Laravel强化没有触发2FA挑战？

发布于 2025-01-18 12:58:29 字数 946 浏览 3 评论 0原文

我已经使用 Laravel Fortify 为我的应用程序编写了一些身份验证，并且我已经设置了 2FA 的启用部分，一切正常，但我遇到的问题是，当用户登录？

我已经像这样设置了自定义视图；

        Fortify::twoFactorChallengeView(function () {
            return view('auth.two-factor-challenge');
        });

Fortify 声称它应该“...自动将用户重定向到应用程序的两因素身份验证质询屏幕。” (https://laravel.com/docs/9. x/fortify#authenticating-with-two-factor-authentication），但对我来说情况并非如此，它根本不重定向。

似乎无法在源代码中找到任何类型的中间件来手动实现此目的，所以想知道是否有人知道发生了什么？

我已经手动检查了我的数据库，并且所有两个因子列（例如 two_factor_secret）在启用后都设置正确，所以我有点困惑。

在我的 fortify 配置中，我进行了以下设置，因为我不想确认密码，而是确认当前的 OTP 代码以进行任何需要进行的更改，因为我认为这对我的应用程序最有意义。不确定禁用 confirmPassword 是否会导致此问题？

Features::twoFactorAuthentication([
            'confirm' => true,
            'confirmPassword' => false,
        ]),

原文

I've used Laravel Fortify to write some authentication for my app and I've setup the enable part of the 2FA, and that all works fine, but the problem I'm having is that it doesn't seem to trigger the challenge when a user logs in?

I've setup the custom view like so;

        Fortify::twoFactorChallengeView(function () {
            return view('auth.two-factor-challenge');
        });

and Fortify claims it should "...automatically redirect the user to your application's two factor authentication challenge screen." (https://laravel.com/docs/9.x/fortify#authenticating-with-two-factor-authentication), but this is not the case for me, it doesn't redirect at all.

Can't seem to find any sort of Middleware in the source-code to manually achieve this, so was wondering if someone might have an idea of what's going on?

I've manually checked my DB and all the two factor columns such as two_factor_secret are set correctly after enabling, so I'm a bit confused.

In my fortify config, I've got the below set since I don't want to confirm password and instead confirm the current OTP code for any changes that need to be made since that is what makes the most sense for my app I think. Not sure if disabling confirmPassword would cause this though?

Features::twoFactorAuthentication([
            'confirm' => true,
            'confirmPassword' => false,
        ]),

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

时光无声 2025-01-25 12:58:29

今天刚刚遇到这个问题，并整天都在互联网上寻找解决方案。然后我遇到了这篇文章（ https://epndavis.com/blog/ laravel-fortify-two-two-factor-authentication/）表明确认属性不包含在其片段之一中。幸运的是，在我尽头尝试之后，登录终于触发了2FA挑战。

因此，您的代码现在应该看起来像这样：

Features::twoFactorAuthentication([
     'confirmPassword' => false,
]),

如果您已经解决了此问题，我希望这个答案可以帮助其他人解决此问题并继续发展其开发的其他部分。

PS。作为确认的替代者，我建议访问本文： https://dev.to/nicolus/nicolus/laravel-fortify-implement-implement-2fa-in-imple-2fa-in-a-a-a-way-- -won-t-t-let-users-lock-them out-2ejk

工作示例： https://github.com/xyberpastoril/pcbms/pull/6

Just encountered this issue today and been searching for a solution in the Internet all day. Then I came across this article (https://epndavis.com/blog/laravel-fortify-two-factor-authentication/) which shows that the confirm attribute is not included in one of its snippets. Fortunate enough, after trying it on my end, logging in FINALLY triggers the 2FA challenge.

Therefore, your code should now look like this:

Features::twoFactorAuthentication([
     'confirmPassword' => false,
]),

In case you already solved this, I hope this answer would help others resolve this issue and move on to the other parts of their development.

PS. As a replacement for confirm, I'd recommend visiting this article: https://dev.to/nicolus/laravel-fortify-implement-2fa-in-a-way-that-won-t-let-users-lock-themselves-out-2ejk

Working example: https://github.com/xyberpastoril/PCBMS/pull/6

回复收藏 0 原文

凯凯我们等你回来 2025-01-25 12:58:29

如果您使用的是Laravel 10，则可以在config/fortify.php中评论确认

   Features::twoFactorAuthentication([
        //'confirm' => true,
        'confirmPassword' => true,
        // 'window' => 0,
    ]),

if you are using laravel 10 you can comment confirm in your config/fortify.php

   Features::twoFactorAuthentication([
        //'confirm' => true,
        'confirmPassword' => true,
        // 'window' => 0,
    ]),

