From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Tue, 1 Dec 2020 14:53:05 +0000 (+0100)
Subject: Request reauthentication in MultifactorDisableForm
X-Git-Tag: 5.4.0_Alpha_1~555^2~6^2~2
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=fbf4a545dce5cb12a517ebadf23dab9ac6b07db9;p=GitHub%2FWoltLab%2FWCF.git

Request reauthentication in MultifactorDisableForm
---

diff --git a/wcfsetup/install/files/lib/form/MultifactorDisableForm.class.php b/wcfsetup/install/files/lib/form/MultifactorDisableForm.class.php
index 8f4a6c4f25..264915e767 100644
--- a/wcfsetup/install/files/lib/form/MultifactorDisableForm.class.php
+++ b/wcfsetup/install/files/lib/form/MultifactorDisableForm.class.php
@@ -11,6 +11,7 @@ use wcf\system\form\builder\field\validation\FormFieldValidator;
 use wcf\system\form\builder\TemplateFormNode;
 use wcf\system\menu\user\UserMenu;
 use wcf\system\request\LinkHandler;
+use wcf\system\user\authentication\TReauthenticationCheck;
 use wcf\system\user\multifactor\Setup;
 use wcf\system\WCF;
 use wcf\util\HeaderUtil;
@@ -25,6 +26,8 @@ use wcf\util\HeaderUtil;
  * @since	5.4
  */
 class MultifactorDisableForm extends AbstractFormBuilderForm {
+	use TReauthenticationCheck;
+	
 	/**
 	 * @inheritDoc
 	 */
@@ -69,6 +72,10 @@ class MultifactorDisableForm extends AbstractFormBuilderForm {
 		$this->method = $this->setup->getObjectType();
 		\assert($this->method->getDefinition()->definitionName === 'com.woltlab.wcf.multifactor');
 		
+		$this->requestReauthentication(LinkHandler::getInstance()->getControllerLink(static::class, [
+			'object' => $this->setup,
+		]));
+		
 		// Backup codes may not be disabled.
 		if ($this->method->objectType === 'com.woltlab.wcf.multifactor.backup') {
 			throw new PermissionDeniedException();