<?php namespace App\Http\Middleware; use Auth; use Closure; class TwoFactorAuth { /** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { if($request->user()) { $user = $request->user(); $enabled = (bool) $user->{'2fa_enabled'}; if($enabled != false) { $checkpoint = 'i/auth/checkpoint'; if($request->session()->has('2fa.session.active') !== true && !$request->is($checkpoint)) { return redirect('/i/auth/checkpoint'); } elseif($request->session()->has('2fa.attempts') || (int) $request->session()->get('2fa.attempts') > 3) { $request->session()->pull('2fa.attempts'); Auth::logout(); } } } return $next($request); } }