diff options
author | Jeremy Benoist <jeremy.benoist@gmail.com> | 2019-01-23 14:43:39 +0100 |
---|---|---|
committer | Jeremy Benoist <jeremy.benoist@gmail.com> | 2019-01-23 14:43:39 +0100 |
commit | 4654a83b6438b88e3b7062a21d18999d9df2fb8e (patch) | |
tree | f20677c3d68c1ea756f0835ff179a0d7d3431a67 /src/Wallabag/UserBundle/Entity | |
parent | 7485a272ffbcc045e6002b4bf4ea289ce0a0f3b4 (diff) | |
download | wallabag-4654a83b6438b88e3b7062a21d18999d9df2fb8e.tar.gz wallabag-4654a83b6438b88e3b7062a21d18999d9df2fb8e.tar.zst wallabag-4654a83b6438b88e3b7062a21d18999d9df2fb8e.zip |
Hash backup codes in the database using `password_hash`update-two-factor-bundle
Diffstat (limited to 'src/Wallabag/UserBundle/Entity')
-rw-r--r-- | src/Wallabag/UserBundle/Entity/User.php | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/src/Wallabag/UserBundle/Entity/User.php b/src/Wallabag/UserBundle/Entity/User.php index ab34e2bf..43fa6a80 100644 --- a/src/Wallabag/UserBundle/Entity/User.php +++ b/src/Wallabag/UserBundle/Entity/User.php | |||
@@ -339,7 +339,7 @@ class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorI | |||
339 | */ | 339 | */ |
340 | public function isBackupCode(string $code): bool | 340 | public function isBackupCode(string $code): bool |
341 | { | 341 | { |
342 | return \in_array($code, $this->backupCodes, true); | 342 | return false === $this->findBackupCode($code) ? false : true; |
343 | } | 343 | } |
344 | 344 | ||
345 | /** | 345 | /** |
@@ -347,7 +347,7 @@ class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorI | |||
347 | */ | 347 | */ |
348 | public function invalidateBackupCode(string $code): void | 348 | public function invalidateBackupCode(string $code): void |
349 | { | 349 | { |
350 | $key = array_search($code, $this->backupCodes, true); | 350 | $key = $this->findBackupCode($code); |
351 | 351 | ||
352 | if (false !== $key) { | 352 | if (false !== $key) { |
353 | unset($this->backupCodes[$key]); | 353 | unset($this->backupCodes[$key]); |
@@ -385,4 +385,24 @@ class User extends BaseUser implements EmailTwoFactorInterface, GoogleTwoFactorI | |||
385 | return $this->clients->first(); | 385 | return $this->clients->first(); |
386 | } | 386 | } |
387 | } | 387 | } |
388 | |||
389 | /** | ||
390 | * Try to find a backup code from the list of backup codes of the current user. | ||
391 | * | ||
392 | * @param string $code Given code from the user | ||
393 | * | ||
394 | * @return string|false | ||
395 | */ | ||
396 | private function findBackupCode(string $code) | ||
397 | { | ||
398 | foreach ($this->backupCodes as $key => $backupCode) { | ||
399 | // backup code are hashed using `password_hash` | ||
400 | // see ConfigController->otpAppAction | ||
401 | if (password_verify($code, $backupCode)) { | ||
402 | return $key; | ||
403 | } | ||
404 | } | ||
405 | |||
406 | return false; | ||
407 | } | ||
388 | } | 408 | } |