Hello,
I'm using Fortify to implement 2FA in an application.
Activate or deactivate 2FA needs to type the account password to confirm the action.
But => I click on the activation button, the password confirmation form is displayed and then, instead of being redirected to the next route with the QR code to confirm the 2FA configuration, I am redirected to the previous route and I have once again to click on the activation button.
Any idea what happens ?
Thanks for your help ;).
V
I give more information.
<a class="inline-block max-w-fit self-center transition-all px-4 py-2 bg-slate-700 text-lime-400 hover:bg-lime-400 hover:text-black rounded text-center" href="{{ route('auth.setup-two-factor') }}">
Activer l'authentification à 2 facteurs
</a>
When I click on this link, I am redirected to the confirmation password route.
And when I type my password, instead of being redirected to the auth.setup-two-factor route, I am redirected to the previous route.
Ok thank you, I didn't thought about using this for the password confirmation.
I will try it.
I found a way around the problem : I have deactivated the confirmPassword configuration for Fortify and I have protected the route to show the show two factor view with the password.confirm middleware.
This way the password confirmation is already done and the user can modify what he needs for the two factor authentication.
I have used the Fortify password confirmation route.
I mean, I have deactivated the confirmPassword configuration for Fortify, so that Fortify doesn't ask anymore to confirm the password if the user wants to change his 2FA configuration.
And I have protected the route to display the 2FA configuration page with the password.confirm middleware, which is the same used by Fortify.
This way when a user wants to activate or deactivate 2FA for his account, before accessing the 2FA page, he needs to confirm his password.
Please or to participate in this conversation.