From e7cd00ae8a07e8f0944e1e638d8a3cf84d7061bb Mon Sep 17 00:00:00 2001
From: Ian Dunn <ian@iandunn.name>
Date: Tue, 25 Oct 2022 16:01:39 -0700
Subject: [PATCH] wip - catch decrypt fatal. need to ensure good UX

---
 providers/class-two-factor-totp.php | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/providers/class-two-factor-totp.php b/providers/class-two-factor-totp.php
index 85845497..bc29d5fe 100644
--- a/providers/class-two-factor-totp.php
+++ b/providers/class-two-factor-totp.php
@@ -274,7 +274,17 @@ public function get_user_totp_key( $user_id ) {
 			$user_meta_value = self::encrypt( $user_meta_value, $user_id );
 			update_user_meta( $user_id, self::SECRET_META_KEY, $user_meta_value );
 		}
-		return self::decrypt( $user_meta_value, $user_id );
+
+		try {
+			$decrypted = self::decrypt( $user_meta_value, $user_id );
+		} catch ( RuntimeException $exception ) {
+			$decrypted = '';
+			// todo this is probably wrong.
+			// er maybe not
+			// means that the salt changed, and they need to rotate
+		}
+
+		return $decrypted;
 	}
 
 	/**