From 5f92acdcdd676e4d14521a2d3403cc3bc4d34506 Mon Sep 17 00:00:00 2001
From: "Gurdeep Singh (Guru)" <oyeaussie@gmail.com>
Date: Mon, 8 Jul 2024 21:23:38 +1000
Subject: [PATCH] Update #540 - Fix minor positioning of validation of password
 during login.

---
 .../AccessServiceProvider/Access/Auth.php     | 80 +++++++++++--------
 1 file changed, 45 insertions(+), 35 deletions(-)

diff --git a/system/Base/Providers/AccessServiceProvider/Access/Auth.php b/system/Base/Providers/AccessServiceProvider/Access/Auth.php
index 4e1d629d..514cc9b8 100644
--- a/system/Base/Providers/AccessServiceProvider/Access/Auth.php
+++ b/system/Base/Providers/AccessServiceProvider/Access/Auth.php
@@ -56,14 +56,7 @@ public function attempt($data)
         $validate = $this->validateData($data, 'auth');
 
         if ($validate !== true) {
-            if (str_contains(strtolower($validate), '2fa code')) {
-                if (str_contains(strtolower($validate), 'please contact administrator')) {
-                    $validate = str_replace('Error! Please contact administrator.', '', $validate);
-                }
-                $this->addResponse($validate, 3, ['allowed_methods' => $this->core->core['settings']['security']['twofaSettings']['twofaUsing']]);
-            } else {
-                $this->addResponse($validate, 1);
-            }
+            $this->addResponse($validate, 1);
 
             return false;
         }
@@ -82,6 +75,21 @@ public function attempt($data)
             return false;
         }
 
+        $validate = $this->validateData($data, 'auth2fa');
+
+        if ($validate !== true) {
+            if (str_contains(strtolower($validate), '2fa code')) {
+                if (str_contains(strtolower($validate), 'please contact administrator')) {
+                    $validate = str_replace('Error! Please contact administrator.', '', $validate);
+                }
+                $this->addResponse($validate, 3, ['allowed_methods' => $this->core->core['settings']['security']['twofaSettings']['twofaUsing']]);
+            } else {
+                $this->addResponse($validate, 1);
+            }
+
+            return false;
+        }
+
         $this->access->ipFilter->removeFromMonitoring();
 
         $security = $this->getAccountSecurityObject();
@@ -275,7 +283,7 @@ protected function clearAccountSessionId()
             $sessionStore->findOneBy([['session_id', '=', $this->session->getId()], "AND", ['app', '=', $this->getKey()]]);
 
             if ($sessionStore->toArray()) {
-                $sessionStore->deleteById($sessionStore->toArray()['id']);
+                $sessionStore->deleteById($sessionStore->toArray()['id'], true, false, ['agents']);
             }
         }
 
@@ -733,34 +741,36 @@ protected function setUserSession()
 
     public function validateData(array $data, $task)
     {
-        if ($task === 'auth') {
+        if ($task === 'auth' || $task === 'auth2fa') {
             $this->validation->add('user', PresenceOf::class, ["message" => "Enter valid user name."]);
             $this->validation->add('pass', PresenceOf::class, ["message" => "Enter valid password."]);
-            if (isset($this->app['enforce_2fa']) && $this->app['enforce_2fa'] == '1') {
-                $this->validation->add('twofa_using', PresenceOf::class, ["message" => "Error! Please contact administrator."]);
-                $this->validation->add('code', PresenceOf::class, ["message" => "Enter valid 2FA code"]);
-                if (isset($data['twofa_using'])) {
-                    if ($data['twofa_using'] === 'otp') {
-                        if (isset($this->core->core['settings']['security']['twofaSettings']['twofaOtpDigitsLength'])) {
-                            $this->validation->add('code',
-                                                   Min::class,
-                                                   [
-                                                        "min" => $this->core->core['settings']['security']['twofaSettings']['twofaOtpDigitsLength'],
-                                                        "message" => "Error: Enter valid 2FA code.",
-                                                        "included" => false
-                                                    ]
-                                                );
-                        }
-                    } else if ($data['twofa_using'] === 'email') {
-                        if (isset($this->core->core['settings']['security']['twofaSettings']['twofaEmailCodeLength'])) {
-                            $this->validation->add('code',
-                                                   Min::class,
-                                                   [
-                                                        "min" => $this->core->core['settings']['security']['twofaSettings']['twofaEmailCodeLength'],
-                                                        "message" => "Error: Enter valid 2FA code.",
-                                                        "included" => false
-                                                    ]
-                                                );
+            if ($task === 'auth2fa') {
+                if (isset($this->app['enforce_2fa']) && $this->app['enforce_2fa'] == '1') {
+                    $this->validation->add('twofa_using', PresenceOf::class, ["message" => "Error! Please contact administrator."]);
+                    $this->validation->add('code', PresenceOf::class, ["message" => "Enter valid 2FA code"]);
+                    if (isset($data['twofa_using'])) {
+                        if ($data['twofa_using'] === 'otp') {
+                            if (isset($this->core->core['settings']['security']['twofaSettings']['twofaOtpDigitsLength'])) {
+                                $this->validation->add('code',
+                                                       Min::class,
+                                                       [
+                                                            "min" => $this->core->core['settings']['security']['twofaSettings']['twofaOtpDigitsLength'],
+                                                            "message" => "Error: Enter valid 2FA code.",
+                                                            "included" => false
+                                                        ]
+                                                    );
+                            }
+                        } else if ($data['twofa_using'] === 'email') {
+                            if (isset($this->core->core['settings']['security']['twofaSettings']['twofaEmailCodeLength'])) {
+                                $this->validation->add('code',
+                                                       Min::class,
+                                                       [
+                                                            "min" => $this->core->core['settings']['security']['twofaSettings']['twofaEmailCodeLength'],
+                                                            "message" => "Error: Enter valid 2FA code.",
+                                                            "included" => false
+                                                        ]
+                                                    );
+                            }
                         }
                     }
                 }