From 2924e93199737b8b91b3d2c213944d6470ac6de1 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Thu, 5 Nov 2020 16:22:50 +0100
Subject: [PATCH] Add SessionHandler::changeUserAfterMultifactor()

---
 .../system/session/SessionHandler.class.php   | 23 +++++++++++++++++++
 wcfsetup/setup/db/install.sql                 |  1 +
 2 files changed, 24 insertions(+)

diff --git a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
index 64e6269dfd..e7b3392255 100644
--- a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
+++ b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
@@ -691,6 +691,29 @@ final class SessionHandler extends SingletonFactory {
 		}
 	}
 	
+	/**
+	 * If multifactor authentication is enabled for the given user then
+	 * - the userID will be stored in the session variables, and
+	 * - `true` is returned.
+	 * Otherwise,
+	 * - `changeUser()` will be called, and
+	 * - `false` is returned.
+	 * 
+	 * If `true` is returned you should perform a redirect to `MultifactorAuthenticationForm`.
+	 */
+	public function changeUserAfterMultifactor(User $user): bool {
+		if ($user->multifactorActive) {
+			$this->register('__changeUserAfterMultifactor__', $user->userID);
+			
+			return true;
+		}
+		else {
+			$this->changeUser($user);
+			
+			return false;
+		}
+	}
+	
 	/**
 	 * Stores a new user object in this session, e.g. a user was guest because not
 	 * logged in, after the login his old session is used to store his full data.
diff --git a/wcfsetup/setup/db/install.sql b/wcfsetup/setup/db/install.sql
index aeafdc53f7..a1ef45d6ba 100644
--- a/wcfsetup/setup/db/install.sql
+++ b/wcfsetup/setup/db/install.sql
@@ -1450,6 +1450,7 @@ CREATE TABLE wcf1_user (
 	email VARCHAR(191) NOT NULL DEFAULT '',
 	password VARCHAR(255) NOT NULL DEFAULT 'invalid:',
 	accessToken CHAR(40) NOT NULL DEFAULT '',
+	multifactorActive TINYINT(1) NOT NULL DEFAULT 0,
 	languageID INT(10) NOT NULL DEFAULT 0,
 	registrationDate INT(10) NOT NULL DEFAULT 0,
 	styleID INT(10) NOT NULL DEFAULT 0,
-- 
2.20.1