Laravel Fortify confirm 2FA doesn't throw error for invalid input

Hi,

As per title, i'm using Fortify. During confirm 2FA step, my app doesn't return error message when user input wrong code. Below is my form

<form method="POST" action="{{ url('/user/confirmed-two-factor-authentication') }}">
    @csrf
    <div class="space-y-1 mt-4">
        <x-label for="code">{{ __('Authentication Code') }}</x-label>
        <x-input id="code" name="code" type="text" class="w-full" required autofocus />
        <x-input-error :messages="$errors->get('code')" class="mt-1" />
    </div>
    <div class="mt-4">
        <x-button-success type="submit">{{ __('Confirm') }}</x-button-success>
    </div>
</form>

Even when i dump all error

<pre>{{ var_dump($errors->all()) }}</pre>
<pre>{{ var_dump(request()->all()) }}</pre>
<pre>{{ var_dump($errors->get('code')) }}</pre>

The app doesn't throw error at all for code.

For context I've already enabled 2FA feature in fortify.php config file with confirm set to true

mkfizi-29935843

5 months ago

Level 1

Apparently looking at Laravel/Fortify/Actions/ConfirmTwoFactorAuthentication.php we can see that Fortify puts the error in confirmTwoFactorAuthentication error bag as below

throw ValidationException::withMessages([
     'code' => [__('The provided two factor authentication code was invalid.')],
])->errorBag('confirmTwoFactorAuthentication');

Which I'm not sure why the need for the error bag if anyone could enlighten me. But for now I'll just have to update my code to below.

<x-input-error :messages="$errors->getBag('confirmTwoFactorAuthentication')->get('code')" class="mt-1" />

And voila

Please or to participate in this conversation.