From 2cd159e2cefaecb54233686cd949aac4d70b9320 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Fri, 5 Mar 2021 17:40:17 +0300
Subject: use separate database column for OTP secrets (migrate previous format
 if needed)

---
 classes/pref/users.php | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'classes/pref/users.php')

diff --git a/classes/pref/users.php b/classes/pref/users.php
index cac0dca7c..068166863 100644
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -119,6 +119,11 @@ class Pref_Users extends Handler_Administrative {
 				$user->email = clean($_REQUEST["email"]);
 				$user->otp_enabled = checkbox_to_sql_bool($_REQUEST["otp_enabled"]);
 
+				// force new OTP secret when next enabled
+				if (Config::get_schema_version() >= 143 && !$user->otp_enabled) {
+					$user->otp_secret = null;
+				}
+
 				$user->save();
 			}
 
-- 
cgit v1.2.3-54-g00ecf