oss/wallabag
oss/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-09-15 18:57:05 +00:00
Code Wiki Activity

Merge pull request #8139 from wallabag/fix/otp-wrongly-enabled

Browse source 
Avoid non-validated OTP to be enabled
This commit is contained in:
Jérémy Benoist 2025-04-14 09:46:17 +02:00 committed by GitHub
commit 70999075a6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 13 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

2
phpstan-baseline.neon
View file

@ -57,5 +57,5 @@ parameters:
- -
message: "#^Method FOS\\\\UserBundle\\\\Model\\\\UserManagerInterface\\:\\:updateUser()#" message: "#^Method FOS\\\\UserBundle\\\\Model\\\\UserManagerInterface\\:\\:updateUser()#"
count: 6 count: 7
path: src/Wallabag/CoreBundle/Controller/ConfigController.php path: src/Wallabag/CoreBundle/Controller/ConfigController.php

18
src/Wallabag/CoreBundle/Controller/ConfigController.php
View file

@ -402,12 +402,14 @@ class ConfigController extends AbstractController
throw new BadRequestHttpException('Bad CSRF token.'); throw new BadRequestHttpException('Bad CSRF token.');
} }
$user = $this->getUser();
$isValid = $googleAuthenticator->checkCode( $isValid = $googleAuthenticator->checkCode(
$this->getUser(), $user,
$request->get('_auth_code') $request->get('_auth_code')
); );
if (true === $isValid) { if ($isValid) {
$this->addFlash( $this->addFlash(
'notice', 'notice',
'flashes.config.notice.otp_enabled' 'flashes.config.notice.otp_enabled'
@ -417,14 +419,14 @@ class ConfigController extends AbstractController
} }
$this->addFlash( $this->addFlash(
'two_factor', 'notice',
'scheb_two_factor.code_invalid' 'flashes.config.notice.otp_code_invalid'
); );
$this->addFlash( $user->setGoogleAuthenticatorSecret(null);
'notice', $user->setBackupCodes(null);
'scheb_two_factor.code_invalid'
); $this->userManager->updateUser($user, true);
return $this->redirect($this->generateUrl('config') . '#set3'); return $this->redirect($this->generateUrl('config') . '#set3');
} }

2
src/Wallabag/CoreBundle/Resources/views/Config/otp_app.html.twig
View file

@ -45,7 +45,7 @@
<div class="row"> <div class="row">
<div class="input-field col s12"> <div class="input-field col s12">
<label for="_auth_code">{{ "auth_code"|trans({}, 'SchebTwoFactorBundle') }}</label> <label for="_auth_code">{{ "auth_code"|trans({}, 'SchebTwoFactorBundle') }}</label>
<input id="_auth_code" type="text" autocomplete="off" name="_auth_code" /> <input id="_auth_code" type="text" autocomplete="off" name="_auth_code" required="required" />
</div> </div>
</div> </div>
</div> </div>

1
translations/messages.en.yml
View file

@ -668,6 +668,7 @@ flashes:
archived_reset: Archived entries deleted archived_reset: Archived entries deleted
otp_enabled: Two-factor authentication enabled otp_enabled: Two-factor authentication enabled
otp_disabled: Two-factor authentication disabled otp_disabled: Two-factor authentication disabled
otp_code_invalid: Invalid two-factor authentication code
tagging_rules_imported: Tagging rules imported tagging_rules_imported: Tagging rules imported
tagging_rules_not_imported: Error while importing tagging rules tagging_rules_not_imported: Error while importing tagging rules
ignore_origin_rules_deleted: 'Ignore origin rule deleted' ignore_origin_rules_deleted: 'Ignore origin rule deleted'