Merge pull request #5190 from turbo124/v5-stable

Small fixes for 2FA
2025-06-23 20:00:33 -04:00 · 2021-03-20 11:47:54 +11:00 · 2021-03-20 11:47:54 +11:00 · a449451330
commit a449451330
parent 3b253cf38d 5288893220
1 changed files with 2 additions and 2 deletions
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@ -171,11 +171,11 @@ class LoginController extends BaseController

            //if user has 2fa enabled - lets check this now:

-            if($user->google_2fa_secret && $request->has('one_time_password') && strlen($request->input('one_time_password')) >= 1)
+            if($user->google_2fa_secret && $request->has('one_time_password'))
            {
                $google2fa = new Google2FA();

-                if(!$google2fa->verifyKey(decrypt($user->google_2fa_secret), $request->input('one_time_password')))
+                if(strlen($request->input('one_time_password')) == 0 || !$google2fa->verifyKey(decrypt($user->google_2fa_secret), $request->input('one_time_password')))
                {
                    return response()
                    ->json(['message' => ctrans('texts.invalid_one_time_password')], 401)