Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[1.x] Only use two factor action when enabled #127

Merged
merged 1 commit into from Oct 20, 2020
Merged

[1.x] Only use two factor action when enabled #127

merged 1 commit into from Oct 20, 2020

Conversation

stevebauman
Copy link
Contributor

@stevebauman stevebauman commented Oct 19, 2020
edited

Purpose

This PR resolves the issue of validating credentials twice when two-factor is disabled and the default login pipeline is used:

fortify/src/Http/Controllers/AuthenticatedSessionController.php

Lines 83 to 88 in c77b183

return (new Pipeline(app()))->send($request)->through(array_filter([
config('fortify.limiters.login') ? null : EnsureLoginIsNotThrottled::class,
RedirectIfTwoFactorAuthenticatable::class,
AttemptToAuthenticate::class,
PrepareAuthenticatedSession::class,
]));

Description

When two-factor authentication is disabled via the configuration file, users credentials are still validated twice, even though the action can be bypassed completely and another database call / $authenticateUsing callback execution can be avoided.

This is due to the RedirectIfTwoFactorAuthenticatable action, as well as the AttemptToAuthenticate action.

This was brought to light when overriding the $authenticateUsing callback, since it will be called twice, even when two-factor is omitted in features.

@stevebauman
Only use two factor action when enabled
bbd441e 
This resolves the issue of validating credentials twice when two-factor is disabled.
@driesvints driesvints changed the title Only use two factor action when enabled [1.x] Only use two factor action when enabled Oct 20, 2020
@taylorotwell taylorotwell merged commit 596e6a8 into laravel:1.x Oct 20, 2020
@stevebauman
Copy link
Contributor Author

Thank you! ❤️

@stevebauman stevebauman mentioned this pull request Oct 20, 2020
Closed
@driesvints driesvints mentioned this pull request Oct 20, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@stevebauman @taylorotwell