From 8a65eb8e4abdc4599d6ec8006f4d87e74a02e05d Mon Sep 17 00:00:00 2001 From: joel Date: Mon, 30 Sep 2024 22:13:15 +0200 Subject: [PATCH] fix: move expiry check into validate factors --- internal/api/mfa.go | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/internal/api/mfa.go b/internal/api/mfa.go index 7f1eef3bc..d6158e964 100644 --- a/internal/api/mfa.go +++ b/internal/api/mfa.go @@ -71,6 +71,9 @@ const ( ) func validateFactors(db *storage.Connection, user *models.User, newFactorName string, config *conf.GlobalConfiguration, session *models.Session) error { + if err := models.DeleteExpiredFactors(db, config.MFA.FactorExpiryDuration); err != nil { + return err + } if err := db.Load(user, "Factors"); err != nil { return err } @@ -106,7 +109,6 @@ func validateFactors(db *storage.Connection, user *models.User, newFactorName st func (a *API) enrollPhoneFactor(w http.ResponseWriter, r *http.Request, params *EnrollFactorParams) error { ctx := r.Context() - config := a.config user := getUser(ctx) session := getSession(ctx) db := a.db.WithContext(ctx) @@ -118,9 +120,6 @@ func (a *API) enrollPhoneFactor(w http.ResponseWriter, r *http.Request, params * if err != nil { return badRequestError(ErrorCodeValidationFailed, "Invalid phone number format (E.164 required)") } - if err := models.DeleteExpiredFactors(db, config.MFA.FactorExpiryDuration); err != nil { - return err - } var factorsToDelete []models.Factor for _, factor := range user.Factors { @@ -185,10 +184,6 @@ func (a *API) enrollTOTPFactor(w http.ResponseWriter, r *http.Request, params *E issuer = params.Issuer } - if err := models.DeleteExpiredFactors(db, config.MFA.FactorExpiryDuration); err != nil { - return err - } - if err := validateFactors(db, user, params.FriendlyName, config, session); err != nil { return err }