Return recovery errors under the recovery_code key (#401)

Author: jessarcher

src/Http/Responses/FailedTwoFactorLoginResponse.php

@@ -15,14 +15,16 @@ class FailedTwoFactorLoginResponse implements FailedTwoFactorLoginResponseContra
      */
     public function toResponse($request)
     {
-        $message = __('The provided two factor authentication code was invalid.');
+        [$key, $message] = $request->has('recovery_code')
+            ? ['recovery_code', __('The provided two factor recovery code was invalid.')]
+            : ['code', __('The provided two factor authentication code was invalid.')];
 
         if ($request->wantsJson()) {
             throw ValidationException::withMessages([
-                'code' => [$message],
+                $key => [$message],
             ]);
         }
 
-        return redirect()->route('two-factor.login')->withErrors(['code' => $message]);
+        return redirect()->route('two-factor.login')->withErrors([$key => $message]);
     }
 }

tests/AuthenticatedSessionControllerTest.php

@@ -328,7 +328,8 @@ public function test_two_factor_challenge_fails_for_old_otp_and_zero_window()
         ]);
 
         $response->assertRedirect('/two-factor-challenge')
-                 ->assertSessionHas('login.id');
+                 ->assertSessionHas('login.id')
+                 ->assertSessionHasErrors(['code']);
     }
 
     public function test_two_factor_challenge_can_be_passed_via_recovery_code()
@@ -380,7 +381,8 @@ public function test_two_factor_challenge_can_fail_via_recovery_code()
         ]);
 
         $response->assertRedirect('/two-factor-challenge')
-            ->assertSessionHas('login.id');
+            ->assertSessionHas('login.id')
+            ->assertSessionHasErrors(['recovery_code']);
         $this->assertNull(Auth::getUser());
     }