fix(auth): fix challenge type check
The factor parameter is case insensitive so we need to make sure comparing the parameter to the constant is case insensitive too.
This commit is contained in:
parent
05dd17bd55
commit
2f7aff3a44
|
@ -4069,7 +4069,7 @@ App::put('/v1/account/mfa/challenge')
|
|||
$recoveryCodeChallenge = function (Document $challenge, Document $user, string $otp) use ($dbForProject) {
|
||||
if (
|
||||
$challenge->isSet('type') &&
|
||||
$challenge->getAttribute('type') === Type::RECOVERY_CODE
|
||||
$challenge->getAttribute('type') === \strtolower(Type::RECOVERY_CODE)
|
||||
) {
|
||||
$mfaRecoveryCodes = $user->getAttribute('mfaRecoveryCodes', []);
|
||||
if (in_array($otp, $mfaRecoveryCodes)) {
|
||||
|
@ -4091,7 +4091,7 @@ App::put('/v1/account/mfa/challenge')
|
|||
Type::TOTP => Challenge\TOTP::challenge($challenge, $user, $otp),
|
||||
Type::PHONE => Challenge\Phone::challenge($challenge, $user, $otp),
|
||||
Type::EMAIL => Challenge\Email::challenge($challenge, $user, $otp),
|
||||
Type::RECOVERY_CODE => $recoveryCodeChallenge($challenge, $user, $otp),
|
||||
\strtolower(Type::RECOVERY_CODE) => $recoveryCodeChallenge($challenge, $user, $otp),
|
||||
default => false
|
||||
});
|
||||
|
||||
|
|
Loading…
Reference in a new issue