Improve two-factor authentication error handling and UI updates

Author: pushpak1300

app/Http/Requests/Auth/LoginRequest.php

@@ -41,7 +41,7 @@ public function validateCredentials(): User
     {
         $this->ensureIsNotRateLimited();
 
-        /** @var User $user */
+        /** @var User|null $user */
         $user = Auth::getProvider()->retrieveByCredentials($this->only('email', 'password'));
 
         if (! $user || ! Auth::getProvider()->validateCredentials($user, $this->only('password'))) {

resources/js/components/delete-user.tsx

@@ -22,7 +22,9 @@ export default function DeleteUser() {
 
                 <Dialog>
                     <DialogTrigger asChild>
-                        <Button variant="destructive" data-test="delete-user-button">Delete account</Button>
+                        <Button variant="destructive" data-test="delete-user-button">
+                            Delete account
+                        </Button>
                     </DialogTrigger>
                     <DialogContent>
                         <DialogTitle>Are you sure you want to delete your account?</DialogTitle>
@@ -67,7 +69,9 @@ export default function DeleteUser() {
                                         </DialogClose>
 
                                         <Button variant="destructive" disabled={processing} asChild>
-                                            <button type="submit" data-test="confirm-delete-user-button">Delete account</button>
+                                            <button type="submit" data-test="confirm-delete-user-button">
+                                                Delete account
+                                            </button>
                                         </Button>
                                     </DialogFooter>
                                 </>

resources/js/components/two-factor-recovery-codes.tsx

@@ -1,18 +1,21 @@
+import { Alert, AlertDescription, AlertTitle } from '@/components/ui/alert';
 import { Button } from '@/components/ui/button';
 import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@/components/ui/card';
 import { regenerateRecoveryCodes } from '@/routes/two-factor';
 import { Form } from '@inertiajs/react';
-import { Eye, EyeOff, LockKeyhole, RefreshCw } from 'lucide-react';
+import { AlertCircleIcon, Eye, EyeOff, LockKeyhole, RefreshCw } from 'lucide-react';
 import { useCallback, useEffect, useRef, useState } from 'react';
 
 interface TwoFactorRecoveryCodesProps {
     recoveryCodesList: string[];
     fetchRecoveryCodes: () => Promise<void>;
+    errors: string[];
 }
 
-export default function TwoFactorRecoveryCodes({ recoveryCodesList, fetchRecoveryCodes }: TwoFactorRecoveryCodesProps) {
+export default function TwoFactorRecoveryCodes({ recoveryCodesList, fetchRecoveryCodes, errors }: TwoFactorRecoveryCodesProps) {
     const [codesAreVisible, setCodesAreVisible] = useState<boolean>(false);
     const codesSectionRef = useRef<HTMLDivElement | null>(null);
+    const canRegenerateCodes = recoveryCodesList.length > 0 && codesAreVisible;
 
     const toggleCodesVisibility = useCallback(async () => {
         if (!codesAreVisible && !recoveryCodesList.length) {
@@ -57,7 +60,7 @@ export default function TwoFactorRecoveryCodes({ recoveryCodesList, fetchRecover
                         {codesAreVisible ? 'Hide' : 'View'} Recovery Codes
                     </Button>
 
