Merge pull request #7947 from appwrite/fix-mfa-protected-group

Fix: MFA protected group
2024-06-14 08:44:49 +12:00 · 2024-04-11 11:33:40 +02:00 · 2024-04-11 11:33:40 +02:00 · 7b2aae5ce2
parent 03446b7b8a c87a7053b4
commit 7b2aae5ce2
2 changed files with 7 additions and 1 deletions
--- a/app/controllers/shared/api/auth.php
+++ b/app/controllers/shared/api/auth.php
@ -18,7 +18,7 @@ App::init()
        $lastUpdate = $session->getAttribute('mfaUpdatedAt');
        if (!empty($lastUpdate)) {
            $now = DateTime::now();
-            $maxAllowedDate = DateTime::addSeconds($lastUpdate, Auth::MFA_RECENT_DURATION); // Maximum date until session is considered safe before asking for another challenge
+            $maxAllowedDate = DateTime::addSeconds(new \DateTime($lastUpdate), Auth::MFA_RECENT_DURATION); // Maximum date until session is considered safe before asking for another challenge

            $isSessionFresh = DateTime::formatTz($maxAllowedDate) >= DateTime::formatTz($now);
        }
--- a/src/Appwrite/Utopia/Response/Model/Session.php
+++ b/src/Appwrite/Utopia/Response/Model/Session.php
@ -22,6 +22,12 @@ class Session extends Model
                'default' => '',
                'example' => self::TYPE_DATETIME_EXAMPLE,
            ])
+            ->addRule('$updatedAt', [
+                'type' => self::TYPE_DATETIME,
+                'description' => 'Session update date in ISO 8601 format.',
+                'default' => '',
+                'example' => self::TYPE_DATETIME_EXAMPLE,
+            ])
            ->addRule('userId', [
                'type' => self::TYPE_STRING,
                'description' => 'User ID.',