From f22148660beb14e73baf1cfcaa16611986a8b151 Mon Sep 17 00:00:00 2001 From: Jussi Aho Date: Thu, 23 Feb 2023 12:49:07 +0200 Subject: [PATCH 1/2] Use correct User model if overwritten in config Two factor authentication doesn't work if the User model has been changed in the config from the modules own model class. This fix gets the correct User model from the class map. --- src/User/Controller/SecurityController.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/User/Controller/SecurityController.php b/src/User/Controller/SecurityController.php index d7a3205..c49cf79 100644 --- a/src/User/Controller/SecurityController.php +++ b/src/User/Controller/SecurityController.php @@ -221,9 +221,10 @@ class SecurityController extends Controller $validators = $module->twoFactorAuthenticationValidators; $credentials = Yii::$app->session->get('credentials'); $login = $credentials['login']; - $user = User::findOne(['email' => $login]); + $userModel = $this->getClassMap()->get(User::class); + $user = $userModel::findOne(['email' => $login]); if ($user == null) { - $user = User::findOne(['username' => $login]); + $user = $userModel::findOne(['username' => $login]); } $tfType = $user->getAuthTfType(); From 9fd6f8da6f6d801154719180ff2cfc6321f5525e Mon Sep 17 00:00:00 2001 From: Jussi Aho Date: Thu, 23 Feb 2023 14:10:30 +0200 Subject: [PATCH 2/2] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index fd32ea3..2ca9ab5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ - Fix: use correct password recovery url in welcome mail and add functionality to plain text version of the mail (@eluhr) - Fix: correct viewPath error in LoginWidget (niciz) - Enh: possibility to call all the api endpoints with either id or username or email (liviuk2) +- Fix: use configured User model in SecurityController 2FA confirmation (jussiaho) ## 1.6.0 January 9, 2023