From 16e023985d2446013bc0e35822dc55a3c2305e27 Mon Sep 17 00:00:00 2001
From: Dan Brown <ssddanbrown@googlemail.com>
Date: Mon, 30 May 2022 18:31:08 +0100
Subject: [PATCH] Prevented inadvertant logging during MFA flow

- Added StoppedAuthenticationException to dontReport list.
- Added test to cover.

Closes #3468
---
 app/Exceptions/Handler.php         |  1 +
 tests/Auth/MfaVerificationTest.php | 10 ++++++++++
 2 files changed, 11 insertions(+)

diff --git a/app/Exceptions/Handler.php b/app/Exceptions/Handler.php
index 317b011d8..187664f9e 100644
--- a/app/Exceptions/Handler.php
+++ b/app/Exceptions/Handler.php
@@ -21,6 +21,7 @@ class Handler extends ExceptionHandler
      */
     protected $dontReport = [
         NotFoundException::class,
+        StoppedAuthenticationException::class,
     ];
 
     /**
diff --git a/tests/Auth/MfaVerificationTest.php b/tests/Auth/MfaVerificationTest.php
index 9a6106243..7286a1de8 100644
--- a/tests/Auth/MfaVerificationTest.php
+++ b/tests/Auth/MfaVerificationTest.php
@@ -241,6 +241,16 @@ class MfaVerificationTest extends TestCase
         }
     }
 
+    public function test_login_mfa_interception_does_not_log_error()
+    {
+        $logHandler = $this->withTestLogger();
+
+        [$user, $secret, $loginResp] = $this->startTotpLogin();
+
+        $loginResp->assertRedirect('/mfa/verify');
+        $this->assertFalse($logHandler->hasErrorRecords());
+    }
+
     /**
      * @return array<User, string, TestResponse>
      */