From 4740b5c2ac8fef4dceae092b7ef868f295c4fda1 Mon Sep 17 00:00:00 2001 From: Arya Dwi Putra Date: Tue, 2 Dec 2025 09:57:51 +0700 Subject: [PATCH] Fix login by excluding 2FA code from auth credentials --- app/Http/Controllers/AuthController.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/app/Http/Controllers/AuthController.php b/app/Http/Controllers/AuthController.php index b7923d2..5246ad9 100644 --- a/app/Http/Controllers/AuthController.php +++ b/app/Http/Controllers/AuthController.php @@ -4,6 +4,7 @@ namespace App\Http\Controllers; use App\Models\User; use App\Services\Security\TwoFactorService; +use Illuminate\Support\Arr; use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Hash; @@ -33,11 +34,13 @@ class AuthController extends Controller ]); $remember = $request->boolean('remember'); + $code = $credentials['code'] ?? null; + $authCredentials = Arr::only($credentials, ['email', 'password']); - if (Auth::attempt($credentials, $remember)) { + if (Auth::attempt($authCredentials, $remember)) { $user = Auth::user(); if ($user->two_factor_enabled) { - if (!$credentials['code'] || !$this->twoFactor->verifyCode($user->two_factor_secret, $credentials['code'])) { + if (!$code || !$this->twoFactor->verifyCode($user->two_factor_secret, $code)) { Auth::logout(); return back()->withErrors(['code' => 'Kode 2FA tidak valid atau belum diisi.'])->withInput(); }