*/
public function isBackupCode(string $code): bool
{
- return \in_array($code, $this->backupCodes, true);
+ return false === $this->findBackupCode($code) ? false : true;
}
/**
*/
public function invalidateBackupCode(string $code): void
{
- $key = array_search($code, $this->backupCodes, true);
+ $key = $this->findBackupCode($code);
if (false !== $key) {
unset($this->backupCodes[$key]);
return $this->clients->first();
}
}
+
+ /**
+ * Try to find a backup code from the list of backup codes of the current user.
+ *
+ * @param string $code Given code from the user
+ *
+ * @return string|false
+ */
+ private function findBackupCode(string $code)
+ {
+ foreach ($this->backupCodes as $key => $backupCode) {
+ // backup code are hashed using `password_hash`
+ // see ConfigController->otpAppAction
+ if (password_verify($code, $backupCode)) {
+ return $key;
+ }
+ }
+
+ return false;
+ }
}