From fbf4a545dce5cb12a517ebadf23dab9ac6b07db9 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Tim=20D=C3=BCsterhus?= Date: Tue, 1 Dec 2020 15:53:05 +0100 Subject: [PATCH] Request reauthentication in MultifactorDisableForm --- .../files/lib/form/MultifactorDisableForm.class.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/wcfsetup/install/files/lib/form/MultifactorDisableForm.class.php b/wcfsetup/install/files/lib/form/MultifactorDisableForm.class.php index 8f4a6c4f25..264915e767 100644 --- a/wcfsetup/install/files/lib/form/MultifactorDisableForm.class.php +++ b/wcfsetup/install/files/lib/form/MultifactorDisableForm.class.php @@ -11,6 +11,7 @@ use wcf\system\form\builder\field\validation\FormFieldValidator; use wcf\system\form\builder\TemplateFormNode; use wcf\system\menu\user\UserMenu; use wcf\system\request\LinkHandler; +use wcf\system\user\authentication\TReauthenticationCheck; use wcf\system\user\multifactor\Setup; use wcf\system\WCF; use wcf\util\HeaderUtil; @@ -25,6 +26,8 @@ use wcf\util\HeaderUtil; * @since 5.4 */ class MultifactorDisableForm extends AbstractFormBuilderForm { + use TReauthenticationCheck; + /** * @inheritDoc */ @@ -69,6 +72,10 @@ class MultifactorDisableForm extends AbstractFormBuilderForm { $this->method = $this->setup->getObjectType(); \assert($this->method->getDefinition()->definitionName === 'com.woltlab.wcf.multifactor'); + $this->requestReauthentication(LinkHandler::getInstance()->getControllerLink(static::class, [ + 'object' => $this->setup, + ])); + // Backup codes may not be disabled. if ($this->method->objectType === 'com.woltlab.wcf.multifactor.backup') { throw new PermissionDeniedException(); -- 2.20.1