Improved login redirect and setup experience

- Updated auth system for mfa to not update intended URL so that the
  user is not redirected to mfa setup after eventual login.
- Added notification for users setting up MFA, after setup when
  redirected back to login screen to advise that MFA setup was complete
  but they need to login again.
- Updated some bits of wording to display better.

diff --git a/app/Http/Controllers/Auth/MfaBackupCodesController.php b/app/Http/Controllers/Auth/MfaBackupCodesController.php
index 65c809196c47c2206a085ee73560888cb11f1f70..4b4e11659852195111862c7b7235c1717f7bbe03 100644 (file)
--- a/app/Http/Controllers/Auth/MfaBackupCodesController.php
+++ b/app/Http/Controllers/Auth/MfaBackupCodesController.php
@@ -49,6 +49,12 @@ class MfaBackupCodesController extends Controller
         MfaValue::upsertWithValue($this->currentOrLastAttemptedUser(), MfaValue::METHOD_BACKUP_CODES, json_encode($codes));
 
         $this->logActivity(ActivityType::MFA_SETUP_METHOD, 'backup-codes');
+
+        if (!auth()->check()) {
+            $this->showSuccessNotification(trans('auth.mfa_setup_login_notification'));
+            return redirect('/login');
+        }
+
         return redirect('/mfa/setup');
     }
 

diff --git a/app/Http/Controllers/Auth/MfaTotpController.php b/app/Http/Controllers/Auth/MfaTotpController.php
index a1701c4cea758e7c8cb8c6ea139668acdc4d3e0e..d55f08cff107f2be72e2c8e001c4af94e277ec86 100644 (file)
--- a/app/Http/Controllers/Auth/MfaTotpController.php
+++ b/app/Http/Controllers/Auth/MfaTotpController.php
@@ -61,6 +61,11 @@ class MfaTotpController extends Controller
         session()->remove(static::SETUP_SECRET_SESSION_KEY);
         $this->logActivity(ActivityType::MFA_SETUP_METHOD, 'totp');
 
+        if (!auth()->check()) {
+            $this->showSuccessNotification(trans('auth.mfa_setup_login_notification'));
+            return redirect('/login');
+        }
+
         return redirect('/mfa/setup');
     }
 

diff --git a/app/Http/Middleware/AuthenticatedOrPendingMfa.php b/app/Http/Middleware/AuthenticatedOrPendingMfa.php
index 2d68a2a57de2f48b87709da5401c0d37e77c914f..febfef20788781db83fb7264d2ebfe0d23f876b2 100644 (file)
--- a/app/Http/Middleware/AuthenticatedOrPendingMfa.php
+++ b/app/Http/Middleware/AuthenticatedOrPendingMfa.php
@@ -36,6 +36,6 @@ class AuthenticatedOrPendingMfa
             return $next($request);
         }
 
-        return redirect()->guest(url('/login'));
+        return redirect()->to(url('/login'));
     }
 }

diff --git a/resources/lang/en/auth.php b/resources/lang/en/auth.php
index a24ededd75db9b6a447f2163e0e9c07e9ce2d2f6..e4d4c425b84cf9e0516755c21c0d6ce19c791937 100644 (file)
--- a/resources/lang/en/auth.php
+++ b/resources/lang/en/auth.php
@@ -78,7 +78,7 @@ return [
     // Multi-factor Authentication
     'mfa_setup' => 'Setup Multi-Factor Authentication',
     'mfa_setup_desc' => 'Setup multi-factor authentication as an extra layer of security for your user account.',
-    'mfa_setup_configured' => 'Already Configured',
+    'mfa_setup_configured' => 'Already configured',
     'mfa_setup_reconfigure' => 'Reconfigure',
     'mfa_setup_remove_confirmation' => 'Are you sure you want to remove this multi-factor authentication method?',
     'mfa_setup_action' => 'Setup',
@@ -108,4 +108,5 @@ return [
     'mfa_verify_backup_code_desc' => 'Enter one of your remaining backup codes below:',
     'mfa_verify_backup_code_enter_here' => 'Enter backup code here',
     'mfa_verify_totp_desc' => 'Enter the code, generated using your mobile app, below:',
+    'mfa_setup_login_notification' => 'Multi-factor method configured, Please now login again using the configured method.',
 ];
\ No newline at end of file

diff --git a/tests/Auth/AuthTest.php b/tests/Auth/AuthTest.php
index 085482c35ce249d86e4fd2dcb6d6f59b9a959970..b4b99d1300aeacc5fa64df7cf2102ef1ab272a52 100644 (file)
--- a/tests/Auth/AuthTest.php
+++ b/tests/Auth/AuthTest.php
@@ -419,6 +419,14 @@ class AuthTest extends BrowserKitTest
         $login->assertRedirectedTo('http://localhost');
     }
 
+    public function test_login_intended_redirect_does_not_factor_mfa_routes()
+    {
+        $this->get('/books')->assertRedirectedTo('/login');
+        $this->get('/mfa/setup')->assertRedirectedTo('/login');
+        $login = $this->post('/login', ['email' => '[email protected]', 'password' => 'password']);
+        $login->assertRedirectedTo('/books');
+    }
+
     public function test_login_authenticates_admins_on_all_guards()
     {
         $this->post('/login', ['email' => '[email protected]', 'password' => 'password']);

diff --git a/tests/Auth/MfaVerificationTest.php b/tests/Auth/MfaVerificationTest.php
index d007fa49017b108c3f6ed177595b674e9f607bff..e63094303e23178bd106ee706435ec452dd6d3e6 100644 (file)
--- a/tests/Auth/MfaVerificationTest.php
+++ b/tests/Auth/MfaVerificationTest.php
@@ -187,11 +187,15 @@ class MfaVerificationTest extends TestCase
         $resp->assertElementContains('a[href$="/mfa/setup"]', 'Configure');
 
         $this->get('/mfa/backup_codes/generate');
-        $this->followingRedirects()->post('/mfa/backup_codes/confirm');
+        $resp = $this->post('/mfa/backup_codes/confirm');
+        $resp->assertRedirect('/login');
         $this->assertDatabaseHas('mfa_values', [
             'user_id' => $user->id,
         ]);
 
+        $resp = $this->get('/login');
+        $resp->assertSeeText('Multi-factor method configured, Please now login again using the configured method.');
+
         $resp = $this->followingRedirects()->post('/login', [
             'email' => $user->email,
             'password' => 'password',