-                    {codesAreVisible && (
+                    {canRegenerateCodes && (
                         <Form {...regenerateRecoveryCodes.form()} options={{ preserveScroll: true }} onSuccess={fetchRecoveryCodes}>
                             {({ processing }) => (
                                 <Button variant="secondary" type="submit" disabled={processing} aria-describedby="regenerate-warning">
@@ -73,32 +76,49 @@ export default function TwoFactorRecoveryCodes({ recoveryCodesList, fetchRecover
                     aria-hidden={!codesAreVisible}
                 >
                     <div className="mt-3 space-y-3">
-                        <div
-                            ref={codesSectionRef}
-                            className="grid gap-1 rounded-lg bg-muted p-4 font-mono text-sm"
-                            role="list"
-                            aria-label="Recovery codes"
-                        >
-                            {recoveryCodesList.length ? (
-                                recoveryCodesList.map((code, index) => (
-                                    <div key={index} role="listitem" className="select-text">
-                                        {code}
-                                    </div>
-                                ))
-                            ) : (
-                                <div className="space-y-2" aria-label="Loading recovery codes">
-                                    {Array.from({ length: 8 }, (_, index) => (
-                                        <div key={index} className="h-4 animate-pulse rounded bg-muted-foreground/20" aria-hidden="true" />
-                                    ))}
+                        {errors?.length ? (
+                            <Alert variant="destructive">
+                                <AlertCircleIcon />
+                                <AlertTitle>Something went wrong.</AlertTitle>
+                                <AlertDescription>
+                                    <ul className="list-disc text-sm">
+                                        {errors.map((error, index) => (
+                                            <li key={index}>{error}</li>
+                                        ))}
+                                    </ul>
+                                </AlertDescription>
+                            </Alert>
+                        ) : (
+                            <>
+                                <div
+                                    ref={codesSectionRef}
+                                    className="grid gap-1 rounded-lg bg-muted p-4 font-mono text-sm"
+                                    role="list"
+                                    aria-label="Recovery codes"
+                                >
+                                    {recoveryCodesList.length ? (
+                                        recoveryCodesList.map((code, index) => (
+                                            <div key={index} role="listitem" className="select-text">
+                                                {code}
+                                            </div>
+                                        ))
+                                    ) : (
+                                        <div className="space-y-2" aria-label="Loading recovery codes">
+                                            {Array.from({ length: 8 }, (_, index) => (
+                                                <div key={index} className="h-4 animate-pulse rounded bg-muted-foreground/20" aria-hidden="true" />
+                                            ))}
+                                        </div>
+                                    )}
                                 </div>
-                            )}
-                        </div>
-                        <div className="text-xs text-muted-foreground select-none">
-                            <p id="regenerate-warning">
-                                Each recovery code can be used once to access your account and will be removed after use. If you need more, click{' '}
-                                <span className="font-bold">Regenerate Codes</span> above.
-                            </p>
-                        </div>
+
+                                <div className="text-xs text-muted-foreground select-none">
+                                    <p id="regenerate-warning">
+                                        Each recovery code can be used once to access your account and will be removed after use. If you need more,
+                                        click <span className="font-bold">Regenerate Codes</span> above.
+                                    </p>
+                                </div>
+                            </>
+                        )}
                     </div>
                 </div>
             </CardContent>

resources/js/components/two-factor-setup-modal.tsx

@@ -1,4 +1,5 @@
 import InputError from '@/components/input-error';
+import { Alert, AlertDescription, AlertTitle } from '@/components/ui/alert';
 import { Button } from '@/components/ui/button';
 import { Dialog, DialogContent, DialogDescription, DialogHeader, DialogTitle } from '@/components/ui/dialog';
 import { InputOTP, InputOTPGroup, InputOTPSlot } from '@/components/ui/input-otp';
@@ -7,7 +8,7 @@ import { OTP_MAX_LENGTH } from '@/hooks/use-two-factor-auth';
 import { confirm } from '@/routes/two-factor';
 import { Form } from '@inertiajs/react';
 import { REGEXP_ONLY_DIGITS } from 'input-otp';
-import { Check, Copy, Loader2, ScanLine } from 'lucide-react';
+import { AlertCircleIcon, Check, Copy, Loader2, ScanLine } from 'lucide-react';
 import { useCallback, useEffect, useMemo, useRef, useState } from 'react';
 
 function GridScanIcon() {
@@ -35,63 +36,79 @@ function TwoFactorSetupStep({
     manualSetupKey,
     buttonText,
     onNextStep,
+    errors,
 }: {
     qrCodeSvg: string | null;
     manualSetupKey: string | null;
     buttonText: string;
     onNextStep: () => void;
+    errors: string[];
 }) {
     const [copiedText, copy] = useClipboard();
     const IconComponent = copiedText === manualSetupKey ? Check : Copy;
 
