If an authInit() calls fails, skip loading that MFA's extra data

This should help us still allow a user to log in even if the WebAuthn MFA API is down, merely preventing those WebAuthn MFA options from working but allowing the "remember me" cookie and the other MFA options to work.
silinternational · May 15, 2024 · f72df79 · f72df79
1 parent 3ffd754
commit f72df79
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/application/common/models/Mfa.php b/application/common/models/Mfa.php
@@ -76,7 +76,16 @@ public function loadData(string $rpOrigin = '')
     {
         $this->data = [];
         if ($this->verified === 1 && $this->scenario === User::SCENARIO_AUTHENTICATE) {
-            $this->data += $this->authInit($rpOrigin);
+            try {
+                $this->data += $this->authInit($rpOrigin);
+            } catch (\Exception $exception) {
+                \Yii::error([
+                    'action' => 'load ' . $this->type . ' MFA data',
+                    'status' => 'error',
+                    'error' => 'authInit call failed (so skipping it): ' . $exception->getMessage(),
+                    'mfa_id' => $this->id,
+                ]);
+            }
         }
         if ($this->type === self::TYPE_BACKUPCODE || $this->type === self::TYPE_MANAGER) {
             $this->data += ['count' => count($this->mfaBackupcodes)];