app/Policies/OwnershipTrait contains a bug, i think

[doctor-beat]

Version

2FAuth – v5.0.4

Details & Steps to reproduce

app/Policies/OwnershipTrait line 16 contains a bug, i think. In my case the $item->user_id is a string with does not make it triple equal to $user->id

When i wrap the $item->user_id in a intval() the class starts working.

It appears to bethe same issue as described here: #305

Expectation

no errors when clicking the sfauth key.

Error & Logs

No response

Execution environment

No response

Containerization

• Docker

Additional information

No response

[Bubka]

Hi,

what db are you using?
I can't reproduce using mysql.

edit: also tested with sqlite, can't reproduce either

[Bubka]

Can you please confirm you have this line in log files (see /2fauth/storage/logs/*.log:

User ID #x cannot view twofaccount ID #y

[doctor-beat]

Hi,

1. we are on mysql, both columns in db are in fact integer types
2. php 8.2
3. yes those are in the logs and are what triggered me to locate the issue:

[2024-03-12 16:38:55] production.NOTICE: User isOwner of with ID #integer vs twofaccount ID #string: [2024-03-12 16:38:55] production.NOTICE: User ID #3 cannot view twofaccount ID #3 [2024-03-12 16:40:45] production.NOTICE: User isOwner of with ID #integer vs twofaccount ID #string:

I have added an extra line of logging for personal debugging

[Bubka]

Ok, thx for the env setup.
I´m going to make more testing, I would like to understand why types are not consistent from one setup to another 🤔

[doctor-beat]

yes, thanks. I i can be of any help let me know. I am a java//php dev as well.

[Bubka]

Well, I cannot reproduce, even with the exact same setup. What page do you load while debugging the trait?

[Bubka]

Could you please try this fix for me ?

Edit 2fauth_install_dir/app/Models/TwoFAccount.php.
Line 148, set the $casts like this:

    protected $casts = [
        'user_id' => 'integer',
    ];

Thx

[doctor-beat]

That fixes the issue, triple equality is now comparing two integers

[Bubka]

Ok thanks 👍🏻