Display error if twofaSecret cannot be retrieved (#14372)

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 5e5363726701ada09766d29a2bf6be30aa50507a..a64716beaf5fd503edbf45cda21a998efd9247f5 100644 (file)
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -625,6 +625,7 @@ or_enter_secret = Or enter the secret: %s
 then_enter_passcode = And enter the passcode shown in the application:
 passcode_invalid = The passcode is incorrect. Try again.
 twofa_enrolled = Your account has been enrolled into two-factor authentication. Store your scratch token (%s) in a safe place as it is only shown once!
+twofa_failed_get_secret = Failed to get secret.
 
 u2f_desc = Security keys are hardware devices containing cryptographic keys. They can be used for two-factor authentication. Security keys must support the <a rel="noreferrer" href="https://fidoalliance.org/">FIDO U2F</a> standard.
 u2f_require_twofa = Your account must be enrolled in two-factor authentication to use security keys.

diff --git a/routers/user/setting/security_twofa.go b/routers/user/setting/security_twofa.go
index 925fc2a443001602c58f5959d0e4672f45b60bc8..3f4c8f6c3f22ad1974b486a7726de8ff3c4de0c2 100644 (file)
--- a/routers/user/setting/security_twofa.go
+++ b/routers/user/setting/security_twofa.go
@@ -189,7 +189,14 @@ func EnrollTwoFactorPost(ctx *context.Context, form auth.TwoFactorAuthForm) {
                return
        }
 
-       secret := ctx.Session.Get("twofaSecret").(string)
+       secretRaw := ctx.Session.Get("twofaSecret")
+       if secretRaw == nil {
+               ctx.Flash.Error(ctx.Tr("settings.twofa_failed_get_secret"))
+               ctx.Redirect(setting.AppSubURL + "/user/settings/security/two_factor/enroll")
+               return
+       }
+
+       secret := secretRaw.(string)
        if !totp.Validate(form.Passcode, secret) {
                if !twofaGenerateSecretAndQr(ctx) {
                        return