laravel · taylorotwell · Oct 20, 2020 · Oct 19, 2020
diff --git a/src/Http/Controllers/AuthenticatedSessionController.php b/src/Http/Controllers/AuthenticatedSessionController.php
@@ -13,6 +13,7 @@
 use Laravel\Fortify\Contracts\LoginResponse;
 use Laravel\Fortify\Contracts\LoginViewResponse;
 use Laravel\Fortify\Contracts\LogoutResponse;
+use Laravel\Fortify\Features;
 use Laravel\Fortify\Fortify;
 use Laravel\Fortify\Http\Requests\LoginRequest;
 
@@ -82,7 +83,7 @@ protected function loginPipeline(LoginRequest $request)
 
         return (new Pipeline(app()))->send($request)->through(array_filter([
             config('fortify.limiters.login') ? null : EnsureLoginIsNotThrottled::class,
-            RedirectIfTwoFactorAuthenticatable::class,
+            Features::enabled(Features::twoFactorAuthentication()) ? RedirectIfTwoFactorAuthenticatable::class : null,
             AttemptToAuthenticate::class,
             PrepareAuthenticatedSession::class,
         ]));

diff --git a/tests/AuthenticatedSessionControllerTest.php b/tests/AuthenticatedSessionControllerTest.php
@@ -7,6 +7,7 @@
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Schema;
 use Laravel\Fortify\Contracts\LoginViewResponse;
+use Laravel\Fortify\Features;
 use Laravel\Fortify\FortifyServiceProvider;
 use Laravel\Fortify\LoginRateLimiter;
 use Laravel\Fortify\TwoFactorAuthenticatable;
@@ -70,6 +71,37 @@ public function test_user_is_redirected_to_challenge_when_using_two_factor_authe
         $response->assertRedirect('/two-factor-challenge');
     }
 
+    public function test_user_can_authenticate_when_two_factor_challenge_is_disabled()
+    {
+        app('config')->set('auth.providers.users.model', TestTwoFactorAuthenticationSessionUser::class);
+
+        $features = app('config')->get('fortify.features');
+
+        unset($features[array_search(Features::twoFactorAuthentication(), $features)]);
+
+        app('config')->set('fortify.features', $features);
+
+        $this->loadLaravelMigrations(['--database' => 'testbench']);
+
+        Schema::table('users', function ($table) {
+            $table->text('two_factor_secret')->nullable();
+        });
+
+        TestTwoFactorAuthenticationSessionUser::forceCreate([
+            'name' => 'Taylor Otwell',
+            'email' => '[email protected]',
+            'password' => bcrypt('secret'),
+            'two_factor_secret' => 'test-secret',
+        ]);
+
+        $response = $this->withoutExceptionHandling()->post('/login', [
+            'email' => '[email protected]',
+            'password' => 'secret',
+        ]);
+
+        $response->assertRedirect('/home');
+    }
+
     public function test_validation_exception_returned_on_failure()
     {
         $this->loadLaravelMigrations(['--database' => 'testbench']);