feat: fix issue that admin cannot enable MFA for user (#2702)

2025-05-23 10:45:47 +08:00 · 2024-02-14 23:29:04 +08:00 · 2024-02-14 23:29:04 +08:00 · f35a5f9a47
commit f35a5f9a47
parent 7481b229a4
2 changed files with 32 additions and 25 deletions
--- a/controllers/mfa.go
+++ b/controllers/mfa.go
@ -110,7 +110,7 @@ func (c *ApiController) MfaSetupVerify() {
 			return
 		}
 		config.Secret = secret.(string)
-	} else if mfaType == object.EmailType || mfaType == object.SmsType {
+	} else if mfaType == object.SmsType {
 		dest := c.GetSession(MfaDestSession)
 		if dest == nil {
 			c.ResponseError("destination is missing")
@ -123,6 +123,13 @@ func (c *ApiController) MfaSetupVerify() {
 			return
 		}
 		config.CountryCode = countryCode.(string)
+	} else if mfaType == object.EmailType {
+		dest := c.GetSession(MfaDestSession)
+		if dest == nil {
+			c.ResponseError("destination is missing")
+			return
+		}
+		config.Secret = dest.(string)
 	}

 	mfaUtil := object.GetMfaUtil(mfaType, config)
@ -175,19 +182,30 @@ func (c *ApiController) MfaSetupEnable() {
 			return
 		}
 		config.Secret = secret.(string)
-	} else if mfaType == object.EmailType || mfaType == object.SmsType {
-		dest := c.GetSession(MfaDestSession)
-		if dest == nil {
-			c.ResponseError("destination is missing")
-			return
+	} else if mfaType == object.EmailType {
+		if user.Email == "" {
+			dest := c.GetSession(MfaDestSession)
+			if dest == nil {
+				c.ResponseError("destination is missing")
+				return
+			}
+			user.Email = dest.(string)
 		}
-		config.Secret = dest.(string)
-		countryCode := c.GetSession(MfaCountryCodeSession)
-		if countryCode == nil {
-			c.ResponseError("country code is missing")
-			return
+	} else if mfaType == object.SmsType {
+		if user.Phone == "" {
+			dest := c.GetSession(MfaDestSession)
+			if dest == nil {
+				c.ResponseError("destination is missing")
+				return
+			}
+			user.Phone = dest.(string)
+			countryCode := c.GetSession(MfaCountryCodeSession)
+			if countryCode == nil {
+				c.ResponseError("country code is missing")
+				return
+			}
+			user.CountryCode = countryCode.(string)
 		}
-		config.CountryCode = countryCode.(string)
 	}
 	recoveryCodes := c.GetSession(MfaRecoveryCodesSession)
 	if recoveryCodes == nil {
--- a/object/mfa_sms.go
+++ b/object/mfa_sms.go
@ -52,21 +52,10 @@ func (mfa *SmsMfa) Enable(user *User) error {

 	if mfa.MfaType == SmsType {
 		user.MfaPhoneEnabled = true
-		columns = append(columns, "mfa_phone_enabled")
-
-		if user.Phone == "" {
-			user.Phone = mfa.Secret
-			user.CountryCode = mfa.CountryCode
-			columns = append(columns, "phone", "country_code")
-		}
+		columns = append(columns, "mfa_phone_enabled", "phone", "country_code")
 	} else if mfa.MfaType == EmailType {
 		user.MfaEmailEnabled = true
-		columns = append(columns, "mfa_email_enabled")
-
-		if user.Email == "" {
-			user.Email = mfa.Secret
-			columns = append(columns, "email")
-		}
+		columns = append(columns, "mfa_email_enabled", "email")
 	}

 	_, err := UpdateUser(user.GetId(), user, columns, false)