Fix #4026 - Accept backup codes for disabling 2FA (#4382)

This commit is contained in:
Eugen Rochko 2017-07-26 23:36:33 +02:00 committed by GitHub
parent 55bee84c97
commit 92cb451da8

View file

@ -18,7 +18,7 @@ module Settings
end end
def destroy def destroy
if current_user.validate_and_consume_otp!(confirmation_params[:code]) if acceptable_code?
current_user.otp_required_for_login = false current_user.otp_required_for_login = false
current_user.save! current_user.save!
redirect_to settings_two_factor_authentication_path redirect_to settings_two_factor_authentication_path
@ -38,5 +38,10 @@ module Settings
def verify_otp_required def verify_otp_required
redirect_to settings_two_factor_authentication_path if current_user.otp_required_for_login? redirect_to settings_two_factor_authentication_path if current_user.otp_required_for_login?
end end
def acceptable_code?
current_user.validate_and_consume_otp!(confirmation_params[:code]) ||
current_user.invalidate_otp_backup_code!(confirmation_params[:code])
end
end end
end end