Fix recovery code removal

2024-06-01 18:39:57 +12:00 · 2024-04-10 14:01:25 +00:00 · 2024-04-10 14:01:25 +00:00 · 860d292df9
parent 03446b7b8a
commit 860d292df9
1 changed files with 2 additions and 0 deletions
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@ -3821,6 +3821,7 @@ App::delete('/v1/account/mfa/authenticators/:type')
            $mfaRecoveryCodes = $user->getAttribute('mfaRecoveryCodes', []);
            if (in_array($otp, $mfaRecoveryCodes)) {
                $mfaRecoveryCodes = array_diff($mfaRecoveryCodes, [$otp]);
+                $mfaRecoveryCodes = array_values($mfaRecoveryCodes);
                $user->setAttribute('mfaRecoveryCodes', $mfaRecoveryCodes);
                $dbForProject->updateDocument('users', $user->getId(), $user);

@ -4069,6 +4070,7 @@ App::put('/v1/account/mfa/challenge')
                $mfaRecoveryCodes = $user->getAttribute('mfaRecoveryCodes', []);
                if (in_array($otp, $mfaRecoveryCodes)) {
                    $mfaRecoveryCodes = array_diff($mfaRecoveryCodes, [$otp]);
+                    $mfaRecoveryCodes = array_values($mfaRecoveryCodes);
                    $user->setAttribute('mfaRecoveryCodes', $mfaRecoveryCodes);
                    $dbForProject->updateDocument('users', $user->getId(), $user);