Clear MFA inputs if an invalid code is entered

author Tim Düsterhus <duesterhus@woltlab.com>

Tue, 10 Nov 2020 14:19:39 +0000 (15:19 +0100)

committer Tim Düsterhus <duesterhus@woltlab.com>

Mon, 16 Nov 2020 16:29:05 +0000 (17:29 +0100)
author Tim Düsterhus <duesterhus@woltlab.com>
Tue, 10 Nov 2020 14:19:39 +0000 (15:19 +0100)
committer Tim Düsterhus <duesterhus@woltlab.com>
Mon, 16 Nov 2020 16:29:05 +0000 (17:29 +0100)
diff --git a/wcfsetup/install/files/lib/system/user/multifactor/BackupMultifactorMethod.class.php b/wcfsetup/install/files/lib/system/user/multifactor/BackupMultifactorMethod.class.php

index 4a70764c8b122802963d58e37b9f587e55dbc834..cdb217e85fc7abeda816e072bee4342743ac6453 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/multifactor/BackupMultifactorMethod.class.php
+++ b/wcfsetup/install/files/lib/system/user/multifactor/BackupMultifactorMethod.class.php
@@ -219,6 +219,7 @@ class BackupMultifactorMethod implements IMultifactorMethod {
                                         FloodControl::getInstance()->registerUserContent('com.woltlab.wcf.multifactor.backup', $setupId);
                                         $attempts = FloodControl::getInstance()->countUserContent('com.woltlab.wcf.multifactor.backup', $setupId, new \DateInterval('PT1H'));
                                         if ($attempts['count'] > self::USER_ATTEMPTS_PER_HOUR) {
+                                               $field->value('');
                                                 $field->addValidationError(new FormFieldValidationError(
                                                         'flood',
                                                         'wcf.user.security.multifactor.backup.error.flood',
@@ -230,6 +231,7 @@ class BackupMultifactorMethod implements IMultifactorMethod {
                                         $userCode = \preg_replace('/\s+/', '', $field->getValue());
                                         
                                         if ($this->findValidCode($userCode, $codes) === null) {
+                                               $field->value('');
                                                 $field->addValidationError(new FormFieldValidationError('invalid'));
                                         }
                                 })),
diff --git a/wcfsetup/install/files/lib/system/user/multifactor/TotpMultifactorMethod.class.php b/wcfsetup/install/files/lib/system/user/multifactor/TotpMultifactorMethod.class.php

index 9ab6969a34bebc0d88432cb877c41fe4d5d0c675..d081f22020f56d24a9b0098deceba709bba51294 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/multifactor/TotpMultifactorMethod.class.php
+++ b/wcfsetup/install/files/lib/system/user/multifactor/TotpMultifactorMethod.class.php
@@ -67,6 +67,7 @@ class TotpMultifactorMethod implements IMultifactorMethod {
                                                 
                                                 $minCounter = 0;
                                                 if (!$totp->validateTotpCode($field->getValue(), $minCounter, new \DateTime())) {
+                                                       $field->value('');
                                                         $field->addValidationError(new FormFieldValidationError('invalid'));
                                                 }
                                                 $field->minCounter($minCounter);
@@ -211,6 +212,7 @@ class TotpMultifactorMethod implements IMultifactorMethod {
                                         FloodControl::getInstance()->registerUserContent('com.woltlab.wcf.multifactor.backup', $setupId);
                                         $attempts = FloodControl::getInstance()->countUserContent('com.woltlab.wcf.multifactor.backup', $setupId, new \DateInterval('PT10M'));
                                         if ($attempts['count'] > self::USER_ATTEMPTS_PER_TEN_MINUTES) {
+                                               $field->value('');
                                                 $field->addValidationError(new FormFieldValidationError(
                                                         'flood',
                                                         'wcf.user.security.multifactor.totp.error.flood',
@@ -235,6 +237,7 @@ class TotpMultifactorMethod implements IMultifactorMethod {
                                         $totp = new Totp($selectedDevice['secret']);
                                         $minCounter = $selectedDevice['minCounter'];
                                         if (!$totp->validateTotpCode($field->getValue(), $minCounter, new \DateTime())) {
+                                               $field->value('');
                                                 $field->addValidationError(new FormFieldValidationError('invalid'));
                                         }
                                         $field->minCounter($minCounter);
author	Tim Düsterhus <duesterhus@woltlab.com>
	Tue, 10 Nov 2020 14:19:39 +0000 (15:19 +0100)
committer	Tim Düsterhus <duesterhus@woltlab.com>
	Mon, 16 Nov 2020 16:29:05 +0000 (17:29 +0100)
wcfsetup/install/files/lib/system/user/multifactor/BackupMultifactorMethod.class.php		patch \| blob \| blame \| history
wcfsetup/install/files/lib/system/user/multifactor/TotpMultifactorMethod.class.php		patch \| blob \| blame \| history