From 65563fa0cd7bda8873b5d83a40a80c1cb11b55a1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=8D=83=E7=9F=B3?= <CN_QianShi@hotmail.com>
Date: Mon, 26 Aug 2024 08:40:22 +0800
Subject: [PATCH] feat: Ensure MFA email and phone are validated before
 enabling (#3143)

Added validation checks to ensure that a user's email and phone number are provided before enabling MFA email and phone respectively. This fixes the issue where MFA could be enabled without these values, causing inconsistencies.
---
 controllers/user.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/controllers/user.go b/controllers/user.go
index f2bb38dd..86105e6e 100644
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -289,6 +289,16 @@ func (c *ApiController) UpdateUser() {
 		}
 	}
 
+	if user.MfaEmailEnabled && user.Email == "" {
+		c.ResponseError(c.T("user:MFA email is enabled but email is empty"))
+		return
+	}
+
+	if user.MfaPhoneEnabled && user.Phone == "" {
+		c.ResponseError(c.T("user:MFA phone is enabled but phone number is empty"))
+		return
+	}
+
 	if msg := object.CheckUpdateUser(oldUser, &user, c.GetAcceptLanguage()); msg != "" {
 		c.ResponseError(msg)
 		return