From 6646a0a9fafd891d36fa3b0fafb9675ec26aa039 Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Tue, 28 Jan 2025 09:21:59 +0100
Subject: [PATCH] Fix parameter validation in our custom devise strategies
 (#33754)

---
 lib/devise/strategies/two_factor_ldap_authenticatable.rb | 2 +-
 lib/devise/strategies/two_factor_pam_authenticatable.rb  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/devise/strategies/two_factor_ldap_authenticatable.rb b/lib/devise/strategies/two_factor_ldap_authenticatable.rb
index c8258deb16..2efd1323a8 100644
--- a/lib/devise/strategies/two_factor_ldap_authenticatable.rb
+++ b/lib/devise/strategies/two_factor_ldap_authenticatable.rb
@@ -23,7 +23,7 @@ module Devise
       protected
 
       def valid_params?
-        params[scope] && params[scope][:password].present?
+        params[scope].is_a?(Hash) && params[scope][:password].present?
       end
     end
   end
diff --git a/lib/devise/strategies/two_factor_pam_authenticatable.rb b/lib/devise/strategies/two_factor_pam_authenticatable.rb
index 7263ba354a..2164b03234 100644
--- a/lib/devise/strategies/two_factor_pam_authenticatable.rb
+++ b/lib/devise/strategies/two_factor_pam_authenticatable.rb
@@ -22,7 +22,7 @@ module Devise
       protected
 
       def valid_params?
-        params[scope].respond_to?(:[]) && params[scope][:password].present?
+        params[scope].is_a?(Hash) && params[scope][:password].present?
       end
     end
   end