Fix 2FA becoming enabled when the user inputs the wrong code during setup (apache#7972)

winterhazel · web-flow · commit ef742210b5d0 · 2023-09-26T08:59:11.000+02:00
diff --git a/server/src/main/java/com/cloud/user/AccountManagerImpl.java b/server/src/main/java/com/cloud/user/AccountManagerImpl.java
@@ -3259,7 +3259,7 @@ public void verifyUsingTwoFactorAuthenticationCode(final String code, final Long
                 _userDetailsDao.update(userDetailVO.getId(), userDetailVO);
             }
         } catch (CloudTwoFactorAuthenticationException e) {
-            UserDetailVO userDetailVO = _userDetailsDao.findDetail(userAccountId, "2FAsetupComplete");
+            UserDetailVO userDetailVO = _userDetailsDao.findDetail(userAccountId, UserDetailVO.Setup2FADetail);
             if (userDetailVO != null && userDetailVO.getValue().equals(UserAccountVO.Setup2FAstatus.ENABLED.name())) {
                 disableTwoFactorAuthentication(userAccountId, caller, owner);
             }

Original file line number	Diff line number	Diff line change
`@@ -3259,7 +3259,7 @@ public void verifyUsingTwoFactorAuthenticationCode(final String code, final Long`
`3259`	`3259`	`_userDetailsDao.update(userDetailVO.getId(), userDetailVO);`
`3260`	`3260`	`}`
`3261`	`3261`	`} catch (CloudTwoFactorAuthenticationException e) {`
`3262`		`- UserDetailVO userDetailVO = _userDetailsDao.findDetail(userAccountId, "2FAsetupComplete");`
	`3262`	`+ UserDetailVO userDetailVO = _userDetailsDao.findDetail(userAccountId, UserDetailVO.Setup2FADetail);`
`3263`	`3263`	`if (userDetailVO != null && userDetailVO.getValue().equals(UserAccountVO.Setup2FAstatus.ENABLED.name())) {`
`3264`	`3264`	`disableTwoFactorAuthentication(userAccountId, caller, owner);`
`3265`	`3265`	`}`