MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [totp field check] causes exception if update is not executed yet and the field isn't added 

- without the login the update doesn't execute - chicken & egg issue
bad_encoding_pymisp
iglocska 2023-05-31 15:11:51 +02:00
parent cb74ad507f
commit 3097dc106e
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Controller/AppController.php
View File

@ -602,7 +602,7 @@ class AppController extends Controller
}
// Check if user must create TOTP secret, force them to be on that page as long as needed.
if (!$user['totp'] && Configure::read('Security.otp_required') && !$this->_isControllerAction(['users' => ['terms', 'change_pw', 'logout', 'login', 'totp_new']])) { // TOTP is mandatory for users, prevent login until the user has configured their TOTP
if (empty($user['totp']) && Configure::read('Security.otp_required') && !$this->_isControllerAction(['users' => ['terms', 'change_pw', 'logout', 'login', 'totp_new']])) { // TOTP is mandatory for users, prevent login until the user has configured their TOTP
$this->redirect(array('controller' => 'users', 'action' => 'totp_new', 'admin' => false));
return false;
}

2
app/Controller/UsersController.php
View File

@ -1197,7 +1197,7 @@ class UsersController extends AppController
$this->Auth->constructAuthenticate();
}
// user has TOTP token, check creds and redirect to TOTP validation
if ($unauth_user['User']['totp'] && !$unauth_user['User']['disabled'] && class_exists('\OTPHP\TOTP')) {
if (!empty($unauth_user['User']['totp']) && !$unauth_user['User']['disabled'] && class_exists('\OTPHP\TOTP')) {
$user = $this->Auth->identify($this->request, $this->response);
if ($user && !$user['disabled']) {
$this->Session->write('otp_user', $user);