search

laravel / jetstream

Tailwind scaffolding for the Laravel framework.
https://jetstream.laravel.com
MIT License
3.96k stars 810 forks source link

Password validation can't be disabled #1488

Closed l-alexandrov closed 4 months ago

l-alexandrov commented 5 months ago

Jetstream Version

4.0.5

Jetstream Stack

Livewire

Laravel Version

10.46.0

PHP Version

8.2.16

Database Driver & Version

No response

Description

Despite the fact I've disabled password validation, it's still required for 2FA activation. The two-factor-authentication-form component renders the component for password confirmation without checking if confirmation is required.

Btw, I think it's applicable to latest Jetstream version as well.

Steps To Reproduce

  1. Log in to a user without 2FA activated
  2. Disable password confirmation in config/fortify.php via: 
    Features::twoFactorAuthentication([
'confirmPassword' => false
]),
  3. Go to /user/profile
  4. Try to enable 2FA
  5. See that you are still required to confirm your password
crynobone commented 4 months ago

See https://github.com/laravel/jetstream/pull/1464#issuecomment-2028975807