namespace wcf\form;
use wcf\data\object\type\ObjectType;
use wcf\data\object\type\ObjectTypeCache;
+use wcf\data\user\UserEditor;
use wcf\form\AbstractFormBuilderForm;
use wcf\system\exception\IllegalLinkException;
use wcf\system\exception\PermissionDeniedException;
public function save() {
AbstractForm::save();
-
+
WCF::getDB()->beginTransaction();
/** @var Setup|null $setup */
$this->generateBackupCodes();
}
+ $this->enableMultifactorAuth();
+
WCF::getDB()->commitTransaction();
$this->saved();
$this->backupForm = $form;
}
+ /**
+ * Enables multifactor authentication for the user.
+ */
+ protected function enableMultifactorAuth(): void {
+ // This method intentionally does not use UserAction to prevent
+ // events from firing.
+ //
+ // This method is being run from within a transaction to ensure
+ // a consistent database state in case any part of the MFA setup
+ // fails. Event listeners could run complex logic, including
+ // queries that modify the database state, possibly leading to
+ // a very large transaction and much more surface area for
+ // unexpected failures.
+ //
+ // Use the saved@MultifactorManageForm event if you need to run
+ // logic in response to a user enabling MFA.
+ $editor = new UserEditor(WCF::getUser());
+ $editor->update([
+ 'multifactorActive' => 1,
+ ]);
+ }
+
/**
* @inheritDoc
*/