Mirrors/Part-DB-server
2
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-03-06 15:30:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed 2FA TOTP for non-admins, while also retaining validation of auth code

Browse Source 
This fixes issue #717
This commit is contained in:
Jan Böhmer
2024-10-13 20:29:22 +02:00
parent 49acf3e0cf
commit a29d933f99
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Controller/UserSettingsController.php
View File

@@ -331,7 +331,7 @@ class UserSettingsController extends AbstractController
$google_form->handleRequest($request);
//We do not need to check for validity of the google form here, because we do not care if the other fields are valid
if (!$this->demo_mode && !$user->isSamlUser() && $google_form->isSubmitted()) {
if (!$this->demo_mode && !$user->isSamlUser() && $google_form->isSubmitted() && $google_form->isValid()) {
if (!$google_enabled) {
//Save 2FA settings (save secrets)
$user->setGoogleAuthenticatorSecret($google_form->get('googleAuthenticatorSecret')->getData());