Comments (7)
This seems useful. I'll make some tests to see how it can be possible.
from twofactor.
from twofactor.
That's what I'm trying to achieve
from twofactor.
I understand. You can fix on the frontend by capturing the input and doing a fetch POST with cookies with each input concatenated into one string, and redirect on success.
from twofactor.
I have like this on my LoginController:
public function login(LoginRequest $request)
{
$attempt = Auth2FA::attempt($request->only('email', 'password'), $request->filled('remember'));
if ($attempt) {
$user = auth()->user();
if (! $user->isActive()) {
auth()->logout();
return redirect()->route('frontend.auth.login')->withFlashDanger(__('Su cuenta ha sido desactivada.'));
}
event(new UserLoggedIn($user));
if (config('boilerplate.access.user.single_login')) {
auth()->logoutOtherDevices($request->password);
}
return redirect()->intended($this->redirectPath());
}
return back()->withFlashDanger(__('No hay ningún usuario que coincida con estas credenciales.'));
}
and this is my LoginRequest:
<?php
namespace App\Http\Requests\Auth;
use App\Rules\Auth\Captcha;
use Illuminate\Auth\Events\Lockout;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\RateLimiter;
use Illuminate\Support\Str;
use Illuminate\Validation\ValidationException;
use Laragear\TwoFactor\TwoFactor;
class LoginRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return true;
}
/**
* Get the validation rules that apply to the request.
*
* @return array
*/
public function rules()
{
if ($this->isNotFilled('2fa_code')) {
return [
'email' => ['required', 'string', 'email'],
'password' => ['required', 'string'],
'g-recaptcha-response' => ['required_if:captcha_status,true', new Captcha],
];
}
return [
'2fa_code' => ['required']
];
}
/**
* Attempt to authenticate the request's credentials.
*
* @return void
*
* @throws ValidationException
*/
public function authenticate()
{
$this->ensureIsNotRateLimited();
$attempt = Auth::attemptWhen(
$this->only('email', 'password'),
TwoFactor::hasCodeOrFails(),
$this->boolean('remember')
);
if (! $attempt) {
RateLimiter::hit($this->throttleKey());
throw ValidationException::withMessages([
'email' => trans('auth.failed'),
]);
}
RateLimiter::clear($this->throttleKey());
}
/**
* Ensure the login request is not rate limited.
*
* @return void
*
* @throws ValidationException
*/
public function ensureIsNotRateLimited()
{
if (! RateLimiter::tooManyAttempts($this->throttleKey(), 5)) {
return;
}
event(new Lockout($this));
$seconds = RateLimiter::availableIn($this->throttleKey());
throw ValidationException::withMessages([
'email' => trans('auth.throttle', [
'seconds' => $seconds,
'minutes' => ceil($seconds / 60),
]),
]);
}
/**
* Get the rate limiting throttle key for the request.
*
* @return string
*/
public function throttleKey()
{
return Str::lower($this->input('email')).'|'.$this->ip();
}
/**
* @return array
*/
public function messages()
{
return [
'email.required' => __('Es obligatorio ingresar su dirección de correo.'),
'password.required' => __('Es obligatorio ingresar su contraseña.'),
'g-recaptcha-response.required_if' => __('El campo :attribute es obligatorio.', ['attribute' => 'CAPTCHA']),
];
}
}
How should be the approach you mention?
Thank you for your quick response!
from twofactor.
On the frontend, use JavaScript to capture the form submit and prevent it. From there, create a function that concatenates all the form inputs in one string, and send it to the backend.
It uses fetch()
. If the response fails, I just un hide a div
with a generic error. If it succeeded, I redirect the user to the dashboard.
That's how I do it on an private app. I don't need to do that on the backend.
from twofactor.
Okay, I'll try and get back to you with a feedback, Thanks
from twofactor.
Related Issues (20)
- Call Auth2FA::attempt gives warning 'Non static method 'attempt' should not be called statically.' HOT 8
- safe_devices does not remember device HOT 11
- Determine if user bypassed 2 factor with safe device. HOT 2
- How to get the secret? HOT 4
- [1.2] Support Laravel 10 HOT 2
- Laravel 10 non-compatible examples HOT 1
- [1.x] Add Universal 2nd Factor (U2F) HOT 3
- Issue with migrating from darkghosthunter/laraguard HOT 2
- Support to return a custom route instead of custom view to handle the 2FA Code retry. HOT 3
- Issuer missing or double HOT 9
- [1.x] cannot use user.uuid because of TwoFactorAuthentication model casting authenticatable_id to "int"
- [1.x] How to use with Laravel Breeze HOT 4
- The MAC is invalid. HOT 2
- Clarification Required HOT 1
- [1.2,2] Label is not displayed correctly on Apple devices due to urlencoding HOT 1
- hasTwoFactorEnabled function not work because enabled_at still null HOT 1
- [2.x] Clear Documentation Issues & UX Issues. HOT 2
- [2.0] Migration error
- [2.0] Include `SerializesModels` in events. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from twofactor.