Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

wizard2000's avatar

how to add validation to login in laravel/fortify

hi, how can i add some validation to login in laravel/fortify

i want to add recaptcha validation to my login form. i add below codes to FortifyServiceProvider in provider directory.

Fortify::authenticateUsing(function (Request $request) {
            $request->validate([
                'g-recaptcha-response' => [new GoogleRecaptcha]
            ]);
    $user = User::where('email', $request->email)->orWhere('username', $request->email)->first();
            if ($user &&  Hash::check($request->password, $user->password)) {
                return $user;
            }
        });

but always it validation fails in login . I'm sure about the rule that i made , i test it in register and other forms

0 likes
5 replies
LaryAI's avatar
LaryAI
AI
2 years ago
Level 58

The issue with the provided code is that the validation is being performed before the user credentials are checked. This means that if the validation fails, the user credentials will not even be checked. To fix this, the validation should be performed after the user credentials are checked. Here's an updated version of the code:

Fortify::authenticateUsing(function (Request $request) {
    $user = User::where('email', $request->email)->orWhere('username', $request->email)->first();
    if ($user && Hash::check($request->password, $user->password)) {
        $request->validate([
            'g-recaptcha-response' => [new GoogleRecaptcha]
        ]);
        return $user;
    }
});

In this version, the user credentials are checked first, and if they are valid, then the recaptcha validation is performed.

iWpress's avatar

Hello @wizard2000, for me, as a beginner, this is a very interesting question. Did you do what Lary "Quickdraw" A.I. suggested and can you tell us more? You added this code to the boot method of the FortifyServiceProvider before this code:

       RateLimiter::for('login', function (Request $request) {
        $throttleKey = Str::transliterate(Str::lower($request->input(Fortify::username())).'|'.$request->ip());

        return Limit::perMinute(5)->by($throttleKey);
    });
simran_11's avatar

There is still problem , the authenticateUsing runs twice.

Please or to participate in this conversation.