Simplifying TFA Validation Logic in MapIdentityApi (#57989)

pwuexec · captainsafia · commit 689e53069104 · 2025-02-11T12:58:11.000-08:00
diff --git a/src/Identity/Core/src/IdentityApiEndpointRouteBuilderExtensions.cs b/src/Identity/Core/src/IdentityApiEndpointRouteBuilderExtensions.cs
@@ -274,12 +274,14 @@ await signInManager.ValidateSecurityStampAsync(refreshTicket.Principal) is not T
                     return CreateValidationProblem("CannotResetSharedKeyAndEnable",
                         "Resetting the 2fa shared key must disable 2fa until a 2fa token based on the new shared key is validated.");
                 }
-                else if (string.IsNullOrEmpty(tfaRequest.TwoFactorCode))
+
+                if (string.IsNullOrEmpty(tfaRequest.TwoFactorCode))
                 {
                     return CreateValidationProblem("RequiresTwoFactor",
                         "No 2fa token was provided by the request. A valid 2fa token is required to enable 2fa.");
                 }
-                else if (!await userManager.VerifyTwoFactorTokenAsync(user, userManager.Options.Tokens.AuthenticatorTokenProvider, tfaRequest.TwoFactorCode))
+
+                if (!await userManager.VerifyTwoFactorTokenAsync(user, userManager.Options.Tokens.AuthenticatorTokenProvider, tfaRequest.TwoFactorCode))
                 {
                     return CreateValidationProblem("InvalidTwoFactorCode",
                         "The 2fa token provided by the request was invalid. A valid 2fa token is required to enable 2fa.");

Original file line number	Diff line number	Diff line change
`@@ -274,12 +274,14 @@ await signInManager.ValidateSecurityStampAsync(refreshTicket.Principal) is not T`
`274`	`274`	`return CreateValidationProblem("CannotResetSharedKeyAndEnable",`
`275`	`275`	`"Resetting the 2fa shared key must disable 2fa until a 2fa token based on the new shared key is validated.");`
`276`	`276`	`}`
`277`		`- else if (string.IsNullOrEmpty(tfaRequest.TwoFactorCode))`
	`277`	`+`
	`278`	`+ if (string.IsNullOrEmpty(tfaRequest.TwoFactorCode))`
`278`	`279`	`{`
`279`	`280`	`return CreateValidationProblem("RequiresTwoFactor",`
`280`	`281`	`"No 2fa token was provided by the request. A valid 2fa token is required to enable 2fa.");`
`281`	`282`	`}`
`282`		`- else if (!await userManager.VerifyTwoFactorTokenAsync(user, userManager.Options.Tokens.AuthenticatorTokenProvider, tfaRequest.TwoFactorCode))`
	`283`	`+`
	`284`	`+ if (!await userManager.VerifyTwoFactorTokenAsync(user, userManager.Options.Tokens.AuthenticatorTokenProvider, tfaRequest.TwoFactorCode))`
`283`	`285`	`{`
`284`	`286`	`return CreateValidationProblem("InvalidTwoFactorCode",`
`285`	`287`	`"The 2fa token provided by the request was invalid. A valid 2fa token is required to enable 2fa.");`