fix: Clear pending two factor tokens also from configuration

Otherwise as the tokens were removed from the database but not from the configuration the next time that the tokens were cleared the previous tokens were still got from the configuration, and trying to remove them again from the database ended in a DoesNotExistException being thrown. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2024-10-28 10:14:29 +07:00 · 2024-10-28 10:14:29 +07:00 · c7b5c3e02f
parent 29e17ab2f8
commit c7b5c3e02f
2 changed files with 28 additions and 0 deletions
--- a/lib/private/Authentication/TwoFactorAuth/Manager.php
+++ b/lib/private/Authentication/TwoFactorAuth/Manager.php
@ -366,6 +366,8 @@ class Manager {
 		$tokensNeeding2FA = $this->config->getUserKeys($userId, 'login_token_2fa');

 		foreach ($tokensNeeding2FA as $tokenId) {
+			$this->config->deleteUserValue($userId, 'login_token_2fa', $tokenId);
+
 			$this->tokenProvider->invalidateTokenById($userId, (int)$tokenId);
 		}
 	}
--- a/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php
+++ b/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php
@ -701,4 +701,30 @@ class ManagerTest extends TestCase {

 		$this->assertFalse($this->manager->needsSecondFactor($user));
 	}
+
+	public function testClearTwoFactorPending() {
+		$this->config->method('getUserKeys')
+			->with('theUserId', 'login_token_2fa')
+			->willReturn([
+				'42', '43', '44'
+			]);
+
+		$this->config->expects($this->exactly(3))
+			->method('deleteUserValue')
+			->withConsecutive(
+				['theUserId', 'login_token_2fa', '42'],
+				['theUserId', 'login_token_2fa', '43'],
+				['theUserId', 'login_token_2fa', '44'],
+			);
+
+		$this->tokenProvider->expects($this->exactly(3))
+			->method('invalidateTokenById')
+			->withConsecutive(
+				['theUserId', 42],
+				['theUserId', 43],
+				['theUserId', 44],
+			);
+
+		$this->manager->clearTwoFactorPending('theUserId');
+	}
 }