From 4654a83b6438b88e3b7062a21d18999d9df2fb8e Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Wed, 23 Jan 2019 14:43:39 +0100 Subject: Hash backup codes in the database using `password_hash` --- .../CoreBundle/Controller/ConfigController.php | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) (limited to 'src/Wallabag/CoreBundle/Controller/ConfigController.php') diff --git a/src/Wallabag/CoreBundle/Controller/ConfigController.php b/src/Wallabag/CoreBundle/Controller/ConfigController.php index ed92c999..9257ab18 100644 --- a/src/Wallabag/CoreBundle/Controller/ConfigController.php +++ b/src/Wallabag/CoreBundle/Controller/ConfigController.php @@ -197,18 +197,25 @@ class ConfigController extends Controller } $user = $this->getUser(); + $secret = $this->get('scheb_two_factor.security.google_authenticator')->generateSecret(); - if (!$user->isGoogleTwoFactor()) { - $secret = $this->get('scheb_two_factor.security.google_authenticator')->generateSecret(); + $user->setGoogleAuthenticatorSecret($secret); + $user->setEmailTwoFactor(false); - $user->setGoogleAuthenticatorSecret($secret); - $user->setEmailTwoFactor(false); - $user->setBackupCodes((new BackupCodes())->toArray()); + $backupCodes = (new BackupCodes())->toArray(); + $backupCodesHashed = array_map( + function ($backupCode) { + return password_hash($backupCode, PASSWORD_DEFAULT); + }, + $backupCodes + ); - $this->container->get('fos_user.user_manager')->updateUser($user, true); - } + $user->setBackupCodes($backupCodesHashed); + + $this->container->get('fos_user.user_manager')->updateUser($user, true); return $this->render('WallabagCoreBundle:Config:otp_app.html.twig', [ + 'backupCodes' => $backupCodes, 'qr_code' => $this->get('scheb_two_factor.security.google_authenticator')->getQRContent($user), ]); } -- cgit v1.2.3