### Two-Factor Authentication Setup Steps Source: https://github.com/laravel/fortify/blob/1.x/resources/boost/skills/fortify-development/SKILL.md A checklist outlining the steps required to set up Two-Factor Authentication (2FA) with Laravel Fortify. This includes model trait addition, feature enablement, migration publishing, view callback setup, UI creation, and testing. ```text - [ ] Add TwoFactorAuthenticatable trait to User model - [ ] Enable feature in config/fortify.php - [ ] If the `*_add_two_factor_columns_to_users_table.php` migration is missing, publish via `php artisan vendor:publish --tag=fortify-migrations` and migrate - [ ] Set up view callbacks in FortifyServiceProvider - [ ] Create 2FA management UI - [ ] Test QR code and recovery codes ``` -------------------------------- ### Email Verification Setup Steps Source: https://github.com/laravel/fortify/blob/1.x/resources/boost/skills/fortify-development/SKILL.md A checklist for setting up email verification in Laravel Fortify. It covers enabling the feature, implementing the `MustVerifyEmail` interface on the User model, setting up view callbacks, applying middleware, and testing the flow. ```text - [ ] Enable emailVerification feature in config - [ ] Implement MustVerifyEmail interface on User model - [ ] Set up verifyEmailView callback - [ ] Add verified middleware to protected routes - [ ] Test verification email flow ``` -------------------------------- ### SPA Authentication Setup Steps Source: https://github.com/laravel/fortify/blob/1.x/resources/boost/skills/fortify-development/SKILL.md Steps to configure Laravel Fortify for Single Page Application (SPA) authentication. This includes disabling default views, configuring Laravel Sanctum, using the 'web' guard, and setting up CSRF token handling for XHR requests. ```text - [ ] Set 'views' => false in config/fortify.php - [ ] Install and configure Laravel Sanctum for session-based SPA authentication - [ ] Use the 'web' guard in config/fortify.php (required for session-based authentication) - [ ] Set up CSRF token handling - [ ] Test XHR authentication flows ``` -------------------------------- ### Password Reset Setup Steps Source: https://github.com/laravel/fortify/blob/1.x/resources/boost/skills/fortify-development/SKILL.md A checklist for configuring password reset functionality using Laravel Fortify. This involves enabling the feature, setting up view callbacks for requesting and resetting passwords, defining a named route if views are disabled, and testing the process. ```text - [ ] Enable resetPasswords feature in config - [ ] Set up requestPasswordResetLinkView callback - [ ] Set up resetPasswordView callback - [ ] Define password.reset named route (if views disabled) - [ ] Test reset email and link flow ``` -------------------------------- ### Enable Two-Factor Rate Limiting in Fortify Configuration Source: https://github.com/laravel/fortify/blob/1.x/UPGRADE.md Update the 'limiters' array in the 'fortify.php' configuration file to include the 'two-factor' rate limiter. This enables the security mechanism for the two-factor authentication code form. ```php 'limiters' => [ 'login' => 'login', 'two-factor' => 'two-factor', ], ``` -------------------------------- ### Define Two-Factor Rate Limiter in FortifyServiceProvider Source: https://github.com/laravel/fortify/blob/1.x/UPGRADE.md Implement the 'two-factor' rate limiter logic within the 'boot' method of the 'FortifyServiceProvider'. This limits users to 5 attempts per minute based on their session login ID. ```php RateLimiter::for('two-factor', function (Request $request) { return Limit::perMinute(5)->by($request->session()->get('login.id')); }); ``` -------------------------------- ### Two-Factor Authentication Response in SPA Mode (JSON) Source: https://github.com/laravel/fortify/blob/1.x/resources/boost/skills/fortify-development/SKILL.md Example JSON response from Laravel Fortify when a user attempts to log in with two-factor authentication enabled in SPA mode (where `views` is set to `false`). The response indicates that a two-factor challenge is required. ```json { "two_factor": true } ``` -------------------------------- ### POST /login Source: https://github.com/laravel/fortify/blob/1.x/resources/boost/skills/fortify-development/SKILL.md Authenticates a user and establishes a session. ```APIDOC ## POST /login ### Description Authenticates the user using provided credentials and initiates a session. ### Method POST ### Endpoint /login ### Request Body - **email** (string) - Required - The user's email address - **password** (string) - Required - The user's password ### Request Example { "email": "user@example.com", "password": "secret" } ``` -------------------------------- ### POST /register Source: https://github.com/laravel/fortify/blob/1.x/resources/boost/skills/fortify-development/SKILL.md Registers a new user account. ```APIDOC ## POST /register ### Description Creates a new user account in the application. ### Method POST ### Endpoint /register ### Request Body - **name** (string) - Required - User's full name - **email** (string) - Required - User's email address - **password** (string) - Required - User's password - **password_confirmation** (string) - Required - Password confirmation ### Request Example { "name": "John Doe", "email": "john@example.com", "password": "password", "password_confirmation": "password" } ``` -------------------------------- ### Customizing Authentication Logic with Fortify Source: https://github.com/laravel/fortify/blob/1.x/resources/boost/skills/fortify-development/SKILL.md Demonstrates how to customize Laravel Fortify's authentication behavior. `Fortify::authenticateUsing()` can be used for custom user retrieval, while `Fortify::authenticateThrough()` customizes the authentication pipeline. Response contracts can be overridden in `AppServiceProvider` for custom redirects. ```php use Laravel\Fortify\Fortify; // In AppServiceProvider or a dedicated Fortify service provider Fortify::authenticateUsing(function (Request $request) { // Custom user retrieval logic return User::where('email', $request->email)->first(); }); Fortify::authenticateThrough( [ // Custom authentication pipeline steps ] ); // Override response contracts in AppServiceProvider@boot() Fortify::loginView(function () { return response( // Custom login response ); }); ``` -------------------------------- ### Customizing User Registration Logic Source: https://github.com/laravel/fortify/blob/1.x/resources/boost/skills/fortify-development/SKILL.md Shows how to customize the user creation process in Laravel Fortify by modifying the `app/Actions/Fortify/CreateNewUser.php` file. This allows for custom validation rules, additional fields, and specific business logic during user registration. ```php namespace App\Actions\Fortify; use Illuminate\Support\Facades\Hash; use Illuminate\Support\Facades\Validator; use Laravel\Fortify\Contracts\CreatesNewUsers; class CreateNewUser implements CreatesNewUsers { use PasswordValidationRules; public function create(array $input) { Validator::make($input, [ 'name' => ['required', 'string', 'max:255'], 'email' => ['required', 'string', 'email', 'max:255', 'unique:users'], 'password' => $this->passwordRules(), // Add custom validation rules here ])->validate(); return User::create([ 'name' => $input['name'], 'email' => $input['email'], 'password' => Hash::make($input['password']), // Add custom fields here ]); } } ``` -------------------------------- ### POST /forgot-password Source: https://github.com/laravel/fortify/blob/1.x/resources/boost/skills/fortify-development/SKILL.md Initiates the password reset process. ```APIDOC ## POST /forgot-password ### Description Sends a password reset link to the user's registered email address. ### Method POST ### Endpoint /forgot-password ### Request Body - **email** (string) - Required - The email address associated with the account ### Request Example { "email": "user@example.com" } ``` -------------------------------- ### Enable Fortify Features in Configuration Source: https://github.com/laravel/fortify/blob/1.x/resources/boost/skills/fortify-development/SKILL.md This snippet shows how to enable various authentication features provided by Laravel Fortify within the `config/fortify.php` configuration file. These features include registration, password resets, email verification, profile updates, password changes, and two-factor authentication. ```php return [ // ... 'features' => [ Features::registration(), Features::resetPasswords(), Features::emailVerification(), Features::updateProfileInformation(), Features::updatePasswords(), Features::twoFactorAuthentication(), ], // ... ]; ``` -------------------------------- ### POST /user/two-factor-authentication Source: https://github.com/laravel/fortify/blob/1.x/resources/boost/skills/fortify-development/SKILL.md Enables two-factor authentication for the authenticated user. ```APIDOC ## POST /user/two-factor-authentication ### Description Enables two-factor authentication for the currently authenticated user. ### Method POST ### Endpoint /user/two-factor-authentication ### Request Example {} ### Response #### Success Response (200) - **status** (string) - Confirmation message ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.