diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini index 5e5363726701a..a64716beaf5fd 100644 --- a/options/locale/locale_en-US.ini +++ b/options/locale/locale_en-US.ini @@ -625,6 +625,7 @@ or_enter_secret = Or enter the secret: %s then_enter_passcode = And enter the passcode shown in the application: passcode_invalid = The passcode is incorrect. Try again. twofa_enrolled = Your account has been enrolled into two-factor authentication. Store your scratch token (%s) in a safe place as it is only shown once! +twofa_failed_get_secret = Failed to get secret. u2f_desc = Security keys are hardware devices containing cryptographic keys. They can be used for two-factor authentication. Security keys must support the FIDO U2F standard. u2f_require_twofa = Your account must be enrolled in two-factor authentication to use security keys. diff --git a/routers/user/setting/security_twofa.go b/routers/user/setting/security_twofa.go index 925fc2a443001..3f4c8f6c3f22a 100644 --- a/routers/user/setting/security_twofa.go +++ b/routers/user/setting/security_twofa.go @@ -189,7 +189,14 @@ func EnrollTwoFactorPost(ctx *context.Context, form auth.TwoFactorAuthForm) { return } - secret := ctx.Session.Get("twofaSecret").(string) + secretRaw := ctx.Session.Get("twofaSecret") + if secretRaw == nil { + ctx.Flash.Error(ctx.Tr("settings.twofa_failed_get_secret")) + ctx.Redirect(setting.AppSubURL + "/user/settings/security/two_factor/enroll") + return + } + + secret := secretRaw.(string) if !totp.Validate(form.Passcode, secret) { if !twofaGenerateSecretAndQr(ctx) { return