Small fixes for 2FA

2025-07-09 03:14:30 -04:00 · 2021-03-20 11:46:42 +11:00 · 2021-03-20 11:46:42 +11:00 · 5288893220
commit 5288893220
parent 5b64eb7ed6
1 changed files with 2 additions and 2 deletions
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@ -171,11 +171,11 @@ class LoginController extends BaseController

            //if user has 2fa enabled - lets check this now:

-            if($user->google_2fa_secret && $request->has('one_time_password') && strlen($request->input('one_time_password')) >= 1)
+            if($user->google_2fa_secret && $request->has('one_time_password'))
            {
                $google2fa = new Google2FA();

-                if(!$google2fa->verifyKey(decrypt($user->google_2fa_secret), $request->input('one_time_password')))
+                if(strlen($request->input('one_time_password')) == 0 || !$google2fa->verifyKey(decrypt($user->google_2fa_secret), $request->input('one_time_password')))
                {
                    return response()
                    ->json(['message' => ctrans('texts.invalid_one_time_password')], 401)