Improved login redirect and setup experience

- Updated auth system for mfa to not update intended URL so that the user is not redirected to mfa setup after eventual login. - Added notification for users setting up MFA, after setup when redirected back to login screen to advise that MFA setup was complete but they need to login again. - Updated some bits of wording to display better.
2024-10-01 05:36:00 +00:00 · 2021-08-21 15:14:24 +01:00 · 2021-08-21 15:14:24 +01:00 · 78e94bb003
commit 78e94bb003
parent 622ea03c65
6 changed files with 27 additions and 3 deletions
--- a/app/Http/Controllers/Auth/MfaBackupCodesController.php
+++ b/app/Http/Controllers/Auth/MfaBackupCodesController.php
@ -49,6 +49,12 @@ class MfaBackupCodesController extends Controller
        MfaValue::upsertWithValue($this->currentOrLastAttemptedUser(), MfaValue::METHOD_BACKUP_CODES, json_encode($codes));

        $this->logActivity(ActivityType::MFA_SETUP_METHOD, 'backup-codes');
+
+        if (!auth()->check()) {
+            $this->showSuccessNotification(trans('auth.mfa_setup_login_notification'));
+            return redirect('/login');
+        }
+
        return redirect('/mfa/setup');
    }

--- a/app/Http/Controllers/Auth/MfaTotpController.php
+++ b/app/Http/Controllers/Auth/MfaTotpController.php
@ -61,6 +61,11 @@ class MfaTotpController extends Controller
        session()->remove(static::SETUP_SECRET_SESSION_KEY);
        $this->logActivity(ActivityType::MFA_SETUP_METHOD, 'totp');

+        if (!auth()->check()) {
+            $this->showSuccessNotification(trans('auth.mfa_setup_login_notification'));
+            return redirect('/login');
+        }
+
        return redirect('/mfa/setup');
    }

--- a/app/Http/Middleware/AuthenticatedOrPendingMfa.php
+++ b/app/Http/Middleware/AuthenticatedOrPendingMfa.php
@ -36,6 +36,6 @@ class AuthenticatedOrPendingMfa
            return $next($request);
        }

-        return redirect()->guest(url('/login'));
+        return redirect()->to(url('/login'));
    }
 }
--- a/resources/lang/en/auth.php
+++ b/resources/lang/en/auth.php
@ -78,7 +78,7 @@ return [
    // Multi-factor Authentication
    'mfa_setup' => 'Setup Multi-Factor Authentication',
    'mfa_setup_desc' => 'Setup multi-factor authentication as an extra layer of security for your user account.',
-    'mfa_setup_configured' => 'Already Configured',
+    'mfa_setup_configured' => 'Already configured',
    'mfa_setup_reconfigure' => 'Reconfigure',
    'mfa_setup_remove_confirmation' => 'Are you sure you want to remove this multi-factor authentication method?',
    'mfa_setup_action' => 'Setup',
@ -108,4 +108,5 @@ return [
    'mfa_verify_backup_code_desc' => 'Enter one of your remaining backup codes below:',
    'mfa_verify_backup_code_enter_here' => 'Enter backup code here',
    'mfa_verify_totp_desc' => 'Enter the code, generated using your mobile app, below:',
+    'mfa_setup_login_notification' => 'Multi-factor method configured, Please now login again using the configured method.',
 ];
--- a/tests/Auth/AuthTest.php
+++ b/tests/Auth/AuthTest.php
@ -419,6 +419,14 @@ class AuthTest extends BrowserKitTest
        $login->assertRedirectedTo('http://localhost');
    }

+    public function test_login_intended_redirect_does_not_factor_mfa_routes()
+    {
+        $this->get('/books')->assertRedirectedTo('/login');
+        $this->get('/mfa/setup')->assertRedirectedTo('/login');
+        $login = $this->post('/login', ['email' => 'admin@admin.com', 'password' => 'password']);
+        $login->assertRedirectedTo('/books');
+    }
+
    public function test_login_authenticates_admins_on_all_guards()
    {
        $this->post('/login', ['email' => 'admin@admin.com', 'password' => 'password']);
--- a/tests/Auth/MfaVerificationTest.php
+++ b/tests/Auth/MfaVerificationTest.php
@ -187,11 +187,15 @@ class MfaVerificationTest extends TestCase
        $resp->assertElementContains('a[href$="/mfa/setup"]', 'Configure');

        $this->get('/mfa/backup_codes/generate');
-        $this->followingRedirects()->post('/mfa/backup_codes/confirm');
+        $resp = $this->post('/mfa/backup_codes/confirm');
+        $resp->assertRedirect('/login');
        $this->assertDatabaseHas('mfa_values', [
            'user_id' => $user->id,
        ]);

+        $resp = $this->get('/login');
+        $resp->assertSeeText('Multi-factor method configured, Please now login again using the configured method.');
+
        $resp = $this->followingRedirects()->post('/login', [
            'email' => $user->email,
            'password' => 'password',