[2.x] Fix error handling during 2FA confirmation (#1030)

ManuelLeiner · web-flow · commit a5bbfee744a6 · 2022-04-06T12:49:41.000-05:00
* Prevent user reset when not yet finished confirming

* Show correct message and error
diff --git a/src/Http/Controllers/Inertia/Concerns/ConfirmsTwoFactorAuthentication.php b/src/Http/Controllers/Inertia/Concerns/ConfirmsTwoFactorAuthentication.php
@@ -77,7 +77,8 @@ protected function hasJustBegunConfirmingTwoFactorAuthentication(Request $reques
      */
     protected function neverFinishedConfirmingTwoFactorAuthentication(Request $request, $currentTime)
     {
-        return is_null($request->user()->two_factor_confirmed_at) &&
+        return ! array_key_exists('code', $request->session()->getOldInput()) &&
+            is_null($request->user()->two_factor_confirmed_at) &&
             $request->session()->get('two_factor_confirming_at', 0) != $currentTime;
     }
 }
diff --git a/stubs/inertia/resources/js/Pages/Profile/Partials/TwoFactorAuthenticationForm.vue b/stubs/inertia/resources/js/Pages/Profile/Partials/TwoFactorAuthenticationForm.vue
@@ -1,5 +1,5 @@
 <script setup>
-import { ref, computed } from 'vue';
+import { ref, computed, watch } from 'vue';
 import { Inertia } from '@inertiajs/inertia';
 import { useForm, usePage } from '@inertiajs/inertia-vue3';
 import JetActionSection from '@/Jetstream/ActionSection.vue';
@@ -30,6 +30,13 @@ const twoFactorEnabled = computed(
     () => ! enabling.value && usePage().props.value.user.two_factor_enabled,
 );
 
+watch(twoFactorEnabled, () => {
+    if (! twoFactorEnabled.value) {
+        confirmationForm.reset();
+        confirmationForm.clearErrors();
+    }
+});
+
 const enableTwoFactorAuthentication = () => {
     enabling.value = true;
 
@@ -67,6 +74,7 @@ const showRecoveryCodes = () => {
 
 const confirmTwoFactorAuthentication = () => {
     confirmationForm.post('/user/confirmed-two-factor-authentication', {
+        errorBag: "confirmTwoFactorAuthentication",
         preserveScroll: true,
         preserveState: true,
         onSuccess: () => {
@@ -111,7 +119,7 @@ const disableTwoFactorAuthentication = () => {
                 You have enabled two factor authentication.
             </h3>
 
-            <h3 v-else-if="confirming" class="text-lg font-medium text-gray-900">
+            <h3 v-else-if="twoFactorEnabled && confirming" class="text-lg font-medium text-gray-900">
                 Finish enabling two factor authentication.
             </h3>
 

Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,8 @@ protected function hasJustBegunConfirmingTwoFactorAuthentication(Request $reques`
`77`	`77`	`*/`
`78`	`78`	`protected function neverFinishedConfirmingTwoFactorAuthentication(Request $request, $currentTime)`
`79`	`79`	`{`
`80`		`- return is_null($request->user()->two_factor_confirmed_at) &&`
	`80`	`+ return ! array_key_exists('code', $request->session()->getOldInput()) &&`
	`81`	`+ is_null($request->user()->two_factor_confirmed_at) &&`
`81`	`82`	`$request->session()->get('two_factor_confirming_at', 0) != $currentTime;`
`82`	`83`	`}`
`83`	`84`	`}`