[4.x] Check for confirm in fortify #1433

michail-polatoglou · 2024-01-17T12:07:40Z

There is a bug in the current logic for the two_factor_enabled in the SharedInertiaData middleware. It returns true even if the confirmed option in fortify.php config is set to true leading in an error if you refresh the page in the confirmation page.

This is not a problem in the default configuration of the 2FA in the jetstream profile page but if you want to move this form to a different page it causes a problem with the logic since the front end thinks the two_factor_enabled is true even if it's not confirmed and only shows you the recovery codes.

The function could be shortened to:

if (
    Features::enabled(Features::twoFactorAuthentication()) &&
    !is_null($user->two_factor_secret) &&
    (
        !Features::enabled(Features::twoFactorAuthentication(['confirm'])) ||
        !is_null($user->two_factor_confirmed_at)
    )
) {
    return true;
} else {
    return false;
}

but i expanded it for readability

taylorotwell · 2024-01-18T17:36:04Z

No plans to change this atm.

michail-polatoglou added 4 commits January 17, 2024 12:01

check for confirm in fortify

fb77d07

styling changes

d61dd45

styling changes

37c8aa0

styling changes

55aa4b5

driesvints changed the title ~~check for confirm in fortify~~ [4.x] Check for confirm in fortify Jan 18, 2024

taylorotwell closed this Jan 18, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[4.x] Check for confirm in fortify #1433

[4.x] Check for confirm in fortify #1433

michail-polatoglou commented Jan 17, 2024

taylorotwell commented Jan 18, 2024

[4.x] Check for confirm in fortify #1433

[4.x] Check for confirm in fortify #1433

Conversation

michail-polatoglou commented Jan 17, 2024

taylorotwell commented Jan 18, 2024