laravel · taylorotwell · Aug 1, 2024 · Jul 29, 2024 · Jul 29, 2024 · Jul 30, 2024
diff --git a/src/Events/ValidTwoFactorAuthenticationCodeProvided.php b/src/Events/ValidTwoFactorAuthenticationCodeProvided.php
@@ -0,0 +1,8 @@
+<?php
+
+namespace Laravel\Fortify\Events;
+
+class ValidTwoFactorAuthenticationCodeProvided extends TwoFactorAuthenticationEvent
+{
+    //
+}
diff --git a/src/Http/Controllers/TwoFactorAuthenticatedSessionController.php b/src/Http/Controllers/TwoFactorAuthenticatedSessionController.php
@@ -10,6 +10,7 @@
 use Laravel\Fortify\Contracts\TwoFactorLoginResponse;
 use Laravel\Fortify\Events\RecoveryCodeReplaced;
 use Laravel\Fortify\Events\TwoFactorAuthenticationFailed;
+use Laravel\Fortify\Events\ValidTwoFactorAuthenticationCodeProvided;
 use Laravel\Fortify\Http\Requests\TwoFactorLoginRequest;
 
 class TwoFactorAuthenticatedSessionController extends Controller
@@ -67,6 +68,8 @@ public function store(TwoFactorLoginRequest $request)
             return app(FailedTwoFactorLoginResponse::class)->toResponse($request);
         }
 
+        event(new ValidTwoFactorAuthenticationCodeProvided($user));
+
         $this->guard->login($user, $request->remember());
 
         $request->session()->regenerate();

diff --git a/tests/AuthenticatedSessionControllerWithTwoFactorTest.php b/tests/AuthenticatedSessionControllerWithTwoFactorTest.php
@@ -9,6 +9,7 @@
 use Illuminate\Support\Facades\Hash;
 use Laravel\Fortify\Events\TwoFactorAuthenticationChallenged;
 use Laravel\Fortify\Events\TwoFactorAuthenticationFailed;
+use Laravel\Fortify\Events\ValidTwoFactorAuthenticationCodeProvided;
 use Laravel\Fortify\Features;
 use Laravel\Fortify\Tests\Models\UserWithTwoFactor;
 use Orchestra\Testbench\Attributes\DefineEnvironment;
@@ -156,6 +157,8 @@ public function test_does_not_rehash_user_password_when_redirecting_to_two_facto
 
     public function test_two_factor_challenge_can_be_passed_via_code()
     {
+        Event::fake();
+
         $tfaEngine = app(Google2FA::class);
         $userSecret = $tfaEngine->generateSecretKey();
         $validOtp = $tfaEngine->getCurrentOtp($userSecret);
@@ -174,6 +177,8 @@ public function test_two_factor_challenge_can_be_passed_via_code()
             'code' => $validOtp,
         ]);
 
+        Event::assertDispatched(ValidTwoFactorAuthenticationCodeProvided::class);
+
         $response->assertRedirect('/home')
             ->assertSessionMissing('login.id');
     }
@@ -234,6 +239,8 @@ public function test_two_factor_challenge_fails_for_old_otp_and_zero_window()
 
     public function test_two_factor_challenge_can_be_passed_via_recovery_code()
     {
+        Event::fake();
+
         $user = UserWithTwoFactor::forceCreate([
             'name' => 'Taylor Otwell',
             'email' => '[email protected]',
@@ -248,6 +255,8 @@ public function test_two_factor_challenge_can_be_passed_via_recovery_code()
             'recovery_code' => 'valid-code',
         ]);
 
+        Event::assertDispatched(ValidTwoFactorAuthenticationCodeProvided::class);
+
         $response->assertRedirect('/home')
             ->assertSessionMissing('login.id');
         $this->assertNotNull(Auth::getUser());