Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[2.x] Fix error handling during 2FA confirmation #1030

Merged
merged 2 commits into from
Apr 6, 2022
Merged

[2.x] Fix error handling during 2FA confirmation #1030

merged 2 commits into from
Apr 6, 2022

Conversation

ManuelLeiner
Copy link
Contributor

This PR fixes the error handling during 2FA confirmation for the Inertia Stack. The Livewire Stack already works as expected.

  • the error message for an invalid confirmation code will be correctly read from the form error bag, see Fortify counterpart
  • texts and buttons refresh accordingly to the current confirmation state
  • confirmation form resets when 2FA process
  • adds an additional check to determine if the confirmation process finished

Fixes #1028

@driesvints
Copy link
Member

Please note that we don't review draft PR's. Please mark this as ready when you're done 👍

@driesvints driesvints changed the title Fix error handling during 2FA confirmation [2.x] Fix error handling during 2FA confirmation Apr 5, 2022
@ManuelLeiner
Copy link
Contributor Author

Here are some log outputs from debugging the additional check.

// initial call to /user/profile
[2022-04-05 10:05:23 (UTC+00:00)] local.DEBUG: Session old input:
[2022-04-05 10:05:23 (UTC+00:00)] local.DEBUG: Code exists in old input:  [false]

// click on 'Enable'
[2022-04-05 10:05:39 (UTC+00:00)] local.DEBUG: Session old input:
[2022-04-05 10:05:39 (UTC+00:00)] local.DEBUG: Code exists in old input:  [false]

// confirm with empty input field
[2022-04-05 10:05:51 (UTC+00:00)] local.DEBUG: Session old input:  {"code":null}
[2022-04-05 10:05:51 (UTC+00:00)] local.DEBUG: Code exists in old input:  [true]

// confirm with a wrong code
[2022-04-05 10:06:07 (UTC+00:00)] local.DEBUG: Session old input:  {"code":"123456"}
[2022-04-05 10:06:07 (UTC+00:00)] local.DEBUG: Code exists in old input:  [true]

// updating the user's name
[2022-04-05 10:06:19 (UTC+00:00)] local.DEBUG: Session old input:
[2022-04-05 10:06:19 (UTC+00:00)] local.DEBUG: Code exists in old input:  [false]
  • Up until the last two log messages the 2FA columns of the user model (two_factor_secret, two_factor_recovery_codes) stay set --> works as intended
  • Updating the user's name while still in the middle of 2FA confirmation resets the 2FA columns in storage --> works as intended
  • Opening the profile again while still in the middle of 2FA confirmation resets the 2FA columns in storage --> works as intended

@taylorotwell taylorotwell marked this pull request as ready for review April 5, 2022 18:29
@taylorotwell taylorotwell merged commit a5bbfee into laravel:2.x Apr 6, 2022
@taylorotwell
Copy link
Member

Thanks!

@joriskuijpers joriskuijpers mentioned this pull request Apr 6, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@taylorotwell taylorotwell taylorotwell left review comments

@driesvints driesvints driesvints left review comments

@ps-sean ps-sean ps-sean left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Confirming 2FA lacks error message and refreshes page/state incorrectly (Inertia stack)
4 participants
@ManuelLeiner @driesvints @taylorotwell @ps-sean