Closed diogofm7 closed 3 years ago
I don't really know what you're asking here tbh. This seems like something you need to implement yourself.
the default operation when enabling or disabling 2FA should redirect me to password confirmation, and then go to the route.
That is, the routes for enabling and disabling 2FA should be protected with the confirm.password middleware, but they are not, even though I added
Features :: twoFactorAuthentication ([ 'confirmPassword' => true, ]),
Description:
When using routes to enable and disable two-factor authentication, you are not asking for password confirmation.
2FA is enabled or disabled, but without password confirmation
config/fortify.pgp
'features' => [ //Features::registration(), Features::resetPasswords(), //Features::emailVerification(), //Features::updateProfileInformation(), //Features::updatePasswords(), Features::twoFactorAuthentication([ 'confirmPassword' => true, ]),
Steps To Reproduce: