Do not give the user the secret.

2025-10-14 16:13:54 +00:00 · 2016-03-19 07:56:57 +01:00
parent a26acf4a25
commit fb165ef28b
4 changed files with 9 additions and 18 deletions
--- a/app/Http/Controllers/PreferencesController.php
+++ b/app/Http/Controllers/PreferencesController.php
@@ -37,10 +37,11 @@ class PreferencesController extends Controller
    {
        $domain = $this->getDomain();
        $secret = $google2fa->generateSecretKey(16, Auth::user()->id);
+        Session::flash('two-factor-secret', $secret);
        $image  = $google2fa->getQRCodeInline('Firefly III at ' . $domain, null, $secret, 150);


-        return view('preferences.code', compact('secret', 'image'));
+        return view('preferences.code', compact('image'));
    }

    /**
--- a/app/Http/Requests/TokenFormRequest.php
+++ b/app/Http/Requests/TokenFormRequest.php
@@ -29,8 +29,7 @@ class TokenFormRequest extends Request
    {

        $rules = [
-            'secret' => 'required',
-            'code'   => 'required|2faCode:secret',
+            'code'   => 'required|2faCode',
        ];

        return $rules;