Fix #4026 - Accept backup codes for disabling 2FA (#4382)

author: Eugen Rochko <eugen@zeonfederated.com> 2017-07-26 23:36:33 +0200
committer: GitHub <noreply@github.com> 2017-07-26 23:36:33 +0200
commit: 92cb451da80051f242fe1fce32421f89841f4adc (patch)
tree: b2df00c9e68fc5be445d0d4d62ec1a4e9ddf82ad /app/controllers
parent: 55bee84c97fd662375907520c56fe3a661458e15 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/app/controllers/settings/two_factor_authentications_controller.rb b/app/controllers/settings/two_factor_authentications_controller.rb
index 983483881..863cc7351 100644
--- a/app/controllers/settings/two_factor_authentications_controller.rb
+++ b/app/controllers/settings/two_factor_authentications_controller.rb
@@ -18,7 +18,7 @@ module Settings
     end
 
     def destroy
-      if current_user.validate_and_consume_otp!(confirmation_params[:code])
+      if acceptable_code?
         current_user.otp_required_for_login = false
         current_user.save!
         redirect_to settings_two_factor_authentication_path
@@ -38,5 +38,10 @@ module Settings
     def verify_otp_required
       redirect_to settings_two_factor_authentication_path if current_user.otp_required_for_login?
     end
+
+    def acceptable_code?
+      current_user.validate_and_consume_otp!(confirmation_params[:code]) ||
+        current_user.invalidate_otp_backup_code!(confirmation_params[:code])
+    end
   end
 end
author	Eugen Rochko <eugen@zeonfederated.com>	2017-07-26 23:36:33 +0200
committer	GitHub <noreply@github.com>	2017-07-26 23:36:33 +0200
commit	92cb451da80051f242fe1fce32421f89841f4adc (patch)
tree	b2df00c9e68fc5be445d0d4d62ec1a4e9ddf82ad /app/controllers
parent	55bee84c97fd662375907520c56fe3a661458e15 (diff)