From bf909d5fff52a5d72666eb59faf101069e5d590e Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 3 May 2024 12:08:43 +0200 Subject: [PATCH] fix: [OTP] restored --- app/Controller/Component/ACLComponent.php | 2 +- app/Controller/UsersController.php | 12 +++++++----- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php index aa8d6830f..b143a83d9 100644 --- a/app/Controller/Component/ACLComponent.php +++ b/app/Controller/Component/ACLComponent.php @@ -925,7 +925,7 @@ class ACLComponent extends Component } return true; }; - $this->dynamicChecks['otp_enabled'] = function (array $user) { + $this->dynamicChecks['otp_enabled'] = function ($user) { if (Configure::read('Security.otp_disabled')) { throw new ForbiddenException('OTP has been disabled on this instance.'); } diff --git a/app/Controller/UsersController.php b/app/Controller/UsersController.php index aa853e24c..83254eb87 100644 --- a/app/Controller/UsersController.php +++ b/app/Controller/UsersController.php @@ -1214,11 +1214,13 @@ class UsersController extends AppController $this->Auth->constructAuthenticate(); } // user has TOTP token, check creds and redirect to TOTP validation - if (!empty($unauth_user['User']['totp']) && !$unauth_user['User']['disabled'] && class_exists('\OTPHP\TOTP')) { - $user = $this->Auth->identify($this->request, $this->response); - if ($user && !$user['disabled']) { - $this->Session->write('otp_user', $user); - return $this->redirect('otp'); + if (!Configure::read('Security.otp_disabled')) { + if (!empty($unauth_user['User']['totp']) && !$unauth_user['User']['disabled'] && class_exists('\OTPHP\TOTP')) { + $user = $this->Auth->identify($this->request, $this->response); + if ($user && !$user['disabled']) { + $this->Session->write('otp_user', $user); + return $this->redirect('otp'); + } } } }