'Laravel after login Two factor not working
When I log in after activating two factor, the field where I enter the verification key does not open. Login directly. What could my problem be caused by?
FortifyServiceProvider.php
public function boot()
{
Fortify::createUsersUsing(CreateNewUser::class);
Fortify::updateUserProfileInformationUsing(UpdateUserProfileInformation::class);
Fortify::updateUserPasswordsUsing(UpdateUserPassword::class);
Fortify::resetUserPasswordsUsing(ResetUserPassword::class);
RateLimiter::for('login', function (Request $request) {
return Limit::perMinute(5)->by($request->email.$request->ip());
});
RateLimiter::for('two-factor', function (Request $request) {
return Limit::perMinute(5)->by($request->session()->get('login.id'));
});
Fortify::confirmPasswordView(function (){
return view('user.pages.confirm-password');
});
Fortify::twoFactorChallengeView(function (){
return view('user.pages.two-factor-challenge');
});
}
fortify.php
'features' => [
Features::registration(),
Features::resetPasswords(),
// Features::emailVerification(),
Features::updateProfileInformation(),
Features::updatePasswords(),
Features::twoFactorAuthentication([
'confirmPassword' => true,
]),
],
route.php
Route::group(['middleware' => ['auth', 'roles:0'], 'prefix' => 'live'], function () {
Route::get('/dashboard', [DashboardController::class, 'index'])->name('user.dashboard');
Modals/User.php
namespace App\Models;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
use Laravel\Fortify\TwoFactorAuthenticatable;
class User extends Authenticatable
{
use Notifiable;
use TwoFactorAuthenticatable;
Solution 1:[1]
I updated wep.php with routes to fortify and not Auth:
//Auth::routes(['register' => false]);
Route::group(['middleware' => ['guest', 'throttle:'.config('fortify.limiters.login')]], function() {
Route::get('/login', [AuthenticatedSessionController::class, 'create'])->name('login');
Route::post('/login', [AuthenticatedSessionController::class, 'store']);
});
Route::post('/logout', [AuthenticatedSessionController::class, 'destroy']) ->name('logout');
Solution 2:[2]
I had the same problem after integrating Laravel Fortify into an existing application. For guidance, I used Laravel Jetstream and implemented all the routes by hand. The guest routes looked like this:
Route::middleware('guest')->group(function () {
Route::get('register', [RegisteredUserController::class, 'create'])
->name('register');
Route::post('register', [RegisteredUserController::class, 'store']);
Route::get('login', [AuthenticatedSessionController::class, 'create'])
->name('login');
Route::post('login', [AuthenticatedSessionController::class, 'store']);
Route::get('forgot-password', [PasswordResetLinkController::class, 'create'])
->name('password.request');
Route::post('forgot-password', [PasswordResetLinkController::class, 'store'])
->name('password.email');
Route::get('reset-password/{token}', [NewPasswordController::class, 'create'])
->name('password.reset');
Route::post('reset-password', [NewPasswordController::class, 'store'])
->name('password.update');
});
The problem is probably a conflict between an automatically published login route and my manual login route. After I commented out this route, the two-factor challenge view was also displayed.
// If this route is active, it overwrites the two factor mechanism.
// Route::post('login', [AuthenticatedSessionController::class, 'store']);
You can control with the command php artisan route:list
that a POST /login route still exists and that it is linked with the same controller.
Solution 3:[3]
i have found a solution using custom piple line in the fortify service provider
use Laravel\Fortify\Actions\AttemptToAuthenticate;
use Laravel\Fortify\Actions\EnsureLoginIsNotThrottled;
use Laravel\Fortify\Actions\PrepareAuthenticatedSession;
use Laravel\Fortify\Actions\RedirectIfTwoFactorAuthenticatable;
use Laravel\Fortify\Fortify;
use Illuminate\Http\Request;
Fortify::authenticateThrough(function (Request $request) {
return array_filter([
config('fortify.limiters.login') ? null : EnsureLoginIsNotThrottled::class,
Features::enabled(Features::twoFactorAuthentication()) ? RedirectIfTwoFactorAuthenticatable::class : null,
AttemptToAuthenticate::class,
PrepareAuthenticatedSession::class,
]);
});
Just add this code to you the fortify service provider
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | makhag |
Solution 2 | rpanske |
Solution 3 | Abdallah |