From 18a038a34dd96b73ab2b9886a89a4027bab6e697 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Wed, 9 Nov 2022 22:22:52 +1100
Subject: [PATCH] Fixes for 2FA

---
 app/Http/Controllers/TwilioController.php             | 10 ++++------
 app/Http/Requests/User/UpdateUserRequest.php          |  3 ++-
 app/Http/ValidationRules/User/HasValidPhoneNumber.php |  2 +-
 3 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/app/Http/Controllers/TwilioController.php b/app/Http/Controllers/TwilioController.php
index 1ca7d31c6d60..2baddfa239fb 100644
--- a/app/Http/Controllers/TwilioController.php
+++ b/app/Http/Controllers/TwilioController.php
@@ -94,16 +94,13 @@ class TwilioController extends BaseController
 
         if($verification_check->status == 'approved'){
 
-            if($request->query('validate_only') == 'true')
-                return response()->json(['message' => 'SMS verified'], 200);
-
-
             $account->account_sms_verified = true;
             $account->save();
 
             //on confirmation we set the users phone number.
             $user = auth()->user();
             $user->phone = $account->account_sms_verification_number;
+            $user->verified_phone_number = true;
             $user->save();
 
             return response()->json(['message' => 'SMS verified'], 200);
@@ -126,7 +123,6 @@ class TwilioController extends BaseController
 
         $twilio = new Client($sid, $token);
 
-
         try {
             $verification = $twilio->verify
                                    ->v2
@@ -167,9 +163,11 @@ class TwilioController extends BaseController
                                              "code" => $request->code
                                        ]);
         
-
         if($verification_check->status == 'approved'){
 
+            if($request->query('validate_only') == 'true')
+                return response()->json(['message' => 'SMS verified'], 200);
+
             $user->google_2fa_secret = '';
             $user->sms_verification_code = '';
             $user->save();
diff --git a/app/Http/Requests/User/UpdateUserRequest.php b/app/Http/Requests/User/UpdateUserRequest.php
index c96417ae885c..e8c7010d413b 100644
--- a/app/Http/Requests/User/UpdateUserRequest.php
+++ b/app/Http/Requests/User/UpdateUserRequest.php
@@ -65,8 +65,9 @@ class UpdateUserRequest extends Request
             $input['last_name'] = strip_tags($input['last_name']);
         }
 
-        if(array_key_exists('phone', $input) && isset($input['phone']) && strlen($input['phone']) > 1 && ($this->user->phone != $input['phone']))
+        if(array_key_exists('phone', $input) && isset($input['phone']) && strlen($input['phone']) > 1 && ($this->user->phone != $input['phone'])){
             $this->phone_has_changed = true;
+        }
 
         if(array_key_exists('oauth_provider_id', $input) && $input['oauth_provider_id'] == '')
             $input['oauth_user_id'] = '';
diff --git a/app/Http/ValidationRules/User/HasValidPhoneNumber.php b/app/Http/ValidationRules/User/HasValidPhoneNumber.php
index 38539d72c38f..2be9f867dd85 100644
--- a/app/Http/ValidationRules/User/HasValidPhoneNumber.php
+++ b/app/Http/ValidationRules/User/HasValidPhoneNumber.php
@@ -68,7 +68,7 @@ class HasValidPhoneNumber implements Rule
 
             request()->merge(['validated_phone' => $phone_number->phoneNumber ]);
 
-			$user->verified_phone_number = true;
+			$user->verified_phone_number = false;
             $user->save();
             
             return true;