Add SessionHandler::getPendingUserChange()

diff --git a/wcfsetup/install/files/lib/form/MultifactorAuthenticationForm.class.php b/wcfsetup/install/files/lib/form/MultifactorAuthenticationForm.class.php
index 5f1ea18ad818f94ffff266b5f865b4a7ead37748..de400ac9bfa101d7b30778084bb36a05b591c43c 100644 (file)
--- a/wcfsetup/install/files/lib/form/MultifactorAuthenticationForm.class.php
+++ b/wcfsetup/install/files/lib/form/MultifactorAuthenticationForm.class.php
@@ -58,12 +58,8 @@ class MultifactorAuthenticationForm extends AbstractFormBuilderForm {
        public function readParameters() {
                parent::readParameters();
                
-               $userId = WCF::getSession()->getVar('__changeUserAfterMultifactor__');
-               if (!$userId) {
-                       throw new PermissionDeniedException();
-               }
-               $this->user = new User($userId);
-               if (!$this->user->userID) {
+               $this->user = WCF::getSession()->getPendingUserChange();
+               if (!$this->user) {
                        throw new PermissionDeniedException();
                }
                

diff --git a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
index 14a1a526a33fb0031b01af4ff2311e8160f6bb2a..f3d91112464f88751a6277ec204febb61eab7509 100644 (file)
--- a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
+++ b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
@@ -137,6 +137,8 @@ final class SessionHandler extends SingletonFactory {
        private const GUEST_SESSION_LIFETIME = 7200;
        private const USER_SESSION_LIFETIME = 86400 * 14;
        
+       private const CHANGE_USER_AFTER_MULTIFACTOR_KEY = '__changeUserAfterMultifactor__';
+       
        /**
         * Provides access to session data.
         * 
@@ -703,7 +705,7 @@ final class SessionHandler extends SingletonFactory {
         */
        public function changeUserAfterMultifactor(User $user): bool {
                if ($user->multifactorActive) {
-                       $this->register('__changeUserAfterMultifactor__', $user->userID);
+                       $this->register(self::CHANGE_USER_AFTER_MULTIFACTOR_KEY, $user->userID);
                        
                        return true;
                }
@@ -714,6 +716,24 @@ final class SessionHandler extends SingletonFactory {
                }
        }
        
+       /**
+        * Returns the pending user change initiated by changeUserAfterMultifactor().
+        */
+       public function getPendingUserChange(): ?User {
+               $userId = WCF::getSession()->getVar(self::CHANGE_USER_AFTER_MULTIFACTOR_KEY);
+               if (!$userId) {
+                       return null;
+               }
+               
+               $user = new User($userId);
+               
+               if (!$user->userID) {
+                       return null;
+               }
+               
+               return $user;
+       }
+       
        /**
         * Stores a new user object in this session, e.g. a user was guest because not
         * logged in, after the login his old session is used to store his full data.