Activate stephenjude-two-factor-authentication?

hi, i tried stephenjude-two-factor-authentication. I think it works. I can enable (and disable) 2FA but doesnt matter, there is no effect after logout / login. I dont have to put in a code. Maybe the reason is the code in user.php.

public function canAccessPanel(Panel $panel): bool
    {
        if ($panel->getId() === 'admin') {
            // return $this->hasRole('super_admin'); // placeholder
            return TRUE;
        }

    }

public function canAccessPanel(Panel $panel): bool
    {
        if ($panel->getId() === 'admin') {
            // return $this->hasRole('super_admin'); // placeholder
            return TRUE;
        }

    }

The 2fa is presumably ignored as result. But how do I integrate the 2fa there with canAcessPanel?

Solution

Thanks for your work. I have also a fresh project and i am looking for a 2fa. I tried breezy, but have failed. But 2fa from Rawilk works for me. This is not anymore listet. Evereybody reccomend breezy. Maybe i trie it again. But at the end i am looking for an 2fa with email code (only), similar like github. Can breezy email code 2fa? Or can you recommend another (less complicated) plugin? It is also important to me that users can switch it on and off for themselves.

Jump to solution

hyperion-mx•10/5/24, 12:55 PM

You should not handle authentication layer in access layer, authentication is passed before the access, have you added the TwoFactorAuthenticatable trait to the user model?

SteffOP•10/5/24, 1:04 PM

You mean that

Yes.

hyperion-mx•10/5/24, 1:06 PM

so the issue is when you logout and login again it doesnt request the auth code right?

hyperion-mx•10/5/24, 1:06 PM

it logs you in straight away?

SteffOP•10/5/24, 1:10 PM

Yes, there is no request for auth code. I am landing on enable or disable page and everey time got to dashboard. I didnt make anything with EventServiceProvider (last part in doc).

SteffOP•10/5/24, 1:11 PM

Yes, it logs me in straight away without ->enforceTwoFactorSetup() and it brings me to enable if the force flag is active.

hyperion-mx•10/5/24, 1:12 PM

have you tried a fresh browser window or even a private browsing? am thinking it might be remembering the logins since you logged in before? maybe worth trying it

SteffOP•10/5/24, 1:15 PM

That was my thought as well, but same in another fresh browser. maybe a cache topic in laravel?

hyperion-mx•10/5/24, 1:32 PM

I just tried to replicate your issue with fresh project, seems to be working fine

hyperion-mx•10/5/24, 1:33 PM

but, seems the plugin has few issues, even with fresh project

hyperion-mx•10/5/24, 1:35 PM

myself, all my projects use Breeze and Breezy plugin never missed a tick, I would highly suggest considering it

Solution

Steff•10/5/24, 1:45 PM

Nicole•11/1/24, 6:20 AM

Hello, is it possible to make default route to

/login

/login

instead of ?