Request reauthentication in MultifactorDisableForm
authorTim Düsterhus <duesterhus@woltlab.com>
Tue, 1 Dec 2020 14:53:05 +0000 (15:53 +0100)
committerTim Düsterhus <duesterhus@woltlab.com>
Mon, 7 Dec 2020 10:11:12 +0000 (11:11 +0100)
wcfsetup/install/files/lib/form/MultifactorDisableForm.class.php

index 8f4a6c4f2512605061568136d8885bc416946a82..264915e767a9d05c7e805b1419bac4c380c63bf4 100644 (file)
@@ -11,6 +11,7 @@ use wcf\system\form\builder\field\validation\FormFieldValidator;
 use wcf\system\form\builder\TemplateFormNode;
 use wcf\system\menu\user\UserMenu;
 use wcf\system\request\LinkHandler;
+use wcf\system\user\authentication\TReauthenticationCheck;
 use wcf\system\user\multifactor\Setup;
 use wcf\system\WCF;
 use wcf\util\HeaderUtil;
@@ -25,6 +26,8 @@ use wcf\util\HeaderUtil;
  * @since      5.4
  */
 class MultifactorDisableForm extends AbstractFormBuilderForm {
+       use TReauthenticationCheck;
+       
        /**
         * @inheritDoc
         */
@@ -69,6 +72,10 @@ class MultifactorDisableForm extends AbstractFormBuilderForm {
                $this->method = $this->setup->getObjectType();
                \assert($this->method->getDefinition()->definitionName === 'com.woltlab.wcf.multifactor');
                
+               $this->requestReauthentication(LinkHandler::getInstance()->getControllerLink(static::class, [
+                       'object' => $this->setup,
+               ]));
+               
                // Backup codes may not be disabled.
                if ($this->method->objectType === 'com.woltlab.wcf.multifactor.backup') {
                        throw new PermissionDeniedException();