Merge pull request #44 from nadhifikbarw/tfa-routes-patch

[1.x] Only register two-factor-challenge routes if TFA feature enabled
laravel · Sep 17, 2020 · eb3e534 · eb3e534
2 parents 5b4550e + c5ad6ed
commit eb3e534
Showing 1 changed file with 7 additions and 7 deletions.
diff --git a/routes/routes.php b/routes/routes.php
@@ -32,13 +32,6 @@
             $limiter ? 'throttle:'.$limiter : null,
         ]));
 
-    Route::get('/two-factor-challenge', [TwoFactorAuthenticatedSessionController::class, 'create'])
-        ->middleware(['guest'])
-        ->name('two-factor.login');
-
-    Route::post('/two-factor-challenge', [TwoFactorAuthenticatedSessionController::class, 'store'])
-        ->middleware(['guest']);
-
     Route::post('/logout', [AuthenticatedSessionController::class, 'destroy'])
         ->name('logout');
 
@@ -112,6 +105,13 @@
 
     // Two Factor Authentication...
     if (Features::enabled(Features::twoFactorAuthentication())) {
+        Route::get('/two-factor-challenge', [TwoFactorAuthenticatedSessionController::class, 'create'])
+            ->middleware(['guest'])
+            ->name('two-factor.login');
+
+        Route::post('/two-factor-challenge', [TwoFactorAuthenticatedSessionController::class, 'store'])
+            ->middleware(['guest']);
+
         $twoFactorMiddleware = Features::optionEnabled(Features::twoFactorAuthentication(), 'confirmPassword')
             ? ['auth', 'password.confirm']
             : ['auth'];