laravel
diff --git a/‎app/Actions/TwoFactorAuth/ConfirmTwoFactorAuthentication.php‎
Lines changed: 0 additions & 21 deletions b/‎app/Actions/TwoFactorAuth/ConfirmTwoFactorAuthentication.php‎
Lines changed: 0 additions & 21 deletions
diff --git a/‎app/Http/Controllers/Settings/TwoFactorAuthController.php‎
Lines changed: 3 additions & 3 deletions b/‎app/Http/Controllers/Settings/TwoFactorAuthController.php‎
Lines changed: 3 additions & 3 deletions
@@ -27,6 +27,7 @@ public function show(Request $request)
         $confirmed = !is_null($user->two_factor_confirmed_at);
 
         // If 2fa is not confirmed, we want to clear out secret and recovery codes
+        // This happens when a user enables 2fa and does not finish confirmation
         if (!$confirmed) {
             app(DisableTwoFactorAuthentication::class)($user);
         }
@@ -83,11 +84,10 @@ public function confirm(Request $request)
 
             // Update user with recovery codes and confirm 2FA
             $request->user()->forceFill([
-                'two_factor_recovery_codes' => encrypt(json_encode($recoveryCodes))
+                'two_factor_recovery_codes' => encrypt(json_encode($recoveryCodes)),
+                'two_factor_confirmed_at' => now()
             ])->save();
 
-            app(ConfirmTwoFactorAuthentication::class)($request->user());
-            
             return response()->json([
                 'status' => 'two-factor-authentication-confirmed',
                 'recovery_codes' => $recoveryCodes