prevent password record with 2FA but without otpSecret

phoenixctms · Mar 7, 2024 · 90c28c2 · 90c28c2
1 parent 5e1c30e
commit 90c28c2
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/core/src/main/java/org/phoenixctms/ctsms/util/ServiceUtil.java b/core/src/main/java/org/phoenixctms/ctsms/util/ServiceUtil.java
@@ -1906,7 +1906,11 @@ public static Password createPassword(boolean resetLogons, boolean resetOtpSecre
 			password.setShowOtpRegistrationInfo(false);
 		}
 		if (!resetOtpSecret && password.getOtpType() != null && lastPassword != null) {
-			resetOtpSecret = !password.getOtpType().equals(lastPassword.getOtpType());
+			if (lastPassword.getEncryptedOtpSecret() != null && lastPassword.getEncryptedOtpSecret().length > 0) {
+				resetOtpSecret = !password.getOtpType().equals(lastPassword.getOtpType());
+			} else {
+				resetOtpSecret = true;
+			}
 		}
 		if (resetOtpSecret) {
 			if (password.getOtpType() != null) {