fix: Email 2FA authorization and user management enhancements (#417)
Commit: 5f32842d4d597f2aa6462ee9a15808d835bc6cdd
Date: 2025-10-22 12:12:12 +0000
Author: PascalHavelange
Commit Message
fix: Email 2FA authorization and user management enhancements (#417)
* fix: Email 2FA authorization and user management enhancements
- Fix Email 2FA 403 error by explicitly registering EmailTwoFactorForm component in JetstreamServiceProvider
- Add conditional password confirmation checks to EmailTwoFactorForm matching TOTP 2FA pattern
- Prevent users from editing their own role assignments in admin interface
- Add warning message when users try to edit their own roles
- Show distinct MFA status icons (TOTP and Email) in user list instead of combined status
- Add comprehensive tests for Email 2FA password confirmation
- Add comprehensive tests for role assignment protection
- All 3353 tests pass successfully
Security improvements:
- Users can no longer escalate their own privileges by modifying role assignments
- Email 2FA now properly integrated with Jetstream password confirmation flow
- Better visual feedback for MFA methods in user management
Fixes #issue-2fa-user-management
* chore: bump version to 5.9.1
---------
Co-authored-by: Pascal HAVELANGE <havelangep@hotmail.com>
Files Changed
- ✅ Added:
.vscode/tasks.json - 📝 Modified:
app/Http/Controllers/UserManagementController.php - 📝 Modified:
app/Livewire/Profile/EmailTwoFactorForm.php - 📝 Modified:
app/Providers/JetstreamServiceProvider.php - 📝 Modified:
package-lock.json - 📝 Modified:
package.json - 📝 Modified:
resources/views/admin/users/edit.blade.php - 📝 Modified:
resources/views/admin/users/index.blade.php - ✅ Added:
tests/Feature/Auth/EmailTwoFactorPasswordConfirmationTest.php - ✅ Added:
tests/Feature/Web/UserManagementRoleProtectionTest.php
Links
This documentation was automatically generated from Git commit data.