mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-27 20:28:54 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed problem preventing non-admins to add TOTP 2FA to their account

Browse source 
This was caused by the no-lockout constraint, which was accidentially triggered here
This commit is contained in:
Jan Böhmer 2024-10-13 20:13:03 +02:00
parent 234b5abb96
commit 49acf3e0cf
3 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/Controller/UserSettingsController.php
View file

@ -330,7 +330,8 @@ class UserSettingsController extends AbstractController
} }
$google_form->handleRequest($request); $google_form->handleRequest($request);
if (!$this->demo_mode && !$user->isSamlUser() && $google_form->isSubmitted() && $google_form->isValid()) { //We do not need to check for validity of the google form here, because we do not care if the other fields are valid
if (!$this->demo_mode && !$user->isSamlUser() && $google_form->isSubmitted()) {
if (!$google_enabled) { if (!$google_enabled) {
//Save 2FA settings (save secrets) //Save 2FA settings (save secrets)
$user->setGoogleAuthenticatorSecret($google_form->get('googleAuthenticatorSecret')->getData()); $user->setGoogleAuthenticatorSecret($google_form->get('googleAuthenticatorSecret')->getData());

2
src/Entity/UserSystem/User.php
View file

@ -102,7 +102,7 @@ use Jbtronics\TFAWebauthn\Model\TwoFactorInterface as WebauthnTwoFactorInterface
#[ApiFilter(LikeFilter::class, properties: ["name", "aboutMe"])] #[ApiFilter(LikeFilter::class, properties: ["name", "aboutMe"])]
#[ApiFilter(DateFilter::class, strategy: DateFilterInterface::EXCLUDE_NULL)] #[ApiFilter(DateFilter::class, strategy: DateFilterInterface::EXCLUDE_NULL)]
#[ApiFilter(OrderFilter::class, properties: ['name', 'id', 'addedDate', 'lastModified'])] #[ApiFilter(OrderFilter::class, properties: ['name', 'id', 'addedDate', 'lastModified'])]
#[NoLockout] #[NoLockout(groups: ['permissions:edit'])]
class User extends AttachmentContainingDBElement implements UserInterface, HasPermissionsInterface, TwoFactorInterface, class User extends AttachmentContainingDBElement implements UserInterface, HasPermissionsInterface, TwoFactorInterface,
BackupCodeInterface, TrustedDeviceInterface, WebauthnTwoFactorInterface, PreferredProviderInterface, PasswordAuthenticatedUserInterface, SamlUserInterface BackupCodeInterface, TrustedDeviceInterface, WebauthnTwoFactorInterface, PreferredProviderInterface, PasswordAuthenticatedUserInterface, SamlUserInterface
{ {

2
src/Form/UserAdminForm.php
View file

@ -57,6 +57,8 @@ class UserAdminForm extends AbstractType
parent::configureOptions($resolver); // TODO: Change the autogenerated stub parent::configureOptions($resolver); // TODO: Change the autogenerated stub
$resolver->setRequired('attachment_class'); $resolver->setRequired('attachment_class');
$resolver->setDefault('parameter_class', false); $resolver->setDefault('parameter_class', false);
$resolver->setDefault('validation_groups', ['Default', 'permissions:edit']);
} }
public function buildForm(FormBuilderInterface $builder, array $options): void public function buildForm(FormBuilderInterface $builder, array $options): void