     return (
         <>
-            <div className="mx-auto flex max-w-md overflow-hidden">
-                <div className="mx-auto aspect-square w-64 rounded-lg border border-border">
-                    {qrCodeSvg ? (
-                        <div className="z-10 p-5">
-                            <div className="flex size-full items-center justify-center" dangerouslySetInnerHTML={{ __html: qrCodeSvg }} />
-                        </div>
-                    ) : (
-                        <div className="absolute inset-0 z-10 flex animate-pulse items-center justify-center bg-background">
-                            <Loader2 className="size-6 animate-spin" />
+            {errors?.length ? (
+                <Alert variant="destructive">
+                    <AlertCircleIcon />
+                    <AlertTitle>Something went wrong.</AlertTitle>
+                    <AlertDescription>
+                        <ul className="list-inside list-disc text-sm">
+                            {Array.from(new Set(errors)).map((error, index) => (
+                                <li key={index}>{error}</li>
+                            ))}
+                        </ul>
+                    </AlertDescription>
+                </Alert>
+            ) : (
+                <>
+                    <div className="mx-auto flex max-w-md overflow-hidden">
+                        <div className="mx-auto aspect-square w-64 rounded-lg border border-border">
+                            <div className="z-10 flex h-full w-full items-center justify-center p-5">
+                                {qrCodeSvg ? (
+                                    <div dangerouslySetInnerHTML={{ __html: qrCodeSvg }} />
+                                ) : (
+                                    <Loader2 className="flex size-4 animate-spin" />
+                                )}
+                            </div>
                         </div>
-                    )}
-                </div>
-            </div>
+                    </div>
 
-            <div className="flex w-full space-x-5">
-                <Button className="w-full" onClick={onNextStep}>
-                    {buttonText}
-                </Button>
-            </div>
+                    <div className="flex w-full space-x-5">
+                        <Button className="w-full" onClick={onNextStep}>
+                            {buttonText}
+                        </Button>
+                    </div>
 
-            <div className="relative flex w-full items-center justify-center">
-                <div className="absolute inset-0 top-1/2 h-px w-full bg-border" />
-                <span className="relative bg-card px-2 py-1">or, enter the code manually</span>
-            </div>
+                    <div className="relative flex w-full items-center justify-center">
+                        <div className="absolute inset-0 top-1/2 h-px w-full bg-border" />
+                        <span className="relative bg-card px-2 py-1">or, enter the code manually</span>
+                    </div>
 
-            <div className="flex w-full space-x-2">
-                <div className="flex w-full items-stretch overflow-hidden rounded-xl border border-border">
-                    {!manualSetupKey ? (
-                        <div className="flex h-full w-full items-center justify-center bg-muted p-3">
-                            <Loader2 className="size-4 animate-spin" />
+                    <div className="flex w-full space-x-2">
+                        <div className="flex w-full items-stretch overflow-hidden rounded-xl border border-border">
+                            {!manualSetupKey ? (
+                                <div className="flex h-full w-full items-center justify-center bg-muted p-3">
+                                    <Loader2 className="size-4 animate-spin" />
+                                </div>
+                            ) : (
+                                <>
+                                    <input
+                                        type="text"
+                                        readOnly
+                                        value={manualSetupKey}
+                                        className="h-full w-full bg-background p-3 text-foreground outline-none"
+                                    />
+                                    <button onClick={() => copy(manualSetupKey)} className="border-l border-border px-3 hover:bg-muted">
+                                        <IconComponent className="w-4" />
+                                    </button>
+                                </>
+                            )}
                         </div>
-                    ) : (
-                        <>
-                            <input
-                                type="text"
-                                readOnly
-                                value={manualSetupKey}
-                                className="h-full w-full bg-background p-3 text-foreground outline-none"
-                            />
-                            <button onClick={() => copy(manualSetupKey)} className="border-l border-border px-3 hover:bg-muted">
-                                <IconComponent className="w-4" />
-                            </button>
-                        </>
-                    )}
-                </div>
-            </div>
+                    </div>
+                </>
+            )}
         </>
     );
 }
@@ -153,6 +170,7 @@ interface TwoFactorSetupModalProps {
     manualSetupKey: string | null;
     clearSetupData: () => void;
     fetchSetupData: () => Promise<void>;
+    errors: string[];
 }
 
 export default function TwoFactorSetupModal({
@@ -164,6 +182,7 @@ export default function TwoFactorSetupModal({
     manualSetupKey,
     clearSetupData,
     fetchSetupData,
+    errors,
 }: TwoFactorSetupModalProps) {
     const [showVerificationStep, setShowVerificationStep] = useState<boolean>(false);
 
