Update 2fa, logout user after two failed attempts

app/Http/Controllers/AccountController.php

@@ -321,6 +321,12 @@ class AccountController extends Controller
             $request->session()->push('2fa.session.active', true);
             return redirect('/');
         } else {
+            if($request->session()->has('2fa.attempts')) {
+                $count = (int) $request->session()->has('2fa.attempts');
+                $request->session()->push('2fa.attempts', $count + 1);
+            } else {
+                $request->session()->push('2fa.attempts', 1);
+            }
             return redirect()->back()->withErrors([
                 'code' => 'Invalid code'
             ]);

app/Http/Middleware/TwoFactorAuth.php

@@ -24,6 +24,9 @@ class TwoFactorAuth
                 if($request->session()->has('2fa.session.active') !== true && !$request->is($checkpoint))
                 {
                     return redirect('/i/auth/checkpoint');
+                } elseif($request->session()->has('2fa.attempts') || (int) $request->session()->get('2fa.attempts') > 3) {
+                    $request->session()->pull('2fa.attempts');
+                    Auth::logout();
                 }
             }
         }