From 2c82e15fa1f533dbed7b9966aae41c4ed3d08017 Mon Sep 17 00:00:00 2001
From: Matias Griese <matias@kunena.org>
Date: Thu, 10 May 2018 19:56:56 +0300
Subject: [PATCH] Added authorized support (2FA)

---
 system/src/Grav/Common/Twig/TwigExtension.php | 8 ++++++--
 system/src/Grav/Common/User/User.php          | 4 ++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/system/src/Grav/Common/Twig/TwigExtension.php b/system/src/Grav/Common/Twig/TwigExtension.php
index ae516e8fb..f9446e993 100644
--- a/system/src/Grav/Common/Twig/TwigExtension.php
+++ b/system/src/Grav/Common/Twig/TwigExtension.php
@@ -16,6 +16,7 @@ use Grav\Common\Twig\TokenParser\TwigTokenParserStyle;
 use Grav\Common\Twig\TokenParser\TwigTokenParserSwitch;
 use Grav\Common\Twig\TokenParser\TwigTokenParserTryCatch;
 use Grav\Common\Twig\TokenParser\TwigTokenParserMarkdown;
+use Grav\Common\User\User;
 use Grav\Common\Utils;
 use Grav\Common\Markdown\Parsedown;
 use Grav\Common\Markdown\ParsedownExtra;
@@ -875,7 +876,10 @@ class TwigExtension extends \Twig_Extension implements \Twig_Extension_GlobalsIn
      */
     public function authorize($action)
     {
-        if (!$this->grav['user']->authenticated) {
+        /** @var User $user */
+        $user = $this->grav['user'];
+
+        if (!$user->authenticated || (isset($user->authorized) && !$user->authorized)) {
             return false;
         }
 
@@ -884,7 +888,7 @@ class TwigExtension extends \Twig_Extension implements \Twig_Extension_GlobalsIn
             $prefix = is_int($key) ? '' : $key . '.';
             $perms = $prefix ? (array) $perms : [$perms => true];
             foreach ($perms as $action2 => $authenticated) {
-                if ($this->grav['user']->authorize($prefix . $action2)) {
+                if ($user->authorize($prefix . $action2)) {
                     return $authenticated;
                 }
             }
diff --git a/system/src/Grav/Common/User/User.php b/system/src/Grav/Common/User/User.php
index c1c23464d..c1e628d50 100644
--- a/system/src/Grav/Common/User/User.php
+++ b/system/src/Grav/Common/User/User.php
@@ -62,9 +62,9 @@ class User extends Data
         $files = $account_dir ? array_diff(scandir($account_dir), ['.', '..']) : [];
 
         // Try with username first, you never know!
-        if (in_array('username', $fields)) {
+        if (in_array('username', $fields, true)) {
             $user = User::load($query);
-            unset($fields[array_search('username', $fields)]);
+            unset($fields[array_search('username', $fields, true)]);
         } else {
             $user = User::load('');
         }