From f30ba514806d23ad196b73dd04f0d0fabc5f9395 Mon Sep 17 00:00:00 2001
From: Herman van Rink <rink@initfour.nl>
Date: Sun, 27 Mar 2022 14:10:17 +0200
Subject: [PATCH] Reduce scope, validation state can later be stored in
 otp_data.

---
 install/sql/incremental/upd_dev_collection.sql | 2 +-
 install/sql/ispconfig3.sql                     | 1 -
 interface/web/login/index.php                  | 2 +-
 3 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/install/sql/incremental/upd_dev_collection.sql b/install/sql/incremental/upd_dev_collection.sql
index c79ab4c5fb..11dc8ff2f1 100644
--- a/install/sql/incremental/upd_dev_collection.sql
+++ b/install/sql/incremental/upd_dev_collection.sql
@@ -1 +1 @@
-ALTER TABLE `sys_user` ADD `otp_enabled` SET('n', 'y','v') NOT NULL DEFAULT 'n' COMMENT 'v=waiting for validation of the chosen otp method' AFTER `lost_password_reqtime`, ADD `otp_type` SET('email') NOT NULL DEFAULT 'email' AFTER `otp_enabled`, ADD `otp_data` VARCHAR(255) NULL AFTER `otp_type`, ADD `otp_recovery` VARCHAR(64) NULL AFTER `otp_data`, ADD `otp_attempts` TINYINT NOT NULL DEFAULT '0' AFTER `otp_recovery`;
+ALTER TABLE `sys_user` ADD `otp_type` SET('email') NOT NULL DEFAULT 'email' AFTER `otp_enabled`, ADD `otp_data` VARCHAR(255) NULL AFTER `otp_type`, ADD `otp_recovery` VARCHAR(64) NULL AFTER `otp_data`, ADD `otp_attempts` TINYINT NOT NULL DEFAULT '0' AFTER `otp_recovery`;
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
index 182f788f55..3c840bae1d 100644
--- a/install/sql/ispconfig3.sql
+++ b/install/sql/ispconfig3.sql
@@ -1842,7 +1842,6 @@ CREATE TABLE `sys_user` (
   `lost_password_function` tinyint(1) NOT NULL default '1',
   `lost_password_hash` VARCHAR(50) NOT NULL default '',
   `lost_password_reqtime` DATETIME NULL default NULL,
-  `otp_enabled` set('n','y','v') NOT NULL DEFAULT 'n',
   `otp_type` set('email') NOT NULL DEFAULT 'email',
   `otp_data` varchar(255) DEFAULT NULL,
   `otp_recovery` varchar(64) DEFAULT NULL,
diff --git a/interface/web/login/index.php b/interface/web/login/index.php
index ad08c92a79..a595d9e2b8 100644
--- a/interface/web/login/index.php
+++ b/interface/web/login/index.php
@@ -138,7 +138,7 @@ function process_login_request(app $app, &$error, $conf, $module)
 		} else {
 
 			//* Do 2FA authentication
-			if($user['otp_enabled'] == 'y') {
+			if($user['otp_type'] != 'none') {
 
 				//* Save session in pending state and destroy original session
 				$_SESSION['s_pending'] = $_SESSION['s'];
-- 
GitLab