Only allow two-factor-challenge routes when user is logged in

laravel / fortify

Backend controllers and scaffolding for Laravel authentication.

https://laravel.com/docs/fortify

MIT License

1.61k stars 294 forks source link

Only allow two-factor-challenge routes when user is logged in #218

Closed kiwina closed 3 years ago

kiwina commented 3 years ago

Fortify Version: 1.6.1
Laravel Version: 8.26.1
PHP Version: 8
Database Driver & Version:

Description:

In jetstream the two-factor-challenge route is accessible even when the user is not logged in. Technically the route should redirect to the login screen. not sure if this happen on vanilla implementation

Steps To Reproduce:

driesvints commented 3 years ago

We don't have any immediate plans to change anything here. Feel free to attempt a PR if you feel anything can be improved 👍