driesvints
commented
4 years ago Gonna mark this as a duplicate of https://github.com/laravel/jetstream/issues/74 to keep the discussion focused.
Closed jetwes closed 4 years ago
driesvints
commented
4 years ago Gonna mark this as a duplicate of https://github.com/laravel/jetstream/issues/74 to keep the discussion focused.
jetwes
commented
4 years ago understood. But the implementation belongs to fortify in my opinion ;) I implemented fortify in one of my apps and had to write my own action because with the actual design it's impossible to cache the secret before saving to the database.
driesvints
commented
4 years ago It probably will be. You're always free to attempt a pr if you like 👍
jetwes
commented
4 years ago ok - will look into this tonight
At the moment it is impossible to verify that the user activated 2fa in his device. It should be mandatory that the user has to confirm the activation with an actual 2fa code. This is not possible at the moment because in "Laravel\Fortify\Actions\EnableTwoFactorAuthentication" the database field is filled on activation. The generation of the secret has to be done before and the secret has to be an option in the action so it is possible to check a valid code before the secret is saved to the database.
related to https://github.com/laravel/jetstream/issues/74