From 0fd492c94e2f179f328da9da36fe1c5d3fc09445 Mon Sep 17 00:00:00 2001 From: Ash McKenzie Date: Mon, 18 Jan 2021 13:36:53 +1100 Subject: [PATCH] Display error if twofaSecret cannot be retrieved --- options/locale/locale_en-US.ini | 1 + routers/user/setting/security_twofa.go | 9 ++++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini index 5e5363726701a..a64716beaf5fd 100644 --- a/options/locale/locale_en-US.ini +++ b/options/locale/locale_en-US.ini @@ -625,6 +625,7 @@ or_enter_secret = Or enter the secret: %s then_enter_passcode = And enter the passcode shown in the application: passcode_invalid = The passcode is incorrect. Try again. twofa_enrolled = Your account has been enrolled into two-factor authentication. Store your scratch token (%s) in a safe place as it is only shown once! +twofa_failed_get_secret = Failed to get secret. u2f_desc = Security keys are hardware devices containing cryptographic keys. They can be used for two-factor authentication. Security keys must support the FIDO U2F standard. u2f_require_twofa = Your account must be enrolled in two-factor authentication to use security keys. diff --git a/routers/user/setting/security_twofa.go b/routers/user/setting/security_twofa.go index 4ee698e15e66f..1b81db868b30e 100644 --- a/routers/user/setting/security_twofa.go +++ b/routers/user/setting/security_twofa.go @@ -189,7 +189,14 @@ func EnrollTwoFactorPost(ctx *context.Context, form auth.TwoFactorAuthForm) { return } - secret := ctx.Session.Get("twofaSecret").(string) + secretRaw := ctx.Session.Get("twofaSecret") + if secretRaw == nil { + ctx.Flash.Error(ctx.Tr("settings.twofa_failed_get_secret")) + ctx.Redirect(setting.AppSubURL + "/user/settings/security/two_factor/enroll") + return + } + + secret := secretRaw.(string) if !totp.Validate(form.Passcode, secret) { if !twofaGenerateSecretAndQr(ctx) { return