use fortify for email only mode and provide templates for basic login and confirm password.

Author: holyfabi

config/multi-factor.php

@@ -25,9 +25,7 @@
             'setup' => MultiFactorSetupViewResponse::class,
         ],
         'templates' => [
-            'login' => 'auth.login',
             'confirm-password' => 'auth.confirm-password',
-            'totp-challenge' => 'auth.two-factor-challenge',
         ],
     ],
 

resources/lang/en/button.php

@@ -5,4 +5,5 @@
     'disable' => 'Disable',
     'login' => 'Login',
     'resend_mfa' => 'Resend :authenticationMethod',
+    'continue' => 'Continue',
 ];

resources/views/auth/confirm-password.blade.php

@@ -0,0 +1,22 @@
+<x-multi-factor::layout>
+    <x-slot name="title">@lang('multi-factor::auth.email_login.title')</x-slot>
+
+    <x-multi-factor::auth-card>
+        <x-multi-factor::form :action="route('password.confirm')">
+            <x-multi-factor::form.input field="password" label="Password" type="password" required autofocus/>
+
+            <div>
+                <label for="remember_me">
+                    <input id="remember_me" type="checkbox" name="remember">
+                    <span>@lang('multi-factor::auth.remember_me')</span>
+                </label>
+            </div>
+
+            <div class="mfa-row mfa-flex-end">
+                <x-multi-factor::button type="submit">
+                    @lang('multi-factor::button.login')
+                </x-multi-factor::button>
+            </div>
+        </x-multi-factor::form>
+    </x-multi-factor::auth-card>
+</x-multi-factor::layout>

resources/views/auth/login.blade.php

@@ -0,0 +1,23 @@
+<x-multi-factor::layout>
+    <x-slot name="title">@lang('multi-factor::auth.email_login.title')</x-slot>
+
+    <x-multi-factor::auth-card>
+        <x-multi-factor::form :action="route('login.store')">
+            <x-multi-factor::form.input field="email" label="E-Mail Address" type="email" required autofocus/>
+            <x-multi-factor::form.input field="password" label="Password" type="password" required autofocus/>
+
+            <div>
+                <label for="remember_me">
+                    <input id="remember_me" type="checkbox" name="remember">
+                    <span>@lang('multi-factor::auth.remember_me')</span>
+                </label>
+            </div>
+
+            <div class="mfa-row mfa-flex-end">
+                <x-multi-factor::button type="submit">
+                    @lang('multi-factor::button.login')
+                </x-multi-factor::button>
+            </div>
+        </x-multi-factor::form>
+    </x-multi-factor::auth-card>
+</x-multi-factor::layout>

resources/views/pages/totp-setup.blade.php

@@ -10,7 +10,7 @@
                     </x-multi-factor::button>
                 </x-multi-factor::form>
 
-                @if(session('auth.password_confirmed_at'))
+                @if(session('auth.password_confirmed_at') && !$user->hasTotpConfirmed())
                     <script>
                         document.addEventListener('DOMContentLoaded', () => {
                             document.getElementById('fortify-totp')?.submit();
@@ -36,7 +36,7 @@
 
                     <div class="mfa-width-full" style="margin-top: 20px;">
                         <a href="{{ route('mfa.method', $mfaMethod) }}">
-                            <x-multi-factor::button type="button" class="mfa-width-full">Continue</x-multi-factor::button>
+                            <x-multi-factor::button type="button" class="mfa-width-full">@lang('multi-factor::button.continue')</x-multi-factor::button>
                         </a>
                         <div class="mfa-row" style="margin: 20px 0;">
                             <span class="mfa-separator"></span>

src/Http/Controllers/MultiFactorAuthController.php

@@ -28,7 +28,7 @@ class MultiFactorAuthController extends Controller
     public function show(): mixed
     {
         $user = MFA::getUser();
-        $userMethods = $user->getUserMethods();
+        $availableMethods = $user->getUserMethods() ?: MFA::getAllowedMethods();
 
         if (MultiFactorAuthMode::isForceMode()) {
             $forceMethod = MFA::getForceMethod();
@@ -38,11 +38,11 @@ public function show(): mixed
             }
         }
 
-        if (count($userMethods) === 1) {
-            return Redirect::route('mfa.method', ['method' => Arr::first($userMethods)]);
+        if (count($availableMethods) === 1) {
+            return Redirect::route('mfa.method', ['method' => Arr::first($availableMethods)]);
         }
 
-        return app(MultiFactorChooseViewResponseContract::class, $userMethods ?: MFA::getAllowedMethods());
+        return app(MultiFactorChooseViewResponseContract::class, $availableMethods);
     }
 
     public function handleMultiFactorAuthMethod(MultiFactorAuthMethod $method): MultiFactorChallengeViewResponseContract
@@ -62,7 +62,9 @@ public function setup(MultiFactorAuthMethod $method = null): RedirectResponse|Mu
         $methods = $method?->isAllowed() ? [$method] : MFA::getAllowedMethods();
 
         if ($method) {
-            return $method->getHandler()->showSetup();
+            if (!(MultiFactorAuthMode::isForceMode() && !$method->isForceMethod())) {
+                return $method->getHandler()->showSetup();
+            }
         }
 
         if (MultiFactorAuthMode::isForceMode()) {
@@ -93,6 +95,11 @@ public function authenticateByEmailOnly(Request $request): RedirectResponse
 
