Support/Response::makeStatusCode() responds with HTTP 200 if request method is GET

[LeoniePhiline]

When working with a JSON API, response codes are important.
\PragmaRX\Google2FALaravel\Support\Response::makeStatusCode() returns 200 if $this->getRequest()->isMethod('get'), regardless of the actual validity or presence of an OTP in the request.

The error bag (\PragmaRX\Google2FALaravel\Support\ErrorBag::getErrorBagForStatusCode()) cannot deal with the 200 response code. It will return an "unknown error" string.

Should the middleware not be applied to GET routes at all? The README.md file does show Route::get(...) as example.

What I would expect is:
As I request with any HTTP method, the middleware will always respond with an OTP challenge if the twoFactorAuthStillValid() returns false.

In an Axios hook (similar to Axios hooks dealing with using the refresh token to get a new OAuth access token), I would then challenge the user for an OTP, then POST that OTP to the server and afterwards re-send the original request which was interrupted by the challenge.

If I am entirely wrong with this, then please enlighten me. :)