oss/wallabag
oss/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-08-31 18:31:02 +00:00
Code Wiki Activity

Hash backup codes in the database using password_hash

Browse source
This commit is contained in:
Jeremy Benoist 2019-01-23 14:43:39 +01:00
parent 7485a272ff
commit 4654a83b64
No known key found for this signature in database
GPG key ID: BCA73962457ACC3C
4 changed files with 38 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

21
src/Wallabag/CoreBundle/Controller/ConfigController.php
View file

@ -197,18 +197,25 @@ class ConfigController extends Controller
}
$user = $this->getUser();
$secret = $this->get('scheb_two_factor.security.google_authenticator')->generateSecret();
if (!$user->isGoogleTwoFactor()) {
$secret = $this->get('scheb_two_factor.security.google_authenticator')->generateSecret();
$user->setGoogleAuthenticatorSecret($secret);
$user->setEmailTwoFactor(false);
$user->setGoogleAuthenticatorSecret($secret);
$user->setEmailTwoFactor(false);
$user->setBackupCodes((new BackupCodes())->toArray());
$backupCodes = (new BackupCodes())->toArray();
$backupCodesHashed = array_map(
function ($backupCode) {
return password_hash($backupCode, PASSWORD_DEFAULT);
},
$backupCodes
);
$this->container->get('fos_user.user_manager')->updateUser($user, true);
}
$user->setBackupCodes($backupCodesHashed);
$this->container->get('fos_user.user_manager')->updateUser($user, true);
return $this->render('WallabagCoreBundle:Config:otp_app.html.twig', [
'backupCodes' => $backupCodes,
'qr_code' => $this->get('scheb_two_factor.security.google_authenticator')->getQRContent($user),
]);
}