two factor getData exception

application/Espo/Core/Authentication/TwoFactor/Exceptions/NotConfigured.php

@@ -0,0 +1,35 @@
+<?php
+/************************************************************************
+ * This file is part of EspoCRM.
+ *
+ * EspoCRM - Open Source CRM application.
+ * Copyright (C) 2014-2023 Yurii Kuznietsov, Taras Machyshyn, Oleksii Avramenko
+ * Website: https://www.espocrm.com
+ *
+ * EspoCRM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * EspoCRM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with EspoCRM. If not, see http://www.gnu.org/licenses/.
+ *
+ * The interactive user interfaces in modified source and object code versions
+ * of this program must display Appropriate Legal Notices, as required under
+ * Section 5 of the GNU General Public License version 3.
+ *
+ * In accordance with Section 7(b) of the GNU General Public License version 3,
+ * these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
+ ************************************************************************/
+
+namespace Espo\Core\Authentication\TwoFactor\Exceptions;
+
+use Exception;
+
+class NotConfigured extends Exception
+{}

application/Espo/Core/Authentication/TwoFactor/Sms/SmsUserSetup.php

@@ -29,7 +29,9 @@
 
 namespace Espo\Core\Authentication\TwoFactor\Sms;
 
+use Espo\Core\Authentication\TwoFactor\Exceptions\NotConfigured;
 use Espo\Core\Exceptions\BadRequest;
+use Espo\Core\Portal\Utils\Config;
 use Espo\Entities\User;
 use Espo\Core\Authentication\TwoFactor\UserSetup;
 
@@ -40,11 +42,17 @@ use stdClass;
  */
 class SmsUserSetup implements UserSetup
 {
-    public function __construct(private Util $util)
-    {}
+    public function __construct(
+        private Util $util,
+        private Config $config
+    ) {}
 
     public function getData(User $user): stdClass
     {
+        if (!$this->config->get('smsProvider')) {
+            throw new NotConfigured("No SMS provider. Need to configure an SMS provider.");
+        }
+
         return (object) [
             'phoneNumberList' => $user->getPhoneNumberGroup()->getNumberList(),
         ];

application/Espo/Core/Authentication/TwoFactor/UserSetup.php

@@ -29,6 +29,7 @@
 
 namespace Espo\Core\Authentication\TwoFactor;
 
+use Espo\Core\Authentication\TwoFactor\Exceptions\NotConfigured;
 use Espo\Core\Exceptions\BadRequest;
 use Espo\Entities\User;
 
@@ -41,6 +42,8 @@ interface UserSetup
 {
     /**
      * Get data needed for configuration for a user. Data will be passed to the front-end.
+     *
+     * @throws NotConfigured
      */
     public function getData(User $user): stdClass;
 

application/Espo/Core/Sms/SenderFactory.php

@@ -59,7 +59,7 @@ class SenderFactory implements Factory
         $className = $this->metadata->get(['app', 'smsProviders', $provider, 'senderClassName']);
 
         if (!$className) {
-            throw new RuntimeException("No `senderClassName` for '{$provider}' provider.");
+            throw new RuntimeException("No `senderClassName` for '$provider' provider.");
         }
 
         return $this->injectableFactory->create($className);

application/Espo/Core/Sms/SmsSender.php

@@ -29,17 +29,31 @@
 
 namespace Espo\Core\Sms;
 
+use Espo\Core\InjectableFactory;
 use Espo\Entities\Sms as SmsEntity;
-
 use Espo\Core\Utils\Config;
 
 class SmsSender
 {
+    private ?Sender $sender;
+
     public function __construct(
-        private Sender $sender,
+        private InjectableFactory $injectableFactory,
         private Config $config
     ) {}
 
+    private function getSender(): Sender
+    {
+        if ($this->sender === null) {
+            // Sender factory can throw an exception (if no 'smsProvider' in config).
+            // Better it be thrown when sending rather than when instantiating
+            // constructor dependencies.
+            $this->sender = $this->injectableFactory->createResolved(Sender::class);
+        }
+
+        return $this->sender;
+    }
+
     public function send(SmsEntity $sms): void
     {
         $systemFromNumber = $this->config->get('outboundSmsFromNumber');
@@ -48,7 +62,7 @@ class SmsSender
             $sms->setFromNumber($systemFromNumber);
         }
 
-        $this->sender->send($sms);
+        $this->getSender()->send($sms);
 
         $sms->setAsSent();
     }

application/Espo/Tools/UserSecurity/Service.php

@@ -29,6 +29,7 @@
 
 namespace Espo\Tools\UserSecurity;
 
+use Espo\Core\Authentication\TwoFactor\Exceptions\NotConfigured;
 use Espo\Core\Exceptions\Forbidden;
 use Espo\Core\Exceptions\NotFound;
 use Espo\Core\Exceptions\BadRequest;
@@ -147,9 +148,14 @@ class Service
             throw new BadRequest();
         }
 
-        $clientData = $this->twoFactorUserSetupFactory
-            ->create($auth2FAMethod)
-            ->getData($user);
+        try {
+            $clientData = $this->twoFactorUserSetupFactory
+                ->create($auth2FAMethod)
+                ->getData($user);
+        }
+        catch (NotConfigured $e) {
+            throw new Forbidden($e->getMessage());
+        }
 
         if ($isReset) {
             $userData = $this->getUserDataRepository()->getByUserId($id);