UA-Fediland/pixelfed
2
0
Fork 0
mirror of https://github.com/pixelfed/pixelfed.git synced 2024-11-10 00:34:50 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update AccountController, fix 2FA backup code bug

Browse source
This commit is contained in:
Daniel Supernault 2022-11-14 01:17:41 -07:00
parent a62a688da9
commit a231b3c556
No known key found for this signature in database
GPG key ID: 0DEF1C662C9033F7
1 changed files with 19 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
app/Http/Controllers/AccountController.php
View file

@ -513,26 +513,25 @@ class AccountController extends Controller
} }
} }
protected function twoFactorBackupCheck($request, $code, User $user) protected function twoFactorBackupCheck($request, $code, User $user)
{ {
$backupCodes = $user->{'2fa_backup_codes'}; $backupCodes = $user->{'2fa_backup_codes'};
if($backupCodes) { if($backupCodes) {
$codes = json_decode($backupCodes, true); $codes = json_decode($backupCodes, true);
foreach ($codes as $c) { foreach ($codes as $c) {
if(hash_equals($c, $code)) { if(hash_equals($c, $code)) {
$codes = array_flatten(array_diff($codes, [$code])); $codes = array_flatten(array_diff($codes, [$code]));
$user->{'2fa_backup_codes'} = json_encode($codes); $user->{'2fa_backup_codes'} = json_encode($codes);
$user->save(); $user->save();
$request->session()->push('2fa.session.active', true); $request->session()->push('2fa.session.active', true);
return true; return true;
} else { }
return false; }
} return false;
} } else {
} else { return false;
return false; }
} }
}
public function accountRestored(Request $request) public function accountRestored(Request $request)
{ {