[SonataIntegrationBundle] Handle 2FA totp secret empty submission

mpoiriert · Nov 21, 2023 · 1be49c5 · 1be49c5
1 parent f033403
commit 1be49c5
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 11 deletions.
diff --git a/packages/sonata-integration-bundle/User/Controller/TwoFactorAuthenticationController.php b/packages/sonata-integration-bundle/User/Controller/TwoFactorAuthenticationController.php
@@ -48,17 +48,19 @@ public function enable2faAction(
                 return new RedirectResponse($this->admin->generateObjectUrl('disable-2fa', $user));
             }
 
-            $user->setTotpSecret($enable2fa->totpSecret);
-            if ($totpAuthenticator->checkCode($user, $enable2fa->code)) {
-                $user->enableTwoFActorAuthenticationProvider('totp');
-                $this->admin->getModelManager()->update($user);
-
-                $this->addFlash(
-                    'sonata_flash_success',
-                    $this->trans('admin.flash.2fa_enabled', [], 'DrawUserBundle')
-                );
-
-                return $this->redirectTo($request, $user);
+            if ($enable2fa->totpSecret) {
+                $user->setTotpSecret($enable2fa->totpSecret);
+                if ($totpAuthenticator->checkCode($user, $enable2fa->code)) {
+                    $user->enableTwoFActorAuthenticationProvider('totp');
+                    $this->admin->getModelManager()->update($user);
+
+                    $this->addFlash(
+                        'sonata_flash_success',
+                        $this->trans('admin.flash.2fa_enabled', [], 'DrawUserBundle')
+                    );
+
+                    return $this->redirectTo($request, $user);
+                }
             }
 
             $this->addFlash(
@@ -74,6 +76,13 @@ public function enable2faAction(
             $totpSecret = $user->getTotpSecret();
             $enable2fa->totpSecret = $totpSecret;
             $form->setData($enable2fa);
+        } elseif (!$user->getTotpSecret()) {
+            $this->addFlash(
+                'sonata_flash_error',
+                $this->trans('admin.flash.2fa_invalid_code_refreshed', [], 'DrawUserBundle')
+            );
+
+            return new RedirectResponse($this->admin->generateObjectUrl('enable-2fa', $user));
         }
 
         $qrCode = $qrCodeGenerator->getTotpQrCode($user);

diff --git a/packages/user-bundle/Resources/translations/DrawUserBundle.en.yaml b/packages/user-bundle/Resources/translations/DrawUserBundle.en.yaml
@@ -39,6 +39,7 @@ admin:
         2fa_enabled: '2FA successfully enabled.'
         2fa_disabled: '2FA successfully disabled.'
         2fa_invalid_code: 'Invalid code provided. Please, try again.'
+        2fa_invalid_code_refreshed: 'Error with provided code. Please, try again. The code has been refreshed.'
     list:
         2fa_enabled: '2FA enabled'
     form: