Hash backup codes in the database using `password_hash`

[github/wallabag/wallabag.git] / src / Wallabag / CoreBundle / Controller / ConfigController.php

diff --git a/src/Wallabag/CoreBundle/Controller/ConfigController.php b/src/Wallabag/CoreBundle/Controller/ConfigController.php
index ed92c999aed5c2d66aab68ea951c8f7e3f974508..9257ab18df6ad092422e4003701195cf84c9d0c9 100644 (file)
--- a/src/Wallabag/CoreBundle/Controller/ConfigController.php
+++ b/src/Wallabag/CoreBundle/Controller/ConfigController.php
@@ -197,18 +197,25 @@ class ConfigController extends Controller
         }
 
         $user = $this->getUser();
+        $secret = $this->get('scheb_two_factor.security.google_authenticator')->generateSecret();
 
-        if (!$user->isGoogleTwoFactor()) {
-            $secret = $this->get('scheb_two_factor.security.google_authenticator')->generateSecret();
+        $user->setGoogleAuthenticatorSecret($secret);
+        $user->setEmailTwoFactor(false);
 
-            $user->setGoogleAuthenticatorSecret($secret);
-            $user->setEmailTwoFactor(false);
-            $user->setBackupCodes((new BackupCodes())->toArray());
+        $backupCodes = (new BackupCodes())->toArray();
+        $backupCodesHashed = array_map(
+            function ($backupCode) {
+                return password_hash($backupCode, PASSWORD_DEFAULT);
+            },
+            $backupCodes
+        );
 
-            $this->container->get('fos_user.user_manager')->updateUser($user, true);
-        }
+        $user->setBackupCodes($backupCodesHashed);
+
+        $this->container->get('fos_user.user_manager')->updateUser($user, true);
 
         return $this->render('WallabagCoreBundle:Config:otp_app.html.twig', [
+            'backupCodes' => $backupCodes,
             'qr_code' => $this->get('scheb_two_factor.security.google_authenticator')->getQRContent($user),
         ]);
     }