mirror of https://github.com/MISP/MISP
fix: [totp field check] causes exception if update is not executed yet and the field isn't added
- without the login the update doesn't execute - chicken & egg issuebad_encoding_pymisp
parent
cb74ad507f
commit
3097dc106e
|
@ -602,7 +602,7 @@ class AppController extends Controller
|
|||
}
|
||||
|
||||
// Check if user must create TOTP secret, force them to be on that page as long as needed.
|
||||
if (!$user['totp'] && Configure::read('Security.otp_required') && !$this->_isControllerAction(['users' => ['terms', 'change_pw', 'logout', 'login', 'totp_new']])) { // TOTP is mandatory for users, prevent login until the user has configured their TOTP
|
||||
if (empty($user['totp']) && Configure::read('Security.otp_required') && !$this->_isControllerAction(['users' => ['terms', 'change_pw', 'logout', 'login', 'totp_new']])) { // TOTP is mandatory for users, prevent login until the user has configured their TOTP
|
||||
$this->redirect(array('controller' => 'users', 'action' => 'totp_new', 'admin' => false));
|
||||
return false;
|
||||
}
|
||||
|
|
|
@ -1197,7 +1197,7 @@ class UsersController extends AppController
|
|||
$this->Auth->constructAuthenticate();
|
||||
}
|
||||
// user has TOTP token, check creds and redirect to TOTP validation
|
||||
if ($unauth_user['User']['totp'] && !$unauth_user['User']['disabled'] && class_exists('\OTPHP\TOTP')) {
|
||||
if (!empty($unauth_user['User']['totp']) && !$unauth_user['User']['disabled'] && class_exists('\OTPHP\TOTP')) {
|
||||
$user = $this->Auth->identify($this->request, $this->response);
|
||||
if ($user && !$user['disabled']) {
|
||||
$this->Session->write('otp_user', $user);
|
||||
|
|
Loading…
Reference in New Issue