405 Method Not Allowed after successfull 2FA code

[marlonbasten]

I'm getting a 405 error message on the verify route after logging in.

When I'm entering the wrong 2fa key I get an error back as expected and I don't get logged in. But when I enter the 2fa key correctly I get a 405 error. The weird thing is, that I get logged in. So when I call the website after getting the error, I'm logged in. That tells me that the redirect is probably broken for me.

[amiranagram]

I'm currently dealing with this issue, and I'm still looking for a solution how to approach it.

I am guessing you have a route where you post your one-time password like this:

Route::post('2fa', function() {
    return redirect(URL()->previous());
})->name('2fa')->middleware('2fa');

The thing is the middleware intercepts any routes protected with it, so it will inject its view (config('google2fa.view')) if the user is not authenticated with 2fa. Since it does this the url above stays on your desired route.

The problem appears when you enter a wrong key, so the one-time password is posted on the 2fa route and since it's incorrect it doesn't continue to URL()->previous() and it returns back the 2fa route protected with 2fa middleware which will display the google2fa view again. This time even if you post the correct one-time password the 2fa route becomes the URL()->previous() which of course allows only POST method.

Maybe with the information I gave you, you can find a workaround and post it here or @antonioribeiro can help us both.

Happy coding.

[amiranagram]

Hi again. The thing that worked for me was instead of redirecting to previous URL (redirect(URL()->previous())) redirecting to intended URL which Laravel auth relies upon heavily already. Try changing it to redirect()->intended();.