1 files changed, 24 insertions, 4 deletions

diff --git a/routers/user/setting/security_twofa.go b/routers/user/setting/security_twofa.go
index fca1151a04..6e3516dbba 100644
--- a/routers/user/setting/security_twofa.go
+++ b/routers/user/setting/security_twofa.go
@@ -73,6 +73,10 @@ func twofaGenerateSecretAndQr(ctx *context.Context) bool {
 	uri := ctx.Session.Get("twofaUri")
 	if uri != nil {
 		otpKey, err = otp.NewKeyFromURL(uri.(string))
+		if err != nil {
+			ctx.ServerError("SettingsTwoFactor: NewKeyFromURL: ", err)
+			return false
+		}
 	}
 	// Filter unsafe character ':' in issuer
 	issuer := strings.Replace(setting.AppName+" ("+setting.Domain+")", ":", "", -1)
@@ -103,8 +107,16 @@ func twofaGenerateSecretAndQr(ctx *context.Context) bool {
 	}
 
 	ctx.Data["QrUri"] = template.URL("data:image/png;base64," + base64.StdEncoding.EncodeToString(imgBytes.Bytes()))
-	ctx.Session.Set("twofaSecret", otpKey.Secret())
-	ctx.Session.Set("twofaUri", otpKey.String())
+	err = ctx.Session.Set("twofaSecret", otpKey.Secret())
+	if err != nil {
+		ctx.ServerError("SettingsTwoFactor", err)
+		return false
+	}
+	err = ctx.Session.Set("twofaUri", otpKey.String())
+	if err != nil {
+		ctx.ServerError("SettingsTwoFactor", err)
+		return false
+	}
 	return true
 }
 
@@ -184,8 +196,16 @@ func EnrollTwoFactorPost(ctx *context.Context, form auth.TwoFactorAuthForm) {
 		return
 	}
 
-	ctx.Session.Delete("twofaSecret")
-	ctx.Session.Delete("twofaUri")
+	err = ctx.Session.Delete("twofaSecret")
+	if err != nil {
+		ctx.ServerError("SettingsTwoFactor", err)
+		return
+	}
+	err = ctx.Session.Delete("twofaUri")
+	if err != nil {
+		ctx.ServerError("SettingsTwoFactor", err)
+		return
+	}
 	ctx.Flash.Success(ctx.Tr("settings.twofa_enrolled", token))
 	ctx.Redirect(setting.AppSubURL + "/user/settings/security")
 }