Patch #44074 » 0001-removes-ignored-and-unnecessary-scope-in-twofa-token.patch
| lib/redmine/twofa/base.rb | ||
|---|---|---|
| 112 | 112 |
code = code.to_s.remove(/[[:space:]]/).downcase |
| 113 | 113 |
user_from_code = Token.find_active_user('twofa_backup_code', code)
|
| 114 | 114 |
# invalidate backup code after usage |
| 115 |
Token.where(user_id: @user.id).find_token('twofa_backup_code', code).try(:delete)
|
|
| 115 |
Token.find_token('twofa_backup_code', code).try(:delete)
|
|
| 116 | 116 |
# make sure the user using the backup code is the same it's been issued to |
| 117 | 117 |
return false unless @user.present? && @user == user_from_code |
| 118 | 118 | |