I have implemented a 2FA system using https://github.com/antonioribeiro/google2f, ALONG WITH https://www.digitalocean.com/community/tutorials/how-to-add-googles-two-factor-authentication-to-laravel and it is working really well. But when an incorrect OTP is entered and then a correct OTP password is subsequently entered, I get the "The GET method is not supported for this route. Supported methods: POST" error message.
There is no issue if the OTP is entered correctly on the first attempt Login Authentication
The issue occurs when I attempt to submit the form a second or subsequent time with the correct password
I get this error
My Route
<?php
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\Auth\RegisterController;
use App\Http\Controllers\HomeController;
Route::redirect('/', '/login');
Route::get('/home', function () {
if (session('status')) {
return redirect()->route('admin.home')->with('status', session('status'));
}
return redirect()->route('admin.home');
});
Route::post('2fa', function () {
return redirect(URL()->previous());
})->name('2fa')->middleware('2fa');
// Button pressed on Complete QP Code Form
Route::get('complete-registration', 'Auth\RegisterController@completeRegistration');
Auth::routes();
Route::group(['prefix' => 'admin', 'as' => 'admin.', 'namespace' => 'Admin', 'middleware' => ['2fa']], function () {
Route::get('/', 'HomeController@index')->name('home');
// Permissions
Route::delete('permissions/destroy', 'PermissionsController@massDestroy')->name('permissions.massDestroy');
Route::resource('permissions', 'PermissionsController');
// Roles
Route::delete('roles/destroy', 'RolesController@massDestroy')->name('roles.massDestroy');
Route::resource('roles', 'RolesController');
etc.....
My View:
@extends('layouts.app')
@section('content')
<div class="container">
<div class="row justify-content-center align-items-center " style="height: 70vh;S">
<div class="col-md-8 col-md-offset-2">
<div class="panel panel-default">
<div class="panel-heading font-weight-bold"><h1>Login Authentication</h1></div>
<hr>
@if($errors->any())
<div class="col-md-12">
<div class="alert alert-danger">
<strong>{{$errors->first()}}</strong>
</div>
</div>
@endif
<div class="panel-body">
<form class="form-horizontal" method="POST" action="{{ route('2fa') }}">
{{ csrf_field() }}
<div class="form-group">
<p>Please enter the <strong>OTP</strong> generated on your Authenticator App. <br> Ensure you submit the current one as it refreshes every 30 seconds.</p>
<label for="one_time_password" class="col-md-4 control-label">One Time Password</label>
<div class="col-md-6">
<input id="one_time_password" <input type="text" inputmode="numeric" class="form-control" name="one_time_password" required autofocus>
</div>
</div>
<div class="form-group">
<div class="col-md-6 col-md-offset-4 mt-3">
<button type="submit" class="btn btn-primary">
Login
</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
@endsection
I have figured out the Controller that is in play
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
class HomeController extends Controller
{
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware(['auth', '2fa']);
}
public function index()
{
return view('home');
}
public function reauthenticate(Request $request)
{
// get the logged in user
$user = \Auth::user();
// initialise the 2FA class
$google2fa = app('pragmarx.google2fa');
// generate a new secret key for the user
$user->google2fa_secret = $google2fa->generateSecretKey();
// save the user
$user->save();
// generate the QR image
$QR_Image = $google2fa->getQRCodeInline(
config('app.name'),
$user->email,
$user->google2fa_secret
);
// Pass the QR barcode image to our view.
return view('google2fa.register', ['QR_Image' => $QR_Image,
'secret' => $user->google2fa_secret,
'reauthenticating' => true
]);
}
}