@@ -239,6 +258,7 @@ export default function TwoFactorSetupModal({
                             manualSetupKey={manualSetupKey}
                             buttonText={modalConfig.buttonText}
                             onNextStep={handleModalNextStep}
+                            errors={errors}
                         />
                     )}
                 </div>

resources/js/hooks/use-two-factor-auth.ts

@@ -49,7 +49,7 @@ export const useTwoFactorAuth = () => {
 
             setManualSetupKey(key);
         } catch {
-            setErrors((prev) => [...prev, 'Failed to fetch setup key']);
+            setErrors((prev) => [...prev, 'Failed to fetch a setup key']);
             setManualSetupKey(null);
         }
     }, []);
@@ -66,23 +66,25 @@ export const useTwoFactorAuth = () => {
 
     const fetchRecoveryCodes = useCallback(async (): Promise<void> => {
         try {
+            clearErrors();
             const codes = await fetchJson<string[]>(recoveryCodes.url());
 
             setRecoveryCodesList(codes);
         } catch {
             setErrors((prev) => [...prev, 'Failed to fetch recovery codes']);
             setRecoveryCodesList([]);
         }
-    }, []);
+    }, [clearErrors]);
 
     const fetchSetupData = useCallback(async (): Promise<void> => {
         try {
+            clearErrors();
             await Promise.all([fetchQrCode(), fetchSetupKey()]);
         } catch {
             setQrCodeSvg(null);
             setManualSetupKey(null);
         }
-    }, [fetchQrCode, fetchSetupKey]);
+    }, [clearErrors, fetchQrCode, fetchSetupKey]);
 
     return {
         qrCodeSvg,

resources/js/pages/settings/password.tsx

@@ -100,7 +100,9 @@ export default function Password() {
                                 </div>
 
                                 <div className="flex items-center gap-4">
-                                    <Button disabled={processing} data-test="update-password-button">Save password</Button>
+                                    <Button disabled={processing} data-test="update-password-button">
+                                        Save password
+                                    </Button>
 
                                     <Transition
                                         show={recentlySuccessful}

resources/js/pages/settings/profile.tsx

@@ -96,7 +96,9 @@ export default function Profile({ mustVerifyEmail, status }: { mustVerifyEmail:
                                 )}
 
                                 <div className="flex items-center gap-4">
-                                    <Button disabled={processing} data-test="update-profile-button">Save</Button>
+                                    <Button disabled={processing} data-test="update-profile-button">
+                                        Save
+                                    </Button>
 
                                     <Transition
                                         show={recentlySuccessful}

resources/js/pages/settings/two-factor.tsx

@@ -25,7 +25,8 @@ const breadcrumbs: BreadcrumbItem[] = [
 ];
 
 export default function TwoFactor({ requiresConfirmation = false, twoFactorEnabled = false }: TwoFactorProps) {
-    const { qrCodeSvg, hasSetupData, manualSetupKey, clearSetupData, fetchSetupData, recoveryCodesList, fetchRecoveryCodes } = useTwoFactorAuth();
+    const { qrCodeSvg, hasSetupData, manualSetupKey, clearSetupData, fetchSetupData, recoveryCodesList, fetchRecoveryCodes, errors } =
+        useTwoFactorAuth();
     const [showSetupModal, setShowSetupModal] = useState<boolean>(false);
 
     return (
@@ -42,7 +43,7 @@ export default function TwoFactor({ requiresConfirmation = false, twoFactorEnabl
                                 retrieve from the TOTP-supported application on your phone.
                             </p>
 
-                            <TwoFactorRecoveryCodes recoveryCodesList={recoveryCodesList} fetchRecoveryCodes={fetchRecoveryCodes} />
+                            <TwoFactorRecoveryCodes recoveryCodesList={recoveryCodesList} fetchRecoveryCodes={fetchRecoveryCodes} errors={errors} />
 
                             <div className="relative inline">
                                 <Form {...disable.form()}>
@@ -91,6 +92,7 @@ export default function TwoFactor({ requiresConfirmation = false, twoFactorEnabl
                         manualSetupKey={manualSetupKey}
                         clearSetupData={clearSetupData}
                         fetchSetupData={fetchSetupData}
+                        errors={errors}
                     />
                 </div>
             </SettingsLayout>