From a231b3c55661a394b7fa2f8cffdf21a3b628d4ac Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Mon, 14 Nov 2022 01:17:41 -0700 Subject: [PATCH] Update AccountController, fix 2FA backup code bug --- app/Http/Controllers/AccountController.php | 39 +++++++++++----------- 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/app/Http/Controllers/AccountController.php b/app/Http/Controllers/AccountController.php index 0d3177b9..89f46e04 100644 --- a/app/Http/Controllers/AccountController.php +++ b/app/Http/Controllers/AccountController.php @@ -513,26 +513,25 @@ class AccountController extends Controller } } - protected function twoFactorBackupCheck($request, $code, User $user) - { - $backupCodes = $user->{'2fa_backup_codes'}; - if($backupCodes) { - $codes = json_decode($backupCodes, true); - foreach ($codes as $c) { - if(hash_equals($c, $code)) { - $codes = array_flatten(array_diff($codes, [$code])); - $user->{'2fa_backup_codes'} = json_encode($codes); - $user->save(); - $request->session()->push('2fa.session.active', true); - return true; - } else { - return false; - } - } - } else { - return false; - } - } + protected function twoFactorBackupCheck($request, $code, User $user) + { + $backupCodes = $user->{'2fa_backup_codes'}; + if($backupCodes) { + $codes = json_decode($backupCodes, true); + foreach ($codes as $c) { + if(hash_equals($c, $code)) { + $codes = array_flatten(array_diff($codes, [$code])); + $user->{'2fa_backup_codes'} = json_encode($codes); + $user->save(); + $request->session()->push('2fa.session.active', true); + return true; + } + } + return false; + } else { + return false; + } + } public function accountRestored(Request $request) {