Discussion on: Laravel Fortify : Implement 2FA in a way that won't let users lock themselves out

[Nicolas Bailly]

Hi !
I take it you've followed my example and created a DisableTwoFactorAuthentication action in App\Actions\Fortify, and then bound it to the original one in the Service provider ?

First thing is to check if you do go into that action when you disable 2FA, either use xdebug with a break point or put a good old dd() in there :

    public function __invoke($user)
    {
        dd('deleting 2FA !');
        $user->forceFill([
            'two_factor_secret' => null,
            'two_factor_recovery_codes' => null,
            'two_factor_confirmed' => 0,
        ])->save();
    }

If you can still disable 2FA and it doesn't die on you then you're not using it and the binding doesn't work. Maybe try to run laravel optimize:clear and composer dumpautoload, I'm honestly not sure if some of the bindings are cached somehow ?

I'll double check if my code actually works, I may have forgotten something.

[Ebe]

Hmmm, the dd function is not triggered...

[Nicolas Bailly]

All right, so the binding is not working, I'm not sure why :-/

If you can upload your code somewhere I can have a look and see if I can find something.