From ae53dc5c60ecade85293656af4ab199d3534aa4e Mon Sep 17 00:00:00 2001
From: Dejan Savuljesku <d.savuljesku@gmail.com>
Date: Wed, 4 Sep 2019 13:15:17 +0200
Subject: [PATCH] Make sure key is of correct type before running operations on
 it

Bug: T231786
Change-Id: I54aad0753fa3eda48e7f382b27b1c89069f40d36
---
 src/HTMLForm/TOTPEnableForm.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/HTMLForm/TOTPEnableForm.php b/src/HTMLForm/TOTPEnableForm.php
index af4ca25e..a3dd1860 100644
--- a/src/HTMLForm/TOTPEnableForm.php
+++ b/src/HTMLForm/TOTPEnableForm.php
@@ -5,10 +5,11 @@ namespace MediaWiki\Extension\OATHAuth\HTMLForm;
 use MediaWiki\Extension\OATHAuth\Key\TOTPKey;
 use MediaWiki\Logger\LoggerFactory;
 use Html;
+use Status;
 
 class TOTPEnableForm extends OATHAuthOOUIHTMLForm implements IManageForm {
 	/**
-	 * @param array|bool|\Status|string $submitResult
+	 * @param array|bool|Status|string $submitResult
 	 * @return string
 	 */
 	public function getHTML( $submitResult ) {
@@ -28,7 +29,7 @@ class TOTPEnableForm extends OATHAuthOOUIHTMLForm implements IManageForm {
 	protected function getDescriptors() {
 		$key = $this->getRequest()->getSessionData( 'oathauth_totp_key' );
 
-		if ( $key === null ) {
+		if ( !$key instanceof TOTPKey ) {
 			$key = TOTPKey::newFromRandom();
 			$this->getRequest()->setSessionData( 'oathauth_totp_key', $key );
 		}