回复收藏 0 原文

久伴你 2025-01-25 12:58:29

我也遇到了这个问题，就我而言，我正在从微风中迁移到喷气流。无论哪种情况，请确保您正在实施强化管道，如此github问题。

我已经复制了app/http/http/controllers/auth/authenticatedSessioncontroller.php的工作实现：

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Illuminate\Pipeline\Pipeline;
use Illuminate\Support\Facades\Auth;
use Laravel\Fortify\Actions\AttemptToAuthenticate;
use Laravel\Fortify\Actions\EnsureLoginIsNotThrottled;
use Laravel\Fortify\Actions\PrepareAuthenticatedSession;
use Laravel\Fortify\Actions\RedirectIfTwoFactorAuthenticatable;
use Laravel\Fortify\Contracts\LoginResponse;
use Laravel\Fortify\Features;
use Laravel\Fortify\Fortify;
use Laravel\Fortify\Http\Requests\LoginRequest;

class AuthenticatedSessionController extends Controller
{
    /**
     * Display the login view.
     *
     * @return \Illuminate\View\View
     */
    public function create()
    {
        return view('auth.login');
    }

    /**
     * Attempt to authenticate a new session.
     *
     * @param  \Laravel\Fortify\Http\Requests\LoginRequest  $request
     * @return mixed
     */
    public function store(LoginRequest $request)
    {
        return $this->loginPipeline($request)->then(function ($request) {
            return app(LoginResponse::class);
        });
    }

    /**
     * Get the authentication pipeline instance.
     *
     * @param  \Laravel\Fortify\Http\Requests\LoginRequest  $request
     * @return \Illuminate\Pipeline\Pipeline
     */
    protected function loginPipeline(LoginRequest $request)
    {
        if (Fortify::$authenticateThroughCallback) {
            return (new Pipeline(app()))->send($request)->through(array_filter(
                call_user_func(Fortify::$authenticateThroughCallback, $request)
            ));
        }

        if (is_array(config('fortify.pipelines.login'))) {
            return (new Pipeline(app()))->send($request)->through(array_filter(
                config('fortify.pipelines.login')
            ));
        }

        return (new Pipeline(app()))->send($request)->through(array_filter([
            config('fortify.limiters.login') ? null : EnsureLoginIsNotThrottled::class,
            Features::enabled(Features::twoFactorAuthentication()) ? RedirectIfTwoFactorAuthenticatable::class : null,
            AttemptToAuthenticate::class,
            PrepareAuthenticatedSession::class,
        ]));
    }

    /**
     * Destroy an authenticated session.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\RedirectResponse
     */
    public function destroy(Request $request)
    {
        Auth::guard('web')->logout();

        $request->session()->invalidate();

        $request->session()->regenerateToken();

        return redirect('/');
    }
}

I also hit this problem, in my case I was migrating from Breeze to Jetstream. In either case, make sure you are implementing Fortify's pipeline, as seen in this Github issue.

I've copied a working implementation below of app/Http/Controllers/Auth/AuthenticatedSessionController.php:

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Illuminate\Pipeline\Pipeline;
use Illuminate\Support\Facades\Auth;
use Laravel\Fortify\Actions\AttemptToAuthenticate;
use Laravel\Fortify\Actions\EnsureLoginIsNotThrottled;
use Laravel\Fortify\Actions\PrepareAuthenticatedSession;
use Laravel\Fortify\Actions\RedirectIfTwoFactorAuthenticatable;
use Laravel\Fortify\Contracts\LoginResponse;
use Laravel\Fortify\Features;
use Laravel\Fortify\Fortify;
use Laravel\Fortify\Http\Requests\LoginRequest;

class AuthenticatedSessionController extends Controller
{
    /**
     * Display the login view.
     *
     * @return \Illuminate\View\View
     */
    public function create()
    {
        return view('auth.login');
    }

    /**
     * Attempt to authenticate a new session.
     *
     * @param  \Laravel\Fortify\Http\Requests\LoginRequest  $request
     * @return mixed
     */
    public function store(LoginRequest $request)
    {
        return $this->loginPipeline($request)->then(function ($request) {
            return app(LoginResponse::class);
        });
    }

    /**
     * Get the authentication pipeline instance.
     *
     * @param  \Laravel\Fortify\Http\Requests\LoginRequest  $request
     * @return \Illuminate\Pipeline\Pipeline
     */
    protected function loginPipeline(LoginRequest $request)
    {
        if (Fortify::$authenticateThroughCallback) {
            return (new Pipeline(app()))->send($request)->through(array_filter(
                call_user_func(Fortify::$authenticateThroughCallback, $request)
            ));
        }

        if (is_array(config('fortify.pipelines.login'))) {
            return (new Pipeline(app()))->send($request)->through(array_filter(
                config('fortify.pipelines.login')
            ));
        }

        return (new Pipeline(app()))->send($request)->through(array_filter([
            config('fortify.limiters.login') ? null : EnsureLoginIsNotThrottled::class,
            Features::enabled(Features::twoFactorAuthentication()) ? RedirectIfTwoFactorAuthenticatable::class : null,
            AttemptToAuthenticate::class,
            PrepareAuthenticatedSession::class,
        ]));
    }

    /**
     * Destroy an authenticated session.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\RedirectResponse
     */
    public function destroy(Request $request)
    {
        Auth::guard('web')->logout();

        $request->session()->invalidate();

        $request->session()->regenerateToken();

        return redirect('/');
    }
}

回复收藏 0 原文