assert sessioned OTP object

2024-09-20 21:57:13 +02:00 · 2024-09-20 21:57:13 +02:00 · bef6651a3f
Commit bef6651a3f
--- a/Application/Controller/Admin/d3user_totp.php
+++ b/Application/Controller/Admin/d3user_totp.php
@ -99,6 +99,7 @@ class d3user_totp extends AdminDetailsController
                $aParams['d3totp__usetotp'] = 1;
                /** @var d3totp $init */
                $init = Registry::getSession()->getVariable(d3totp_conf::OTP_SESSION_VARNAME);
+                Assert::that($init)->isInstanceOf(d3totp::class, 'D3_TOTP_INITOBJECT_MISSING');
                $seed = $init->getSecret();
                $otp = Registry::getRequest()->getRequestEscapedParameter("otp");