From 89a1adc29e01685517eddc036aa16659677edefd Mon Sep 17 00:00:00 2001 From: =?utf8?q?Tim=20D=C3=BCsterhus?= Date: Mon, 16 Nov 2020 13:06:57 +0100 Subject: [PATCH] Add SessionHandler::getPendingUserChange() --- .../MultifactorAuthenticationForm.class.php | 8 ++----- .../system/session/SessionHandler.class.php | 22 ++++++++++++++++++- 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/wcfsetup/install/files/lib/form/MultifactorAuthenticationForm.class.php b/wcfsetup/install/files/lib/form/MultifactorAuthenticationForm.class.php index 5f1ea18ad8..de400ac9bf 100644 --- a/wcfsetup/install/files/lib/form/MultifactorAuthenticationForm.class.php +++ b/wcfsetup/install/files/lib/form/MultifactorAuthenticationForm.class.php @@ -58,12 +58,8 @@ class MultifactorAuthenticationForm extends AbstractFormBuilderForm { public function readParameters() { parent::readParameters(); - $userId = WCF::getSession()->getVar('__changeUserAfterMultifactor__'); - if (!$userId) { - throw new PermissionDeniedException(); - } - $this->user = new User($userId); - if (!$this->user->userID) { + $this->user = WCF::getSession()->getPendingUserChange(); + if (!$this->user) { throw new PermissionDeniedException(); } diff --git a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php index 14a1a526a3..f3d9111246 100644 --- a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php +++ b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php @@ -137,6 +137,8 @@ final class SessionHandler extends SingletonFactory { private const GUEST_SESSION_LIFETIME = 7200; private const USER_SESSION_LIFETIME = 86400 * 14; + private const CHANGE_USER_AFTER_MULTIFACTOR_KEY = '__changeUserAfterMultifactor__'; + /** * Provides access to session data. * @@ -703,7 +705,7 @@ final class SessionHandler extends SingletonFactory { */ public function changeUserAfterMultifactor(User $user): bool { if ($user->multifactorActive) { - $this->register('__changeUserAfterMultifactor__', $user->userID); + $this->register(self::CHANGE_USER_AFTER_MULTIFACTOR_KEY, $user->userID); return true; } @@ -714,6 +716,24 @@ final class SessionHandler extends SingletonFactory { } } + /** + * Returns the pending user change initiated by changeUserAfterMultifactor(). + */ + public function getPendingUserChange(): ?User { + $userId = WCF::getSession()->getVar(self::CHANGE_USER_AFTER_MULTIFACTOR_KEY); + if (!$userId) { + return null; + } + + $user = new User($userId); + + if (!$user->userID) { + return null; + } + + return $user; + } + /** * Stores a new user object in this session, e.g. a user was guest because not * logged in, after the login his old session is used to store his full data. -- 2.20.1