From 7bf2084531e811656c0d0b177554e3863399e8fc Mon Sep 17 00:00:00 2001
From: Jake Fink <jfink@bitwarden.com>
Date: Wed, 17 Jul 2024 16:33:51 -0400
Subject: [PATCH] validate authenticator on set instead of get

---
 src/Api/Auth/Controllers/TwoFactorController.cs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Api/Auth/Controllers/TwoFactorController.cs b/src/Api/Auth/Controllers/TwoFactorController.cs
index 64ff6588ce..575ef81b2e 100644
--- a/src/Api/Auth/Controllers/TwoFactorController.cs
+++ b/src/Api/Auth/Controllers/TwoFactorController.cs
@@ -93,7 +93,7 @@ public class TwoFactorController : Controller
     public async Task<TwoFactorAuthenticatorResponseModel> GetAuthenticator(
         [FromBody] SecretVerificationRequestModel model)
     {
-        var user = await CheckAsync(model, false, false);
+        var user = await CheckAsync(model, false);
         var response = new TwoFactorAuthenticatorResponseModel(user);
         return response;
     }
@@ -103,7 +103,7 @@ public class TwoFactorController : Controller
     public async Task<TwoFactorAuthenticatorResponseModel> PutAuthenticator(
         [FromBody] UpdateTwoFactorAuthenticatorRequestModel model)
     {
-        var user = await CheckAsync(model, false);
+        var user = await CheckAsync(model, false, false);
         model.ToUser(user);
 
         if (!await _userManager.VerifyTwoFactorTokenAsync(user,