Check against 2fa backup codes too in Login (#1366)

Co-authored-by: Boy132 <Boy132@users.noreply.github.com>

app/Filament/Pages/Auth/Login.php

@@ -57,11 +57,22 @@ class Login extends BaseLogin
             return null;
         }
 
+        $isValidToken = false;
+        if (strlen($token) === $this->google2FA->getOneTimePasswordLength()) {
             $isValidToken = $this->google2FA->verifyKey(
                 $user->totp_secret,
                 $token,
                 Config::integer('panel.auth.2fa.window'),
             );
+        } else {
+            foreach ($user->recoveryTokens as $recoveryToken) {
+                if (password_verify($token, $recoveryToken->token)) {
+                    $isValidToken = true;
+                    $recoveryToken->delete();
+                    break;
+                }
+            }
+        }
 
         if (!$isValidToken) {
             // Buffer to prevent bruteforce
@@ -108,7 +119,9 @@ class Login extends BaseLogin
     {
         return TextInput::make('2fa')
             ->label(trans('auth.two-factor-code'))
-            ->hidden(fn () => !$this->verifyTwoFactor)
+            ->hintIcon('tabler-question-mark')
+            ->hintIconTooltip(trans('auth.two-factor-hint'))
+            ->visible(fn () => $this->verifyTwoFactor)
             ->required()
             ->live();
     }

lang/en/auth.php

@@ -16,6 +16,7 @@ return [
     'failed' => 'These credentials do not match our records.',
     'failed-two-factor' => 'Incorrect 2FA Code',
     'two-factor-code' => 'Two Factor Code',
+    'two-factor-hint' => 'You may use backup codes if you lost access to your device.',
     'password' => 'The provided password is incorrect.',
     'throttle' => 'Too many login attempts. Please try again in :seconds seconds.',
     '2fa_must_be_enabled' => 'The administrator has required that 2-Factor Authentication must be enabled for your account in order to use the Panel.',