OpenConext · MKodde · Dec 12, 2023 · Jan 17, 2024 · Jan 17, 2024 · Feb 22, 2024
diff --git a/ci/qa/phpstan-baseline.neon b/ci/qa/phpstan-baseline.neon
@@ -2660,14 +2660,19 @@ parameters:
 			count: 2
 			path: ../../src/Surfnet/StepupMiddleware/ApiBundle/Identity/Projector/RecoveryTokenProjector.php
 
+		-
+			message: "#^Cannot access property \\$secondFactorIdentifier on Surfnet\\\\StepupMiddleware\\\\ApiBundle\\\\Identity\\\\Entity\\\\UnverifiedSecondFactor\\|null\\.$#"
+			count: 1
+			path: ../../src/Surfnet/StepupMiddleware/ApiBundle/Identity/Projector/SecondFactorProjector.php
+
 		-
 			message: "#^Parameter \\#1 \\$secondFactor of method Surfnet\\\\StepupMiddleware\\\\ApiBundle\\\\Identity\\\\Repository\\\\UnverifiedSecondFactorRepository\\:\\:remove\\(\\) expects Surfnet\\\\StepupMiddleware\\\\ApiBundle\\\\Identity\\\\Entity\\\\UnverifiedSecondFactor, Surfnet\\\\StepupMiddleware\\\\ApiBundle\\\\Identity\\\\Entity\\\\UnverifiedSecondFactor\\|null given\\.$#"
-			count: 2
+			count: 3
 			path: ../../src/Surfnet/StepupMiddleware/ApiBundle/Identity/Projector/SecondFactorProjector.php
 
 		-
 			message: "#^Parameter \\#1 \\$secondFactor of method Surfnet\\\\StepupMiddleware\\\\ApiBundle\\\\Identity\\\\Repository\\\\VerifiedSecondFactorRepository\\:\\:remove\\(\\) expects Surfnet\\\\StepupMiddleware\\\\ApiBundle\\\\Identity\\\\Entity\\\\VerifiedSecondFactor, Surfnet\\\\StepupMiddleware\\\\ApiBundle\\\\Identity\\\\Entity\\\\VerifiedSecondFactor\\|null given\\.$#"
-			count: 3
+			count: 4
 			path: ../../src/Surfnet/StepupMiddleware/ApiBundle/Identity/Projector/SecondFactorProjector.php
 
 		-

diff --git a/src/Surfnet/StepupMiddleware/ApiBundle/Identity/Projector/SecondFactorProjector.php b/src/Surfnet/StepupMiddleware/ApiBundle/Identity/Projector/SecondFactorProjector.php
@@ -154,10 +154,11 @@ public function applyGssfPossessionProvenAndVerifiedEvent(GssfPossessionProvenAn
 
     public function applyEmailVerifiedEvent(EmailVerifiedEvent $event): void
     {
-        $unverified = $this->unverifiedRepository->find($event->secondFactorId->getSecondFactorId());
-        if (is_null($unverified)) {
+        if ($event->secondFactorType->isU2f()) {
+            // u2f is deprecated so those events shouldn't be handled anymore
             return;
         }
+        $unverified = $this->unverifiedRepository->find($event->secondFactorId->getSecondFactorId());
 
         $verified = new VerifiedSecondFactor();
         $verified->id = $event->secondFactorId->getSecondFactorId();
@@ -250,10 +251,12 @@ protected function applyCompliedWithUnverifiedSecondFactorRevocationEvent(
 
     protected function applyVerifiedSecondFactorRevokedEvent(VerifiedSecondFactorRevokedEvent $event): void
     {
-        $verifiedSecondFactor = $this->verifiedRepository->find($event->secondFactorId->getSecondFactorId());
-        if (is_null($verifiedSecondFactor)) {
+        if ($event->secondFactorType->isU2f()) {
+            // u2f is deprecated so those events shouldn't be handled anymore
             return;
         }
+        $verifiedSecondFactor = $this->verifiedRepository->find($event->secondFactorId->getSecondFactorId());
+
         $this->verifiedRepository->remove($verifiedSecondFactor);
     }