]> cat aescling's git repositories - mastodon.git/commitdiff
cat aescling's git repositories / mastodon.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 55bee84)
Fix #4026 - Accept backup codes for disabling 2FA (#4382)
authorEugen Rochko <eugen@zeonfederated.com>
Wed, 26 Jul 2017 21:36:33 +0000 (23:36 +0200)
committerGitHub <noreply@github.com>
Wed, 26 Jul 2017 21:36:33 +0000 (23:36 +0200)
app/controllers/settings/two_factor_authentications_controller.rb patch | blob | history

diff --git a/app/controllers/settings/two_factor_authentications_controller.rb b/app/controllers/settings/two_factor_authentications_controller.rb
index 9834838817c460364a9ed543d769cfe1aa4f9f51..863cc7351b7e20fe3ba8568e0d344a9b0315dbe9 100644 (file)
--- a/app/controllers/settings/two_factor_authentications_controller.rb
+++ b/app/controllers/settings/two_factor_authentications_controller.rb
@@ -18,7 +18,7 @@ module Settings
     end
 
     def destroy
-      if current_user.validate_and_consume_otp!(confirmation_params[:code])
+      if acceptable_code?
         current_user.otp_required_for_login = false
         current_user.save!
         redirect_to settings_two_factor_authentication_path
@@ -38,5 +38,10 @@ module Settings
     def verify_otp_required
       redirect_to settings_two_factor_authentication_path if current_user.otp_required_for_login?
     end
+
+    def acceptable_code?
+      current_user.validate_and_consume_otp!(confirmation_params[:code]) ||
+        current_user.invalidate_otp_backup_code!(confirmation_params[:code])
+    end
   end
 end
source code fur Kibicat Mastodon