MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [OTP] restored

pull/9062/merge
iglocska 2024-05-03 12:08:43 +02:00
parent 9f3735c5c2
commit bf909d5fff
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
2 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Controller/Component/ACLComponent.php
View File

@ -925,7 +925,7 @@ class ACLComponent extends Component
}
return true;
};
$this->dynamicChecks['otp_enabled'] = function (array $user) {
$this->dynamicChecks['otp_enabled'] = function ($user) {
if (Configure::read('Security.otp_disabled')) {
throw new ForbiddenException('OTP has been disabled on this instance.');
}

12
app/Controller/UsersController.php
View File

@ -1214,11 +1214,13 @@ class UsersController extends AppController
$this->Auth->constructAuthenticate();
}
// user has TOTP token, check creds and redirect to TOTP validation
if (!empty($unauth_user['User']['totp']) && !$unauth_user['User']['disabled'] && class_exists('\OTPHP\TOTP')) {
$user = $this->Auth->identify($this->request, $this->response);
if ($user && !$user['disabled']) {
$this->Session->write('otp_user', $user);
return $this->redirect('otp');
if (!Configure::read('Security.otp_disabled')) {
if (!empty($unauth_user['User']['totp']) && !$unauth_user['User']['disabled'] && class_exists('\OTPHP\TOTP')) {
$user = $this->Auth->identify($this->request, $this->response);
if ($user && !$user['disabled']) {
$this->Session->write('otp_user', $user);
return $this->redirect('otp');
}
}
}
}