         MFA::setLoginIdAndRemember($user, $request->boolean('remember'));
 
+        if (!MultiFactorAuthMethod::EMAIL->isUserMethod() && !$user->getMultiFactorAuthMethods()) {
+            MFA::setVerified();
+            MFA::setSetupAfterLogin();
+        }
+
         return redirect()->route('mfa.show');
     }
 

src/Http/Middleware/EnforceEmailOnlyLogin.php

@@ -5,6 +5,7 @@
 use Closure;
 use Cybex\LaravelMultiFactor\Enums\MultiFactorAuthMode;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
 use Symfony\Component\HttpFoundation\Response;
 use MFA;
 
@@ -17,7 +18,7 @@ class RedirectIfMultiFactorAuthenticated
      */
     public function handle(Request $request, Closure $next): Response
     {
-        if (MFA::isVerified() && MultiFactorAuthMode::isForceMode() && $request->route('method')?->isUserMethod()) {
+        if (Auth::check() && MFA::isVerified() && MultiFactorAuthMode::isForceMode() && $request->route('method')?->isUserMethod()) {
             return redirect()->intended();
         }
 

src/Http/Middleware/RedirectIfMultiFactorAuthenticated.php

@@ -3,14 +3,16 @@
 namespace Cybex\LaravelMultiFactor\Http\Responses;
 
 use Cybex\LaravelMultiFactor\Contracts\MultiFactorLoginViewResponseContract;
-use Illuminate\Contracts\View\Factory;
-use Illuminate\Contracts\View\View;
-use Illuminate\Foundation\Application;
+use MFA;
 
 class MultiFactorLoginViewResponse implements MultiFactorLoginViewResponseContract
 {
     public function toResponse($request)
     {
-        return view('laravel-multi-factor::pages.email-login');
+        if (MFA::isEmailOnlyLoginActive()) {
+            return view('laravel-multi-factor::pages.email-login');
+        } else {
+            return view('laravel-multi-factor::auth.login');
+        }
     }
 }

src/Http/Responses/MultiFactorLoginViewResponse.php

@@ -14,7 +14,6 @@
 use Cybex\LaravelMultiFactor\Exceptions\LoginRouteNotFoundException;
 use Cybex\LaravelMultiFactor\Facades\MFA;
 use Cybex\LaravelMultiFactor\Helpers\MFAHelper;
-use Cybex\LaravelMultiFactor\Http\Middleware\EnforceEmailOnlyLogin;
 use Cybex\LaravelMultiFactor\Http\Middleware\HasAllowedMultiFactorAuthMethods;
 use Cybex\LaravelMultiFactor\Http\Middleware\HasLoginId;
 use Cybex\LaravelMultiFactor\Http\Middleware\HasMultiFactorAuthentication;
@@ -35,7 +34,6 @@
 use Illuminate\Foundation\AliasLoader;
 use Illuminate\Support\Facades\Blade;
 use Illuminate\Support\Facades\Event;
-use Illuminate\Support\Facades\Route;
 use Illuminate\Support\ServiceProvider;
 use Laravel\Fortify\Actions\RedirectIfTwoFactorAuthenticatable;
 use Laravel\Fortify\Contracts\FailedTwoFactorLoginResponse;
@@ -49,7 +47,6 @@ public function boot(): void
         /*
          * Optional methods to load your package assets
          */
-
         $this->mergeConfigFrom(__DIR__ . '/../config/multi-factor.php', 'multi-factor');
         $this->loadTranslationsFrom(__DIR__ . '/../resources/lang', 'multi-factor');
         $this->loadViewsFrom(__DIR__ . '/../resources/views', 'laravel-multi-factor');
@@ -61,7 +58,6 @@ public function boot(): void
         $router->aliasMiddleware('hasAllowedMultiFactorAuthMethods', HasAllowedMultiFactorAuthMethods::class);
         $router->aliasMiddleware('redirectIfMultiFactorAuthenticated', RedirectIfMultiFactorAuthenticated::class);
         $router->aliasMiddleware('limitMultiFactorAuthAccess', LimitMultiFactorAuthAccess::class);
-        $router->aliasMiddleware('enforceEmailOnlyLogin', EnforceEmailOnlyLogin::class);
         $router->aliasMiddleware('hasLoginId', HasLoginId::class);
         $router->aliasMiddleware('tempLoginForMFA', TempLoginForMfa::class);
 
@@ -108,16 +104,10 @@ public function boot(): void
                 FailedMultiFactorLoginResponse::class
             );
 
-            $routes = Route::getRoutes();
-            $routes->refreshNameLookups();
-            $loginRoute = $routes->getByName('login');
-
             if (MFA::isEmailOnlyLoginActive()) {
                 if (!MultiFactorAuthMode::isForceMode() || MFA::getForceMethod() !== MultiFactorAuthMethod::EMAIL) {
                     throw new InvalidEmailOnlyLoginConfigurationException();
                 }
-
-                $loginRoute->middleware('enforceEmailOnlyLogin');
             }
 
             require 'routes/overrides.php';