fix(auth): fix challenge type check

The factor parameter is case insensitive so we need to make sure comparing the parameter to the constant is case insensitive too.
2024-05-02 11:52:38 +12:00 · 2024-04-16 23:44:46 -07:00 · 2024-04-16 23:44:46 -07:00 · 2f7aff3a44
parent 05dd17bd55
commit 2f7aff3a44
1 changed files with 2 additions and 2 deletions
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@ -4069,7 +4069,7 @@ App::put('/v1/account/mfa/challenge')
        $recoveryCodeChallenge = function (Document $challenge, Document $user, string $otp) use ($dbForProject) {
            if (
                $challenge->isSet('type') &&
-                $challenge->getAttribute('type') === Type::RECOVERY_CODE
+                $challenge->getAttribute('type') === \strtolower(Type::RECOVERY_CODE)
            ) {
                $mfaRecoveryCodes = $user->getAttribute('mfaRecoveryCodes', []);
                if (in_array($otp, $mfaRecoveryCodes)) {
@ -4091,7 +4091,7 @@ App::put('/v1/account/mfa/challenge')
            Type::TOTP => Challenge\TOTP::challenge($challenge, $user, $otp),
            Type::PHONE => Challenge\Phone::challenge($challenge, $user, $otp),
            Type::EMAIL => Challenge\Email::challenge($challenge, $user, $otp),
-            Type::RECOVERY_CODE => $recoveryCodeChallenge($challenge, $user, $otp),
+            \strtolower(Type::RECOVERY_CODE) => $recoveryCodeChallenge($challenge, $user, $otp),
            default => false
        });