diff --git a/resources/views/mfa/parts/verify-backup_codes.blade.php b/resources/views/mfa/parts/verify-backup_codes.blade.php index 0e5b82086..3e28f71c6 100644 --- a/resources/views/mfa/parts/verify-backup_codes.blade.php +++ b/resources/views/mfa/parts/verify-backup_codes.blade.php @@ -2,10 +2,11 @@

{{ trans('auth.mfa_verify_backup_code_desc') }}

-
+ {{ csrf_field() }} @if($errors->has('code')) diff --git a/resources/views/mfa/parts/verify-totp.blade.php b/resources/views/mfa/parts/verify-totp.blade.php index a52d9b652..78d0fa64d 100644 --- a/resources/views/mfa/parts/verify-totp.blade.php +++ b/resources/views/mfa/parts/verify-totp.blade.php @@ -2,10 +2,11 @@

{{ trans('auth.mfa_verify_totp_desc') }}

- + {{ csrf_field() }} diff --git a/tests/Auth/MfaVerificationTest.php b/tests/Auth/MfaVerificationTest.php index 2fa272e33..76c59bc74 100644 --- a/tests/Auth/MfaVerificationTest.php +++ b/tests/Auth/MfaVerificationTest.php @@ -57,6 +57,15 @@ class MfaVerificationTest extends TestCase $this->assertNull(auth()->user()); } + public function test_totp_form_has_autofill_configured() + { + [$user, $secret, $loginResp] = $this->startTotpLogin(); + $html = $this->withHtml($this->get('/mfa/verify')); + + $html->assertElementExists('form[autocomplete="off"][action$="/verify"]'); + $html->assertElementExists('input[autocomplete="one-time-code"][name="code"]'); + } + public function test_backup_code_verification() { [$user, $codes, $loginResp] = $this->startBackupCodeLogin(); @@ -138,6 +147,15 @@ class MfaVerificationTest extends TestCase $resp->assertSeeText('You have less than 5 backup codes remaining, Please generate and store a new set before you run out of codes to prevent being locked out of your account.'); } + public function test_backup_code_form_has_autofill_configured() + { + [$user, $codes, $loginResp] = $this->startBackupCodeLogin(); + $html = $this->withHtml($this->get('/mfa/verify')); + + $html->assertElementExists('form[autocomplete="off"][action$="/verify"]'); + $html->assertElementExists('input[autocomplete="one-time-code"][name="code"]'); + } + public function test_both_mfa_options_available_if_set_on_profile() { $user = $this->users->editor();