AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Write RememberMe cookie only after 2FA has been validated

Browse Source
This commit is contained in:
Frédéric Guillot
2021-04-04 17:30:33 -07:00
committed by fguillot
parent b08760c5fc
commit 31ce583743
4 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/Controller/TwoFactorController.php
View File

@@ -153,8 +153,14 @@ class TwoFactorController extends UserViewController
$provider->setSecret($user['twofactor_secret']);
if ($provider->authenticate()) {
$this->userSession->validatePostAuthentication();
$this->userSession->setPostAuthenticationAsValidated();
$this->flash->success(t('The two factor authentication code is valid.'));
if (session_is_true('hasRememberMe')) {
$session = $this->rememberMeSessionModel->create($this->userSession->getId(), $this->request->getIpAddress(), $this->request->getUserAgent());
$this->rememberMeCookie->write($session['token'], $session['sequence'], $session['expiration']);
}
$this->response->redirect($this->helper->url->to('DashboardController', 'show'));
} else {
$this->flash->failure(t('The two factor authentication code is not valid.'));