CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-07-01 04:30:59 +12:00
Code Issues Projects Releases Wiki Activity

fix: backup codes

Browse source
This commit is contained in:
Torsten Dittmann 2024-02-02 13:50:18 +01:00
parent db321db0fb
commit a77526cab1
1 changed files with 13 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
app/controllers/api/account.php
View file

@ -3788,9 +3788,19 @@ App::put('/v1/account/mfa/challenge')
default => false default => false
}; };
if (!$success) { if (!$success && $provider === 'totp') {
throw new Exception(Exception::USER_INVALID_TOKEN); $backups = $user->getAttribute('mfaBackups', []);
} if (in_array($otp, $backups)) {
$success = true;
$backups = array_diff($backups, [$otp]);
$user->setAttribute('mfaBackups', $backups);
$dbForProject->updateDocument('users', $user->getId(), $user);
}
}
if (!$success) {
throw new Exception(Exception::USER_INVALID_TOKEN);
}
$dbForProject->deleteDocument('challenges', $challengeId); $dbForProject->deleteDocument('challenges', $challengeId);
$dbForProject->purgeCachedDocument('users', $user->getId()); $dbForProject->purgeCachedDocument('users', $user->getId());