diff --git a/database/.DS_Store b/database/.DS_Store
new file mode 100644
index 0000000..6601ebe
Binary files /dev/null and b/database/.DS_Store differ
diff --git a/resources/views/pages/auth/two-factor-challenge.blade.php b/resources/views/pages/auth/two-factor-challenge.blade.php
index 40257d6..44a87ce 100644
--- a/resources/views/pages/auth/two-factor-challenge.blade.php
+++ b/resources/views/pages/auth/two-factor-challenge.blade.php
@@ -67,6 +67,10 @@ public function submitCode($code)
         if($valid){
         
             Auth::login($user);
+
+            // clear out the session that is used to determine if the user can visit the 2fa challenge page.
+            $this->session()->forget('login.id');
+
             event(new Login(auth()->guard('web'), $user, true));
             return redirect()->intended('/');
         } else {
@@ -91,7 +95,7 @@ public function submit_recovery_code(){
 ?>
 
 <x-auth::layouts.app title="{{ config('devdojo.auth.language.twoFactorChallenge.page_title') }}">
-    @volt('auth.twofactorchallenge')
+    @volt('auth.two-factor-challenge')
         <x-auth::elements.container>
             <div x-data x-on:code-input-complete.window="console.log(event); $dispatch('submitCode', [event.detail.code])" class="relative w-full h-auto">
                 @if(!$recovery)
diff --git a/tests/Feature/TwoFactorTest.php b/tests/Feature/TwoFactorTest.php
new file mode 100644
index 0000000..6806720
--- /dev/null
+++ b/tests/Feature/TwoFactorTest.php
@@ -0,0 +1,59 @@
+<?php
+
+use App\Models\User;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Hash;
+
+beforeEach(function () {
+    // Ensure each test starts with a clean slate
+    User::query()->delete();
+});
+
+test('Two factor challenge page redirects to login for guest user', function(){
+    $this->get('auth/two-factor-challenge')
+        ->assertRedirect('auth/login');
+});
+
+test('Two factor challenge page redirects if user is logged in and they don\'t have the login.id session', function(){
+    withANewUser()->get('auth/two-factor-challenge')
+        ->assertRedirect('auth/login');
+});
+
+test('when user logs in and two factor auth is active, they will have the login.id session created', function(){
+    $user = User::factory()->create(['name' => 'Homer Simpson', 'email' => 'homer@springfield.com', 'password' => \Hash::make('DuffBeer123')]);
+    // $this->get('auth/login')
+    //     ->seeInField('email', 'homer@springfield.com')
+    //     ->click('.auth-component-button')
+    //     ->assertSee('Password');
+    // dd($user->two_factor_secret);
+    //dd(\Schema::getColumnListing('users'));
+    //dd(env('DB_CONNECTION'));
+    //dd($user);
+})->todo();
+
+it('user can view two factor challenge page after they login', function(){
+
+    // Livewire::test('auth.register')
+    //     ->set('email', 'user@example.com')
+    //     ->set('password', 'secret1234')
+    //     ->set('name', 'John Doe')
+    //     ->call('register')
+
+    withANewUser()->get('auth/two-factor-challenge')->asertOK();
+    // $user = loginAsUser(null);
+    // Livewire::test('auth.two-factor-challenge');
+        // ->assertSee('When you enabled 2FA');
+})->todo();
+
+test('when authenticated, user can view /user/two-factor-authentication page', function(){
+    
+})->todo();
+
+test('when authenticated, user can view /user/two-factor-authentication page and they can click enable and add auth code', function(){
+    
+})->todo();
+
+// scenarios when 2FA is disabled by application admin
+test('if two factor auth is disabled, user can login with name and password and they will not be redirected to 2fa page, even if they have the correct two_factor table columns filled', function(){
+    
+})->todo();
diff --git a/tests/Feature/UrlTest.php b/tests/Feature/UrlTest.php
index d9139e5..b49e343 100644
--- a/tests/Feature/UrlTest.php
+++ b/tests/Feature/UrlTest.php
@@ -1,17 +1,5 @@
 <?php
 
-// uses(\Illuminate\Support\Facades\Artisan::class);
-
-beforeAll(function () {
-    // \Artisan::call('view:clear');
-    // echo 'what cool!';
-});
-
-// beforeEach(function () {
-//     echo 'ww';
-// });
-
-
 test('that authentication URLs return a 200', function ($url) {
     $this->get($url)->assertOK();
 })->with('urls');
diff --git a/tests/Pest.php b/tests/Pest.php
index 50ab1e4..a91d73f 100644
--- a/tests/Pest.php
+++ b/tests/Pest.php
@@ -1,5 +1,8 @@
 <?php
 
+use Illuminate\Foundation\Testing\RefreshDatabase;
+
+
 /*
 |--------------------------------------------------------------------------
 | Test Case
@@ -13,7 +16,7 @@
 
 uses(
     Tests\TestCase::class,
-    // Illuminate\Foundation\Testing\RefreshDatabase::class,
+    RefreshDatabase::class,
 )->in('Feature');
 
 /*
@@ -46,3 +49,16 @@ function something()
 {
     // ..
 }
+
+use App\Models\User;
+
+function loginAsUser(User $user = null){
+    $user = $user ?? User::factory()->create();
+    test()->actingAs($user);
+
+    return $user;
+}
+
+function withANewUser(){
+    return test()->actingAs(User::factory()->create());
+}