Closed stefanzweifel closed 4 months ago
github-actions[bot]
commented
4 months ago Thanks for submitting a PR!
Note that draft PR's are not reviewed. If you would like a review, please mark your pull request as ready for review in the GitHub user interface.
Pull requests that are abandoned in draft may be closed due to inactivity.
taylorotwell
commented
4 months ago I would call the event something like ValidTwoFactorAuthenticationCodeProvided
taylorotwell
commented
4 months ago Please mark as ready for review when the requested changes have been made.
stefanzweifel
commented
4 months ago @taylorotwell Definitely sounds and feels better than my original name. Thanks!
In an app I'm working on we would like to store a timestamp in the session, when the user last verified their 2FA[^1]. While source-diving I didn't find an event that would be fired, when the 2FA code was verified. (There are only events for when the verification failed.)
This PR adds a new event that is being fired when a new session is being authenticated using 2FA. Adding an event listener for our usecase is now trivial.
I was contemplating if this event should be fired within the
TwoFactorAuthenticationProvider, but as no other events are fired within that implementation I think the controllers is the right place for them.[^1]: In our app, the admin panel is protected with a
RequireTwoFactorAuthentication-middleware that periodically asks users to confirm their 2FA code. (Similar to the\Illuminate\Auth\Middleware\RequirePassword-middleware). We currently run into an UX-issue where folks can't access the admin dashboard immediately after login, as the same 2FA code doesn't seem to be accepted by theTwoFactorAuthenticationProviderwithin the 30s window after login.