From 7d8683992b83db396605a7905050b723c02db057 Mon Sep 17 00:00:00 2001
From: Herman van Rink <rink@initfour.nl>
Date: Sun, 12 Jun 2022 17:06:13 +0200
Subject: [PATCH] Squashed commit of the following:
 2558-two-factor-authentication-followup

commit f2f77b2b09a12f34a42319d2edee8ba7448f3e5f
Author: Herman van Rink <rink@initfour.nl>
Date:   Thu May 19 13:36:11 2022 +0200

    Fix indend and add comment

commit 0d12df1f385dbf0c962360ee1dc1008a0a25ffa2
Merge: 66c000346 5bbec2b90
Author: Herman van Rink <rink@initfour.nl>
Date:   Thu May 19 13:34:45 2022 +0200

    Merge remote-tracking branch 'origin/develop' into 2558-two-factor-authentication-followup

commit 66c000346eb7c5bd41fcb9f030b44dd0a8f9b1f1
Author: Herman van Rink <rink@initfour.nl>
Date:   Sat Apr 2 09:13:18 2022 +0200

    Add otp_email_override support

    UI is still to be implemented
---
 interface/web/login/otp.php | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/interface/web/login/otp.php b/interface/web/login/otp.php
index 8b80691da6..53490318d0 100644
--- a/interface/web/login/otp.php
+++ b/interface/web/login/otp.php
@@ -129,6 +129,24 @@ if($_SESSION['otp']['type'] == 'email') {
 	// Send code via email.
 	if (!isset($_SESSION['otp']['sent']) || $_GET['action'] == 'resend') {
 
+		// Handle otp_email_override.
+		$sys_user = $app->db->queryOneRecord('SELECT otp_data FROM sys_user WHERE userid = ?', $_SESSION['s_pending']['user']['userid']);
+		$data = json_decode($sys_user['otp_data'], TRUE);
+
+		if (!empty($data['otp_email_override'] )) {
+			$email_to = $data['otp_email_override'];
+		}
+		else {
+			$clientuser = $app->db->queryOneRecord('SELECT email FROM sys_user u LEFT JOIN client c ON (u.client_id=c.client_id) WHERE u.userid = ?', $_SESSION['s_pending']['user']['userid']);
+			if (!empty($clientuser['email'])) {
+				$email_to = $clientuser['email'];
+			}
+			else {
+				// Admin users are not related to a client, thus use the globally configured email address.
+				$email_to = $mail_config['admin_mail'];
+			}
+		}
+
 		$mail_otp_code_retry_timeout = 30;
 		if (isset($_SESSION['otp']['starttime']) && $_SESSION['otp']['starttime'] > time() - $mail_otp_code_retry_timeout) {
 			$token_sent_message = sprintf($wb['otp_code_email_sent_wait_txt'], $mail_otp_code_retry_timeout);
-- 
GitLab