test 2FA is respected

src/Actions/RedirectIfTwoFactorAuthenticatable.php

@@ -8,7 +8,6 @@
 use JoelButcher\Socialstream\Socialstream;
 use Laravel\Fortify\Actions\RedirectIfTwoFactorAuthenticatable as BaseAction;
 use Laravel\Fortify\Fortify;
-use Laravel\Fortify\TwoFactorAuthenticatable;
 
 class RedirectIfTwoFactorAuthenticatable extends BaseAction
 {

testbench.yaml

@@ -6,10 +6,9 @@ providers:
   - JoelButcher\Socialstream\SocialstreamServiceProvider
 
 migrations:
-  - database/migrations/0001_01_01_000000_make_password_nullable_on_users_table.php
-  - database/migrations/0001_01_01_000001_create_connected_accounts_table.php
-  - vendor/laravel/fortify/database/migrations
   - vendor/laravel/jetstream/database/migrations
+  - database/migrations
+  - vendor/laravel/fortify/database/migrations
 
 workbench:
   install: false

tests/Feature/SocialstreamTest.php

@@ -5,12 +5,15 @@
 use App\Models\User;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Illuminate\Support\Facades\Config;
+use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Route;
 use Illuminate\Support\Facades\Session;
 use Illuminate\Support\Str;
 use JoelButcher\Socialstream\Contracts\GeneratesProviderRedirect;
+use JoelButcher\Socialstream\Providers;
 use JoelButcher\Socialstream\Socialstream;
+use Laravel\Fortify\Features;
 use Laravel\Socialite\Facades\Socialite;
 use Laravel\Socialite\Two\GithubProvider;
 use Laravel\Socialite\Two\User as SocialiteUser;
@@ -151,6 +154,61 @@ public function generate(string $provider): RedirectResponse
     $this->assertAuthenticated();
 });
 
+test('existing users with 2FA enabled are redirected', function (): void {
+    Config::set('socialstream.providers', [Providers::github()]);
+    Config::set('fortify.features', array_merge(Config::get('fortify.features'), [
+        Features::twoFactorAuthentication(options: [
+            'confirm' => false,
+            'confirmPassword' => true,
+        ]),
+    ]));
+
+    $user = Socialstream::$userModel::create([
+        'name' => 'Joel Butcher',
+        'email' => '[email protected]',
+        'password' => Hash::make('password'),
+        'two_factor_secret' => 'foo',
+        'two_factor_recovery_codes' => 'bar',
+    ]);
+
+    $user->connectedAccounts()->create([
+        'provider' => 'github',
+        'provider_id' => $githubId = fake()->numerify('########'),
+        'email' => '[email protected]',
+        'token' => Str::random(64),
+    ]);
+
+    $this->assertDatabaseHas('users', ['email' => '[email protected]']);
+    $this->assertDatabaseHas('connected_accounts', [
+        'provider' => 'github',
+        'provider_id' => $githubId,
+        'email' => '[email protected]',
+    ]);
+
+    $user = (new SocialiteUser())
+        ->map([
+            'id' => $githubId,
+            'nickname' => 'joel',
+            'name' => 'Joel',
+            'email' => '[email protected]',
+            'avatar' => null,
+            'avatar_original' => null,
+        ])
+        ->setToken('user-token')
+        ->setRefreshToken('refresh-token')
+        ->setExpiresIn(3600);
+
+    $provider = Mockery::mock(GithubProvider::class);
+    $provider->shouldReceive('user')->andReturn($user);
+
+    Socialite::shouldReceive('driver')->with('github')->andReturn($provider);
+
+    Session::put('socialstream.previous_url', route('login'));
+
+    get('http://localhost/oauth/github/callback')
+        ->assertRedirect(route('two-factor.login'));
+});
+
 test('authenticated users can link to provider', function (): void {
     $this->actingAs(User::create([
         'name' => 'Joel Butcher',

tests/Fixtures/User.php

@@ -11,10 +11,7 @@ class User extends BaseUser
 {
     use HasApiTokens, HasTeams, HasProfilePhoto;
 
-    /**
-     * The attributes that aren't mass assignable.
-     *
-     * @var array
-     */
     protected $guarded = [];
+
+    protected $fillable = [];
 }