Added check if the peer is enabled and if it uses a password, a password check is required to set the otp post registration

2025-01-29 15:40:14 -05:00 · 2025-01-29 15:40:14 -05:00 · b1c669dfa8
commit b1c669dfa8
parent 7809f32a5e
1 changed files with 12 additions and 4 deletions
--- a/src/Socialbox/Classes/StandardMethods/SettingsSetOtp.php
+++ b/src/Socialbox/Classes/StandardMethods/SettingsSetOtp.php
@ -37,14 +37,22 @@
                throw new StandardException('Failed to check One Time Password due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
            }

+            if($peer->isEnabled())
+            {
                try
                {
+                    // If the peer is disabled, the password is not used because we assume the peer is registering
                    $usesPassword = PasswordManager::usesPassword($peer);
                }
                catch (DatabaseOperationException $e)
                {
                    throw new StandardException('Failed to check password usage due to an internal exception', StandardError::INTERNAL_SERVER_ERROR, $e);
                }
+            }
+            else
+            {
+                $usesPassword = false;
+            }

            // Password verification is required to set an OTP if a password is set
            if($usesPassword)