fix: Clear pending two factor tokens also from configuration

Otherwise as the tokens were removed from the database but not from the configuration the next time that the tokens were cleared the previous tokens were still got from the configuration, and trying to remove them again from the database ended in a DoesNotExistException being thrown. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2026-06-09 08:44:07 -04:00 · 2024-10-28 10:14:29 +01:00 · 2024-10-28 10:14:29 +01:00 · 381a2aa627
commit 381a2aa627
parent 46abfc6d50
2 changed files with 28 additions and 0 deletions
--- a/lib/private/Authentication/TwoFactorAuth/Manager.php
+++ b/lib/private/Authentication/TwoFactorAuth/Manager.php
@ -366,6 +366,8 @@ class Manager {
 		$tokensNeeding2FA = $this->config->getUserKeys($userId, 'login_token_2fa');

 		foreach ($tokensNeeding2FA as $tokenId) {
+			$this->config->deleteUserValue($userId, 'login_token_2fa', $tokenId);
+
 			$this->tokenProvider->invalidateTokenById($userId, (int)$tokenId);
 		}
 	}
--- a/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php
+++ b/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php
@ -701,4 +701,30 @@ class ManagerTest extends TestCase {

 		$this->assertFalse($this->manager->needsSecondFactor($user));
 	}
+
+	public function testClearTwoFactorPending() {
+		$this->config->method('getUserKeys')
+			->with('theUserId', 'login_token_2fa')
+			->willReturn([
+				'42', '43', '44'
+			]);
+
+		$this->config->expects($this->exactly(3))
+			->method('deleteUserValue')
+			->withConsecutive(
+				['theUserId', 'login_token_2fa', '42'],
+				['theUserId', 'login_token_2fa', '43'],
+				['theUserId', 'login_token_2fa', '44'],
+			);
+
+		$this->tokenProvider->expects($this->exactly(3))
+			->method('invalidateTokenById')
+			->withConsecutive(
+				['theUserId', 42],
+				['theUserId', 43],
+				['theUserId', 44],
+			);
+
+		$this->manager->clearTwoFactorPending('theUserId');
+	}
 }