2FA with Jetstream - "This password does not match our records" - Fix potentially found

[sn-seanh]

Hi Guys,

Got LdapRecord running with Jetstream, overall works very smooth.

However, unable to enable 2FA as it always throws back "This password does not match our records".

I was able to resolve this by implementing a fix someone had to a similar but unrelated issue -> https://laracasts.com/discuss/channels/code-review/jetstreamfortify-two-factor-authentication-with-multi-auth-multiple-guards?page=1&replyId=936524

By adding the below to FortifyServiceProvider.php, it resolves the problem.

      Fortify::confirmPasswordsUsing(function ($user, string $password) {
          return Hash::check($password, $user->password);
      });

Just wanted to check if this is the recommended fix or if there is another method? also thought this post might be useful to anyone else trying the same.

Thanks

Environment:

• LDAP Server Type: [ActiveDirectory]
• PHP Version: [8.2]
• Jetstream

[stevebauman]

Hi @sn-seanh,

This will work if you're synchronizing passwords upon user login, though they could still could fail the check due to being out of date if the user changes their password on your domain while being logged into your Laravel application.

I would suggest attempting auth against your LDAP server instead to ensure their password is valid:

use App\Models\User;
use App\Models\LdapUser;
use LdapRecord\Container;

Fortify::confirmPasswordsUsing(function (User $user, string $password) {
    $connection = Container::getConnection($user->getLdapDomain());

    $ldapUser = LdapUser::findByGuid($user->getLdapGuid());

    if ($ldapUser) {
        return $connection->auth()->attempt($ldapUser->getDn(), $password);
    }

    return false;
});

Hope this helps!