From ef80c76ab758f117fbff2eb5353e377ecf212ede Mon Sep 17 00:00:00 2001 From: Jan Schuppik Date: Mon, 28 Jul 2025 11:25:59 +0200 Subject: [PATCH] Fix: display temporary state in form --- application/controllers/AccountController.php | 7 +++++-- application/forms/Account/TotpForm.php | 21 ++++++++++++++++--- library/Icinga/Authentication/Totp.php | 7 +++++-- 3 files changed, 28 insertions(+), 7 deletions(-) diff --git a/application/controllers/AccountController.php b/application/controllers/AccountController.php index cad2804a2..e500f423c 100644 --- a/application/controllers/AccountController.php +++ b/application/controllers/AccountController.php @@ -74,11 +74,14 @@ class AccountController extends Controller // create a form to add and enable 2FA via TOTP if ( $user->can('user/two-factor-authentication') ) { - + if (isset($_POST['enabled_2fa'])) { + Session::getSession()->set('enabled_2fa', $_POST['enabled_2fa'] == 1); + } $totp = Session::getSession()->get('icingaweb_totp', null) ?? new Totp($user->getUsername()); $totpForm = (new TotpForm()) ->setPreferences($user->getPreferences()) - ->setTotp($totp); + ->setTotp($totp) + ->setEnabled2FA(Session::getSession()->get('enabled_2fa', false)); if (isset($config->config_resource)) { $totpForm->setStore(PreferencesStore::create(new ConfigObject(array( 'resource' => $config->config_resource diff --git a/application/forms/Account/TotpForm.php b/application/forms/Account/TotpForm.php index a34afa15e..146717552 100644 --- a/application/forms/Account/TotpForm.php +++ b/application/forms/Account/TotpForm.php @@ -24,6 +24,8 @@ class TotpForm extends PreferenceForm 'enabled_2fa', ]; protected Totp $totp; + protected bool $enabled2FA; + /** * {@inheritdoc} */ @@ -41,6 +43,13 @@ class TotpForm extends PreferenceForm return $this; } + public function setEnabled2FA(bool $enabled2FA): self + { + $this->enabled2FA = $enabled2FA; + + return $this; + } + /** * {@inheritdoc} */ @@ -56,11 +65,12 @@ class TotpForm extends PreferenceForm 'description' => $this->translate( 'This option allows you to enable or to disable the second factor authentication via TOTP' ), - 'value' => '', + 'value' => $this->enabled2FA, ] ); - if (isset($formData['enabled_2fa']) && $formData['enabled_2fa']) { + if (isset($formData['enabled_2fa']) && $formData['enabled_2fa'] + || $this->enabled2FA) { $this->addElement( 'text', @@ -148,6 +158,7 @@ class TotpForm extends PreferenceForm } } $this->totp->makeStatePersistent(); + Session::getSession()->delete('enabled_2fa'); if ($webPreferences['enabled_2fa'] == 1) { $webPreferences['enabled_2fa'] = $this->totp->userHasSecret() ? '1' : '0'; } @@ -191,10 +202,14 @@ class TotpForm extends PreferenceForm $auth = Auth::getInstance(); $values = $auth->getUser()->getPreferences()->get('icingaweb'); - if (!isset($values['enabled_2fa'])) { + if (!isset($values['enabled_2fa']) && ! Session::getSession()->get('enabled_2fa', false)) { $values['enabled_2fa'] = '0'; } + if (($enabled = Session::getSession()->get('enabled_2fa', null)) !== null) { + $values['enabled_2fa'] = $enabled == 1 ? '1' : '0'; + } + $this->populate($values); } diff --git a/library/Icinga/Authentication/Totp.php b/library/Icinga/Authentication/Totp.php index f6b507673..09c59c90c 100644 --- a/library/Icinga/Authentication/Totp.php +++ b/library/Icinga/Authentication/Totp.php @@ -173,16 +173,19 @@ class Totp } $this->secret = $this->temporarySecret; $this->temporarySecret = null; - } elseif ($this->secret === null && $dbEntry->secret !== null) { + $db->commitTransaction(); + + } elseif ($this->secret === null && $dbEntry && $dbEntry->secret !== null) { $db->prepexec( (new Delete()) ->from(self::TABLE_NAME) ->where([self::COLUMN_USERNAME . ' = ?' => $this->username]) ); + $db->commitTransaction(); $this->setTotpObject(true); } - $db->commitTransaction(); + $this->saveTemporaryInSession(); } catch (\Exception $e) { $db->rollBackTransaction(); throw new ConfigurationError(sprintf(