+
+ /**
+ * Try to find a backup code from the list of backup codes of the current user.
+ *
+ * @param string $code Given code from the user
+ *
+ * @return string|false
+ */
+ private function findBackupCode(string $code)
+ {
+ foreach ($this->backupCodes as $key => $backupCode) {
+ // backup code are hashed using `password_hash`
+ // see ConfigController->otpAppAction
+ if (password_verify($code, $backupCode)) {
+ return $key;
+ }
+ }
+
+ return false;
+ }