Fixed problem preventing non-admins to add TOTP 2FA to their account

This was caused by the no-lockout constraint, which was accidentially triggered here
2025-06-27 20:28:54 +02:00 · 2024-10-13 20:13:03 +02:00 · 2024-10-13 20:13:03 +02:00 · 49acf3e0cf
commit 49acf3e0cf
parent 234b5abb96
3 changed files with 5 additions and 2 deletions
--- a/src/Controller/UserSettingsController.php
+++ b/src/Controller/UserSettingsController.php
@ -330,7 +330,8 @@ class UserSettingsController extends AbstractController
        }
        $google_form->handleRequest($request);

-        if (!$this->demo_mode && !$user->isSamlUser() && $google_form->isSubmitted() && $google_form->isValid()) {
+        //We do not need to check for validity of the google form here, because we do not care if the other fields are valid
+        if (!$this->demo_mode && !$user->isSamlUser() && $google_form->isSubmitted()) {
            if (!$google_enabled) {
                //Save 2FA settings (save secrets)
                $user->setGoogleAuthenticatorSecret($google_form->get('googleAuthenticatorSecret')->getData());
--- a/src/Entity/UserSystem/User.php
+++ b/src/Entity/UserSystem/User.php
@ -102,7 +102,7 @@ use Jbtronics\TFAWebauthn\Model\TwoFactorInterface as WebauthnTwoFactorInterface
 #[ApiFilter(LikeFilter::class, properties: ["name", "aboutMe"])]
 #[ApiFilter(DateFilter::class, strategy: DateFilterInterface::EXCLUDE_NULL)]
 #[ApiFilter(OrderFilter::class, properties: ['name', 'id', 'addedDate', 'lastModified'])]
-#[NoLockout]
+#[NoLockout(groups: ['permissions:edit'])]
 class User extends AttachmentContainingDBElement implements UserInterface, HasPermissionsInterface, TwoFactorInterface,
                                                            BackupCodeInterface, TrustedDeviceInterface, WebauthnTwoFactorInterface, PreferredProviderInterface, PasswordAuthenticatedUserInterface, SamlUserInterface
 {
--- a/src/Form/UserAdminForm.php
+++ b/src/Form/UserAdminForm.php
@ -57,6 +57,8 @@ class UserAdminForm extends AbstractType
        parent::configureOptions($resolver); // TODO: Change the autogenerated stub
        $resolver->setRequired('attachment_class');
        $resolver->setDefault('parameter_class', false);
+
+        $resolver->setDefault('validation_groups', ['Default', 'permissions:edit']);
    }

    public function buildForm(FormBuilderInterface $builder, array $options): void