diff options
| author | Jan-Hendrik Willms <tleilax+studip@gmail.com> | 2024-01-03 10:25:56 +0000 |
|---|---|---|
| committer | Jan-Hendrik Willms <tleilax+github@gmail.com> | 2024-01-10 11:41:41 +0100 |
| commit | 9c29d606679da5a075c1e09d4496a7aa48819021 (patch) | |
| tree | 184323e465eafc6d04b3591576931c36885d0702 | |
| parent | 6121e1c31076a685568a3fcb74ec4d18210ef85d (diff) | |
fixes #3570
Closes #3570
Merge request studip/studip!2460
| -rw-r--r-- | lib/classes/TwoFactorAuth.php | 36 |
1 files changed, 23 insertions, 13 deletions
diff --git a/lib/classes/TwoFactorAuth.php b/lib/classes/TwoFactorAuth.php index c79fcc8..9d9fc10 100644 --- a/lib/classes/TwoFactorAuth.php +++ b/lib/classes/TwoFactorAuth.php @@ -16,6 +16,7 @@ final class TwoFactorAuth const SESSION_DATA = 'tfa/data'; const SESSION_CONFIRMATIONS = 'tfa/confirmations'; const SESSION_FAILED = 'tfa/failed'; + const SESSION_TOKEN_SENT = 'tfa/token-sent'; const COOKIE_KEY = 'tfa/authentication'; @@ -178,10 +179,11 @@ final class TwoFactorAuth */ public function confirm($action, $text, array $data = []): void { - if (isset($_SESSION[self::SESSION_CONFIRMATIONS]) + if ( + isset($_SESSION[self::SESSION_CONFIRMATIONS]) && is_array($_SESSION[self::SESSION_CONFIRMATIONS]) - && in_array($action, $_SESSION[self::SESSION_CONFIRMATIONS])) - { + && in_array($action, $_SESSION[self::SESSION_CONFIRMATIONS]) + ) { $_SESSION[self::SESSION_CONFIRMATIONS] = array_diff( $_SESSION[self::SESSION_CONFIRMATIONS], [$action] @@ -210,14 +212,21 @@ final class TwoFactorAuth ]); if ($this->secret->type === 'email') { - StudipMail::sendMessage( - $this->secret->user->email, - _('Ihr Zwei-Faktor-Token'), - sprintf( - _('Bitte geben Sie dieses Token ein: %s'), - $this->secret->getToken() - ) - ); + if ( + !isset($_SESSION[self::SESSION_TOKEN_SENT]) + || $_SESSION[self::SESSION_TOKEN_SENT] < time() + ) { + StudipMail::sendMessage( + $this->secret->user->email, + _('Ihr Zwei-Faktor-Token'), + sprintf( + _('Bitte geben Sie dieses Token ein: %s'), + $this->secret->getToken() + ) + ); + + $_SESSION[self::SESSION_TOKEN_SENT] = time() + TFASecret::getValidationDuration('email'); + } } echo $GLOBALS['template_factory']->render( @@ -294,8 +303,9 @@ final class TwoFactorAuth if ($this->secret->validateToken($token)) { $_SESSION[self::SESSION_FAILED] = []; + unset($_SESSION[self::SESSION_TOKEN_SENT]); - if ($data['global'] ?: false) { + if ($data['global'] ?? false) { $this->registerSecretInSession(); if (Request::int('tfa-trusted')) { @@ -303,7 +313,7 @@ final class TwoFactorAuth } } - if ($data['confirm'] ?: false) { + if ($data['confirm'] ?? false) { if (!isset($_SESSION[self::SESSION_CONFIRMATIONS])) { $_SESSION[self::SESSION_CONFIRMATIONS] = []; } |