PR review changes

app/controllers/api/account.php

@@ -3788,7 +3788,7 @@ App::patch('/v1/account/mfa/recovery-codes')
         $queueForEvents->setParam('userId', $user->getId());
 
         $document = new Document([
-        'recoveryCodes' => $mfaRecoveryCodes
+            'recoveryCodes' => $mfaRecoveryCodes
         ]);
 
         $response->dynamic($document, Response::MODEL_MFA_RECOVERY_CODES);

app/controllers/api/users.php

@@ -1711,7 +1711,7 @@ App::put('/v1/users/:userId/mfa/recovery-codes')
         $queueForEvents->setParam('userId', $user->getId());
 
         $document = new Document([
-        'recoveryCodes' => $mfaRecoveryCodes
+            'recoveryCodes' => $mfaRecoveryCodes
         ]);
 
         $response->dynamic($document, Response::MODEL_MFA_RECOVERY_CODES);

app/controllers/shared/api/auth.php

@@ -13,17 +13,17 @@ App::init()
     ->groups(['mfaProtected'])
     ->inject('session')
     ->action(function (Document $session) {
-        $isSessionSafe = false;
+        $isSessionFresh = false;
 
         $lastUpdate = $session->getAttribute('mfaUpdatedAt');
         if (!empty($lastUpdate)) {
             $now = DateTime::now();
             $maxAllowedDate = DateTime::addSeconds($lastUpdate, Auth::MFA_RECENT_DURATION); // Maximum date until session is considered safe before asking for another challenge
 
-            $isSessionSafe = DateTime::formatTz($maxAllowedDate) >= DateTime::formatTz($now);
+            $isSessionFresh = DateTime::formatTz($maxAllowedDate) >= DateTime::formatTz($now);
         }
 
-        if (!$isSessionSafe) {
+        if (!$isSessionFresh) {
             throw new Exception(Exception::USER_CHALLENGE_REQUIRED);
         }
     });

src/Appwrite/Auth/Auth.php

@@ -89,7 +89,7 @@ class Auth
     /**
      * MFA
      */
-    public const MFA_RECENT_DURATION = 600; // 5 minutes
+    public const MFA_RECENT_DURATION = 1800; // 30 mins
 
     /**
      * @var string