forked from mirror/pixelfed
Update AccountController, fix 2FA backup code bug
This commit is contained in:
parent
a62a688da9
commit
a231b3c556
1 changed files with 19 additions and 20 deletions
|
@ -513,26 +513,25 @@ class AccountController extends Controller
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function twoFactorBackupCheck($request, $code, User $user)
|
protected function twoFactorBackupCheck($request, $code, User $user)
|
||||||
{
|
{
|
||||||
$backupCodes = $user->{'2fa_backup_codes'};
|
$backupCodes = $user->{'2fa_backup_codes'};
|
||||||
if($backupCodes) {
|
if($backupCodes) {
|
||||||
$codes = json_decode($backupCodes, true);
|
$codes = json_decode($backupCodes, true);
|
||||||
foreach ($codes as $c) {
|
foreach ($codes as $c) {
|
||||||
if(hash_equals($c, $code)) {
|
if(hash_equals($c, $code)) {
|
||||||
$codes = array_flatten(array_diff($codes, [$code]));
|
$codes = array_flatten(array_diff($codes, [$code]));
|
||||||
$user->{'2fa_backup_codes'} = json_encode($codes);
|
$user->{'2fa_backup_codes'} = json_encode($codes);
|
||||||
$user->save();
|
$user->save();
|
||||||
$request->session()->push('2fa.session.active', true);
|
$request->session()->push('2fa.session.active', true);
|
||||||
return true;
|
return true;
|
||||||
} else {
|
}
|
||||||
return false;
|
}
|
||||||
}
|
return false;
|
||||||
}
|
} else {
|
||||||
} else {
|
return false;
|
||||||
return false;
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
public function accountRestored(Request $request)
|
public function accountRestored(Request $request)
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue