#11: Optionally redirect to a custom route after token verification failure

michaeldzjap · michaeldzjap · commit 26a974d052d3 · 2020-10-16T15:02:43.000+02:00
diff --git a/src/Http/Controllers/TwoFactorAuthenticatesUsers.php b/src/Http/Controllers/TwoFactorAuthenticatesUsers.php
@@ -58,13 +58,7 @@ public function verifyToken(VerifySMSToken $request)
             return $this->sendTwoFactorAuthResponse($request);
         }
 
-        // If the two-factor authentication attempt was unsuccessful we will increment
-        // the number of attempts to two-factor authenticate and redirect the user
-        // back to the two-factor authentication form. Of course, when this user
-        // surpasses their maximum number of attempts they will get locked out.
-        $this->incrementTwoFactorAuthAttempts($request);
-
-        return $this->sendFailedTwoFactorAuthResponse($request);
+        return $this->handleFailedAttempt($request);
     }
 
     /**
@@ -122,6 +116,49 @@ protected function authenticated(Request $request, $user)
         //
     }
 
+    /**
+     * Handle the case where a user has submitted an invalid token.
+     *
+     * Default: If the two-factor authentication attempt was unsuccessful we
+     * will increment the number of attempts to two-factor authenticate and
+     * redirect the user back to the two-factor authentication form. Of course,
+     * when this user surpasses their maximum number of attempts they will get
+     * locked out.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    protected function handleFailedAttempt(Request $request)
+    {
+        $this->incrementTwoFactorAuthAttempts($request);
+
+        if ($path = $this->redirectAfterFailurePath()) {
+            return redirect()->to($path)->withErrors([
+                'token' => __('twofactor-auth::twofactor-auth.failed')
+            ]);
+        }
+
+        return $this->sendFailedTwoFactorAuthResponse($request);
+    }
+
+    /**
+     * Get the post two-factor authentication failure redirect path.
+     *
+     * @return null|string
+     */
+    protected function redirectAfterFailurePath(): ?string
+    {
+        if (method_exists($this, 'redirectToAfterFailure')) {
+            return $this->redirectToAfterFailure();
+        }
+
+        if (property_exists($this, 'redirectToAfterFailure')) {
+            return $this->redirectToAfterFailure;
+        }
+
+        return null;
+    }
+
     /**
      * Throw a validation exception when two-factor authentication attempt fails.
      * NOTE: Throwing a validation exception is cleaner than redirecting, but
diff --git a/src/config/twofactor-auth.php b/src/config/twofactor-auth.php
@@ -2,21 +2,6 @@
 
 return [
 
-    /*
-    |--------------------------------------------------------------------------
-    | Enabled
-    |--------------------------------------------------------------------------
-    |
-    | Options:
-    |
-    | - 'always': Always require two-factor authentication.
-    | - 'never': Never require two-factor authentication.
-    | - 'user': Specify manually for which users to enable 2fa.
-    |
-    */
-
-    'enabled' => 'user',
-
     /*
     |--------------------------------------------------------------------------
     | Default Two-Factor Authentication Provider
@@ -61,6 +46,21 @@
 
     ],
 
+    /*
+    |--------------------------------------------------------------------------
+    | Enabled Mode
+    |--------------------------------------------------------------------------
+    |
+    | Options:
+    |
+    | 'always': Always require two-factor authentication.
+    | 'never': Never require two-factor authentication.
+    | 'user': Specify manually for which users to enable 2fa.
+    |
+    */
+
+    'enabled' => 'user',
+
     /*
     |--------------------------------------------------------------------------
     | Routes Configuration + Naming
