannel('email', $this->config['email'] ?? []));
+        }
+        
+        // Register SMS channel if enabled
+        if (Arr::get($this->config, 'sms.enabled', true)) {
+            $this->registry->register($this->createChannel('sms', $this->config['sms'] ?? []));
+        }
     }
 
     protected function createChannel(string $type, array $config): MfaChannel
@@ -152,6 +159,12 @@ public function registerChannelFromConfig(string $type, array $config): void
         $this->registry->register($channel);
     }
 
+    public function reRegisterDefaultChannels(): void
+    {
+        $this->registry->clear();
+        $this->registerDefaultChannels();
+    }
+
     protected function createChannelFromConfig(array $config): MfaChannel
     {
         $channelClass = $config['channel'] ?? throw new \InvalidArgumentException('channel must be specified in config');

tests/Feature/ChannelEnabledConfigTest.php

@@ -0,0 +1,181 @@
+<?php
+
+use CodingLibs\MFA\Channels\EmailChannel;
+use CodingLibs\MFA\Channels\SmsChannel;
+use CodingLibs\MFA\Facades\MFA;
+use CodingLibs\MFA\Contracts\MfaChannel;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Tests\TestCase;
+
+class ChannelEnabledConfigTest extends TestCase
+{
+    use RefreshDatabase;
+
+    public function test_email_channel_can_be_disabled_via_config()
+    {
+        // Test with email disabled
+        config(['mfa.email.enabled' => false]);
+        
+        $user = new TestUser(1, 'test@example.com');
+        
+        // Re-register channels to pick up new config
+        MFA::reRegisterDefaultChannels();
+        
+        // Should not be able to issue email challenges when disabled
+        $challenge = MFA::issueChallenge($user, 'email');
+        expect($challenge)->toBeNull();
+    }
+
+    public function test_sms_channel_can_be_disabled_via_config()
+    {
+        // Test with SMS disabled
+        config(['mfa.sms.enabled' => false]);
+        
+        $user = new TestUser(1, 'test@example.com');
+        
+        // Re-register channels to pick up new config
+        MFA::reRegisterDefaultChannels();
+        
+        // Should not be able to issue SMS challenges when disabled
+        $challenge = MFA::issueChallenge($user, 'sms');
+        expect($challenge)->toBeNull();
+    }
+
+    public function test_email_channel_can_be_enabled_via_config()
+    {
+        // Test with email enabled (default)
+        config(['mfa.email.enabled' => true]);
+        
+        $user = new TestUser(1, 'test@example.com');
+        
+        // Re-register channels to pick up new config
+        MFA::reRegisterDefaultChannels();
+        
+        // Should be able to issue email challenges when enabled
+        $challenge = MFA::issueChallenge($user, 'email');
+        expect($challenge)->not->toBeNull();
+        expect($challenge->method)->toBe('email');
+    }
+
+    public function test_sms_channel_can_be_enabled_via_config()
+    {
+        // Test with SMS enabled (default)
+        config(['mfa.sms.enabled' => true]);
+        
+        $user = new TestUser(1, 'test@example.com');
+        
+        // Re-register channels to pick up new config
+        MFA::reRegisterDefaultChannels();
+        
+        // Should be able to issue SMS challenges when enabled
+        $challenge = MFA::issueChallenge($user, 'sms');
+        expect($challenge)->not->toBeNull();
+        expect($challenge->method)->toBe('sms');
+    }
+
+    public function test_email_channel_respects_env_variable()
+    {
+        // Test with environment variable
+        putenv('MFA_EMAIL_ENABLED=false');
+        config(['mfa.email.enabled' => env('MFA_EMAIL_ENABLED', true)]);
+        
+        $user = new TestUser(1, 'test@example.com');
+        
+        // Re-register channels to pick up new config
+        MFA::reRegisterDefaultChannels();
+        
+        // Should not be able to issue email challenges when disabled via env
+        $challenge = MFA::issueChallenge($user, 'email');
+        expect($challenge)->toBeNull();
+        
+        // Clean up
+        putenv('MFA_EMAIL_ENABLED');
+    }
+
+    public function test_sms_channel_respects_env_variable()
+    {
+        // Test with environment variable
+        putenv('MFA_SMS_ENABLED=false');
+        config(['mfa.sms.enabled' => env('MFA_SMS_ENABLED', true)]);
+        
+        $user = new TestUser(1, 'test@example.com');
+        
+        // Re-register channels to pick up new config
+        MFA::reRegisterDefaultChannels();
+        
+        // Should not be able to issue SMS challenges when disabled via env
+        $challenge = MFA::issueChallenge($user, 'sms');
+        expect($challenge)->toBeNull();
+        
+        // Clean up
+        putenv('MFA_SMS_ENABLED');
+    }
+
+    public function test_disabled_channels_are_not_registered()
+    {
+        // Disable both channels
+        config(['mfa.email.enabled' => false]);
+        config(['mfa.sms.enabled' => false]);
+        
+        // Re-register channels to pick up new config
+        MFA::reRegisterDefaultChannels();
+        
+        // Check that channels are not available
+        expect(MFA::getChannel('email'))->toBeNull();
+        expect(MFA::getChannel('sms'))->toBeNull();
+    }
+
+    public function test_enabled_channels_are_registered()
+    {
+        // Enable both channels (default)
+        config(['mfa.email.enabled' => true]);
+        config(['mfa.sms.enabled' => true]);
+        
+        // Re-register channels to pick up new config
+        MFA::reRegisterDefaultChannels();
+        
+        // Check that channels are available
+        expect(MFA::getChannel('email'))->not->toBeNull();
+        expect(MFA::getChannel('sms'))->not->toBeNull();
+    }
+}
+
+class TestUser implements \Illuminate\Contracts\Auth\Authenticatable
+{
+    public function __construct(public int|string $id, public ?string $email = null) {}
+    
+    public function getAuthIdentifierName()
+    {
+        return 'id';
+    }
+    
+    public function getAuthIdentifier()
+    {
+        return $this->id;
+    }
+    
+    public function getAuthPassword()
+    {
+        return '';
+    }
+    
+    public function getAuthPasswordName()
+    {
+        return 'password';
+    }
+    
+    public function getRememberToken()
+    {
+        return '';
+    }
+    
+    public function setRememberToken($value)
+    {
+        // Not implemented
+    }
+    
+    public function getRememberTokenName()
+    {
+        return 'remember_token';
+    }
+}