Closed dragonfly4 closed 3 years ago
Came here to say v4 from v2 is not supported.
Digging deeper I saw I would have to rewrite a lot and modify my login process. So I have swapped Laravel/UI for Laravel/Fortify with built-in 2FA support. Your package has more features but let's hope Fortify gets a big update with Laravel v9.x
I was pretty much forced to do this package since there was no Fortify when I need it.
I’ll probably archive this package since Fortify exists with a cleaner implementation.
Italo Baeza C.
El 29-10-2021, a la(s) 04:39, dragonfly4 @.***> escribió:
Digging deeper I saw I would have to rewrite a lot and modify my login process. So I have swapped Laravel/UI for Laravel/Fortify with built-in 2FA support. Your package has more features but let's hope Fortify gets a big update with Laravel v9.x
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.
Correct but Fortify has some limitations and security risks.
I also had to extend some functions and write extra validation checks. I wouldn't switch yet if I was you.
Correct but Fortify has some limitations and security risks.
Like what?
Correct but Fortify has some limitations and security risks.
Like what?
https://github.com/laravel/fortify/issues/201
https://github.com/laravel/fortify/issues/322
https://github.com/laravel/fortify/issues/285 This doesn't work for now, need to investigate further.
++ you can re-use a TOPT so dangerous for MITM attack.
Thanks for the heads up. Seems weird that they decided to go for their own route considering this package already works like a charm (at least for me).
Dear
Upgrading v2 to v4 results in the login process skipping checks for users that have enabled 2FA. To simplify things I installed a clean Laravel v8.62 / PHP v8.0.11 to test it from scratch and the check / validation is not being executed.
'How it works' says no extra code is needed. https://github.com/DarkGhostHunter/Laraguard#how-this-works
Contract & trait are added to my User model https://github.com/DarkGhostHunter/Laraguard#usage
Login part mentions overriding Login in LoginController. Is this needed for v4 please? https://github.com/DarkGhostHunter/Laraguard#logging-in
This forces everyone to use 2FA during login
FYI: In Laravel 8 the default User model is located in App\Models and the readme still references to namespace App