From: Tim Düsterhus Date: Thu, 5 Nov 2020 15:22:50 +0000 (+0100) Subject: Add SessionHandler::changeUserAfterMultifactor() X-Git-Tag: 5.4.0_Alpha_1~555^2~53^2~24 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=2924e93199737b8b91b3d2c213944d6470ac6de1;p=GitHub%2FWoltLab%2FWCF.git Add SessionHandler::changeUserAfterMultifactor() --- diff --git a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php index 64e6269dfd..e7b3392255 100644 --- a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php +++ b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php @@ -691,6 +691,29 @@ final class SessionHandler extends SingletonFactory { } } + /** + * If multifactor authentication is enabled for the given user then + * - the userID will be stored in the session variables, and + * - `true` is returned. + * Otherwise, + * - `changeUser()` will be called, and + * - `false` is returned. + * + * If `true` is returned you should perform a redirect to `MultifactorAuthenticationForm`. + */ + public function changeUserAfterMultifactor(User $user): bool { + if ($user->multifactorActive) { + $this->register('__changeUserAfterMultifactor__', $user->userID); + + return true; + } + else { + $this->changeUser($user); + + return false; + } + } + /** * Stores a new user object in this session, e.g. a user was guest because not * logged in, after the login his old session is used to store his full data. diff --git a/wcfsetup/setup/db/install.sql b/wcfsetup/setup/db/install.sql index aeafdc53f7..a1ef45d6ba 100644 --- a/wcfsetup/setup/db/install.sql +++ b/wcfsetup/setup/db/install.sql @@ -1450,6 +1450,7 @@ CREATE TABLE wcf1_user ( email VARCHAR(191) NOT NULL DEFAULT '', password VARCHAR(255) NOT NULL DEFAULT 'invalid:', accessToken CHAR(40) NOT NULL DEFAULT '', + multifactorActive TINYINT(1) NOT NULL DEFAULT 0, languageID INT(10) NOT NULL DEFAULT 0, registrationDate INT(10) NOT NULL DEFAULT 0, styleID INT(10) NOT NULL DEFAULT 0,