Problem/Motivation

When anonymous visitors attempt to register themselves, they get an error message. The user is created successfully.
The call $config->get('user_otp_generate_time_window') returns an empty string "".

The creation via the page /admin/people/create is not affected.

Steps to reproduce

  1. Install the module on a fresh Drupal
  2. Never visit the config form of OTP
  3. Log out
  4. Visit /user/register and attempt to create a new user.

Proposed resolution

Fix the TypeError by using the same default as in the config form. This new code at line 147 fixes the problem:

  $hours = $config->get('user_otp_generate_time_window') ?: 3;
  $threshold = $config->get('user_otp_generate_threshold');
  $seconds = 60 * 60 * $hours;
  if (!Drupal::flood()->isAllowed('user_otp', $threshold, $seconds, $account->getEmail())) {
    return FALSE;
  }
  Drupal::flood()->register('user_otp', $seconds, $account->getEmail());

User interface changes

None

CommentFileSizeAuthor
OTP-Error.png169.3 KBgogowitsch

Issue fork otp-3562406

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

gogowitsch created an issue. See original summary.

gogowitsch opened merge request !2

gogowitsch’s picture

gogowitsch commented
Status: Active » Needs review

Please review the merge request !2. I have added the defaults that the form uses to:

  1. The config that gets added when the module is installed.
  2. The code that uses the settings, so the module works even before visiting the config form.

The default email body was very hard to understand. Most of our website visitors would not know what Drupal is. Let’s say registration instead of transaction. Let’s always use the same term for the 6-digit code.