}
$user = $this->getUser();
+ $secret = $this->get('scheb_two_factor.security.google_authenticator')->generateSecret();
- if (!$user->isGoogleTwoFactor()) {
- $secret = $this->get('scheb_two_factor.security.google_authenticator')->generateSecret();
+ $user->setGoogleAuthenticatorSecret($secret);
+ $user->setEmailTwoFactor(false);
- $user->setGoogleAuthenticatorSecret($secret);
- $user->setEmailTwoFactor(false);
- $user->setBackupCodes((new BackupCodes())->toArray());
+ $backupCodes = (new BackupCodes())->toArray();
+ $backupCodesHashed = array_map(
+ function ($backupCode) {
+ return password_hash($backupCode, PASSWORD_DEFAULT);
+ },
+ $backupCodes
+ );
- $this->container->get('fos_user.user_manager')->updateUser($user, true);
- }
+ $user->setBackupCodes($backupCodesHashed);
+
+ $this->container->get('fos_user.user_manager')->updateUser($user, true);
return $this->render('WallabagCoreBundle:Config:otp_app.html.twig', [
+ 'backupCodes' => $backupCodes,
'qr_code' => $this->get('scheb_two_factor.security.google_authenticator')->getQRContent($user),
]);
}
*/
public function isBackupCode(string $code): bool
{
- return \in_array($code, $this->backupCodes, true);
+ return false === $this->findBackupCode($code) ? false : true;
}
/**
*/
public function invalidateBackupCode(string $code): void
{
- $key = array_search($code, $this->backupCodes, true);
+ $key = $this->findBackupCode($code);
if (false !== $key) {
unset($this->backupCodes[$key]);
return $this->clients->first();
}
}
+
+ /**
+ * Try to find a backup code from the list of backup codes of the current user.
+ *
+ * @param string $code Given code from the user
+ *
+ * @return string|false
+ */
+ private function findBackupCode(string $code)
+ {
+ foreach ($this->backupCodes as $key => $backupCode) {
+ // backup code are hashed using `password_hash`
+ // see ConfigController->otpAppAction
+ if (password_verify($code, $backupCode)) {
+ return $key;
+ }
+ }
+
+ return false;
+ }
}