Closed bskl closed 4 years ago
It will fail if the user is not an instance of 2FA. It also confirms the code instead of just validating it.
Instead, you could make a rule to just check if the code is valid. If the user is not 2FA, it should return false.
Ok, I'll make the changes soon.
The idea is to make the rule enforceable anywhere. The rule should be called totp_code
, since its the name of the implementation.
It should only succeed if the string is, well, a string, the user is an instance of TwoFactorAuthenticatable
and the code is correct.
public function __construct(Authenticatable $user = null)
{
$this->user = $user
}
public function passes()
{
if ($this->user instanceof TwoFactorAuthenticatable) {
// ... check if the code is a string and is correct.
}
return false;
}
Of course this would bypass safe devices. You could use this validation rule to set manually the device as "safe" in any part of your code:
public function setSafeDevice(Request $request, Authenticatable $user)
{
$request->validate('required|totp_code');
$user->addSafeDevice($request);
session()->flash('message', "This device has been added as safe and the app won't ask for codes");
}
I made some updates for translations.
Closing pending inactivity.
Hi, Was a different change necessary? I implemented it as you wrote in your last comment.
Sorry about the latter, I didn't hit F5 enough times.
I arranged your code and made the implementation on 2.0. You rock.
With custom validation rule we can easily to redirect form page when the pin code is invalid.