Merge pull request #6280 from WoltLab/6.1-fix-race-condition-in-email-mfa

Fix race condition in `EmailMultifactorMethod`

Author: BurntimeX

wcfsetup/install/files/lib/system/user/multifactor/EmailMultifactorMethod.class.php

@@ -238,40 +238,24 @@ public function createAuthenticationForm(IFormDocument $form, Setup $setup): voi
      */
     public function processAuthenticationForm(IFormDocument $form, Setup $setup): void
     {
-        $userCode = $form->getData()['data']['code'];
-
-        $sql = "SELECT  code
-                FROM    wcf1_user_multifactor_email
-                WHERE   setupID = ?
-                    AND createTime > ?
-                FOR UPDATE";
-        $statement = WCF::getDB()->prepare($sql);
-        $statement->execute([
+        $this->invalidateUsedCode(
             $setup->getId(),
-            (\TIME_NOW - self::LIFETIME),
-        ]);
-        $codes = $statement->fetchAll(\PDO::FETCH_ASSOC);
-
-        $usedCode = $this->findValidCode($userCode, $codes);
-
-        if ($usedCode === null) {
-            throw new \RuntimeException('Unable to find a valid code.');
-        }
+            $form->getData()['data']['code']
+        );
+    }
 
+    private function invalidateUsedCode(int $id, string $code): void
+    {
         $sql = "DELETE FROM wcf1_user_multifactor_email
                 WHERE       setupID = ?
                         AND createTime > ?
                         AND code = ?";
         $statement = WCF::getDB()->prepare($sql);
         $statement->execute([
-            $setup->getId(),
+            $id,
             (\TIME_NOW - self::LIFETIME),
-            $usedCode['code'],
+            $code,
         ]);
-
-        if ($statement->getAffectedRows() !== 1) {
-            throw new \RuntimeException('Unable to invalidate the code.');
-        }
     }
 
     /**