From 48fb1eb162895ebab6fb1ab1b71d6bc54ab43c80 Mon Sep 17 00:00:00 2001
From: Pascal Baljet <pascal@pascalbaljet.nl>
Date: Thu, 19 Dec 2024 19:08:49 +0100
Subject: [PATCH] Use `retrieveByCredentials()` on the User Provider instead of
 a hardcoded Eloquent query (#582)

---
 src/Actions/RedirectIfTwoFactorAuthenticatable.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/Actions/RedirectIfTwoFactorAuthenticatable.php b/src/Actions/RedirectIfTwoFactorAuthenticatable.php
index 448b0f3..17ddd5a 100644
--- a/src/Actions/RedirectIfTwoFactorAuthenticatable.php
+++ b/src/Actions/RedirectIfTwoFactorAuthenticatable.php
@@ -86,17 +86,17 @@ protected function validateCredentials($request)
             });
         }
 
-        $model = $this->guard->getProvider()->getModel();
+        $provider = $this->guard->getProvider();
 
-        return tap($model::where(Fortify::username(), $request->{Fortify::username()})->first(), function ($user) use ($request) {
-            if (! $user || ! $this->guard->getProvider()->validateCredentials($user, ['password' => $request->password])) {
+        return tap($provider->retrieveByCredentials($request->only(Fortify::username(), 'password')), function ($user) use ($provider, $request) {
+            if (! $user || ! $provider->validateCredentials($user, ['password' => $request->password])) {
                 $this->fireFailedEvent($request, $user);
 
                 $this->throwFailedAuthenticationException($request);
             }
 
-            if (config('hashing.rehash_on_login', true) && method_exists($this->guard->getProvider(), 'rehashPasswordIfRequired')) {
-                $this->guard->getProvider()->rehashPasswordIfRequired($user, ['password' => $request->password]);
+            if (config('hashing.rehash_on_login', true) && method_exists($provider, 'rehashPasswordIfRequired')) {
+                $provider->rehashPasswordIfRequired($user, ['password' => $request->password]);
             }
         });
     }