From f878e0ad664acbdea50e3391ba006c68528f224d Mon Sep 17 00:00:00 2001 From: snipe Date: Tue, 15 Feb 2022 18:29:23 -0800 Subject: [PATCH] Fixes 2FA cookie -> user issue Signed-off-by: snipe --- app/Http/Controllers/Auth/LoginController.php | 2 +- app/Http/Middleware/CheckForTwoFactor.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php index 101a55bc80..5c6524bf65 100644 --- a/app/Http/Controllers/Auth/LoginController.php +++ b/app/Http/Controllers/Auth/LoginController.php @@ -363,7 +363,7 @@ class LoginController extends Controller if (Google2FA::verifyKey($user->two_factor_secret, $secret)) { $user->two_factor_enrolled = 1; $user->save(); - $request->session()->put('2fa_authed', 'true'); + $request->session()->put('2fa_authed', $user->id); return redirect()->route('home')->with('success', 'You are logged in!'); } diff --git a/app/Http/Middleware/CheckForTwoFactor.php b/app/Http/Middleware/CheckForTwoFactor.php index 4cf7e265cc..51ad9c7507 100644 --- a/app/Http/Middleware/CheckForTwoFactor.php +++ b/app/Http/Middleware/CheckForTwoFactor.php @@ -32,7 +32,7 @@ class CheckForTwoFactor if ($settings = Setting::getSettings()) { if (Auth::check() && ($settings->two_factor_enabled != '')) { // This user is already 2fa-authed - if ($request->session()->get('2fa_authed')) { + if ($request->session()->get('2fa_authed')==Auth::user()->id) { return $next($request); }