mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-21 09:35:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed 2FA TOTP for non-admins, while also retaining validation of auth code

Browse source 
This fixes issue #717
This commit is contained in:
Jan Böhmer 2024-10-13 20:29:22 +02:00
parent 49acf3e0cf
commit a29d933f99
2 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/Controller/UserSettingsController.php
View file

@ -331,7 +331,7 @@ class UserSettingsController extends AbstractController
$google_form->handleRequest($request);
//We do not need to check for validity of the google form here, because we do not care if the other fields are valid
if (!$this->demo_mode && !$user->isSamlUser() && $google_form->isSubmitted()) {
if (!$this->demo_mode && !$user->isSamlUser() && $google_form->isSubmitted() && $google_form->isValid()) {
if (!$google_enabled) {
//Save 2FA settings (save secrets)
$user->setGoogleAuthenticatorSecret($google_form->get('googleAuthenticatorSecret')->getData());

3
src/Form/TFAGoogleSettingsType.php
View file

@ -60,7 +60,7 @@ class TFAGoogleSettingsType extends AbstractType
'pattern' => '\d*',
'autocomplete' => 'off',
],
'constraints' => [new ValidGoogleAuthCode()],
'constraints' => [new ValidGoogleAuthCode(groups: ["google_authenticator"])],
]
);
@ -92,6 +92,7 @@ class TFAGoogleSettingsType extends AbstractType
{
$resolver->setDefaults([
'data_class' => User::class,
'validation_groups' => ['google_authenticator'],
]);
}
}