From fa03d1fc90dcd52fed0c7fd669b0f0e99770ae57 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Tue, 1 Dec 2020 15:52:08 +0100
Subject: [PATCH] Request reauthentication in MultifactorManageForm

---
 .../install/files/lib/form/MultifactorManageForm.class.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/wcfsetup/install/files/lib/form/MultifactorManageForm.class.php b/wcfsetup/install/files/lib/form/MultifactorManageForm.class.php
index ec5e8d6d34..c37482237f 100644
--- a/wcfsetup/install/files/lib/form/MultifactorManageForm.class.php
+++ b/wcfsetup/install/files/lib/form/MultifactorManageForm.class.php
@@ -13,6 +13,7 @@ use wcf\system\form\builder\IFormParentNode;
 use wcf\system\form\builder\TemplateFormNode;
 use wcf\system\menu\user\UserMenu;
 use wcf\system\request\LinkHandler;
+use wcf\system\user\authentication\TReauthenticationCheck;
 use wcf\system\user\multifactor\IMultifactorMethod;
 use wcf\system\user\multifactor\Setup;
 use wcf\system\WCF;
@@ -27,6 +28,8 @@ use wcf\system\WCF;
  * @since	5.4
  */
 class MultifactorManageForm extends AbstractFormBuilderForm {
+	use TReauthenticationCheck;
+	
 	/**
 	 * @inheritDoc
 	 */
@@ -85,6 +88,10 @@ class MultifactorManageForm extends AbstractFormBuilderForm {
 		$this->processor = $this->method->getProcessor();
 		$this->setup = Setup::find($this->method, WCF::getUser());
 		
+		$this->requestReauthentication(LinkHandler::getInstance()->getControllerLink(static::class, [
+			'object' => $this->method,
+		]));
+		
 		// Backup codes may not be managed if they are not yet set up.
 		if ($this->method->objectType === 'com.woltlab.wcf.multifactor.backup' && !$this->setup) {
 			throw new PermissionDeniedException();
-- 
2.20.1