mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-27 12:18:54 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed 2FA TOTP for non-admins, while also retaining validation of auth code

Browse source 
This fixes issue #717
This commit is contained in:
Jan Böhmer 2024-10-13 20:29:22 +02:00
parent 49acf3e0cf
commit a29d933f99
2 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/Controller/UserSettingsController.php
View file

@ -331,7 +331,7 @@ class UserSettingsController extends AbstractController
$google_form->handleRequest($request);
//We do not need to check for validity of the google form here, because we do not care if the other fields are valid
if (!$this->demo_mode && !$user->isSamlUser() && $google_form->isSubmitted()) {
if (!$this->demo_mode && !$user->isSamlUser() && $google_form->isSubmitted() && $google_form->isValid()) {
if (!$google_enabled) {
//Save 2FA settings (save secrets)
$user->setGoogleAuthenticatorSecret($google_form->get('googleAuthenticatorSecret')->getData());