MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

chg: [security] Require TOTP and QR code lib for TOTP secret creation

pull/9085/head
Christophe Vandeplas 2023-05-20 10:26:45 +02:00
parent 8e370fa6f0
commit e90083020f
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Controller/UsersController.php
View File

@ -1782,6 +1782,10 @@ class UsersController extends AppController
$this->Flash->error(__("LinOTP is enabled for this instance. Build-in TOTP should not be used."));
$this->redirect($this->referer());
}
if (!class_exists('\OTPHP\TOTP') || !class_exists('\BaconQrCode\Writer')) {
$this->Flash->error(__("The required PHP libraries to support TOTP are not installed. Please contact your administrator to address this."));
$this->redirect($this->referer());
}
// only allow the users themselves to generate a TOTP secret.
// If TOTP is enforced they will be invited to generate it at first login
$user = $this->User->find('first', array(