Merge pull request #79 from Haruki1707/2.x

DarkGhostHunter · web-flow · commit aa395af5d9c6 · 2024-04-22T13:08:04.000-04:00
[2.x] FIX: Redirection route in ConfirmTwoFactorCode middleware.
diff --git a/src/Http/Middleware/ConfirmTwoFactorCode.php b/src/Http/Middleware/ConfirmTwoFactorCode.php
@@ -32,11 +32,28 @@ public function handle(
             return $next($request);
         }
 
+        $route = $this->getRedirectionRoute($route);
+
         return $request->expectsJson()
             ? response()->json(['message' => trans('two-factor::messages.required')], 403)
             : response()->redirectGuest(url()->route($route));
     }
 
+    /**
+     * Determine the route to redirect the user.
+     */
+    protected function getRedirectionRoute(string $route): string
+    {
+        // If the developer is forcing this middleware to always run,
+        // then return redirection route "2fa.confirm" as default.
+        // Otherwise, return the route as the developer set it.
+        if (in_array(strtolower($route), ['true', 'force'], true)) {
+            return '2fa.confirm';
+        }
+
+        return $route;
+    }
+
     /**
      * Determine if the confirmation timeout has expired.
      */
diff --git a/tests/Http/Middleware/ConfirmTwoFactorEnabledTest.php b/tests/Http/Middleware/ConfirmTwoFactorEnabledTest.php
@@ -64,6 +64,22 @@ public function test_continues_if_user_is_2fa_but_not_activated(): void
     }
 
     public function test_asks_for_confirmation_if_forced(): void
+    {
+        $this->app['router']->get('intended_force', function () {
+            return 'ok';
+        })->name('intended')->middleware('web', 'auth', '2fa.confirm:true');
+
+        $this->actingAs($this->user);
+
+        $sessionKey = $this->app->make('config')->get('two-factor.confirm.key').'confirm.expires_at';
+
+        $this->session([$sessionKey => now()->addHour()->getTimestamp()]);
+
+        $this->getJson('intended_force')->assertJson(['message' => trans('two-factor::messages.required')]);
+        $this->get('intended_force')->assertRedirect('confirm');
+    }
+
+    public function test_asks_for_confirmation_if_forced_with_custom_route(): void
     {
         $this->app['router']->get('intended_force', function () {
             return 'ok';
