From: Tim Düsterhus Date: Mon, 16 Nov 2020 12:06:57 +0000 (+0100) Subject: Add SessionHandler::getPendingUserChange() X-Git-Tag: 5.4.0_Alpha_1~555^2~53^2~1 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=89a1adc29e01685517eddc036aa16659677edefd;p=GitHub%2FWoltLab%2FWCF.git Add SessionHandler::getPendingUserChange() --- diff --git a/wcfsetup/install/files/lib/form/MultifactorAuthenticationForm.class.php b/wcfsetup/install/files/lib/form/MultifactorAuthenticationForm.class.php index 5f1ea18ad8..de400ac9bf 100644 --- a/wcfsetup/install/files/lib/form/MultifactorAuthenticationForm.class.php +++ b/wcfsetup/install/files/lib/form/MultifactorAuthenticationForm.class.php @@ -58,12 +58,8 @@ class MultifactorAuthenticationForm extends AbstractFormBuilderForm { public function readParameters() { parent::readParameters(); - $userId = WCF::getSession()->getVar('__changeUserAfterMultifactor__'); - if (!$userId) { - throw new PermissionDeniedException(); - } - $this->user = new User($userId); - if (!$this->user->userID) { + $this->user = WCF::getSession()->getPendingUserChange(); + if (!$this->user) { throw new PermissionDeniedException(); } diff --git a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php index 14a1a526a3..f3d9111246 100644 --- a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php +++ b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php @@ -137,6 +137,8 @@ final class SessionHandler extends SingletonFactory { private const GUEST_SESSION_LIFETIME = 7200; private const USER_SESSION_LIFETIME = 86400 * 14; + private const CHANGE_USER_AFTER_MULTIFACTOR_KEY = '__changeUserAfterMultifactor__'; + /** * Provides access to session data. * @@ -703,7 +705,7 @@ final class SessionHandler extends SingletonFactory { */ public function changeUserAfterMultifactor(User $user): bool { if ($user->multifactorActive) { - $this->register('__changeUserAfterMultifactor__', $user->userID); + $this->register(self::CHANGE_USER_AFTER_MULTIFACTOR_KEY, $user->userID); return true; } @@ -714,6 +716,24 @@ final class SessionHandler extends SingletonFactory { } } + /** + * Returns the pending user change initiated by changeUserAfterMultifactor(). + */ + public function getPendingUserChange(): ?User { + $userId = WCF::getSession()->getVar(self::CHANGE_USER_AFTER_MULTIFACTOR_KEY); + if (!$userId) { + return null; + } + + $user = new User($userId); + + if (!$user->userID) { + return null; + } + + return $user; + } + /** * Stores a new user object in this session, e.g. a user was guest because not * logged in, after the login his old session is used to store his full data.