laravel · taylorotwell · Jan 4, 2021 · Dec 29, 2020 · mpyw · Jun 25, 2022
diff --git a/src/Actions/RedirectIfTwoFactorAuthenticatable.php b/src/Actions/RedirectIfTwoFactorAuthenticatable.php
@@ -4,7 +4,6 @@
 
 use Illuminate\Auth\Events\Failed;
 use Illuminate\Contracts\Auth\StatefulGuard;
-use Illuminate\Support\Facades\Hash;
 use Illuminate\Validation\ValidationException;
 use Laravel\Fortify\Fortify;
 use Laravel\Fortify\LoginRateLimiter;
@@ -76,15 +75,17 @@ protected function validateCredentials($request)
             });
         }
 
-        $model = $this->guard->getProvider()->getModel();
+        $user = $this->guard->getProvider()->retrieveByCredentials(
+            $request->only(Fortify::username(), 'password')
+        );
 
-        return tap($model::where(Fortify::username(), $request->{Fortify::username()})->first(), function ($user) use ($request) {
-            if (! $user || ! Hash::check($request->password, $user->password)) {
-                $this->fireFailedEvent($request, $user);
+        if (! $user) {
+            $this->fireFailedEvent($request, $user);
 
-                $this->throwFailedAuthenticationException($request);
-            }
-        });
+            $this->throwFailedAuthenticationException($request);
+        }
+
+        return $user;
     }
 
     /**

diff --git a/src/Http/Requests/TwoFactorLoginRequest.php b/src/Http/Requests/TwoFactorLoginRequest.php
@@ -86,10 +86,10 @@ public function challengedUser()
             return $this->challengedUser;
         }
 
-        $model = app(StatefulGuard::class)->getProvider()->getModel();
+        $provider = app(StatefulGuard::class)->getProvider();
 
         if (! $this->session()->has('login.id') ||
-            ! $user = $model::find($this->session()->pull('login.id'))) {
+            ! $user = $provider->retrieveById($this->session()->pull('login.id'))) {
             throw new HttpResponseException(
                 app(FailedTwoFactorLoginResponse::class)->toResponse($this)
             );