Fixes for google 2fa reset strlen

2025-08-29 11:47:37 +10:00 · 2025-08-29 11:47:37 +10:00 · a5562edd36
parent eeb0022342
commit a5562edd36
2 changed files with 2 additions and 2 deletions
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@ -139,7 +139,7 @@ class LoginController extends BaseController
                        ->header('X-App-Version', config('ninja.app_version'))
                        ->header('X-Api-Version', config('ninja.minimum_client_version'));
                }
-            } elseif ($user->google_2fa_secret && !$request->has('one_time_password')) {
+            } elseif (strlen($user->google_2fa_secret ?? '') > 2 && !$request->has('one_time_password')) {
                return response()
                    ->json(['message' => ctrans('texts.invalid_one_time_password')], 401)
                    ->header('X-App-Version', config('ninja.app_version'))
--- a/app/Http/Controllers/TwoFactorController.php
+++ b/app/Http/Controllers/TwoFactorController.php
@ -29,7 +29,7 @@ class TwoFactorController extends BaseController
        /** @var \App\Models\User $user */
        $user = auth()->user();

-        if ($user->google_2fa_secret) {
+        if (strlen($user->google_2fa_secret ?? '') > 2) {
            return response()->json(['message' => '2FA already enabled'], 400);
        } elseif (Ninja::isSelfHost()) {