Skip to content
Snippets Groups Projects
Commit 73c5eeb4 authored by Jan-Hendrik Willms's avatar Jan-Hendrik Willms
Browse files

fixes #3570 

Closes #3570

Merge request studip/studip!2460
parent b015aa61
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
lib/classes/TwoFactorAuth.php
+ 23
13
View file @ 73c5eeb4
...@@ -16,6 +16,7 @@ final class TwoFactorAuth ...@@ -16,6 +16,7 @@ final class TwoFactorAuth
const SESSION_DATA = 'tfa/data'; const SESSION_DATA = 'tfa/data';
const SESSION_CONFIRMATIONS = 'tfa/confirmations'; const SESSION_CONFIRMATIONS = 'tfa/confirmations';
const SESSION_FAILED = 'tfa/failed'; const SESSION_FAILED = 'tfa/failed';
const SESSION_TOKEN_SENT = 'tfa/token-sent';
const COOKIE_KEY = 'tfa/authentication'; const COOKIE_KEY = 'tfa/authentication';
...@@ -178,10 +179,11 @@ final class TwoFactorAuth ...@@ -178,10 +179,11 @@ final class TwoFactorAuth
*/ */
public function confirm($action, $text, array $data = []): void public function confirm($action, $text, array $data = []): void
{ {
if (isset($_SESSION[self::SESSION_CONFIRMATIONS]) if (
isset($_SESSION[self::SESSION_CONFIRMATIONS])
&& is_array($_SESSION[self::SESSION_CONFIRMATIONS]) && is_array($_SESSION[self::SESSION_CONFIRMATIONS])
&& in_array($action, $_SESSION[self::SESSION_CONFIRMATIONS])) && in_array($action, $_SESSION[self::SESSION_CONFIRMATIONS])
{ ) {
$_SESSION[self::SESSION_CONFIRMATIONS] = array_diff( $_SESSION[self::SESSION_CONFIRMATIONS] = array_diff(
$_SESSION[self::SESSION_CONFIRMATIONS], $_SESSION[self::SESSION_CONFIRMATIONS],
[$action] [$action]
...@@ -210,6 +212,10 @@ final class TwoFactorAuth ...@@ -210,6 +212,10 @@ final class TwoFactorAuth
]); ]);
if ($this->secret->type === 'email') { if ($this->secret->type === 'email') {
if (
!isset($_SESSION[self::SESSION_TOKEN_SENT])
|| $_SESSION[self::SESSION_TOKEN_SENT] < time()
) {
StudipMail::sendMessage( StudipMail::sendMessage(
$this->secret->user->email, $this->secret->user->email,
_('Ihr Zwei-Faktor-Token'), _('Ihr Zwei-Faktor-Token'),
...@@ -218,6 +224,9 @@ final class TwoFactorAuth ...@@ -218,6 +224,9 @@ final class TwoFactorAuth
$this->secret->getToken() $this->secret->getToken()
) )
); );
$_SESSION[self::SESSION_TOKEN_SENT] = time() + TFASecret::getValidationDuration('email');
}
} }
PageLayout::setBodyElementId('tfa-confirmation-screen'); PageLayout::setBodyElementId('tfa-confirmation-screen');
...@@ -295,8 +304,9 @@ final class TwoFactorAuth ...@@ -295,8 +304,9 @@ final class TwoFactorAuth
if ($this->secret->validateToken($token)) { if ($this->secret->validateToken($token)) {
$_SESSION[self::SESSION_FAILED] = []; $_SESSION[self::SESSION_FAILED] = [];
unset($_SESSION[self::SESSION_TOKEN_SENT]);
if ($data['global'] ?: false) { if ($data['global'] ?? false) {
$this->registerSecretInSession(); $this->registerSecretInSession();
if (Request::int('tfa-trusted')) { if (Request::int('tfa-trusted')) {
...@@ -304,7 +314,7 @@ final class TwoFactorAuth ...@@ -304,7 +314,7 @@ final class TwoFactorAuth
} }
} }
if ($data['confirm'] ?: false) { if ($data['confirm'] ?? false) {
if (!isset($_SESSION[self::SESSION_CONFIRMATIONS])) { if (!isset($_SESSION[self::SESSION_CONFIRMATIONS])) {
$_SESSION[self::SESSION_CONFIRMATIONS] = []; $_SESSION[self::SESSION_CONFIRMATIONS] = [];
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment