From d2066dd2dce31bd6a836999732ab50187f7a0dfa Mon Sep 17 00:00:00 2001
From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com>
Date: Thu, 24 Oct 2024 16:21:22 +0200
Subject: [PATCH] fix password is now checked before a user can disable 2 step
 confirmation

---
 app/Livewire/Settings/Index.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/app/Livewire/Settings/Index.php b/app/Livewire/Settings/Index.php
index 9747329f6..938d0e548 100644
--- a/app/Livewire/Settings/Index.php
+++ b/app/Livewire/Settings/Index.php
@@ -5,6 +5,8 @@ namespace App\Livewire\Settings;
 use App\Jobs\CheckForUpdatesJob;
 use App\Models\InstanceSettings;
 use App\Models\Server;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Hash;
 use Livewire\Component;
 
 class Index extends Component
@@ -185,8 +187,14 @@ class Index extends Component
         return view('livewire.settings.index');
     }
 
-    public function toggleTwoStepConfirmation()
+    public function toggleTwoStepConfirmation($password)
     {
+        if (! Hash::check($password, Auth::user()->password)) {
+            $this->addError('password', 'The provided password is incorrect.');
+
+            return;
+        }
+
         $this->settings->disable_two_step_confirmation = true;
         $this->settings->save();
         $this->disable_two_step_confirmation = true;