From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Tue, 19 Jan 2021 10:16:35 +0000 (+0100)
Subject: Move permission checks for Multifactor forms into checkPermissions()
X-Git-Tag: 5.4.0_Alpha_1~421
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=73eb671e977af7dd359dafc99b76ed28ee693df5;p=GitHub%2FWoltLab%2FWCF.git

Move permission checks for Multifactor forms into checkPermissions()

This avoids issues with requestReauthentication() being called for guests.

I verified that none of the actual processing happens before the
checkPermissions() check.
---

diff --git a/wcfsetup/install/files/lib/form/MultifactorDisableForm.class.php b/wcfsetup/install/files/lib/form/MultifactorDisableForm.class.php
index 53d31bc802..ece4900831 100644
--- a/wcfsetup/install/files/lib/form/MultifactorDisableForm.class.php
+++ b/wcfsetup/install/files/lib/form/MultifactorDisableForm.class.php
@@ -71,6 +71,13 @@ class MultifactorDisableForm extends AbstractFormBuilderForm {
 		$this->setup = $this->setups[$_GET['id']];
 		$this->method = $this->setup->getObjectType();
 		\assert($this->method->getDefinition()->definitionName === 'com.woltlab.wcf.multifactor');
+	}
+	
+	/**
+	 * @inheritDoc
+	 */
+	public function checkPermissions() {
+		parent::checkPermissions();
 		
 		$this->requestReauthentication(LinkHandler::getInstance()->getControllerLink(static::class, [
 			'object' => $this->setup,
diff --git a/wcfsetup/install/files/lib/form/MultifactorManageForm.class.php b/wcfsetup/install/files/lib/form/MultifactorManageForm.class.php
index 86a3ae7407..525563eb8d 100644
--- a/wcfsetup/install/files/lib/form/MultifactorManageForm.class.php
+++ b/wcfsetup/install/files/lib/form/MultifactorManageForm.class.php
@@ -87,6 +87,13 @@ class MultifactorManageForm extends AbstractFormBuilderForm {
 		$this->method = $objectType;
 		$this->processor = $this->method->getProcessor();
 		$this->setup = Setup::find($this->method, WCF::getUser());
+	}
+	
+	/**
+	 * @inheritDoc
+	 */
+	public function checkPermissions() {
+		parent::checkPermissions();
 		
 		$this->requestReauthentication(LinkHandler::getInstance()->getControllerLink(static::class, [
 			'object' => $this->method,