diff options
author | Peter Zhang <peter@innocraft.com> | 2021-10-13 03:54:31 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-10-13 03:54:31 +0300 |
commit | e4a7b579622da9f585a9e662efc114b08b6fe08d (patch) | |
tree | a865e8af116e2a929a583e91910dce57fb628207 /plugins/TwoFactorAuth | |
parent | f1cba6a5f168bdb3faf64e812b44d591d8afce08 (diff) |
More verbose error message when login nonce check fails (#18051)
Diffstat (limited to 'plugins/TwoFactorAuth')
-rw-r--r-- | plugins/TwoFactorAuth/Controller.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/plugins/TwoFactorAuth/Controller.php b/plugins/TwoFactorAuth/Controller.php index daa97f21eb..e7936b5202 100644 --- a/plugins/TwoFactorAuth/Controller.php +++ b/plugins/TwoFactorAuth/Controller.php @@ -83,7 +83,8 @@ class Controller extends \Piwik\Plugin\Controller $form->removeAttribute('action'); // remove action attribute, otherwise hash part will be lost if ($form->validate()) { $nonce = $form->getSubmitValue('form_nonce'); - if ($nonce && Nonce::verifyNonce(self::LOGIN_2FA_NONCE, $nonce) && $form->validate()) { + $messageNoAccess = Nonce::verifyNonceWithErrorMessage(self::LOGIN_2FA_NONCE, $nonce); + if ($nonce && $messageNoAccess === "" && $form->validate()) { $authCode = $form->getSubmitValue('form_authcode'); if ($authCode && is_string($authCode)) { $authCode = str_replace('-', '', $authCode); @@ -106,8 +107,6 @@ class Controller extends \Piwik\Plugin\Controller // ignore error eg if login plugin is disabled } } - } else { - $messageNoAccess = Piwik::translate('Login_InvalidNonceOrHeadersOrReferrer', array('<a target="_blank" rel="noreferrer noopener" href="https://matomo.org/faq/how-to-install/#faq_98">', '</a>')); } } $superUsers = Request::processRequest('UsersManager.getUsersHavingSuperUserAccess', [], []); @@ -288,7 +287,8 @@ class Controller extends \Piwik\Plugin\Controller $this->validator->check2FaEnabled(); $regenerateNonce = Common::getRequestVar('regenerateNonce', '', 'string', $_POST); - $postedValidNonce = !empty($regenerateNonce) && Nonce::verifyNonce(self::REGENERATE_CODES_2FA_NONCE, $regenerateNonce); + $postedValidNonce = !empty($regenerateNonce) && Nonce::verifyNonce(self::REGENERATE_CODES_2FA_NONCE, + $regenerateNonce); $regenerateSuccess = false; $regenerateError = false; |