Merge pull request #5146 from turbo124/v5-develop

Fixes for 2FA
This commit is contained in:
David Bomba 2021-03-16 22:48:27 +11:00 committed by GitHub
commit 2207168ee8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 18 deletions

View File

@ -89,23 +89,8 @@ class ConnectedAccountController extends BaseController
$user = $google->getTokenResponse(request()->input('id_token'));
if (is_array($user)) {
$query = [
'oauth_user_id' => $google->harvestSubField($user),
'oauth_provider_id'=> 'google',
];
/* Cannot allow duplicates! */
if ($existing_user = MultiDB::hasUser($query)) {
return response()
->json(['message' => 'User already exists in system.'], 401)
->header('X-App-Version', config('ninja.app_version'))
->header('X-Api-Version', config('ninja.minimum_client_version'));
}
}
if ($user) {
$client = new Google_Client();
$client->setClientId(config('ninja.auth.google.client_id'));
$client->setClientSecret(config('ninja.auth.google.client_secret'));
@ -118,7 +103,6 @@ class ConnectedAccountController extends BaseController
$refresh_token = $token['refresh_token'];
}
$connected_account = [
'password' => '',
'email' => $google->harvestEmail($user),

View File

@ -53,7 +53,7 @@ class TwoFactorController extends BaseController
$secret = request()->input('secret');
$oneTimePassword = request()->input('one_time_password');
if($google2fa->verifyKey($secret, $oneTimePassword) && $user->phone && $user->confirmed){
if($google2fa->verifyKey($secret, $oneTimePassword) && $user->phone && $user->email_verified_at){
$user->google_2fa_secret = encrypt($secret);
$user->save();