From cfacb403712e9582fb05aae3c681ea84ff91969a Mon Sep 17 00:00:00 2001
From: Ivan Shm <van.snezok@gmail.com>
Date: Fri, 9 Jan 2026 11:02:48 +0200
Subject: [PATCH] magento/magento2#39836: Use of --lock-env on bin/magento
 config:set twofactorauth/general/force_providers results in bin/magento
 errors - Fix TypeError in DuoSecurity when force_providers is array

---
 TwoFactorAuth/Model/Provider/Engine/DuoSecurity.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/TwoFactorAuth/Model/Provider/Engine/DuoSecurity.php b/TwoFactorAuth/Model/Provider/Engine/DuoSecurity.php
index 5ede11be..394bf60b 100644
--- a/TwoFactorAuth/Model/Provider/Engine/DuoSecurity.php
+++ b/TwoFactorAuth/Model/Provider/Engine/DuoSecurity.php
@@ -196,7 +196,11 @@ public function verify(UserInterface $user, DataObject $request): bool
     private function isDuoForcedProvider(): bool
     {
         $providers = $this->scopeConfig->getValue('twofactorauth/general/force_providers') ?? '';
-        $forcedProviders = array_map('trim', explode(',', $providers));
+        if (is_array($providers)) {
+            $forcedProviders = array_map('trim', $providers);
+        } else {
+            $forcedProviders = array_map('trim', explode(',', (string)$providers));
+        }
         return in_array(self::CODE, $forcedProviders, true);
     }