From: Dan Brown <redacted>
Date: Mon, 30 May 2022 17:31:08 +0000 (+0100)
Subject: Prevented inadvertant logging during MFA flow
X-Git-Tag: v22.06~1^2~20
X-Git-Url: http://source.bookstackapp.com/bookstack/commitdiff_plain/16e023985d2446013bc0e35822dc55a3c2305e27

Prevented inadvertant logging during MFA flow

- Added StoppedAuthenticationException to dontReport list.
- Added test to cover.

Closes #3468
---

diff --git a/app/Exceptions/Handler.php b/app/Exceptions/Handler.php
index 317b011d8..187664f9e 100644
--- a/app/Exceptions/Handler.php
+++ b/app/Exceptions/Handler.php
@@ -21,6 +21,7 @@ class Handler extends ExceptionHandler
      */
     protected $dontReport = [
         NotFoundException::class,
+        StoppedAuthenticationException::class,
     ];
 
     /**
diff --git a/tests/Auth/MfaVerificationTest.php b/tests/Auth/MfaVerificationTest.php
index 9a6106243..7286a1de8 100644
--- a/tests/Auth/MfaVerificationTest.php
+++ b/tests/Auth/MfaVerificationTest.php
@@ -241,6 +241,16 @@ class MfaVerificationTest extends TestCase
         }
     }
 
+    public function test_login_mfa_interception_does_not_log_error()
+    {
+        $logHandler = $this->withTestLogger();
+
+        [$user, $secret, $loginResp] = $this->startTotpLogin();
+
+        $loginResp->assertRedirect('/mfa/verify');
+        $this->assertFalse($logHandler->hasErrorRecords());
+    }
+
     /**
      * @return array<User, string, TestResponse>
      */